Paper 2017/958

Two-Message, Oblivious Evaluation of Cryptographic Functionalities

Nico Döttling, Nils Fleischhacker, Johannes Krupp, and Dominique Schröder


We study the problem of two round oblivious evaluation of cryptographic functionalities. In this setting, one party P1 holds a private key sk for a provably secure instance of a cryptographic functionality F and the second party P2 wishes to evaluate F_sk on a value x. Although it has been known for 22 years that general functionalities cannot be computed securely in the presence of malicious adversaries with only two rounds of communication, we show the existence of a round-optimal protocol that obliviously evaluates cryptographic functionalities. Our protocol is provably secure against malicious receivers under standard assumptions and does not rely on heuristic (setup) assumptions. Our main technical contribution is a novel nonblack-box technique, which makes nonblack-box use of the security reduction of F_sk. Specifically, our proof of malicious receiver security uses the code of the reduction, which reduces the security of F_sk to some hard problem, in order to break that problem directly. Instantiating our framework, we obtain the first two-round oblivious pseudorandom function that is secure in the standard model. This question was left open since the invention of OPRFs in 1997.

Available format(s)
Publication info
A minor revision of an IACR publication in CRYPTO 2016
Contact author(s)
nico doettling @ gmail com
2017-09-29: received
Short URL
Creative Commons Attribution


      author = {Nico Döttling and Nils Fleischhacker and Johannes Krupp and Dominique Schröder},
      title = {Two-Message, Oblivious Evaluation of Cryptographic Functionalities},
      howpublished = {Cryptology ePrint Archive, Paper 2017/958},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.