Quantum Oblivious Transfer Advances Data Privacy In MPC
Pragmatic Quantum Oblivious Key Distribution Enables Secure Multi-Party Computation
A research team disclosed the performance of a unique and valuable quantum protocol for Random Oblivious Transfer (ROT), a cryptographic tool for exceptionally secure collaborative computation. This is a quantum cryptography milestone. The computationally secure quantum random oblivious transfer QROT approach to ROT improves data privacy in multi-party computation (MPC).
Cryptography's key distribution function is crucial for data privacy. Quantum Key Distribution allows transferring quantum-protected symmetric keys. Oblivious Transfer (OT) has typically made asymmetric key exchange harder. OT allows parties with mistrust to collaborate on calculations while protecting their private inputs, making general MPC protocols viable.
A conventional 1-out-of-2 OT requires two messages for a receiver to pick and receive only one message without the sender knowing. Quantum physics cannot guarantee unconditionally secure OT, as shown by previous theoretical studies. Therefore, there are now hardware-based methods like the noisy storage model or classic solutions like Public-Key Cryptography that involve computationally difficult mathematical issues.
To solve this problem, the novel protocol QROT uses computationally secure ROT to generate random shared resources (keys) for fast OT during MPC sessions. In this computationally safe ROT, promises are implemented using solely symmetric cryptographic primitives, which is new. This architecture avoids PKC altogether.
Quantum-safe one-way functions (OWFs) are the only guarantee for QROT security. This assumption is weaker than PKC assumptions, which require trapdoor OWFs described over complex mathematical structures like elliptic curves or lattices. Since OWFs are currently used in block cypher encryption and message authentication, the protocol can be simply integrated into existing cryptographic frameworks.
The Mariano Lemus et al. research team used cutting-edge quantum equipment to test the protocol's real-world performance. Entanglement-based spontaneous parametric down conversion (SPDC) created wavelength-degenerate, polarization-entangled photons at 1550 nm from a Sagnac picosecond pulsed photon source. Unlike prepare-and-measure arrangements, this system does not need verified quantum random number generators.
QROT is computationally secure, statistically safe, and statistically correct against dishonest senders and recipients, according to the security analysis. Security is built on indistinguishability, providing strong guarantees even for sequential protocol execution.
Usable Performance Metrics
QROT's feasibility depends on channel noise tolerance and quantum resource cost:
QROT's maximum critical error rate is 0.028 (2.8%), compared to some common QKD protocols that can function with QBERs exceeding 10%. The authors note that OT has legitimate use-cases even at close proximity between distrustful parties, but this limitation limits its protocol's range.
Quantum Signal Cost: Sharing a crucial amount of quantum signals ensures security, resulting in a phase transition-like behavior where the key rate is zero below. Even with a small ROT key, many entangled qubits must be exchanged. For instance, a 128-bit ROT instance with security requires an estimated quantum signal cost. QROT beats several Quantum Noisy-Storage alternatives, but it needs quantum signals for similar security.
ROT Rate & Bottleneck: The 128-bit experimental implementation had 0.023 ROT/s. Around 0.10 OT/s was the maximum potential rate. Overall, quantum signal creation rate was the performance hurdle. A typical computer might process the data, including privacy amplification, information reconciliation (IR) using low density parity check (LDPC) codes, and commitment using the BLAKE3 hash function.
Although this speed is low compared to standard PKC-based OT protocols, which may approach OT/s, the researchers say OT extension methods can help.
Quantum Network Implications
QROT performs well in real-world applications where consumers choose security (using OWFs instead of PKC) over speed. Importantly, the protocol simply requires the commitment scheme to work with current BB84-based QKD configurations. Due to this interoperability, quantum OT can be integrated into QKD infrastructures to provide a single physical layer for secure computation and communication.
Future study will investigate compressing hash function designs for forward security and running numerous concurrent ROTs in a single run to reduce quantum signals per instance.
