Imperfect 1-out-of-2 quantum oblivious transfer: bounds, a protocol, and its experimental implementation
Oblivious transfer is an important primitive in modern cryptography. Applications include secure multiparty computation, oblivious sampling, e-voting, and signatures. Information-theoretically secure perfect 1-out-of 2 oblivious transfer is impossible to achieve. Imperfect variants, where both participants' ability to cheat is still limited, are possible using quantum means while remaining classically impossible. Precisely what security parameters are attainable remains unknown. We introduce a theoretical framework for studying semirandom quantum oblivious transfer, which is shown to be equivalent to regular oblivious transfer in terms of cheating probabilities. We then use it to derive bounds on cheating. We also present a protocol with lower cheating probabilities than previous schemes, together with its optical realization. We show that a lower bound of 2/3 on the minimum achievable cheating probability can be directly derived for semirandom protocols using a different method and definition of cheating than used previously. The lower bound increases from 2/3 to approximately 0.749 if the states output by the protocol are pure and symmetric. The oblivious transfer scheme we present uses unambiguous state elimination measurements and can be implemented with the same technological requirements as standard quantum cryptography. The cheating probabilities are 3/4 and approximately 0.729 for sender and receiver respectively, which is lower than in existing protocols. Using a photonic test-bed, we have implemented the protocol with honest parties, as well as optimal cheating strategies.