Abstract
Oblivious transfer (OT) is a cryptographic primitive originally used to transfer a collection of messages from the sender to the receiver in an oblivious manner. OT extension protocol reduces expensive asymmetric operations by running a small number of OT instances first and then cheap symmetric operations. While most earlier works discussed security model or communication and computation complexity of OT in general case, we focus on concrete application scenarios, especially where the sender in the OT protocol is a database with less computation and limited interaction capability. In this paper, we propose a generic outsourced OT extension protocol ( O Tex ) that outsources all the asymmetric operations of the sender to a semihonest server so as to adapt to specific scenarios above. We give O Tex a standard security definition, and the proposed protocol is proven secure in the semihonest model. In O Tex , the sender works on the fly and performs only symmetric operations locally. Whatever the number of rounds OT to be executed and the length of messages in OT to be sent, our protocol realizes optimal complexity. Besides, O Tex can be used to construct high-level protocols, such as private membership test (PMT) and private set intersection (PSI). We believe our O Tex construction may be a building block in other applications as well.
Highlights
Oblivious transfer (OT) is one of the most important primitives in secure computation
Many privacy-preserving protocols, such as private membership test (PMT) and private set intersection (PSI), rely heavily on huge number of OT instances for secure computation to get the trade-off between computation and communication. e most efficient way to produce many OT instances is through OT extension protocol [4, 5]
(iii) Our OT extension protocol (OTex) construction can be applied to improve the efficiency of OT-based privacy-preserving primitives in server-aided setting, such as oblivious pseudorandom function, and high-level protocols, such as PMT and PSI, which is of independent interest
Summary
Oblivious transfer (OT) is one of the most important primitives in secure computation. Far too little attention has been paid to investigate sender side of OT adapting to specific scenarios To this end, we propose a generic outsourced oblivious transfer extension protocol (OTex) in the semihonest model. The sender S works on the fly and sends its inputs encrypted by symmetric key generated from OTex to the receiver R, and it enables two parties to complete the whole OT extension protocol. Lindell et al [11] studied input-size hiding two-party computation based on fully homomorphic encryption (FHE) and proposed a secure OT extension protocol to reduce the communication cost of both the sender and receiver. (iii) Our OTex construction can be applied to improve the efficiency of OT-based privacy-preserving primitives in server-aided setting, such as oblivious pseudorandom function, and high-level protocols, such as PMT and PSI, which is of independent interest
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
