Susceptible Two-Party Quantum Computations

In secure two-party function evaluation Alice holding initially a secret input x and Bob having a secret input y communicate to determine a prescribed function f(x, y) in such a way that after the computation Bob learns f(x, y) but nothing more about x other than he could deduce from y and f(x, y) alone, and Alice learns nothing. Unconditionally secure function evaluation is known to be essentially impossible even in the quantum world. In this paper we introduce a new, weakened, model for security in two-party quantum computations. In our model – we call it susceptible function computation – if one party learns something about the input of the other one with advantage ε then the probability that the correct value f(x, y) is computed, when the protocol completes, is at most 1 − δ(ε), for some function δ of ε. Thus, this model allows to measure the trade-off between the advantage of a dishonest party and the error induced by its attack. Furthermore, we present a protocol for computing the one-out-of-two oblivious transfer function that achieves a quadratic trade-off i.e. δ = Ω(ε).