We implement one-out-of-two bit oblivious transfer (OT) based on the assumptions used in the McEliece cryptosystem: the hardness of decoding random binary linear codes, and the difficulty of distinguishing a permuted generating matrix of Goppa codes from a random matrix. To our knowledge this is the first OT reduction to these problems only. We present two different constructions for oblivious transfer, one based on cut-and-chose arguments and another one which is based on a novel generalization of Bennett-Rudich commitments which may be of independent interest. Finally, we also present a variant of our protocol which is based on the Niederreiter cryptosystem.
|Number of pages||9|
|Journal||IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences|
|Publication status||Published - 2012|
- McEliece cryptosystem
- Oblivious transfer
- Post-quantum security