The Simplest Protocol for Oblivious Transfer | SpringerLink
Skip to main content
Springer Nature Link
Log in

The Simplest Protocol for Oblivious Transfer

  • Conference paper
  • First Online:
Progress in Cryptology -- LATINCRYPT 2015 (LATINCRYPT 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9230))

Abstract

Oblivious Transfer (OT) is the fundamental building block of cryptographic protocols. In this paper we describe the simplest and most efficient protocol for 1-out-of-n OT to date, which is obtained by tweaking the Diffie-Hellman key-exchange protocol. The protocol achieves UC-security against active and adaptive corruptions in the random oracle model. Due to its simplicity, the protocol is extremely efficient and it allows to perform m 1-out-of-n OTs using only:

  • Computation: \((n+1)m+2\) exponentiations (mn for the receiver, \(mn+2\) for the sender) and

  • Communication: \(32(m+1)\) bytes (for the group elements), and 2mn ciphertexts.

We also report on an implementation of the protocol using elliptic curves, and on a number of mechanisms we employ to ensure that our software is secure against active attacks too. Experimental results show that our protocol (thanks to both algorithmic and implementation optimizations) is at least one order of magnitude faster than previous work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    I.e., UC security [Can01], which is impossible to achieve without some kind of trusted setup assumptions [CF01].

  2. 2.

    Standard hash functions do not take group elements as inputs, and in later sections we will give explicit encodings of group elements into bitstrings.

  3. 3.

    This subsection assumes that the reader is familiar with standard security definitions and proofs for two-party computation protocols such as those presented in [HL10].

  4. 4.

    The main goal of this argument is to show that a corrupted sender knows the message vectors.

  5. 5.

    The main goal of this argument is to show that a corrupted receiver knows the choice value.

  6. 6.

    We stress that non-deterministic in this context does not mean that the encoding involves any randomness.

References

  1. Abdalla, M., Bellare, M., Neven, G.: Robust encryption. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 480–497. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  2. Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, pp. 535–548. ACM (2013)

    Google Scholar 

  3. Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer extensions with security for malicious adversaries. Cryptology ePrint Archive, Report 2015/061 (2015). http://eprint.iacr.org/

  4. Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted edwards curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak sponge function family main document. Submission to NIST (Round 2), pp. 3–30 (2009)

    Google Scholar 

  8. Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, 22–24 May 1996, Philadelphia, Pennsylvania, USA, pp. 479–488 (1996)

    Google Scholar 

  9. Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Bernstein, D.J., Lange, T.: Safecurves: choosing safe curves for elliptic-curve cryptography. http://safecurves.cr.yp.to. Accessed on 1 December 2014

  11. Bernstein, D.J., Lange, T.: eBACS: ecrypt benchmarking of cryptographic systems. http://bench.cr.yp.to. Accessed on 16 March 2015

  12. Burra, S.S., Larraia, E., Nielsen, J.B., Nordholt, P.S., Orlandi, C., Orsini, E., Scholl, P., Smart, N.P.: High performance multi-party computation for binary circuits based on oblivious transfer. Cryptology ePrint Archive, Report 2015/472 (2015). http://eprint.iacr.org/

  13. Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, Heidelberg (1990)

    Google Scholar 

  14. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14–17 October 2001, Las Vegas, Nevada, USA, pp. 136–145 (2001)

    Google Scholar 

  15. Canetti, R., Fischlin, M.: Universally composable commitments. IACR Cryptology ePrint Archive, 2001:55 (2001)

    Google Scholar 

  16. Damgård, I., Nielsen, J.B., Orlandi, C.: Essentially optimal universally composable oblivious transfer. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 318–335. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)

    Article  MathSciNet  Google Scholar 

  18. Farshim, P., Libert, B., Paterson, K.G., Quaglia, E.A.: Robust encryption, revisited. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 352–368. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  19. Agner Fog. Instruction tables (2014). http://www.agner.org/optimize/instruction_tables.pdf

  20. Hazay, C., Lindell, Y.: Efficient Secure Two-Party Protocols - Techniques and Constructions. Information Security and Cryptography. Springer, Berin (2010)

    Book  MATH  Google Scholar 

  21. Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted edwards curves revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  22. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, May 14–17, 1989, Seattle, Washigton, USA, pp. 44–61 (1989)

    Google Scholar 

  24. Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing, 2–4 May 1988, Chicago, Illinois, USA, pp. 20–31 (1988)

    Google Scholar 

  25. Keller, M., Orsini, E., Scholl, P.: Actively secure ot extension with optimal overhead. In: CRYPTO (2015)

    Google Scholar 

  26. Larraia, E.: Extending oblivious transfer efficiently, or - how to get active security with constant cryptographic overhead. IACR Cryptology ePrint Archive, 2014:692 (2014)

    Google Scholar 

  27. Moon, A.: "Floodyberry": implementations of a fast elliptic-curve digital signature algorithm. https://github.com/floodyberry/ed25519-donna. Accessed on 16 March 2015

  28. Nielsen, J.B.: Extending oblivious transfers efficiently - how to get robustness almost for free. Cryptology ePrint Archive, Report 2007/215 (2007). http://eprint.iacr.org/

  29. Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  30. Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual Symposium on Discrete Algorithms, 7–9 January 2001, Washington, DC, USA, pp. 448–457 (2001)

    Google Scholar 

  31. Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  32. Rabin, M.O.: How to exchange secrets with oblivious transfer. Technical report TR-81, Aiken Computation Lab, Harvard University (1981)

    Google Scholar 

  33. Schneider, T.: Personal communication (2015)

    Google Scholar 

  34. Wiesner, S.: Conjugate coding. SIGACT News 15(1), 78–88 (1983)

    Article  Google Scholar 

Download references

Acknowledgments

We are very grateful to: Daniel J. Bernstein and Tanja Lange for invaluable comments and suggestions regarding elliptic curve cryptography and for editorial feedback on earlier versions of this paper; Yehuda Lindell for useful comments on our proof of security; Peter Schwabe for various helps on implementation, including providing low-level code for field arithmetic; the anonymous LATINCRYPT reviewer and in particular Gregory Neven.

Tung Chou is supported by Netherlands Organisation for Scientific Research (NWO) under grant 639.073.005. Claudio Orlandi is supported by: the Danish National Research Foundation and The National Science Foundation of China (grant 61361136003) for the Sino-Danish Center for the Theory of Interactive Computation; the Center for Research in Foundations of Electronic Markets (CFEM); the European Union Seventh Framework Programme ([FP7/2007-2013]) under grant agreement number ICT-609611 (PRACTICE).

Author information

Authors and Affiliations

  1. Technische Universieit Eindhoven, Eindhoven, The Netherlands

    Tung Chou

  2. Aarhus University, Aarhus, Denmark

    Claudio Orlandi

Authors
  1. Tung Chou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Claudio Orlandi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Claudio Orlandi .

Editor information

Editors and Affiliations

  1. Microsoft Research, Redmond, Washington, USA

    Kristin Lauter

  2. CINVESTAV-IPN, Mexico City, Distrito Federal, Mexico

    Francisco Rodríguez-Henríquez

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Chou, T., Orlandi, C. (2015). The Simplest Protocol for Oblivious Transfer. In: Lauter, K., Rodríguez-Henríquez, F. (eds) Progress in Cryptology -- LATINCRYPT 2015. LATINCRYPT 2015. Lecture Notes in Computer Science(), vol 9230. Springer, Cham. https://doi.org/10.1007/978-3-319-22174-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22174-8_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22173-1

  • Online ISBN: 978-3-319-22174-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation