Scalar Product-Based Distributed Oblivious Transfer

In a distributed oblivious transfer (DOT) the sender is replaced with

m

servers, and the receiver must contact

k

(

k

 ≤ 

m

) of these servers to learn the secret of her choice. Naor and Pinkas introduced the first unconditionally secure DOT for a sender holding two secrets. Blundo, D’Arco, Santis, and Stinson generalized Naor and Pinkas’s protocol, in the case that the sender holds

n

secrets, in the first so-called (

k

,

m

)-DOT-

$\binom{n}{1}$

protocol. Such a protocol should be secure against a coalition of less than

k

parties. However, Blundo et al. have shown that this level of security is impossible to achieve in one-round polynomial-based constructions.

In this paper, we show that if communication is allowed amongst the servers, we are able to construct an unconditionally secure, polynomial-based (

k

,

m

)-DOT-

$\binom{n}{1}$

protocol with the highest level of security. More precisely, in our construction, a receiver who contacts

k

servers and corrupt up to

k

 − 1 servers (not necessarily from the set of the contacted servers) cannot learn more than one secret.