Oblivious Message Retrieval (OMR)

• Oblivious Message Retrieval (OMR) is a cryptographic primitive that allows a receiver to privately retrieve chosen messages from a sender without disclosing the selection.
• It is applied in secure multiparty computation, anonymous communication, and quantum protocols, ensuring rigorous correctness, sender privacy, and receiver privacy.
• OMR leverages diverse constructions—from classical hash-based and physical-layer techniques to quantum-entangled and relativistic systems—to meet stringent security and efficiency requirements.

Oblivious Message Retrieval (OMR) is a cryptographic primitive that generalizes 1-out-of-$n$ oblivious transfer (OT) to diverse settings—including classical, quantum, wireless, and distributed systems—where a sender holds multiple messages and a receiver privately retrieves a subset without revealing their selection, while learning nothing about the other messages. OMR is central to secure multiparty computation, anonymous communication infrastructures, private information retrieval, and quantum information protocols. It is defined by rigorous security properties for both sender and receiver, supports adaptive and high-dimensional message spaces, and is realized through a variety of constructions leveraging computational, information-theoretic, physical-layer, and quantum-relativistic resources.

1. Formal Definitions and Security Properties

Let $S$ ("sender") hold $n$ messages $(m_1,\ldots,m_n)$ from a message set $\mathcal{M}$. The "receiver" $R$ selects an index or set of indices (e.g., $k \in [n]$ for 1-out-of-$n$ OMR). Protocol execution must guarantee:

• Correctness: $R$ obtains $m_k$ except with negligible probability or error rate (statistical or computational, depending on the model) (0904.2023, Hayashi et al., 2022).
• Receiver privacy: $S$ (and any other parties) learn nothing about the choice index $k$ beyond what is unavoidable (0904.2023, Ravi et al., 2015).
• Sender privacy: $R$ cannot learn any information about the non-chosen messages $(m_i)_{i \neq k}$ (0904.2023, Hayashi et al., 2022).
• In information-theoretic settings, these become statements about zero mutual information or negligible trace distance between protocol views for different choices.

In the quantum case, the formalization is extended to retrieval of quantum states and security even against arbitrary quantum attacks, with additional constraints such as no-go theorems and composability in relativistic scenarios (Hayashi et al., 2022, Pitalúa-García, 2019).

2. Classical and Quantum Protocol Constructions

Classical Protocols

Prominent classical protocols achieve OMR using one-way functions, hash-based masking, zero-knowledge proofs, and combinatorial design. Grohmann’s 5-round string-OT (0904.2023) illustrates round-optimal instantiations relying only on finite field arithmetic and standard hash functions, with correctness, receiver privacy (via message indistinguishability), and sender privacy (via combinatorial "challenge" hardness).

For one-out-of-$n$ OMR, extensions generalize the structure by replacing pairs with $n$-tuples and by adjusting masking schemes accordingly. Security reduces to intractability of similarly generalized combinatorial challenges.

Quantum Protocols

Quantum OMR leverages physical and entanglement resources beyond classical cryptography. Two-server quantum OMR (Hayashi et al., 2022) provides perfect security against quantum adversaries retrieving a single quantum message out of a database, using non-communicating servers that share prior entanglement and encode messages in Fourier-like quantum states. The resource requirements include $O(d^2)$ EPR pairs for dimension $d$ messages and $O(d^2)$ quantum downloads.

Quantum-relativistic OMR emerges in spacetime-constrained OT and distributed quantum access with classical memory (DQACM), where spacelike separation is enforced for output points, and security proofs invoke causality to ensure isolation between parties (Pitalúa-García, 2019).

Physical-Layer and Information-Theoretic Protocols

OMR in communication channels exploits properties of the physical medium. Wireless OMR protocols use slow-fading OFDM/MIMO channels, with the receiver leveraging knowledge of channel state unavailable to the sender to hide indices (e.g., via pairing singular values and Gaussian wiretap coding at the physical layer) (Ravi et al., 2015).

Information-theoretic blind-box protocols (random symmetric PIR, or RSPIR) (Wang et al., 2022) model OMR where the user has no input (random retrieval), and messages are retrieved from two or more non-colluding servers with capacity-optimal schemes.

3. System Architectures and Real-World Deployment

OMR is foundational in the design of privacy-preserving anonymous communication systems and retrieval protocols.

Mix Network–Based Anonymous Communication

Anonymization by Oblivious Transfer (AOT) (Javani et al., 2021) integrates OMR as a message delivery mechanism within a three-tier mix-net architecture. Tags are negotiated using shared secrets and key-derivation functions; messages and their tags are propagated through mixing, dummy injections, and finally posted on public bulletin boards. Receivers anonymously retrieve messages using 1-out-of-$n$ OT where real and dummy requests are indistinguishable, providing robustness even when all nodes are compromised.

Encrypted Bulletin Boards and Homomorphic Detection

For large public bulletin boards, OMR protocols outsource encrypted matching computation to untrusted servers via homomorphic encryption. Homomorphic matrix–vector multiplication is the computational bottleneck of detection, now accelerated by FPGA-based circuits (e.g., SophOMR's architecture), achieving over 13$\times$ speedup (Bosworth et al., 12 Dec 2025).

Performance and Scalability

Empirical results show that OT-based OMR can achieve high throughput using OT extension and parallel computation, with practical anonymity limited primarily by mixing depth and buffer storage rather than the cryptographic subroutine (Javani et al., 2021, Bosworth et al., 12 Dec 2025).

4. Specialized Models and Extensions

Wireless and Physical-Layer OMR

Over wireless fading channels, OMR achieves secrecy by exploiting the asymmetry in channel state information. An optimal pairing between the strongest and weakest parallel channels maximizes the oblivious transfer rate, with achievable OT capacity characterized through water-filling-like power allocations and high-SNR asymptotics (Ravi et al., 2015). Generalizations include $k$-out-of-$n$ retrieval using multi-message wiretap coding.

Random and Blind Retrieval Models

RSPIR (Wang et al., 2022) formalizes random OMR, where the user does not select their message. For $K=2,3,4$ messages and two servers, information-theoretic capacity has been exactly determined ($1/2$ for $K=2$, $1/3$ for $K=3,4$), and rate-optimal explicit constructions exist. The setting is the digital analogue of blind boxes and can be applied to contract signing, e-voting, and digital gachapon.

Spacetime and Relativistic OMR

Spacetime-constrained OMR protocols (Pitalúa-García, 2019) enforce that outputs (the message retrievals) must be spacelike separated, ruling out superluminal coordination by cheating parties. The security model links no-go theorems for unconditional classical OMR to causal separation in Minkowski space, with formal reductions to DQACM as a subroutine. Generalizations to $k$-out-of-$m$ are proposed, with open challenges in tight security analysis for adaptive or colluding parties.

5. Applications and Open Problems

Applications

• Anonymous communication and metadata privacy: Used as the core for unlikable messaging in mix-networks and asynchronous communication systems (Javani et al., 2021).
• Private information retrieval and secure outsourcing: Homomorphic OMR enables privacy-preserving search on encrypted data delegated to a cloud server (Bosworth et al., 12 Dec 2025).
• Quantum cryptography and delegated computation: Subroutine for blind or verifiable delegated quantum computation, secure key distribution, and privately querying quantum-encoded databases (Hayashi et al., 2022, Pitalúa-García, 2019).
• Digital blind boxes/gachapon and e-commerce: Application to random item dispensing and contract signing with information-theoretic guarantees (Wang et al., 2022).

Open Problems

• Communication and entanglement costs: Minimizing quantum downloads and prior entanglement in multi-server quantum OMR (Hayashi et al., 2022).
• Scalability of dummy traffic and resource usage: For large authentication or mix systems, balancing anonymity, delay, and storage at scale (Javani et al., 2021).
• Capacity for $K\geq5$ messages in random OMR: The exact information-theoretic capacity for $K\geq5$ in RSPIR remains unresolved (Wang et al., 2022).
• Collusion resistance and adaptive security: Extending OMR to more servers and to models with adaptive or colluding adversaries.

6. Protocol Comparison Table

The table summarizes OMR instantiations and their salient resource or security properties.

Protocol/Class	Security Model	Core Resources / Bottlenecks
5-round string OT (0904.2023)	Computational (classical)	Hash functions, group ops, $O(n^2)$ comm.
Two-server quantum OMR (Hayashi et al., 2022)	Information-theoretic (quantum, 2 servers)	$O(d^2)$ ebits, $O(d^2)$ download qudits
Wireless OMR (Ravi et al., 2015)	Information-theoretic (phys. layer)	Channel state + side channel (CSIR), Gaussian codes
AOT/O-MR in ACS (Javani et al., 2021)	OT-based, adversarial mix	OT extension, batching, mix-nets, dummies
Homomorphic MatMul OMR (Bosworth et al., 12 Dec 2025)	HE-based delegation	Homomorphic encryption, FPGA acceleration
Spacetime/DQACM OMR (Pitalúa-García, 2019)	Physical (relativistic)	Spacelike separation, quantum memory, basis encodings
RSPIR ("blind box") (Wang et al., 2022)	Information-theoretic, $N=2$	Shared randomness, explicit answer sets

Each protocol’s suitability depends on the adversary model (computational vs. information-theoretic), setting (classical, quantum, or physical-layer), and resource trade-offs.

7. Connections, Limitations, and Ongoing Research

OMR unifies several cryptographic and information-theoretic paradigms, from PIR/SPIR through standard and quantum OT, to physical-layer and relativistic constraints. In certain settings, unconditional OMR is impossible without additional resources (e.g., quantum entanglement, spacelike separation, or trusted servers). Achieving practical efficiency (in computation, communication, or quantum resources) while retaining security guarantees remains an open and active area of research. Notable directions include minimizing quantum entanglement overhead, scalable dummy-traffic management for high-load anonymous systems, strengthening collusion resistance, and connecting OMR capacity to combinatorial and information-theoretic bounds (Hayashi et al., 2022, Wang et al., 2022, Pitalúa-García, 2019, Bosworth et al., 12 Dec 2025).