Oblivious transfer based on the McEliece assumptions

Rafael Dowsley, Jeroen van de Graaf, Jörn Müller-Quade, Anderson C. A. Nascimento

Research output: Contribution to journalArticleResearchpeer-review

4 Citations (Scopus)


We implement one-out-of-two bit oblivious transfer (OT) based on the assumptions used in the McEliece cryptosystem: the hardness of decoding random binary linear codes, and the difficulty of distinguishing a permuted generating matrix of Goppa codes from a random matrix. To our knowledge this is the first OT reduction to these problems only. We present two different constructions for oblivious transfer, one based on cut-and-chose arguments and another one which is based on a novel generalization of Bennett-Rudich commitments which may be of independent interest. Finally, we also present a variant of our protocol which is based on the Niederreiter cryptosystem.

Original languageEnglish
Pages (from-to)567-575
Number of pages9
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Issue number2
Publication statusPublished - 2012
Externally publishedYes


  • McEliece cryptosystem
  • Oblivious transfer
  • Post-quantum security
  • Oblivious transfer based on the McEliece assumptions

    Dowsley, R., Van De Graaf, J., Müller-Quade, J. & Nascimento, A. C. A., 2008, Information Theoretic Security - Third International Conference, ICITS 2008, Proceedings. Safavi-Naini, R. (ed.). Springer, p. 107-117 11 p. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 5155 LNCS).

    Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

    23 Citations (Scopus)

Cite this