Paper 2015/061

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries

Gilad Asharov, Yehuda Lindell, Thomas Schneider, and Michael Zohner


Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large scale oblivious transfer protocols is becoming more evident. Oblivious transfer extensions are protocols that enable a relatively small number of “base-OTs” to be utilized to compute a very large number of OTs at low cost. In the semi-honest setting, Ishai et al. (CRYPTO 2003) presented an OT extension protocol for which the cost of each OT (beyond the base-OTs) is just a few hash function operations. In the malicious setting, Nielsen et al. (CRYPTO 2012) presented an efficient OT extension protocol for the setting of active adversaries, that is secure in the random oracle model. In this work, we present an OT extension protocol for the setting of malicious adversaries that is more efficient and uses less communication than previous works. In addition, our protocol can be proven secure in both the random oracle model, and in the standard model with a type of correlation robustness. Given the importance of OT in many secure computation protocols, increasing the efficiency of OT extensions is another important step forward to making secure computation practical.

Note: This version includes an important fix of the protocol for the case of a corrupted sender.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in EUROCRYPT 2015
oblivious transfer extensionsconcrete efficiency
Contact author(s)
michael zohner @ ec-spride de
2017-11-21: revised
2015-01-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gilad Asharov and Yehuda Lindell and Thomas Schneider and Michael Zohner},
      title = {More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries},
      howpublished = {Cryptology ePrint Archive, Paper 2015/061},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.