Advances in Cryptology - EUROCRYPT 2006

Volume 4004 of the series Lecture Notes in Computer Science pp 201-221

Optimal Reductions Between Oblivious Transfers Using Interactive Hashing

  • Claude CrépeauAffiliated withMcGill University
  • , George SavvidesAffiliated withMcGill University


We present an asymptotically optimal reduction of one-out-of-two String Oblivious Transfer to one-out-of-two Bit Oblivious Transfer using Interactive Hashing in conjunction with Privacy Amplification. Interactive Hashing is used in an innovative way to test the receiver’s adherence to the protocol. We show that (1 + ε)k uses of Bit OT suffice to implement String OT for k-bit strings. Our protocol represents a two-fold improvement over the best constructions in the literature and is asymptotically optimal. We then show that our construction can also accommodate weaker versions of Bit OT, thereby obtaining a significantly lower expansion factor compared to previous constructions. Besides increasing efficiency, our constructions allow the use of any 2-universal family of Hash Functions for performing Privacy Amplification. Of independent interest, our reduction illustrates the power of Interactive Hashing as an ingredient in the design of cryptographic protocols.


interactive hashing oblivious transfer privacy amplification