Cryptology ePrint Archive: Report 2017/1187

On the Round Complexity of OT Extension

Sanjam Garg and Mohammad Mahmoody and Daniel Masny and Izaak Meckler

Abstract: We show that any OT extension protocol based on one-way functions (or more generally any symmetric-key primitive) either requires an additional round compared to the base OTs or must make a non-black-box use of one-way functions. This result also holds in the semi-honest setting or in the case of certain setup models such as the common random string model. This implies that OT extension in any secure computation protocol must come at the price of an additional round of communication or the non-black-box use of symmetric key primitives. Moreover, we observe that our result is tight in the sense that positive results can indeed be obtained using non-black-box techniques or at the cost of one additional round of communication.

Category / Keywords: foundations / Oblivious Transfer Extension, Symmetric Key Primitives, Random Oracle Model, Black-Box, Non-Black-Box

Date: received 7 Dec 2017, last revised 3 Jun 2018

Contact author: mahmoody at gmail com, daniel masny@berkeley edu

Available format(s): PDF | BibTeX Citation

Note: Fixing typos.

Version: 20180603:194223 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]