Oblivious transfer based on the McEliece assumptions

Rafael Dowsley, Jeroen van de Graaf, Jörn Müller-Quade, Anderson C. A. Nascimento

Research output: Contribution to journalArticleResearchpeer-review

4 Citations (Scopus)


We implement one-out-of-two bit oblivious transfer (OT) based on the assumptions used in the McEliece cryptosystem: the hardness of decoding random binary linear codes, and the difficulty of distinguishing a permuted generating matrix of Goppa codes from a random matrix. To our knowledge this is the first OT reduction to these problems only. We present two different constructions for oblivious transfer, one based on cut-and-chose arguments and another one which is based on a novel generalization of Bennett-Rudich commitments which may be of independent interest. Finally, we also present a variant of our protocol which is based on the Niederreiter cryptosystem.

Original languageEnglish
Pages (from-to)567-575
Number of pages9
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Issue number2
Publication statusPublished - 2012
Externally publishedYes


  • McEliece cryptosystem
  • Oblivious transfer
  • Post-quantum security

Cite this