Paper 2019/706

Endemic Oblivious Transfer

Daniel Masny and Peter Rindal


Oblivious Transfer has played a crucial role in the design of secure multi party computation. Nevertheless, there are not many practical solutions that achieve simulation based security and at the same time instantiable based on different assumptions. In this work, we consider a simulation based security notion that we call endemic security. We show how to construct highly efficient oblivious transfer in the random oracle model that achieves endemic security under a wide range of assumptions, among them DDH, CDH, LWE and coding based assumptions. We construct a secure oblivious transfer based on DDH that takes only a single communication round which allows significant performance gains. We also instantiate our oblivious transfer with the Crystals.Kyber key agreement. Our implementation shows that both instantiations can be computed in under one millisecond. Further, we revisit, correct and improve existing oblivious transfer extension techniques. We provide an implementation of an oblivious transfer extension protocol in the ideal cipher model that is actively secure, processing up to 23 million OTs per second and up to 10 times faster than previous secure implementations. We also show that our framework can compute endemically secure OT extension and the base OTs in just two rounds.

Note: Minor fixes in the appendix.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Minor revision.CCS2019
Oblivious TransferOblivious Transfer ExtensionOTSecure Multi Party ComputationPost-QuantumDDHCDHLWELPNKey AgreementRandom Oracle ModelUC
Contact author(s)
daniel masny @ rub de
rindalp @ oregonstate edu
2021-07-13: last of 3 revisions
2019-06-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Masny and Peter Rindal},
      title = {Endemic Oblivious Transfer},
      howpublished = {Cryptology ePrint Archive, Paper 2019/706},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.