現今大部分的密碼系統之安全性是植基於一些計算上困難的數學問題上，如解因數分解問題與解離散對數問題等等，然而，一般相信利用量子電腦可有效率地破解這些難題，因此結合量子物理特性與密碼學技術來發展無條件安全的量子協定去對抗量子電腦與傳統電腦是有其必要性的。

模糊傳送是密碼協定中常被使用的一個重要的模型，並且應用於許多領域中，已經有許多文獻發表各式各樣的模糊傳送，為了對抗量子電腦所帶來的威脅，量子模糊傳送也被提出。

本論文中提出了數個2選1量子模糊傳送協定與n選1量子模糊傳送協定，這些協定擁有以下的優點，(1)不用特別的假設條件與量子儲存設備協助，(2)完成整個協定僅需一次量子傳輸與少量的傳統傳輸，因此這些協定是非常有效率的。

另外，我們設計了安全模型，並且利用它們證明本論文中所提出之協定是符合量子模糊傳送安全需求的。此外，可由比較表中本論文所提出的協定與現有的協定之各項比較得知這些協定的效率。

In most of classic cryptosystems today, the security is based on the computational difficulty of certain number theoretic problems, e.g., solving the discrete logarithm problem and factoring large numbers. However, most people believe that these number theoretic problems can be efficiently solved by quantum computers. Therefore, it is significant to combine the properties of quantum physics with classical cryptography to propose unconditional secure quantum protocols against classical or quantum computers.

The oblivious transfer is used as an important primitive in many cryptographic protocols and is widely adopted in many applications. Many variants of the oblivious transfer protocols had been proposed in the literature. To resist the threat of quantum computers, quantum oblivious transfer was proposed.

This thesis proposed several one-out-of-two quantum oblivious protocols and one-out-of-n quantum oblivious protocols. The newly proposed protocol possesses the following advantages: (1) no special assumptions and quantum memory are required; and (2) only one quantum transmission and few classical communications during the whole protocol execution; Therefore, the proposed protocols are very efficient.

In addition, we design the security models, and then use them to show that the proposed protocols satisfy the security requirements of the quantum oblivious transfer. Besides, the efficiency of these proposals can be known from the comparison tables which compare our protocols with existing quantum oblivious protocols.

[1] D. Aharonov, A. Ta-Shma, and U. V. Vazirani, “Quantum bit escrow“, arXiv:quant-ph/0004017 v1 4 Apr 2000.
[2] M. Blum, “Three Application of Oblivious Transfer: Part I: Coin flipping by telephone; Part II: How to exchange secrets; Part III: How to send certified electronic mail”, Dept. EECS, University of California, Berkeley, Calif., 1981.
[3] C. H. Bennett, “Quantum cryptography using any two nonorthogonal states”, Phys. Rev. Lett. 68, No. 21, 1992.
[4] C. H. Bennett and G. Brassard, “Quantum Cryptography: Public key distribution and coin tossing”, In Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, pp. 175-179, Nov. 1984.
[5] C. H. Bennett, G. Brassard, C. Crépeau, R. Jozsa, A. Peres, and W. K. Wotters “Teleporting an unknown quantum state via dual classical and Einstein-Podolsky-Rosen channels”, Phys. Rev. Lett. 70, 1993.
[6] C. H. Bennett, G. Brassard, C. Crépeau, and M. Skubiszewska “Practical quantum oblivious transfer”, In Advances in Cryptology-CRYPTO 91,Vol. 576, pp. 351-366, Springer-Verlag, 1991.
[7] G. Brassard, C. Crépeau, R. Jozsa, and D. Langlois, “A quantum bit commitment scheme provably unbreakable by bothparties”, Proceedings 34th Annual Symposium on Foundations of ComputerScience, pp. 362-371, 1993.
[8] I. F. Blake and V. Kolesnikov, “Strong conditional oblivious transfer and computing on intervals”, In Proceedings of Advances in Cryptology- ASIACRYPT 04, Vol. 3329 of LNCS, pp. 515-529. Springer-Verlag, 2004.
[9] M. Bellare and S. Micali, “Non-Interactive Oblivious Transfer and Applications”, CRYPTO 89, pp. 547-557.
[10] C. Crépeau, “Quantum Oblivious Transfer”, Journal of Modern Optics, Vol. 41, No. 12, pp.2445-2454, 1994.
[11] C. Crépeau, P. Dumais, D. Mayers, and L. Salvail, “Computational collapse of quantum state with application to oblivious transfer”, In Moni Naor, editor, TCC, Vol. 2951 of Lecture Notes in Computer Science, pp.374-393, Springer, 2004.
[12] C. Crépeau and J. Kilian, “Achieving oblivious transfer using weakened security assumptions(extended abstract)”, In Proceeding of the 29th Symp. on Found. of Computer Sci., pp.42-52, IEEE Press, 1988.
[13] C. Crépeau, F. Legare, and L. Salvail, “How to convert the flavor of a quantum bit commitment”, In Advance in Cryptology-EUROCRYPT 01: Proceedings, LNCS, Vol. 2045, Springer-Verlag, 2001, pp. 60-77.
[14] C. Chu and W. Tzeng, “Efficient k-out-of-n Oblivious Transfer Scheme with Adaptive and Non-Adaptive Queries”, Proceeding of Public-Key Cryptography, Springer-Verlag, pp.169-181, 2005.
[15] Z. Chen and H. Zhu, “Quantum m-out-of-n oblivious transfer”, In Proceedings of the Nineth IEEE International Symposium on Computers and Communication, pp.375-380, IEEE Press, 2004.
[16] W. Diffie and M. E. Hellman, “New Directions in Cryptography”, IEEE Transaction on Information Theory, Vol.IT-22, No. 6, pp. 664-654, Nov. 1976.
[17] P. Dumais, D. Mayers, and L. Salvail, “Perfectly concealing quantum bit commitment from any quantum one-way permutation” In Advances in Cryptology-EUROCRYPT 00: Proceedings, LNCS, Vol. 1807, Springer-Verlag, 2000, pp.300-315.
[18] A. K. Ekert, “Quantum cryptography based on Bell’s theorem”, Phys. Rev. Lett. 67, 661, 1991.
[19] S. Even, O. Goldreich, and A. Lempel, “Randomized Protocol for Signing Contracts”, CACM, Vol. 28, pp. 637-647, 1985.
[20] M. Hillery, V. Buzek, and A. Berthiaume, “Quantum secret sharing”, Phys. Rev. A 59, 1999.
[21] G. P. He and Z. D. Wang, “Oblivious transfer using quantum entanglement”, Phys. Rev. A 73, 012331 2006.
[22] T. Hirano, H. Yamanaka, M. Ashikaga, T. Konishi, and R. Namiki, “Quantum cryptography using pulsed homodyne detection”, Phys. Rev. A 68, 042331 2003.
[23] K. Kurosawa and Q. V. Duong, “How to Design Efficient Multiple-Use 1-out-n Oblivious Transfer”, IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences Vol.E87-A No.1 pp.141-146, 2004
[24] A. Kawachi, K. Takeshi, and H. Nishimura, “Computational indistinguishability between quantum states and its cryptographic application”, Proceedings of EUROCRYPT 2005, LNCS 3494, Springer, 2005, pp. 268-284.
[25] H. Lo and H. F. Chau, “Is quantum bit commitment really possible”, Phys. Rev. Lett., 78:3410-3413, 1997.
[26] H. Lo and H. F. Chau, “Why quantum bit commitment and ideal quantum coin tossing are impossible”, Physica D, 120, 177-187, 1998.
[27] X. Lu, Z. Ma, and D. Feng, “A computationally secure quantum oblivious transfer scheme”, ICACT2006, 20-22, 2006
[28] D. Mayers, “Unconditionally secure quantum bit commitment is impossible”, Phys. Rev. Lett., 78:3414-3417, 1997.
[29] Y. Mu, J. Zhang, V. Varadharajan, and Y. Lin, “Robust Non-Interactive Oblivious Transfer”, IEEE Communications Letters, Vol. 7, No. 4, 2003.
[30] R. Namiki and T. Hirano, “Security of quantum cryptography using balanced homodyne detection “, Phys. Rev. A 67, 022308 2003.
[31] R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection“, Phys. Rev. A 74, 032302, 2006.
[32] R. Namiki, Y. Kawamoto, and T. Hirano, “Efficient phase-encoding schemes for quantum cryptography using balanced homodyne detection and postselection“, International Quantum Electronics Conference, pp.1610-1611, 2005.
[33] M. Naor and B. Pinkas, “Efficient oblivious transfer protocols“, SODA, pp. 448-457. ACM/SIAM, 2001.
[34] M. Rabin, “How to Exchange Secrets by Oblivious Transfer”, Harvard Center for Research in Computer Technology, Cambridge, Mass., 1981.
[35] P. Shor, “Algoritm for Quantum Computation: Discrete Logarithms and Factoring”, Proceedings of the 35th Annual Stmposium on Foundation of Computer Science, pp. 124-134, 1994.
[36] P. Shor, “Polynomial-time Algorithm for Prime Factorization and Discrete Logarithms on a Quantum Computer”, SIAM Journal on Computing, Vol. 26(5), pp. 1484-1509, 1997.
[37] S. Wiesner, “Conjugate coding”, ACM SIGACT News, 15(1):78-88, Winter-Spring 1997.
[38] A. Yao, “Security of quantum protocols coherent measurements”, STOC 95, pp. 67-75, 1995.