Actively Secure OT Extension with Optimal Overhead

Marcel Keller, Emmanuela Orsini, Peter Scholl

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

53 Citations (Scopus)

Abstract

We describe an actively secure OT extension protocol in the random oracle model with efficiency very close to the passively secure IKNP protocol of Ishai et al. (Crypto 2003). For computational security parameter $\kappa$, our protocol requires $\kappa$ base OTs, and is the first practical, actively secure protocol to match the cost of the passive IKNP extension in this regard. The added communication cost is only additive in $O(\kappa)$, independent of the number of OTs being created, while the computation cost is essentially two finite field operations per extended OT. We present implementation results that show our protocol takes no more than 5% more time than the passively secure IKNP extension, in both LAN and WAN environments, and so is essentially optimal with respect to the passive protocol.
Original languageEnglish
Title of host publicationAdvances in Cryptology - CRYPTO 2015
PublisherSpringer
Pages724-741
Number of pages18
Volume9215
ISBN (Electronic)978-3-662-47989-6
ISBN (Print)978-3-662-47988-9
DOIs
Publication statusPublished - 20 Aug 2015

Publication series

NameLecture Notes in Computer Science
PublisherSpringer-Verlag
ISSN (Print)0302-9743

Bibliographical note

Date of Acceptance: 08/05/2015

Keywords

  • Oblivious transfer
  • Extensions
  • Protocols

Fingerprint Dive into the research topics of 'Actively Secure OT Extension with Optimal Overhead'. Together they form a unique fingerprint.

Cite this