Incomplete quantum oblivious transfer with perfect one-sided security

Oblivious transfer is a fundamental cryptographic primitive that is useful for secure multiparty computation. There are several variants of oblivious transfer. We consider 1-out-of-2 oblivious transfer, where a sender sends two bits of information to a receiver. The receiver receives only one of the two bits, while the sender does not know which bit the receiver has received. Perfect quantum oblivious transfer with information-theoretic security is known to be impossible. We aim to find the lowest possible cheating probabilities. Bounds on cheating probabilities have been investigated for “complete” protocols, where if both parties follow the protocol, the bit value obtained by the receiver matches the sender's bit value. We instead investigate incomplete protocols, where the receiver obtains an incorrect bit value with probability p f . We present optimal noninteractive protocols where Alice's bit values are encoded in four symmetric pure quantum states, and where she cannot cheat better than with a random guess. We find the protocols such that for a given p f , Bob's cheating probability p r is as low as possible, and vice versa. Furthermore, we show that noninteractive quantum protocols can outperform noninteractive classical protocols and give a lower bound on Bob's cheating probability in interactive quantum protocols. Importantly for optical implementations, our protocols do not require entanglement nor quantum memory.