Quantum based random oblivious transfer could enable trusted communication

According to a research team from the Centre for Quantum Technologies (CQT) at the National University of Singapore, two mutually distrustful parties can interact by using two party secure computation. "Quantum technologies will gradually become integrated with existing devices, such as smartphones, allowing us to do things like identify ourselves securely or to generate encryption keys," says Stephanie Wehner, a principal investigator at CQT. To demonstrate its ideas, CQT worked with the Institute for Quantum Computing (IQC) at the University of Waterloo in Canada. The experiments performed at IQC deployed quantum entangled photons in such a way that one party, dubbed Alice, could share information with a second party, dubbed Bob, while meeting stringent restrictions. Specifically, Alice has two sets of information. If Bob requests access to one or the other, Alice must be able to send it without knowing which set he's asked for. Bob must also learn nothing about the unrequested set. This protocol is known as 1-2 random oblivious transfer (ROT). To start the ROT protocol, Alice creates pairs of entangled photons. She measures one of each pair and sends the other to Bob to measure. Bob chooses which photons he wants to learn about, dividing his data accordingly without revealing his picks to Alice. Both then wait for a length of time chosen such that any attempt to store quantum information about the photons is likely to fail. To complete the oblivious transfer, Alice then tells Bob which measurements she made and both process their data in set ways that ensure the result is correct and secure within a pre agreed margin of error. In the demonstration performed at IQC, Alice and Bob achieved a random oblivious transfer of 1366 bits. The whole process took about three minutes. The researchers suggest taking money from an ATM could be a potential application. Currently, this requires a card and a PIN, with users trusting their personal data to the machine. Another way might be to enter the PIN on a mobile phone and for the phone to undertake secure authentication with the ATM. The aim, says the team, is to implement a scheme that can check if your account number and PIN matches the bank's records without either you or the bank having to disclose the login details to each other.