Bootstrapped Oblivious Transfer and Secure Two-Party Function Computation

We propose an information theoretic framework for the secure two-party function computation (SFC) problem and introduce the notion of SFC capacity. We study and extend string oblivious transfer (OT) to sample-wise OT. We propose an efficient, perfectly private OT protocol utilizing the binary erasure channel or source. We also propose the bootstrap string OT protocol which provides disjoint (weakened) privacy while achieving a multiplicative increase in rate, thus trading off security for rate. Finally, leveraging our OT protocol, we construct a protocol for SFC and establish a general lower bound on SFC capacity of the binary erasure channel and source.

💡 Research Summary

The paper establishes an information‑theoretic framework for secure two‑party function computation (SFC) and introduces the notion of SFC capacity, which quantifies the maximal rate at which two parties can jointly compute a function while preserving privacy. To achieve this, the authors focus on the binary erasure channel (BEC) and its source counterpart (binary erasure source, BES), where each transmitted bit is independently erased with probability ε. These models capture realistic communication impairments such as packet loss, fading, or storage errors, and they serve as the underlying resource for the protocols developed in the work.

The first technical contribution is a generalization of string oblivious transfer (OT) to “sample‑wise OT.” Traditional OT assumes that a sender holds two strings X₀ and X₁ and a receiver selects one of them (indexed by a secret bit b) without learning anything about the other. In a BEC/BES setting, many bits are erased, making a naïve string‑wise approach inefficient. The authors therefore treat each bit as an independent sample and exploit the fact that erased positions are identical for both strings. By transmitting both strings over the erasure channel, the receiver can recover exactly the bits of the chosen string that are not erased, while the erased bits provide perfect concealment of the unchosen string. This protocol achieves perfect (information‑theoretic) privacy and attains a transmission rate of 1 − ε, which matches the channel’s capacity for reliable communication.

While perfect privacy is desirable, it limits the achievable rate when ε is large. To address this limitation, the authors propose the “bootstrap string OT.” The idea is to run several rounds of sample‑wise OT sequentially, feeding the output of one round as input to the next. In each round the parties use the previously recovered (non‑erased) bits as “bootstrap” information to encode additional bits, thereby multiplying the effective rate across rounds. The trade‑off is a weakened security model called “disjoint privacy”: the receiver still learns only the bits it explicitly selects in each round, but correlations across rounds may leak a limited amount of information about the other string. This relaxation enables a multiplicative increase in throughput, which can be substantial when many rounds are employed.

Leveraging the bootstrap OT, the paper constructs a complete SFC protocol. Each party holds a private input (x for Alice, y for Bob) and wishes to compute f(x, y) without revealing its own input. The protocol proceeds as follows: (1) Alice and Bob execute a bootstrap OT in which Alice sends encrypted shares of x and Bob receives the shares corresponding to his secret selection; (2) Bob simultaneously runs a bootstrap OT to send encrypted shares of y to Alice; (3) each party locally combines the received shares with its own input to evaluate the function f. Because the shares are delivered via OT, neither party learns any information about the other’s raw input beyond what is implied by the output f(x, y). The authors prove that this construction satisfies perfect correctness and the disjoint‑privacy guarantee inherited from the underlying OT.

The final contribution is an information‑theoretic analysis of the SFC capacity for the BEC/BES. By carefully accounting for the erasure probability, the authors derive a lower bound on the SFC capacity equal to 1 − ε (or 1 − p for the source model). This bound improves upon previously known results, which were either trivial (zero capacity) or limited to specific functions. Moreover, the bootstrap OT shows that the effective rate can be amplified beyond the single‑round bound at the cost of the weakened privacy model, thereby illustrating a fundamental trade‑off between security strength and communication efficiency.

In summary, the paper makes four major advances: (i) it formalizes SFC capacity within an erasure‑channel framework; (ii) it introduces sample‑wise OT that achieves perfect privacy at the channel’s optimal rate; (iii) it proposes a bootstrap OT that trades a modest relaxation of privacy for a multiplicative rate gain; and (iv) it builds a generic SFC protocol on top of these primitives, establishing a concrete lower bound on SFC capacity for binary erasure channels and sources. The work bridges the gap between theoretical security guarantees and practical noisy communication environments, suggesting that channel imperfections can be turned into a resource for secure and efficient distributed computation.