Paper 2020/635

Two-Round Oblivious Linear Evaluation from Learning with Errors

Pedro Branco and Nico Döttling and Paulo Mateus

Abstract

Oblivious Linear Evaluation (OLE) is a simple yet powerful cryptographic primitive which allows a sender, holding an affine function $f(x)=a+bx$ over a finite field, to let a receiver learn $f(w)$ for a $w$ of the receiver's choice. In terms of security, the sender remains oblivious of the receiver's input $w$, whereas the receiver learns nothing beyond $f(w)$ about $f$. In recent years, OLE has emerged as an essential building block to construct efficient, reusable and maliciously-secure two-party computation. In this work, we present efficient two-round protocols for OLE based on the Learning with Errors (LWE) assumption. Our first protocol for OLE is secure against malicious unbounded receivers and semi-honest senders. The receiver's first message is reusable, meaning that it can be reused over several executions of the protocol, and it may carry information about a batch of inputs, and not just a single input. We then show how we can extend the above protocol to provide malicious security for both parties, albeit at the cost of reusability.