Back to Security Pattern Catalog

Oblivious Transfer

Classification Key : Exterior Security, Information Disclosure


Messaging is amenable to anonymity because if a message sender or a recipient hides its identity and does not reveal any traits in the message, he or she can remain hidden. For transactions that require users to share identifying attributes between them, it is much harder to remain private. Suppose, Alice and Bob are two millionaires who want to find out who is richer without revealing the precise amount of their wealth.
How can a user involve in a zero-knowledge communication?


Adopt an oblivious transfer protocol, in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred.

Known Uses

In 1-out-of-2 oblivious transfer, one party, the sender, has input composed of two strings (M0,M1), and the input of a second party, the chooser, is a bit a. The chooser should learn Ma and nothing regarding M(!a) while the sender should gain no information about a.
Similarly, in private information retrieval, a database (sender) transmits some of its items to a user (chooser), in a manner that preserves mutual privacy. The database has assurance that the user does not learn any information beyond what he or she is entitled to. The user has assurance that the the database is oblivious or unaware of which particular information is consumed by the user.


Hafiz Privacy Patterns


Anonymity, Privacy


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz