More Efficient Oblivious Transfer Extensions

Gilad Asharov; Yehuda Lindell; Thomas Schneider; Michael Zohner

doi:10.1007/s00145-016-9236-6

More Efficient Oblivious Transfer Extensions

Gilad Asharov, Yehuda Lindell, Thomas Schneider, Michael Zohner

Department of Computer Science

Research output: Contribution to journal › Article › peer-review

42 Scopus citations

Abstract

Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT protocols is becoming more evident. OT extensions are protocols that enable a relatively small number of “base-OTs” to be utilized to compute a very large number of OTs at low cost. In the semi-honest setting, Ishai et al. (Advances in cryptology—CRYPTO’03, vol 2729 of LNCS, Springer, 2003) presented an OT extension protocol for which the cost of each OT (beyond the base-OTs) is just a few hash function operations. In the malicious setting, Nielsen et al. (Advances in cryptology—CRYPTO’12, vol 7417 of LNCS, Springer, 2012) presented an efficient OT extension protocol for the setting of malicious adversaries that is secure in a random oracle model. In this work, we improve OT extensions with respect to communication complexity, computation complexity, and scalability in the semi-honest, covert, and malicious model. Furthermore, we show how to modify our maliciously secure OT extension protocol to achieve security with respect to a version of correlation robustness instead of the random oracle. We also provide specific optimizations of OT extensions that are tailored to the use of OT in various secure computation protocols such as Yao’s garbled circuits and the protocol of Goldreich–Micali–Wigderson, which reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations.

Original language	English
Pages (from-to)	805-858
Number of pages	54
Journal	Journal of Cryptology
Volume	30
Issue number	3
Early online date	23 Sep 2016
DOIs	https://doi.org/10.1007/s00145-016-9236-6
State	Published - 1 Jul 2017

Bibliographical note

Publisher Copyright:
© 2016, International Association for Cryptologic Research.

Funding

This work was partially supported by the European Union’s Seventh Framework Program (FP7/2007-2013) Grant Agreement No. 609611 (PRACTICE). The first author was supported by the Israeli Centers of Research Excellence (I-CORE) Program (Center No. 4/11). The second author is supported by the European Research Council under the European Union’s Seventh Framework Programme (FP/2007-2013)/ERC consolidators Grant Agreement No. 615172 (HIPS). The third and fourth authors are supported by the German Federal Ministry of Education and Research (BMBF) within CRISP, by the DFG as part of project E3 within the CRC 1119 CROSSING, and by the Hessian LOEWE excellence initiative within CASED. We would like to thank the anonymous reviewers of the Journal of Cryptology for their valuable comments on our work.

Funders	Funder number
Seventh Framework Programme	609611, FP/2007-2013
European Commission	615172
Deutsche Forschungsgemeinschaft
Bundesministerium für Bildung und Forschung
Israeli Centers for Research Excellence	4/11
Hefei Institutes of Physical Science, Chinese Academy of Sciences

Keywords

Cryptographic protocols
Implementation
Oblivious transfer extension

Access to Document

10.1007/s00145-016-9236-6

Cite this

@article{72c2df9013c9421f9438098b9781d707,

title = "More Efficient Oblivious Transfer Extensions",

abstract = "Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT protocols is becoming more evident. OT extensions are protocols that enable a relatively small number of “base-OTs” to be utilized to compute a very large number of OTs at low cost. In the semi-honest setting, Ishai et al. (Advances in cryptology—CRYPTO{\textquoteright}03, vol 2729 of LNCS, Springer, 2003) presented an OT extension protocol for which the cost of each OT (beyond the base-OTs) is just a few hash function operations. In the malicious setting, Nielsen et al. (Advances in cryptology—CRYPTO{\textquoteright}12, vol 7417 of LNCS, Springer, 2012) presented an efficient OT extension protocol for the setting of malicious adversaries that is secure in a random oracle model. In this work, we improve OT extensions with respect to communication complexity, computation complexity, and scalability in the semi-honest, covert, and malicious model. Furthermore, we show how to modify our maliciously secure OT extension protocol to achieve security with respect to a version of correlation robustness instead of the random oracle. We also provide specific optimizations of OT extensions that are tailored to the use of OT in various secure computation protocols such as Yao{\textquoteright}s garbled circuits and the protocol of Goldreich–Micali–Wigderson, which reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations.",

keywords = "Cryptographic protocols, Implementation, Oblivious transfer extension",

author = "Gilad Asharov and Yehuda Lindell and Thomas Schneider and Michael Zohner",

note = "Publisher Copyright: {\textcopyright} 2016, International Association for Cryptologic Research.",

year = "2017",

month = jul,

day = "1",

doi = "10.1007/s00145-016-9236-6",

language = "אנגלית",

volume = "30",

pages = "805--858",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer New York",

number = "3",

}

TY - JOUR

T1 - More Efficient Oblivious Transfer Extensions

AU - Asharov, Gilad

AU - Lindell, Yehuda

AU - Schneider, Thomas

AU - Zohner, Michael

PY - 2017/7/1

Y1 - 2017/7/1

N2 - Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT protocols is becoming more evident. OT extensions are protocols that enable a relatively small number of “base-OTs” to be utilized to compute a very large number of OTs at low cost. In the semi-honest setting, Ishai et al. (Advances in cryptology—CRYPTO’03, vol 2729 of LNCS, Springer, 2003) presented an OT extension protocol for which the cost of each OT (beyond the base-OTs) is just a few hash function operations. In the malicious setting, Nielsen et al. (Advances in cryptology—CRYPTO’12, vol 7417 of LNCS, Springer, 2012) presented an efficient OT extension protocol for the setting of malicious adversaries that is secure in a random oracle model. In this work, we improve OT extensions with respect to communication complexity, computation complexity, and scalability in the semi-honest, covert, and malicious model. Furthermore, we show how to modify our maliciously secure OT extension protocol to achieve security with respect to a version of correlation robustness instead of the random oracle. We also provide specific optimizations of OT extensions that are tailored to the use of OT in various secure computation protocols such as Yao’s garbled circuits and the protocol of Goldreich–Micali–Wigderson, which reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations.

AB - Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT protocols is becoming more evident. OT extensions are protocols that enable a relatively small number of “base-OTs” to be utilized to compute a very large number of OTs at low cost. In the semi-honest setting, Ishai et al. (Advances in cryptology—CRYPTO’03, vol 2729 of LNCS, Springer, 2003) presented an OT extension protocol for which the cost of each OT (beyond the base-OTs) is just a few hash function operations. In the malicious setting, Nielsen et al. (Advances in cryptology—CRYPTO’12, vol 7417 of LNCS, Springer, 2012) presented an efficient OT extension protocol for the setting of malicious adversaries that is secure in a random oracle model. In this work, we improve OT extensions with respect to communication complexity, computation complexity, and scalability in the semi-honest, covert, and malicious model. Furthermore, we show how to modify our maliciously secure OT extension protocol to achieve security with respect to a version of correlation robustness instead of the random oracle. We also provide specific optimizations of OT extensions that are tailored to the use of OT in various secure computation protocols such as Yao’s garbled circuits and the protocol of Goldreich–Micali–Wigderson, which reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations.

KW - Cryptographic protocols

KW - Implementation

KW - Oblivious transfer extension

UR - http://www.scopus.com/inward/record.url?scp=84988698641&partnerID=8YFLogxK

U2 - 10.1007/s00145-016-9236-6

DO - 10.1007/s00145-016-9236-6

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

SN - 0933-2790

VL - 30

SP - 805

EP - 858

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 3

ER -

More Efficient Oblivious Transfer Extensions

Abstract

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this