Do standalone Oblivious Transfer (OT) Protocols exist?










6












$begingroup$


Are there any Oblivious Transfer (OT) protocols that don’t rely on asymmetrical encryption, public-key encryption or key-exchange?



I’m starting to wonder, as all the OT protocols I know of (and can understand how it works), rely on such an encryption layer. Are there any out there which is somewhat-standalone and does not depend on the security of the scheme/protocol it uses underneath?










share|improve this question









$endgroup$
















    6












    $begingroup$


    Are there any Oblivious Transfer (OT) protocols that don’t rely on asymmetrical encryption, public-key encryption or key-exchange?



    I’m starting to wonder, as all the OT protocols I know of (and can understand how it works), rely on such an encryption layer. Are there any out there which is somewhat-standalone and does not depend on the security of the scheme/protocol it uses underneath?










    share|improve this question









    $endgroup$














      6












      6








      6


      2



      $begingroup$


      Are there any Oblivious Transfer (OT) protocols that don’t rely on asymmetrical encryption, public-key encryption or key-exchange?



      I’m starting to wonder, as all the OT protocols I know of (and can understand how it works), rely on such an encryption layer. Are there any out there which is somewhat-standalone and does not depend on the security of the scheme/protocol it uses underneath?










      share|improve this question









      $endgroup$




      Are there any Oblivious Transfer (OT) protocols that don’t rely on asymmetrical encryption, public-key encryption or key-exchange?



      I’m starting to wonder, as all the OT protocols I know of (and can understand how it works), rely on such an encryption layer. Are there any out there which is somewhat-standalone and does not depend on the security of the scheme/protocol it uses underneath?







      public-key key-exchange oblivious-transfer






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 13 '18 at 18:57









      zetaprimezetaprime

      381215




      381215




















          2 Answers
          2






          active

          oldest

          votes


















          6












          $begingroup$

          The term "stand alone" in secure computation typically refers to the case of a protocol being run once, and not to assumptions. In any case, what I assume you are really asking is what assumptions are needed for OT. You are indeed correct that OT is built from asymmetric assumptions, and this is actually inherent for black-box constructions. This was studied in The Relationship Between Public Key Encryption and Oblivious Transfer.






          share|improve this answer









          $endgroup$












          • $begingroup$
            Thank you, it was also thinking in the same direction. This is a great confirmation (and expression) of what I have been thinking.
            $endgroup$
            – zetaprime
            Nov 14 '18 at 8:54


















          3












          $begingroup$


          Are there any Oblivious Transfer (OT) protocols that don’t rely on
          asymmetrical encryption, public-key encryption or key-exchange?




          Surprisingly, there are indeed OT protocols which don't rely on public-key encryption. In Precomputing Oblivious Transfer, Beaver showed that if Alice and Bob are each given some correlated randomness by a trusted third party Ted, they are able to compute $2 choose 1$OT without requiring any public-key operations.



          In the offline phase, Ted generates a random instance of $2 choose 1$OT:



          1. Ted samples $(r_0, r_1, d) in mathbbF^3$

          2. Ted sends $(r_0, r_1)$ to Alice

          3. Ted sends $(d, r_d)$ to Bob

          Later, in the online phase, Alice has two inputs $(b_0, b_1)$ and Bob has his choice $c$. The players consume the $(r_0, r_1)$ and $(d, r_d)$ as follows:



          1. Bob sends $e = c oplus d$ to Alice

          2. Alice replies with $(x_0, x_1) = (b_0 oplus r_e, b_1 oplus r_bare)$

          3. Bob then outputs $b_c = x_c oplus r_d$

          Note how Ted can play his part in the protocol long before Alice and Bob know their input to the protocol, and his presence is no longer required once he has sent the random OT to Alice and Bob.



          In fact, this protocol is information-theoretic secure because even a computationally unbounded Bob cannot determine Alice's other input $b_barc$, nor can a computationally unbounded Alice learn Bob's choice $c$.



          The construction works because Alice has no information on whether Bob knows $r_0$ or $r_1$, while Bob only knows one of $r_0$ or $r_1$. This asymmetry of knowledge is the assumption that allows us to do OT without resorting to public-key cryptography.



          This technique is now known as the correlated randomness model, which was studied by Ishai et al in On the Power of Correlated Randomness in
          Secure Computation. Beaver's multiplication triples (another type of correlated randomness) now feature prominently in state-of-the-art multiparty computation protocols such as SPDZ and BDOZ. These protocols use homomorphic encryption to simulate Ted during an expensive preprocessing phase, which allows them to use efficient information-theoretic operations during the online phase.






          share|improve this answer









          $endgroup$








          • 1




            $begingroup$
            I guess this sort of complements the previous answer - but you should really insist of the fact that this only gives OT from weaker assumptions (such as OWF) in a model where the parties are initially given some fixed amount of correlated randomness - in the plain model, the black-box impossibility mentioned by prof. Lindell holds. Also, in alternative models, we could also mention the unconditional constructions of OTs given access to any noisy channel.
            $endgroup$
            – Geoffroy Couteau
            Nov 14 '18 at 23:39











          • $begingroup$
            Yes, that's a good point, I will emphasize that this isn't in the standard model. I really like how this approach is being used by e.g. SPDZ/BDOZ to split things into an expensive (public key) offline phase that's independent of input followed by a cheap (information theoretic) online phase. It's yet anther example of how clever thinking lets one "work around" impossibility results...
            $endgroup$
            – kiwidrew
            Nov 15 '18 at 0:43










          Your Answer





          StackExchange.ifUsing("editor", function ()
          return StackExchange.using("mathjaxEditing", function ()
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
          );
          );
          , "mathjax-editing");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "281"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63965%2fdo-standalone-oblivious-transfer-ot-protocols-exist%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          6












          $begingroup$

          The term "stand alone" in secure computation typically refers to the case of a protocol being run once, and not to assumptions. In any case, what I assume you are really asking is what assumptions are needed for OT. You are indeed correct that OT is built from asymmetric assumptions, and this is actually inherent for black-box constructions. This was studied in The Relationship Between Public Key Encryption and Oblivious Transfer.






          share|improve this answer









          $endgroup$












          • $begingroup$
            Thank you, it was also thinking in the same direction. This is a great confirmation (and expression) of what I have been thinking.
            $endgroup$
            – zetaprime
            Nov 14 '18 at 8:54















          6












          $begingroup$

          The term "stand alone" in secure computation typically refers to the case of a protocol being run once, and not to assumptions. In any case, what I assume you are really asking is what assumptions are needed for OT. You are indeed correct that OT is built from asymmetric assumptions, and this is actually inherent for black-box constructions. This was studied in The Relationship Between Public Key Encryption and Oblivious Transfer.






          share|improve this answer









          $endgroup$












          • $begingroup$
            Thank you, it was also thinking in the same direction. This is a great confirmation (and expression) of what I have been thinking.
            $endgroup$
            – zetaprime
            Nov 14 '18 at 8:54













          6












          6








          6





          $begingroup$

          The term "stand alone" in secure computation typically refers to the case of a protocol being run once, and not to assumptions. In any case, what I assume you are really asking is what assumptions are needed for OT. You are indeed correct that OT is built from asymmetric assumptions, and this is actually inherent for black-box constructions. This was studied in The Relationship Between Public Key Encryption and Oblivious Transfer.






          share|improve this answer









          $endgroup$



          The term "stand alone" in secure computation typically refers to the case of a protocol being run once, and not to assumptions. In any case, what I assume you are really asking is what assumptions are needed for OT. You are indeed correct that OT is built from asymmetric assumptions, and this is actually inherent for black-box constructions. This was studied in The Relationship Between Public Key Encryption and Oblivious Transfer.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 13 '18 at 19:41









          Yehuda LindellYehuda Lindell

          18.6k3661




          18.6k3661











          • $begingroup$
            Thank you, it was also thinking in the same direction. This is a great confirmation (and expression) of what I have been thinking.
            $endgroup$
            – zetaprime
            Nov 14 '18 at 8:54
















          • $begingroup$
            Thank you, it was also thinking in the same direction. This is a great confirmation (and expression) of what I have been thinking.
            $endgroup$
            – zetaprime
            Nov 14 '18 at 8:54















          $begingroup$
          Thank you, it was also thinking in the same direction. This is a great confirmation (and expression) of what I have been thinking.
          $endgroup$
          – zetaprime
          Nov 14 '18 at 8:54




          $begingroup$
          Thank you, it was also thinking in the same direction. This is a great confirmation (and expression) of what I have been thinking.
          $endgroup$
          – zetaprime
          Nov 14 '18 at 8:54











          3












          $begingroup$


          Are there any Oblivious Transfer (OT) protocols that don’t rely on
          asymmetrical encryption, public-key encryption or key-exchange?




          Surprisingly, there are indeed OT protocols which don't rely on public-key encryption. In Precomputing Oblivious Transfer, Beaver showed that if Alice and Bob are each given some correlated randomness by a trusted third party Ted, they are able to compute $2 choose 1$OT without requiring any public-key operations.



          In the offline phase, Ted generates a random instance of $2 choose 1$OT:



          1. Ted samples $(r_0, r_1, d) in mathbbF^3$

          2. Ted sends $(r_0, r_1)$ to Alice

          3. Ted sends $(d, r_d)$ to Bob

          Later, in the online phase, Alice has two inputs $(b_0, b_1)$ and Bob has his choice $c$. The players consume the $(r_0, r_1)$ and $(d, r_d)$ as follows:



          1. Bob sends $e = c oplus d$ to Alice

          2. Alice replies with $(x_0, x_1) = (b_0 oplus r_e, b_1 oplus r_bare)$

          3. Bob then outputs $b_c = x_c oplus r_d$

          Note how Ted can play his part in the protocol long before Alice and Bob know their input to the protocol, and his presence is no longer required once he has sent the random OT to Alice and Bob.



          In fact, this protocol is information-theoretic secure because even a computationally unbounded Bob cannot determine Alice's other input $b_barc$, nor can a computationally unbounded Alice learn Bob's choice $c$.



          The construction works because Alice has no information on whether Bob knows $r_0$ or $r_1$, while Bob only knows one of $r_0$ or $r_1$. This asymmetry of knowledge is the assumption that allows us to do OT without resorting to public-key cryptography.



          This technique is now known as the correlated randomness model, which was studied by Ishai et al in On the Power of Correlated Randomness in
          Secure Computation. Beaver's multiplication triples (another type of correlated randomness) now feature prominently in state-of-the-art multiparty computation protocols such as SPDZ and BDOZ. These protocols use homomorphic encryption to simulate Ted during an expensive preprocessing phase, which allows them to use efficient information-theoretic operations during the online phase.






          share|improve this answer









          $endgroup$








          • 1




            $begingroup$
            I guess this sort of complements the previous answer - but you should really insist of the fact that this only gives OT from weaker assumptions (such as OWF) in a model where the parties are initially given some fixed amount of correlated randomness - in the plain model, the black-box impossibility mentioned by prof. Lindell holds. Also, in alternative models, we could also mention the unconditional constructions of OTs given access to any noisy channel.
            $endgroup$
            – Geoffroy Couteau
            Nov 14 '18 at 23:39











          • $begingroup$
            Yes, that's a good point, I will emphasize that this isn't in the standard model. I really like how this approach is being used by e.g. SPDZ/BDOZ to split things into an expensive (public key) offline phase that's independent of input followed by a cheap (information theoretic) online phase. It's yet anther example of how clever thinking lets one "work around" impossibility results...
            $endgroup$
            – kiwidrew
            Nov 15 '18 at 0:43















          3












          $begingroup$


          Are there any Oblivious Transfer (OT) protocols that don’t rely on
          asymmetrical encryption, public-key encryption or key-exchange?




          Surprisingly, there are indeed OT protocols which don't rely on public-key encryption. In Precomputing Oblivious Transfer, Beaver showed that if Alice and Bob are each given some correlated randomness by a trusted third party Ted, they are able to compute $2 choose 1$OT without requiring any public-key operations.



          In the offline phase, Ted generates a random instance of $2 choose 1$OT:



          1. Ted samples $(r_0, r_1, d) in mathbbF^3$

          2. Ted sends $(r_0, r_1)$ to Alice

          3. Ted sends $(d, r_d)$ to Bob

          Later, in the online phase, Alice has two inputs $(b_0, b_1)$ and Bob has his choice $c$. The players consume the $(r_0, r_1)$ and $(d, r_d)$ as follows:



          1. Bob sends $e = c oplus d$ to Alice

          2. Alice replies with $(x_0, x_1) = (b_0 oplus r_e, b_1 oplus r_bare)$

          3. Bob then outputs $b_c = x_c oplus r_d$

          Note how Ted can play his part in the protocol long before Alice and Bob know their input to the protocol, and his presence is no longer required once he has sent the random OT to Alice and Bob.



          In fact, this protocol is information-theoretic secure because even a computationally unbounded Bob cannot determine Alice's other input $b_barc$, nor can a computationally unbounded Alice learn Bob's choice $c$.



          The construction works because Alice has no information on whether Bob knows $r_0$ or $r_1$, while Bob only knows one of $r_0$ or $r_1$. This asymmetry of knowledge is the assumption that allows us to do OT without resorting to public-key cryptography.



          This technique is now known as the correlated randomness model, which was studied by Ishai et al in On the Power of Correlated Randomness in
          Secure Computation. Beaver's multiplication triples (another type of correlated randomness) now feature prominently in state-of-the-art multiparty computation protocols such as SPDZ and BDOZ. These protocols use homomorphic encryption to simulate Ted during an expensive preprocessing phase, which allows them to use efficient information-theoretic operations during the online phase.






          share|improve this answer









          $endgroup$








          • 1




            $begingroup$
            I guess this sort of complements the previous answer - but you should really insist of the fact that this only gives OT from weaker assumptions (such as OWF) in a model where the parties are initially given some fixed amount of correlated randomness - in the plain model, the black-box impossibility mentioned by prof. Lindell holds. Also, in alternative models, we could also mention the unconditional constructions of OTs given access to any noisy channel.
            $endgroup$
            – Geoffroy Couteau
            Nov 14 '18 at 23:39











          • $begingroup$
            Yes, that's a good point, I will emphasize that this isn't in the standard model. I really like how this approach is being used by e.g. SPDZ/BDOZ to split things into an expensive (public key) offline phase that's independent of input followed by a cheap (information theoretic) online phase. It's yet anther example of how clever thinking lets one "work around" impossibility results...
            $endgroup$
            – kiwidrew
            Nov 15 '18 at 0:43













          3












          3








          3





          $begingroup$


          Are there any Oblivious Transfer (OT) protocols that don’t rely on
          asymmetrical encryption, public-key encryption or key-exchange?




          Surprisingly, there are indeed OT protocols which don't rely on public-key encryption. In Precomputing Oblivious Transfer, Beaver showed that if Alice and Bob are each given some correlated randomness by a trusted third party Ted, they are able to compute $2 choose 1$OT without requiring any public-key operations.



          In the offline phase, Ted generates a random instance of $2 choose 1$OT:



          1. Ted samples $(r_0, r_1, d) in mathbbF^3$

          2. Ted sends $(r_0, r_1)$ to Alice

          3. Ted sends $(d, r_d)$ to Bob

          Later, in the online phase, Alice has two inputs $(b_0, b_1)$ and Bob has his choice $c$. The players consume the $(r_0, r_1)$ and $(d, r_d)$ as follows:



          1. Bob sends $e = c oplus d$ to Alice

          2. Alice replies with $(x_0, x_1) = (b_0 oplus r_e, b_1 oplus r_bare)$

          3. Bob then outputs $b_c = x_c oplus r_d$

          Note how Ted can play his part in the protocol long before Alice and Bob know their input to the protocol, and his presence is no longer required once he has sent the random OT to Alice and Bob.



          In fact, this protocol is information-theoretic secure because even a computationally unbounded Bob cannot determine Alice's other input $b_barc$, nor can a computationally unbounded Alice learn Bob's choice $c$.



          The construction works because Alice has no information on whether Bob knows $r_0$ or $r_1$, while Bob only knows one of $r_0$ or $r_1$. This asymmetry of knowledge is the assumption that allows us to do OT without resorting to public-key cryptography.



          This technique is now known as the correlated randomness model, which was studied by Ishai et al in On the Power of Correlated Randomness in
          Secure Computation. Beaver's multiplication triples (another type of correlated randomness) now feature prominently in state-of-the-art multiparty computation protocols such as SPDZ and BDOZ. These protocols use homomorphic encryption to simulate Ted during an expensive preprocessing phase, which allows them to use efficient information-theoretic operations during the online phase.






          share|improve this answer









          $endgroup$




          Are there any Oblivious Transfer (OT) protocols that don’t rely on
          asymmetrical encryption, public-key encryption or key-exchange?




          Surprisingly, there are indeed OT protocols which don't rely on public-key encryption. In Precomputing Oblivious Transfer, Beaver showed that if Alice and Bob are each given some correlated randomness by a trusted third party Ted, they are able to compute $2 choose 1$OT without requiring any public-key operations.



          In the offline phase, Ted generates a random instance of $2 choose 1$OT:



          1. Ted samples $(r_0, r_1, d) in mathbbF^3$

          2. Ted sends $(r_0, r_1)$ to Alice

          3. Ted sends $(d, r_d)$ to Bob

          Later, in the online phase, Alice has two inputs $(b_0, b_1)$ and Bob has his choice $c$. The players consume the $(r_0, r_1)$ and $(d, r_d)$ as follows:



          1. Bob sends $e = c oplus d$ to Alice

          2. Alice replies with $(x_0, x_1) = (b_0 oplus r_e, b_1 oplus r_bare)$

          3. Bob then outputs $b_c = x_c oplus r_d$

          Note how Ted can play his part in the protocol long before Alice and Bob know their input to the protocol, and his presence is no longer required once he has sent the random OT to Alice and Bob.



          In fact, this protocol is information-theoretic secure because even a computationally unbounded Bob cannot determine Alice's other input $b_barc$, nor can a computationally unbounded Alice learn Bob's choice $c$.



          The construction works because Alice has no information on whether Bob knows $r_0$ or $r_1$, while Bob only knows one of $r_0$ or $r_1$. This asymmetry of knowledge is the assumption that allows us to do OT without resorting to public-key cryptography.



          This technique is now known as the correlated randomness model, which was studied by Ishai et al in On the Power of Correlated Randomness in
          Secure Computation. Beaver's multiplication triples (another type of correlated randomness) now feature prominently in state-of-the-art multiparty computation protocols such as SPDZ and BDOZ. These protocols use homomorphic encryption to simulate Ted during an expensive preprocessing phase, which allows them to use efficient information-theoretic operations during the online phase.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 14 '18 at 9:21









          kiwidrewkiwidrew

          4489




          4489







          • 1




            $begingroup$
            I guess this sort of complements the previous answer - but you should really insist of the fact that this only gives OT from weaker assumptions (such as OWF) in a model where the parties are initially given some fixed amount of correlated randomness - in the plain model, the black-box impossibility mentioned by prof. Lindell holds. Also, in alternative models, we could also mention the unconditional constructions of OTs given access to any noisy channel.
            $endgroup$
            – Geoffroy Couteau
            Nov 14 '18 at 23:39











          • $begingroup$
            Yes, that's a good point, I will emphasize that this isn't in the standard model. I really like how this approach is being used by e.g. SPDZ/BDOZ to split things into an expensive (public key) offline phase that's independent of input followed by a cheap (information theoretic) online phase. It's yet anther example of how clever thinking lets one "work around" impossibility results...
            $endgroup$
            – kiwidrew
            Nov 15 '18 at 0:43












          • 1




            $begingroup$
            I guess this sort of complements the previous answer - but you should really insist of the fact that this only gives OT from weaker assumptions (such as OWF) in a model where the parties are initially given some fixed amount of correlated randomness - in the plain model, the black-box impossibility mentioned by prof. Lindell holds. Also, in alternative models, we could also mention the unconditional constructions of OTs given access to any noisy channel.
            $endgroup$
            – Geoffroy Couteau
            Nov 14 '18 at 23:39











          • $begingroup$
            Yes, that's a good point, I will emphasize that this isn't in the standard model. I really like how this approach is being used by e.g. SPDZ/BDOZ to split things into an expensive (public key) offline phase that's independent of input followed by a cheap (information theoretic) online phase. It's yet anther example of how clever thinking lets one "work around" impossibility results...
            $endgroup$
            – kiwidrew
            Nov 15 '18 at 0:43







          1




          1




          $begingroup$
          I guess this sort of complements the previous answer - but you should really insist of the fact that this only gives OT from weaker assumptions (such as OWF) in a model where the parties are initially given some fixed amount of correlated randomness - in the plain model, the black-box impossibility mentioned by prof. Lindell holds. Also, in alternative models, we could also mention the unconditional constructions of OTs given access to any noisy channel.
          $endgroup$
          – Geoffroy Couteau
          Nov 14 '18 at 23:39





          $begingroup$
          I guess this sort of complements the previous answer - but you should really insist of the fact that this only gives OT from weaker assumptions (such as OWF) in a model where the parties are initially given some fixed amount of correlated randomness - in the plain model, the black-box impossibility mentioned by prof. Lindell holds. Also, in alternative models, we could also mention the unconditional constructions of OTs given access to any noisy channel.
          $endgroup$
          – Geoffroy Couteau
          Nov 14 '18 at 23:39













          $begingroup$
          Yes, that's a good point, I will emphasize that this isn't in the standard model. I really like how this approach is being used by e.g. SPDZ/BDOZ to split things into an expensive (public key) offline phase that's independent of input followed by a cheap (information theoretic) online phase. It's yet anther example of how clever thinking lets one "work around" impossibility results...
          $endgroup$
          – kiwidrew
          Nov 15 '18 at 0:43




          $begingroup$
          Yes, that's a good point, I will emphasize that this isn't in the standard model. I really like how this approach is being used by e.g. SPDZ/BDOZ to split things into an expensive (public key) offline phase that's independent of input followed by a cheap (information theoretic) online phase. It's yet anther example of how clever thinking lets one "work around" impossibility results...
          $endgroup$
          – kiwidrew
          Nov 15 '18 at 0:43

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Cryptography Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63965%2fdo-standalone-oblivious-transfer-ot-protocols-exist%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Top Tejano songwriter Luis Silva dead of heart attack at 64

          政党

          天津地下鉄3号線