Three-Party Oblivious Transfer Protocol

• Three-Party Oblivious Transfer (TriOT) is a cryptographic protocol that extends classical oblivious transfer to enable secure and private digital asset delivery among three distinct parties.
• It employs a two-phase hybrid approach—combining quantum key distribution with classical commitment and testing—to establish oblivious keys and verify protocol compliance.
• The protocol underpins privacy-preserving asset management in digital currencies and tokens, offering high efficiency, post-quantum security, and robust distributed ledger integration.

Three-Party Oblivious Transfer (TriOT) is a cryptographic protocol that generalizes the classical oblivious transfer (OT) primitive to a setting involving three distinct, interacting parties. In the TriOT framework, secure and private transfer of digital assets or messages is realized such that a sender (often denoted Alice) can simultaneously deliver distinct inputs to two receivers (Bob and Charlie), while remaining oblivious to which specific parts of her input each receiver accesses. Crucially, TriOT preserves privacy, integrity, and unlinkability—properties that are further bolstered when hybridized with quantum and classical cryptographic techniques and when managed within a compliant, verifiable electronic ledger infrastructure. This article surveys the principal architectures, operational steps, and security considerations of TriOT protocols, based strictly on the methodologies developed by Goodell, Toliver, Nakib, and collaborators (Lemus et al., 2019, Goodell, 9 Jan 2025).

1. Structural Foundations and Historical Evolution

TriOT derives from the foundational oblivious transfer primitive, which is sufficient for implementing general secure multiparty computation (SMC). Classical OT protocols face efficiency and security limitations, especially in the presence of quantum attacks; thus, hybrid approaches incorporating quantum information (notably, qubits in conjugate bases) have been developed (Lemus et al., 2019). More recent protocols add compliant asset management and distributed ledger technology to the paradigm, introducing strong privacy and integrity guarantees for electronic asset transfers (Goodell, 9 Jan 2025). In TriOT, extension from two to three parties naturally divides security roles among sender, receivers, and an independent integrity provider.

2. Oblivious Key Distribution via Quantum-Classical Hybridization

Central to high-performance TriOT is the generation and distribution of an "oblivious key" pair. The hybrid protocol proceeds in two phases:

1. Quantum Phase: The sender prepares a sequence of qubits—indexed by $i$—randomly encoded in the computational and Hadamard bases mapped as:
   • $|(0,0)\rangle = |0\rangle$
   • $|(0,1)\rangle = |+\rangle$
   • $|(1,0)\rangle = |1\rangle$
   • $|(1,1)\rangle = |-\rangle$ Each receiver (Bob or Charlie) selects a measurement basis for each qubit, records outcomes, and commits to their basis choices and results using a classical hash function.
2. Classical Commitment and Testing: Receivers commit using a hash function $H$ and a universal hash $f$ such that $y = H(r)$ and $f(r)$ encodes their committed message. A random test subset $T \subseteq \{1, \ldots, n + m\}$ is used to verify protocol compliance—Alice requests openings and verifies, for $j \in T$, that outcomes coincide with her preparations when basis choices are consistent.

After passing the test, the remaining indices are partitioned to form the oblivious key pair: Alice holds the entire string $k$, while each receiver only recovers bits at positions where measurement basis coincides with preparation basis (i.e., for $x_i = 0$, with $x_i = a_i \oplus \tilde{a}_i$). This process ameliorates vulnerabilities inherent in classical OT and enables high-speed operation.

3. Oblivious Transfer, Key-Indexed Encryption, and Tri-Party Message Delivery

In the TriOT protocol, the sender (Alice) produces distinct key shares for Bob and Charlie via parallel (or sequentially orchestrated) quantum channels. During the transfer phase, Alice desires to send message bits $m_B$ and $m_C$ respectively, in such a way that:

• Bob can reconstruct only $m_B$
• Charlie can reconstruct only $m_C$
• Neither can learn about the other's message
• Alice remains ignorant of which key bits each receiver has

This is accomplished by encrypting message bits using indexed key partitions:

$$e_i = m_i \oplus \bigoplus_{j \in I_{c \oplus i}} k_j$$

where $I_0$ and $I_1$ are receiver-specific partitions from the committed basis choices. Only the receiver who measured in the correct basis (and passed commitment verification) can decrypt the intended message block; mismatched indices remain statistically indistinguishable.

4. Asset Management, Unlinkability, and Oblivious Ledgers

TriOT-based digital asset protocols integrate mechanisms to unlink transaction counterparties, record oblivious transactions, and prevent service provider equivocation (Goodell, 9 Jan 2025). Each asset update is abstracted as an update vector:

• $F_0 = (u_0, GL_i, k_1)$ for asset creation, signed as $A_0 = (F_0, s(h(F_0), k_0))$
• $F_j = (u_j, GL_i, k_{j+1})$ for updates, signed and concatenated to asset history

All updates are recorded in a Merkle trie structure, whose roots $GL_0, GL_1, \ldots, GL_i$ provide efficient proofs of inclusion/exclusion (complexity $O(\log n)$). Blinding functions $b$ are used when privacy-preserving, with $b^{-1}(s(b(d),k)) = s(d,k)$ ensuring hidden linkage between creations and transfers.

Periodically, each integrity provider commits roots to a distributed ledger (DLT), with the combined root:

$$G^D_t = h((KL_1 \| GL_{1, t}), \ldots, (KL_n \| GL_{n, t}))$$

Stacked proofs from integrity provider to DLT guarantee non-equivocation—a ledger operator cannot secretly create conflicting asset histories.

5. Security Model and Performance Properties

TriOT protocols implementing quantum-classical hybrid key distribution and asset updates realize notable enhancements:

• Efficiency: Quantum key generation and measurement are rapid, with protocol complexity linear in key length (contrasted with classical schemes—e.g., $O(n^{2.58})$ for some group operations).
• Post-quantum Security: All cryptographic security is grounded in the uncertainty introduced by conjugate basis measurement and the collision resistance of classical hash functions. Commitment schemes using efficient hash functions (with linear runtime) are robust against quantum adversaries, provided suitable function choices.
• Unlinkability and Privacy: Management of one-time keys and blinded updates ensures transactions and asset transfers cannot be traced or linked, even under adversarial conditions.
• Non-equivocation: Layered commitments (from asset update verifications up to DLT roots) prevent ledger operators from equivocation.

A plausible implication is that TriOT protocols provide a modular, precomputable basis for SMC scenarios—key sharing among parties can precede computation, reducing online quantum resource requirements substantially.

6. Applications, Limitations, and Future Prospects

TriOT is apt for digital currencies, privacy-preserving tokens, and compliant asset transfers where anonymity, self-custody, and operational integrity are paramount. In regulated settings, the protocol enables transactions that reconcile user anonymity with compliance. The strict role partition—sender, recipient, integrity provider—offers additional security dimensions and auditability.

However, scaling challenges arise due to the need for fresh one-time keys and inclusion proofs per transaction. Computational overhead is proportional to the rate of transactions and Merkle trie efficiency. Security depends not only on individual cryptographic primitives but also on the integrity assumptions and consensus quality of the underlying DLT and its operators. Integration with external financial systems may warrant additional measures to balance transparency and privacy.

In summary, TriOT protocols, grounded in quantum-classical hybridization and compliant ledger architectures, establish high-speed, privacy-respecting, and non-equivocating workflows for secure digital transactions—prefiguring asset management paradigms in post-quantum cryptographic environments.