Paper 2021/682

Batching Base Oblivious Transfers

Ian McQuoid, Mike Rosulek, and Lawrence Roy

Abstract

Protocols that make use of oblivious transfer (OT) rarely require just one instance. Usually a batch of OTs is required --- notably, when generating base OTs for OT extension. There is a natural way to optimize 2-round OT protocols when generating a batch, by reusing certain protocol messages across all instances. In this work we show that this batch optimization is error-prone. We catalog many implementations and papers that have an incorrect treatment of this batch optimization, some of them leading to catastrophic leakage in OT extension protocols. We provide a full treatment of how to properly optimize recent 2-round OT protocols for the batch setting. Along the way we show several performance improvements to the OT protocol of McQuoid, Rosulek, and Roy (ACM CCS 2020). In particular, we show an extremely simple OT construction that may be of pedagogical interest.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
oblivious transfer
Contact author(s)
mcquoidi @ oregonstate edu
rosulekm @ oregonstate edu
ldr709 @ gmail com
History
2021-05-25: revised
2021-05-25: received
See all versions
Short URL
https://ia.cr/2021/682
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/682,
      author = {Ian McQuoid and Mike Rosulek and Lawrence Roy},
      title = {Batching Base Oblivious Transfers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/682},
      year = {2021},
      url = {https://eprint.iacr.org/2021/682}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.