ABSTRACT Oblivious transfer (OT) is an important two‐party cryptographic primitive, and it is a universal building block for secure multiparty computation. In this paper, we for the first time introduce the notion of oblivious transfer for universal function (UFOT), where the sender Alice has two bits (, ) , and the receiver Bob obtains either the first bit , the second bit , or their function . Bob should not learn anything more than this, and Alice should not learn what Bob has learnt. To show the feasibility of this concept, we implement a quantum UFOT protocol based on oblivious quantum key distribution, and then analyze its security. We also show its advantages, such as lower cheating probabilities for two parties, loss tolerance, flexibility, and universality. It paves the way for solving privacy‐preserving machine learning problems.

This paper presents the field of secure multiparty computation and Yao's Garbled Circuits protocol, which represents its basic implementation. It also descibes a secure ways of exchanging private data using the Oblivious Transfer protocols. The presented protocols were evaluated through an interactive graphical editor for the evaluation of logic circuits that adopts the previous concepts.

AdvOT: Oblivious transfer based on generative adversarial networks against multiple attackers

Oblivious transfer is a type of message transfer in which a sender transmits one out of many potential pieces of information to the receiver, but she has no knowledge about the actual piece of information being received by the receiver. Oblivious transfer is a deceptively simple scheme that has many possible applications such as secure multiparty computation, private set intersection, federated learning, zero-knowledge proofs, accessing sensitive data etc. Security of most classical oblivious transfer protocols is based upon the unproven assumptions about the computational complexity of certain number theoretic problems such as integer factorization. So, existing classical protocols for oblivious transfer are only computationally secure and not unconditionally secure. Although many quantum oblivious protocols have been proposed lately, they are not simple and easy to implement. In the present work we propose a quantum oblivious transfer protocol that is efficient, simple and easily implementable with the existing quantum technology.

Motivated by the applications of secure multi-party computation as a privacy-protecting data analysis tool, and identifying oblivious transfer as one of its main practical enablers, we propose a practical realization of randomized quantum oblivious transfer. By using only symmetric cryptography primitives to implement commitments, we construct computationally secure randomized oblivious transfer without the need for public-key cryptography or assumptions imposing limitations on the adversarial devices. We show that the protocol is secure under an indistinguishability-based notion of security and demonstrate an experimental implementation to test its real-world performance. Its security and performance are then compared to both quantum and classical alternatives, showing potential advantages over existing solutions based on the noisy storage model and public-key cryptography.

_ This article, written by JPT Technology Editor Chris Carpenter, contains highlights of paper SPE 219553, “Gas Lift Optimization in the Permian Using Machine Learning and Artificial Intelligence,” by Pooya Movahed, Derek Burmaster, SPE, and Emmanouil Karantinos, ExxonMobil, et al. The paper has not been peer reviewed. _ Gas lift optimization has historically been a time-consuming process. Automated gas lift optimization can add incremental volumes without the need for major expenditure. This paper presents a closed-loop iterative well-by-well gas lift optimization workflow deployed to more than 1,300 operator wells in the Permian Basin. The workflow conducts multirate tests through remote control of gas lift injection-rate set points in combination with automated well‑data acquisition. The optimization workflow has resulted in an average oil production uplift of approximately 2.0%. Methodology The workflow described in this paper is based on a core iterative process composed of the following steps: 1. Multirate-test scheduling 2. Multirate‑test‑data analysis 3. Downhole-pressure-model construction and storage 4. Optimal set-point calculation and delivery This process is repeated for each well on a roughly monthly basis, which allows the process to iterate continuously toward the optimal value while well conditions change. Between cycles, set points are updated based on new production-well-test data. Data are collected and transmitted between sites and a cloud-based computational hub through a communication infrastructure, as are the resulting injection-rate set-point changes. Finally, the downhole-pressure models (detailed in the complete paper) and their associated data are stored in a model inventory, used to train a machine-learning (ML) model to enable optimization of wells that are missing data. Data Collection and Analysis. Meaningful gas lift injection-rate variations are required to create a useful downhole-pressure model. The system creates this data by conducting three-step multirate tests. Three rates are checked to provide the data required to define a quadratic approximation of the gas lift performance curve (GLPC). The default duration for a single step is 15 hours, but the duration is increased to 24 hours for slugging wells. The gas lift rate is changed by 100,000 scf/D from the initial gas lift injection rates to ensure the variations in pressure are significant enough. Smaller changes were attempted but often resulted in downhole pressure changes that were insufficient to produce meaningful models. The complete paper includes subsections devoted to components of this task, including paired multirate testing, multirate test‑data handling and fitting, productivity‑index determination, and workflow quality control and automation. Communication Infrastructure. General Architecture. The system’s communication infrastructure serves twin purposes—receiving telemetry data from the multitude of distributed devices in the field for logic and modeling and sending out the resulting calculated values as set points to the related devices. To achieve this, the system makes use of several existing components—the local Permian controls network, oblivious transfer (OT) protocols, the message-queuing telemetry transport (MQTT) protocol, the supervisory control and data‑acquisition (SCADA) architecture, and near‑real‑time data flow to and from the cloud environment.

Modern distributed computing systems and applications with strict privacy requirements demand robust data confidentiality. A primary challenge involves enabling parties to exchange data or perform joint computations. These interactions must avoid revealing private information about the data. Protocols with the obliviousness property, known as oblivious protocols, address this issue. They ensure that no party learns more than necessary. This survey analyzes the security and performance of post-quantum oblivious protocols, with a focus on oblivious transfer and oblivious pseudorandom functions. The evaluation assesses resilience against malicious adversaries in the Universal Composability framework. Efficiency is quantified through communication and computational overhead. It identifies optimal scenarios for these protocols. This paper also surveys related primitives, such as oblivious signatures and data structures, along with their applications. Key findings highlight the inherent trade-offs between computational cost and communication complexity in post-quantum oblivious constructions. Open challenges and future research directions are outlined. Emphasis is placed on quantum-resistant designs and formal security proofs in stronger adversarial models.

Abstract In this paper, we propose a resource‐efficient all‐or‐nothing oblivious transfer (OT) protocol for unknown single‐qubit unitary operations. To the best of our knowledge, this is the first construction of all‐or‐nothing OT for unknown unitary operations. In contrast to the trivial solution by combining all‐or‐nothing OT for classical messages and bidirectional quantum state teleportation, our protocol is more resource‐efficient, i.e., it only requires the consumption of two shared Bell states, two‐bit classical communication from Alice to Bob and at most one‐bit classical communication from Bob to Alice. In addition, the use of shared Bell states and simple quantum operations makes the proposed protocol feasible with current technology. Theoretical analysis and experimental simulation on IBM Qiskit simulator show the correctness of our protocol. Our results extend the application of OT protocols in privacy‐preserving distributed quantum computing.

Incomplete quantum oblivious transfer with perfect one-sided security

Abstract Oblivious Transfer ( $$\textsf{OT}$$ OT ) is a fundamental cryptographic primitive that becomes a crucial component of a practical secure protocol. $$\textsf{OT}$$ OT is typically implemented in software, and one way to accelerate its running time is by using hardware implementations. However, such implementations are vulnerable to side-channel attacks (SCAs). On the other hand, protecting interactive protocols against SCA is highly challenging due to their longer secrets (which include inputs and randomness), more complex design, and the need to run multiple instances. Consequently, there are no truly practical leakage-resistant $$\textsf{OT}$$ OT protocols yet. In this paper, we introduce two tailored indistinguishability-based security definitions for leakage-resilient $$\textsf{OT}$$ OT , focusing on protecting the sender’s state. Second, we propose a practical semi-honest secure $$\textsf{OT}$$ OT protocol that achieves these security levels while minimizing the assumptions on the protocol’s building blocks and the use of a secret state.

Commitment schemes (CSs) are essential to many cryptographic protocols and schemes with applications that include privacy-preserving computation on data, privacy-preserving authentication, and, in particular, oblivious transfer protocols. For quantum oblivious transfer (qOT) protocols, unconditionally binding commitment schemes that do not rely on hardness assumptions from structured mathematical problems are required. These additional constraints severely limit the choice of commitment schemes to random oracle-based constructions or Naor’s bit commitment scheme. As these protocols commit to individual bits, the use of such commitment schemes comes at a high bandwidth and computational cost. In this work, we investigate improvements to the efficiency of commitment schemes used in qOT protocols and propose an extension of Naor’s commitment scheme requiring the existence of one-way functions (OWFs) to reduce communication complexity for 2-bit strings. Additionally, we provide an interactive string commitment scheme with preprocessing to enable the fast and efficient computation of commitments.

We present unconditionally perfectly secure protocols in the semi-honest setting for several functionalities: (1) private elementwise equality; (2) private bitwise integer comparison; and (3) bit-decomposition. These protocols are built upon a new concept called Shared Oblivious Transfer (Shared OT). Shared OT extends the one-out-of-N String OT by replacing strings with integers modulo M and allowing additive secret-sharing of all inputs and outputs. These extensions can be implemented by simple local computations without incurring additional OT invocations. We believe our Shared OT may be of independent interest. Our protocols demonstrate the best round, communication, and computational complexities compared to all other protocols secure in a similar setting. Moreover, all of our protocols involve either 2 or 3 rounds.

With the rapid development and deployment of machine learning (ML) and big data technologies, which rely heavily on sensitive user data for training and inference, ensuring privacy and data security has become a pressing challenge. Addressing this issue requires methods that safeguard sensitive information while maintaining the correctness of computational results. Secure multi-party computation (MPC), as a representative application of cryptographic techniques, offers a technical solution to this challenge by enabling privacy-preserving computations. It has been widely applied in scenarios such as cloud-based inference and other privacy-sensitive tasks. However, MPC also introduces significant performance overhead, thus limiting its further application. Our analysis reveals that the foundational element of MPC, the oblivious transfer (OT) protocol collectively account for up to 96.64% of the execution time. It is because the OT protocols are constrained by low network band- width and weak compute engines. To address these challenges, we propose POTA, a high-performance pipelined OT hardware acceleration architecture supporting the silent OT protocol. In the POTA design, we develop efficient subsystems targeting the two most compute-intensive parts: the construction of puncturable pseudoran- dom function (PPRF), and large matrix-vector multiplications under the learning parity with noise (LPN) assumption within the silent OT protocol. In addition, to address the performance overhead caused by data transfer between POTA and the host CPU, we design a host-accelerator execution pipeline to hide the considerable transmission latency. Furthermore, we design a modular multiplication module over a finite field to generate the more complex correlations required by MPC protocols. Finally, we implement a POTA prototype on Xilinx VCU129 FPGAs. Experimental results demonstrate that under various network settings, POTA achieves significant speedups, with maximum improvements of 192.57x for basic operations and 597.57x for convolutional neural networks (CNN).

Multivariate basic function secret sharing from oblivious transfer

Abstract In this paper, we consider a secure multi-party shuffling (MPS), in which multiple participants provide private datasets and enable to obtain secret shared values of randomly permuted whole dataset while protecting the privacy of each individual input and the permutation. MPS stands as a foundational tool for the randomized algorithm, with broad utility in a large amount of domains, offering enhancements in privacy while concurrently reducing costs. And its applications encompass machine learning, secure function evaluation, and anonymous communication. Recently, Chase, Ghosh, and Poburinnaya (2020 Secret-shared shuffle. Advances in Cryptology-ASIACRYPT 2020: 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part III 26, pp. 342-372. Springer.) introduced an innovative two-party protocol known as SSS, where participants can effectively produce additive secret shares of a shuffled dataset while preserving the privacy. Indeed, this approach transforms challenge of shuffling a dataset into the task of shuffling pseudorandom values, leading to a significant enhancement in both communication and computation efficiency. We would like to generalize the SSS in Chase, Ghosh, and Poburinnaya (2020 Secret-shared shuffle. Advances in Cryptology-ASIACRYPT 2020: 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part III 26, pp. 342-372. Springer.) to a novel multi-party variant, all while maintaining its efficiency. However, it turns out that this is not straightforward. Specifically, the communication complexity is trivially blown up about $O(m^{3}n\log n)$, where $m$ denotes the number of participants and $n$ denotes the length of message. We further reduce the cost to be linear in the number of participants. Moreover, our novel MPS operates within the preprocessing model, with the security against static semi-honest adversaries. Furthermore, our protocols rely exclusively on the oblivious transfer during the preprocessing phase and symmetric-key primitives in online phase to avoid the comparatively heavy public-key operations associated with previous MPS protocols.

The Chou-Orlandi batch oblivious transfer (OT) protocol is a particularly attractive OT protocol that bridges the gap between practical efficiency and strong security guarantees and is especially notable due to its simplicity. The security analysis provided by Chou and Orlandi bases the security of their protocol on the hardness of the computational Diffie-Hellman (CDH) problem in prime-order groups. Concretely, in groups in which no better-than-generic algorithms are known for the CDH problem, their security analysis yields that an attacker running in time t and issuing q random-oracle queries breaks the security of their protocol with probability at most ϵ ≤ q 2 · t / 2 κ / 2 , where κ is the bit-length of the group's order. This concrete bound, however, is somewhat insufficient for 256-bit groups (e.g., for κ = 256 , it does not provide any guarantee already for t = 2 48 and q = 2 40 ). In this work, we establish a tighter concrete security bound for the Chou-Orlandi protocol. First, we introduce the list square Diffie-Hellman problem and present a tight reduction from the security of the protocol to the hardness of solving the list square Diffie-Hellman problem. That is, we completely shift the task of analyzing the concrete security of the protocol to that of analyzing the concrete hardness of the list square Diffie-Hellman problem. Second, we reduce the hardness of the list square Diffie-Hellman problem to that of the decisional Diffie-Hellman (DDH) problem without incurring a multiplicative loss. Our key observation is that although CDH and DDH have the same assumed concrete hardness, relying on the hardness of DDH enables our reduction to efficiently test the correctness of the solutions it produces. Concretely, in groups in which no better-than-generic algorithms are known for the DDH problem, our analysis yields that an attacker running in time t and issuing q ≤ t random-oracle queries breaks the security of the Chou-Orlandi protocol with probability at most ϵ ≤ t / 2 κ / 2 (i.e., we eliminate the above multiplicative q 2 term). We prove our results within the standard real-vs-ideal framework considering static corruptions by malicious adversaries, and provide a concrete security treatment by accounting for the statistical distance between a real-model execution and an ideal-model execution.

Abstract The machine learning as a service (MLaaS) paradigm has been widely adopted across various applications. However, it also raises significant privacy concerns, particularly regarding the exposure of input data and trained models. Two-party computation in convolutional neural network (CNN) inference has emerged as a promising solution to address these privacy issues in MLaaS. Nevertheless, most existing privacy-preserving CNN architectures rely on computationally expensive encryption methods, resulting in prolonged inference times and increased communication overhead. In this paper, we propose F2PQNN, a fast and secure two-party inference framework for quantized CNNs. To minimize reliance on computationally intensive encryption, F2PQNN utilizes two non-colluding servers and integrates secret sharing with oblivious transfer techniques. Furthermore, F2PQNN incorporates quantization techniques, along with batching and asynchronous computation, to significantly accelerate inference predictions. We evaluate the performance of F2PQNN on the MNIST, Fashion-MNIST, CIFAR-10, and STL-10 datasets. Experimental results demonstrate that F2PQNN outperforms existing solutions, achieving a $9.14\times $ speedup and reducing communication overhead by $59.8\times $ on the MNIST dataset.

A central question in the theory of cryptography is whether we can build protocols that achieve stronger security guarantees, e.g., security against malicious adversaries, by combining building blocks that achieve much weaker security guarantees, e.g., security only against semi-honest adversaries; and with the minimal number of rounds. An additional focus is whether these building blocks can be used only as a black-box. Since Oblivious Transfer (OT) is the necessary and sufficient building block to securely realize any two-party (and multi-party) functionality, theoreticians often focus on proving whether maliciously secure OT can be built from a weaker notion of OT. There is a rich body of literature that provides (black-box) compilers that build malicious OT from OTs that achieve weaker security such as semi-malicious OT and defensibly secure OT, within the minimal number of rounds. However, no round-optimal compiler exists that builds malicious OT from the weakest notion of semi-honest OT, in the plain model. Correlation intractable hash (CIH) functions are special hash functions whose properties allow instantiating the celebrated Fiat-Shamir transform, and hence reduce the round complexity of public-coin proof systems. In this work, we devise the first round-optimal compiler from semi-honest OT to malicious OT, by a novel application of CIH for collapsing rounds in the plain model. We provide the following contributions. First, we provide a new CIH-based round-collapsing construction for general cut-and-choose. This gadget can be used generally to prove the correctness of the evaluation of a function. Then, we use our gadget to build the first round-optimal compiler from semi-honest OT to malicious OT. Our compiler uses the semi-honest OT protocol and the other building blocks in a black-box manner. However, for technical reasons, the underlying CIH construction requires the upper bound of the circuit size of the semi-honest OT protocol used. The need for this upper-bound makes our protocol not fully black-box, hence is incomparable with existing, fully black-box, compilers.

We instantiate the hash-then-evaluate paradigm for pseudorandom functions (PRFs), textsf{PRF}(k,x):=textsf{wPRF}(k,textsf{RO}(x)), which builds a PRF textsf{PRF} from a weak PRF textsf{wPRF} via a public pre-processing random oracle textsf{RO}. In applications to secure multiparty computation (MPC), only the low-complexity textsf{wPRF} performs secret-depending operations. Our construction replaces textsf{RO} by f(k_textsf{H},textsf{elf}(x)), where f is a non-adaptive PRF and the key k_textsf{H} is public and thus known to the distinguishing adversary. We show that, perhaps surprisingly, several existing weak PRF candidates are plausibly also secure when their inputs are generated by f(k_textsf{H},textsf{elf}(.)). Firstly, analogous cryptanalysis applies (because pseudorandomness of f implies good statistical properties) and/or secondly an attack against the weak PRF with such pseudorandom inputs generated by f would imply surprising results such as key agreement from the hardness of the high-noise version of the Learning Parity with Noise (LPN) when implementing both textsf{wPRF} and f from this assumption. Our simple transformation of replacing textsf{RO}(cdot ) public pre-processing by f(k_textsf{H},textsf{elf}(x)) public pre-processing applies to the entire family of PRF-style functions. Specifically, we obtain results for oblivious PRFs, which are a core building block for password-based authenticated key exchange (PAKE) and private set intersection (PSI) protocols, and we also obtain results for pseudorandom correlation functions (PCF), which are a key tool for silent oblivious transfer (OT) extension.

Secure sampling is a secure multiparty computation protocol that allows a receiver to sample random numbers from a specified non-uniform distribution. It is a fundamental tool for privacy-preserving analysis since adding controlled noise is the most basic and frequently used method to achieve differential privacy. The well-known approaches to constructing a two-party secure sampling protocol are transforming uniform random values into non-uniform ones by computations (e.g., logarithm or binary circuits) or table-lookup. However, they require a large computational or communication cost to achieve a strong differential privacy guarantee. This work addresses this problem with our novel lightweight two-party secure sampling protocol. Our protocol consists of random table-lookup from a small table with the 1-out of-n oblivious transfer and only additions. Furthermore, we provide algorithms for making a table to achieve differential privacy. Our method can reduce the communication cost for (1.0, 2^(-40))-differential privacy from 183GB (naive construction) to 7.4MB.