Actively Secure OT Extension with Optimal Overhead

Marcel Keller; Emmanuela Orsini; Peter Scholl

doi:10.1007/978-3-662-47989-6_35

Actively Secure OT Extension with Optimal Overhead

Marcel Keller, Emmanuela Orsini, Peter Scholl

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

81 Citations (Scopus)

Abstract

We describe an actively secure OT extension protocol in the random oracle model with efficiency very close to the passively secure IKNP protocol of Ishai et al. (Crypto 2003). For computational security parameter $\kappa$, our protocol requires $\kappa$ base OTs, and is the first practical, actively secure protocol to match the cost of the passive IKNP extension in this regard. The added communication cost is only additive in $O(\kappa)$, independent of the number of OTs being created, while the computation cost is essentially two finite field operations per extended OT. We present implementation results that show our protocol takes no more than 5% more time than the passively secure IKNP extension, in both LAN and WAN environments, and so is essentially optimal with respect to the passive protocol.

Original language	English
Title of host publication	Advances in Cryptology - CRYPTO 2015
Publisher	Springer
Pages	724-741
Number of pages	18
Volume	9215
ISBN (Electronic)	978-3-662-47989-6
ISBN (Print)	978-3-662-47988-9
DOIs	https://doi.org/10.1007/978-3-662-47989-6_35
Publication status	Published - 20 Aug 2015

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer-Verlag
ISSN (Print)	0302-9743

Bibliographical note

Date of Acceptance: 08/05/2015

Keywords

Oblivious transfer
Extensions
Protocols

Access to Document

10.1007/978-3-662-47989-6_35

http://eprint.iacr.org/2015/546

Handle.net

Persistent link

COED - Computing on Encrypted Data
Smart, N. P.
1/10/11 → 30/09/15
Project: Research

Cite this

@inproceedings{3d737386624641f0af8077597ad289f6,

title = "Actively Secure OT Extension with Optimal Overhead",

abstract = "We describe an actively secure OT extension protocol in the random oracle model with efficiency very close to the passively secure IKNP protocol of Ishai et al. (Crypto 2003). For computational security parameter $\kappa$, our protocol requires $\kappa$ base OTs, and is the first practical, actively secure protocol to match the cost of the passive IKNP extension in this regard. The added communication cost is only additive in $O(\kappa)$, independent of the number of OTs being created, while the computation cost is essentially two finite field operations per extended OT. We present implementation results that show our protocol takes no more than 5% more time than the passively secure IKNP extension, in both LAN and WAN environments, and so is essentially optimal with respect to the passive protocol. ",

keywords = "Oblivious transfer, Extensions, Protocols",

author = "Marcel Keller and Emmanuela Orsini and Peter Scholl",

note = "Date of Acceptance: 08/05/2015",

year = "2015",

month = aug,

day = "20",

doi = "10.1007/978-3-662-47989-6_35",

language = "English",

isbn = "978-3-662-47988-9",

volume = "9215",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "724--741",

booktitle = "Advances in Cryptology - CRYPTO 2015",

}

TY - GEN

T1 - Actively Secure OT Extension with Optimal Overhead

AU - Keller, Marcel

AU - Orsini, Emmanuela

AU - Scholl, Peter

N1 - Date of Acceptance: 08/05/2015

PY - 2015/8/20

Y1 - 2015/8/20

N2 - We describe an actively secure OT extension protocol in the random oracle model with efficiency very close to the passively secure IKNP protocol of Ishai et al. (Crypto 2003). For computational security parameter $\kappa$, our protocol requires $\kappa$ base OTs, and is the first practical, actively secure protocol to match the cost of the passive IKNP extension in this regard. The added communication cost is only additive in $O(\kappa)$, independent of the number of OTs being created, while the computation cost is essentially two finite field operations per extended OT. We present implementation results that show our protocol takes no more than 5% more time than the passively secure IKNP extension, in both LAN and WAN environments, and so is essentially optimal with respect to the passive protocol.

AB - We describe an actively secure OT extension protocol in the random oracle model with efficiency very close to the passively secure IKNP protocol of Ishai et al. (Crypto 2003). For computational security parameter $\kappa$, our protocol requires $\kappa$ base OTs, and is the first practical, actively secure protocol to match the cost of the passive IKNP extension in this regard. The added communication cost is only additive in $O(\kappa)$, independent of the number of OTs being created, while the computation cost is essentially two finite field operations per extended OT. We present implementation results that show our protocol takes no more than 5% more time than the passively secure IKNP extension, in both LAN and WAN environments, and so is essentially optimal with respect to the passive protocol.

KW - Oblivious transfer

KW - Extensions

KW - Protocols

U2 - 10.1007/978-3-662-47989-6_35

DO - 10.1007/978-3-662-47989-6_35

M3 - Conference Contribution (Conference Proceeding)

SN - 978-3-662-47988-9

VL - 9215

T3 - Lecture Notes in Computer Science

SP - 724

EP - 741

BT - Advances in Cryptology - CRYPTO 2015

PB - Springer

ER -

Actively Secure OT Extension with Optimal Overhead

Abstract

Publication series

Bibliographical note

Keywords

Access to Document

Handle.net

Fingerprint

Projects

COED - Computing on Encrypted Data

Cite this