Improved OT Extension for Transferring Short Secrets

  • Vladimir Kolesnikov
  • Ranjit Kumaresan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8043)


We propose an optimization and generalization of OT extension of Ishai et al. of Crypto 2003. For computational security parameter k, our OT extension for short secrets offers O(logk) factor performance improvement in communication and computation, compared to prior work. In concrete terms, for today’s security parameters, this means approx. factor 2-3 improvement.

This results in corresponding improvements in applications relying on such OT. In particular, for two-party semi-honest SFE, this results in O(logk) factor improvement in communication over state of the art Yao Garbled Circuit, and has the same asymptotic complexity as the recent multi-round construction of Kolesnikov and Kumaresan of SCN 2012. For multi-party semi-honest SFE, where their construction is inapplicable, our construction implies O(logk) factor communication and computation improvement over best previous constructions. As with our OT extension, for today’s security parameters, this means approximately factor 2 improvement in semi-honest multi-party SFE.

Our building block of independent interest is a novel IKNP-based framework for 1-out-of-n OT extension, which offers O(logn) factor performance improvement over previous work (for n ≤ k), and concrete factor improvement of up to 5 for today’s security parameters (n=k=128).

Our protocol is the first practical OT with communication/ computation cost sublinear in the security parameter (prior sublinear constructions Ishai et al. [15,16] are not efficient in concrete terms).


OT extension 1-out-of-2 OT 1-out-of-n OT 


  1. 1.
    Applebaum, B.: Pseudorandom generators with long stretch and low locality from random local one-way functions. In: 44th Annual ACM Symposium on Theory of Computing, pp. 805–816. ACM Press (2012)Google Scholar
  2. 2.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC0. In: 45th Annual Symposium on Foundations of Computer Science, pp. 166–175. IEEE Computer Society Press (October 2004)Google Scholar
  3. 3.
    Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: 28th Annual ACM Symposium on Theory of Computing, pp. 479–488. ACM Press (May 1996)Google Scholar
  4. 4.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: 22nd Annual ACM Symposium on Theory of Computing, pp. 503–513. ACM Press (May 1990)Google Scholar
  5. 5.
    Chen, H., Cramer, R.: Algebraic geometric secret sharing schemes and secure multi-party computations over small fields. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 521–536. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Choi, S.G., Hwang, K.-W., Katz, J., Malkin, T., Rubenstein, D.: Secure multi-party computation of boolean circuits with applications to privacy in on-line marketplaces. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 416–432. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. C. ACM 28, 637–647 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Garcia, A., Stichtenoth, H.: On the asymptotic behavior of some towers of function fields over finite fields. Journal of Number Theory 61(2), 248–273 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM Press (May 1987)Google Scholar
  10. 10.
    Goldreich, O., Vainish, R.: How to solve any protocol probleman efficiency improvement. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 73–86. Springer, Heidelberg (1988)Google Scholar
  11. 11.
    Harnik, D., Ishai, Y., Kushilevitz, E., Nielsen, J.B.: OT-combiners via secure computation. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 393–411. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security Symposium (2011)Google Scholar
  13. 13.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st Annual ACM Symposium on Theory of Computing, pp. 44–61. ACM Press (May 1989)Google Scholar
  14. 14.
    Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with constant computational overhead. In: Ladner, R.E., Dwork, C. (eds.) 40th Annual ACM Symposium on Theory of Computing, pp. 433–442. ACM Press (May 2008)Google Scholar
  16. 16.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Extracting correlations. In: 50th Annual Symposium on Foundations of Computer Science, pp. 261–270. IEEE Computer Society Press (2009)Google Scholar
  17. 17.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Kilian, J.: Founding cryptography on oblivious transfer. In: STOC, pp. 20–31. ACM (1988)Google Scholar
  19. 19.
    Kolesnikov, V., Kumaresan, R.: Improved secure two-party computation via information-theoretic garbled circuits. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 205–221. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. 20.
    Kolesnikov, V., Schneider, T.: Improved garbled circuit: Free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Lindell, Y., Zarosim, H.: On the feasibility of extending oblivious transfer. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 519–538. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  22. 22.
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: USENIX Security Symposium (2004)Google Scholar
  23. 23.
    Naor, M., Pinkas, B.: Computationally secure oblivious transfer. Journal of Cryptology 18(1), 1–35 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Jesper Buus Nielsen. Extending oblivious transfers efficiently - how to get robustness almost for free. IACR Cryptology ePrint Archive, 2007:215 (2007)Google Scholar
  25. 25.
    Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A New Approach to Practical Active-Secure Two-Party Computation. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  26. 26.
    Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  27. 27.
    Schneider, T., Zohner, M.: Private communication (2012)Google Scholar
  28. 28.
    Schneider, T., Zohner, M.: GMW vs. Yao? efficient secure two-party computation with low depth circuits. In: FC 2013 (2013)Google Scholar
  29. 29.
    Yao, A.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE Computer Society Press (October 1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Vladimir Kolesnikov
    • 1
  • Ranjit Kumaresan
    • 2
  1. 1.Bell LabsMurray HillUSA
  2. 2.TechnionHaifaIsrael

Personalised recommendations