Paper 2024/1079

QuietOT: Lightweight Oblivious Transfer with a Public-Key Setup

Geoffroy Couteau, Université Paris Cité, CNRS, IRIF
Lalita Devadas, Massachusetts Institute of Technology
Srinivas Devadas, Massachusetts Institute of Technology
Alexander Koch, Université Paris Cité, CNRS, IRIF
Sacha Servan-Schreiber, Massachusetts Institute of Technology
Abstract

Oblivious Transfer (OT) is at the heart of secure computation and is a foundation for many applications in cryptography. Over two decades of work have led to extremely efficient protocols for evaluating OT instances in the preprocessing model, through a paradigm called OT extension. A few OT instances generated in an offline phase can be used to perform many OTs in an online phase efficiently, i.e., with very low communication and computational overheads. Specifically, traditional OT extension protocols use a small number of “base” OTs, generated using any black-box OT protocol, and convert them into many OT instances using only lightweight symmetric-key primitives. Recently, a new paradigm of OT with a *public-key setup* has emerged, which replaces the base OTs with a non-interactive setup: Using only the public key of the other party, two parties can efficiently compute a virtually unbounded number of OT instances on-the-fly. In this paper, we put forth a novel framework for OT extension with a public-key setup and concretely efficient instantiations. An implementation of our framework is 30-100 times faster when compared to the previous state-of-the-art public-key OT protocols, and remains competitive even when compared to OT protocols that *do not* offer a public-key setup. Additionally, our instantiations result in the first public-key schemes with plausible post-quantum security. In summary, this paper contributes: - QuietOT: A framework for OT extension with a public-key setup that uses fast, symmetric-key primitives to generate OT instances following a one-time public-key setup, and offering additional features such as precomputability. - A public-key setup for QuietOT from the RingLWE assumption, resulting in the first post-quantum construction of OT extension with a public-key setup. - An optimized, open-source implementation of our construction that can generate up to 1M OT extensions per second on commodity hardware. In contrast, the state-of-the-art public-key OT protocol is limited to approximately 20K OTs per second. - The first formal treatment of the security of OT with a public-key setup in a multi-party setting, which addresses several subtleties that were overlooked in prior work.

Note: Added publication information.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A minor revision of an IACR publication in ASIACRYPT 2024
Keywords
oblivioustransferpublic-keyotextensionpseudorandomcorrelationpcfpcgnon-interactive
Contact author(s)
couteau @ irif fr
lali @ mit edu
devadas @ csail mit edu
alexander koch @ irif fr
3s @ mit edu
History
2024-10-08: last of 4 revisions
2024-07-02: received
See all versions
Short URL
https://ia.cr/2024/1079
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2024/1079,
      author = {Geoffroy Couteau and Lalita Devadas and Srinivas Devadas and Alexander Koch and Sacha Servan-Schreiber},
      title = {{QuietOT}: Lightweight Oblivious Transfer with a Public-Key Setup},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1079},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1079}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.