Information-theoretically secure string oblivious transfer (OT) can be constructed based on discrete memoryless channel (DMC). The oblivious transfer capacity of a channel characterizes-similarly to the (standard) information capacity-how efficiently it can be exploited for secure oblivious transfer of strings. The OT capacity of a generalized erasure channel (GEC)-which is a combination of a (general) DMC with the erasure channel-has been established by Ahlswede and Csizar at ISIT'07 in the case of passive adversaries. In this paper, we present the protocol that achieves this capacity against malicious adversaries for GEC with erasure probability at least 1/2. Our construction is based on the protocol of Crpeau and Savvides from Eurocrypt'06 which uses interactive hashing (IH). We solve an open question posed by the above paper, by basing it upon a constant round IH scheme (previously proposed by Ding at TCC'04). As a side result, we show that the Ding IH protocol can deal with transmission errors.
- Generalized erasure channel
- information-theoretic security
- interactive hashing
- oblivious transfer
- oblivious transfer capacity