QuietOT: Lightweight Oblivious Transfer with a Public-Key Setup

Geoffroy Couteau; Lalita Devadas; Srinivas Devadas; Alexander Koch; Sacha Servan-Schreiber

Paper 2024/1079

QuietOT: Lightweight Oblivious Transfer with a Public-Key Setup

Geoffroy Couteau, Université Paris Cité, CNRS, IRIF

Lalita Devadas, Massachusetts Institute of Technology

Srinivas Devadas, Massachusetts Institute of Technology

Alexander Koch

, Université Paris Cité, CNRS, IRIF

Sacha Servan-Schreiber, Massachusetts Institute of Technology

Abstract

Oblivious Transfer (OT) is at the heart of secure computation and is a foundation for many applications in cryptography. Over two decades of work have led to extremely efficient protocols for evaluating OT instances in the preprocessing model, through a paradigm called OT extension. A few OT instances generated in an offline phase can be used to perform many OTs in an online phase efficiently, i.e., with very low communication and computational overheads. Specifically, traditional OT extension protocols use a small number of “base” OTs, generated using any black-box OT protocol, and convert them into many OT instances using only lightweight symmetric-key primitives. Recently, a new paradigm of OT with a *public-key setup* has emerged, which replaces the base OTs with a non-interactive setup: Using only the public key of the other party, two parties can efficiently compute a virtually unbounded number of OT instances on-the-fly. In this paper, we put forth a novel framework for OT extension with a public-key setup and concretely efficient instantiations. An implementation of our framework is over 20 times faster when compared to the previous state-of-the-art public-key OT protocols, and remains competitive even when compared to OT protocols that *do not* offer a public-key setup. Additionally, our instantiations result in the first public-key schemes with plausible post-quantum security. In summary, this paper contributes: - QuietOT: A framework for OT extension with a public-key setup that uses fast, symmetric-key primitives to generate OT instances following a one-time public-key setup, and offering additional features such as precomputability. - A public-key setup for QuietOT from the RingLWE assumption, resulting in the first post-quantum construction of OT extension with a public-key setup. - An optimized, open-source implementation of our construction that can generate up to 1M OT extensions per second on commodity hardware. In contrast, the state-of-the-art public-key OT protocol is limited to at most 65K OTs per second. - The first formal treatment of the security of OT with a public-key setup in a multi-party setting, which addresses several subtleties that were overlooked in prior work.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: oblivious transfer public-key ot extension pseudorandom correlation pcf pcg non-interactive
Contact author(s): couteau @ irif fr
lali @ mit edu
devadas @ csail mit edu
alexander koch @ irif fr
3s @ mit edu
History: 2024-07-05: approved; 2024-07-02: received; See all versions
Short URL: https://ia.cr/2024/1079
License: CC BY-SA

BibTeX

@misc{cryptoeprint:2024/1079,
      author = {Geoffroy Couteau and Lalita Devadas and Srinivas Devadas and Alexander Koch and Sacha Servan-Schreiber},
      title = {{QuietOT}: Lightweight Oblivious Transfer with a Public-Key Setup},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1079},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/1079}},
      url = {https://eprint.iacr.org/2024/1079}
}