Paper 2021/318

Oblivious TLS via Multi-Party Computation

Damiano Abram, Ivan Damgård, Peter Scholl, and Sven Trieflinger


In this paper, we describe Oblivious TLS: an MPC protocol that we prove UC secure against a majority of actively corrupted parties. The protocol securely implements TLS 1.3. Thus, any party P who runs TLS can communicate securely with a set of servers running Oblivious TLS; P does not need to modify anything, or even be aware that MPC is used. Applications of this include communication between servers who offer MPC services and clients, to allow the clients to easily and securely provide inputs or receive outputs. Also, an organization could use Oblivious TLS to improve in-house security while seamlessly connecting to external parties. Our protocol runs in the preprocessing model, and we did a preliminary non-optimized implementation of the on-line phase. In this version, the hand-shake completes in about 1 second. Performance of the record protocol depends, of course, on the encryption scheme used. We designed an MPC friendly scheme which achieved a throughput of about 300 KB/sec. Based on implementation results from other work, the standard AES-GCM can be expected to be as fast, although our implementation did not do as well.

Note: Updated acknowledgements.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. CT-RSA 2021
Contact author(s)
damiano abram @ cs au dk
ivan @ cs au dk
peter scholl @ cs au dk
Sven Trieflinger @ de bosch com
2021-03-12: revised
2021-03-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Damiano Abram and Ivan Damgård and Peter Scholl and Sven Trieflinger},
      title = {Oblivious TLS via Multi-Party Computation},
      howpublished = {Cryptology ePrint Archive, Paper 2021/318},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.