More Efficient Oblivious Transfer Extensions

Gilad Asharov, Yehuda Lindell, Thomas Schneider, Michael Zohner

Research output: Contribution to journalArticlepeer-review

38 Scopus citations


Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT protocols is becoming more evident. OT extensions are protocols that enable a relatively small number of “base-OTs” to be utilized to compute a very large number of OTs at low cost. In the semi-honest setting, Ishai et al. (Advances in cryptology—CRYPTO’03, vol 2729 of LNCS, Springer, 2003) presented an OT extension protocol for which the cost of each OT (beyond the base-OTs) is just a few hash function operations. In the malicious setting, Nielsen et al. (Advances in cryptology—CRYPTO’12, vol 7417 of LNCS, Springer, 2012) presented an efficient OT extension protocol for the setting of malicious adversaries that is secure in a random oracle model. In this work, we improve OT extensions with respect to communication complexity, computation complexity, and scalability in the semi-honest, covert, and malicious model. Furthermore, we show how to modify our maliciously secure OT extension protocol to achieve security with respect to a version of correlation robustness instead of the random oracle. We also provide specific optimizations of OT extensions that are tailored to the use of OT in various secure computation protocols such as Yao’s garbled circuits and the protocol of Goldreich–Micali–Wigderson, which reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations.

Original languageEnglish
Pages (from-to)805-858
Number of pages54
JournalJournal of Cryptology
Issue number3
Early online date23 Sep 2016
StatePublished - 1 Jul 2017

Bibliographical note

Publisher Copyright:
© 2016, International Association for Cryptologic Research.


  • Cryptographic protocols
  • Implementation
  • Oblivious transfer extension


Dive into the research topics of 'More Efficient Oblivious Transfer Extensions'. Together they form a unique fingerprint.

Cite this