Constant-round oblivious transfer in the bounded storage model

We present the first constant-round protocol for Oblivious Transfer in Maurer's bounded storage model. In this model a long random string R is initially transmitted and each of the parties stores only a small portion of R. Even though the portions stored by the honest parties are small security is guaranteed against any malicious party that remembers almost the entire string R (but not all of it). Previous constructions for oblivious transfer in the bounded storage model required polynomially many rounds of interaction. In contrast our protocol uses only five messages. In addition we also improve other parameters such as the number of bits transferred and the probability of immaturely aborting the protocol due to failure. Our techniques utilize explicit constructions from the theory of derandomization. In particular we achieve the constant round complexity of our oblivious transfer protocol by constructing a novel four-message protocol for Interactive Hashing in place of the well-known protocol by Naor et al. (known as the NOVY protocol) which involves many rounds of interaction. Our four-message interactive hashing protocol is constructed by use of t-wise independent permutations and may be of independent interest. For achieving constant-round complexity we also construct a new subset encoding scheme that is dense; namely guarantees that almost every string in the image of the encoding function has a preimage. Other tools we employ include randomness extractors and averaging samplers.