International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: On the Round Complexity of OT Extension

Sanjam Garg
Mohammad Mahmoody
Daniel Masny
Izaak Meckler
DOI: 10.1007/978-3-319-96878-0_19 (login may be required)
Search ePrint
Search Google
Conference: CRYPTO 2018
Abstract: We show that any OT extension protocol based on one-way functions (or more generally any symmetric-key primitive) either requires an additional round compared to the base OTs or must make a non-black-box use of one-way functions. This result also holds in the semi-honest setting or in the case of certain setup models such as the common random string model. This implies that OT extension in any secure computation protocol must come at the price of an additional round of communication or the non-black-box use of symmetric key primitives. Moreover, we observe that our result is tight in the sense that positive results can indeed be obtained using non-black-box techniques or at the cost of one additional round of communication.
Video from CRYPTO 2018
  title={On the Round Complexity of OT Extension},
  booktitle={Advances in Cryptology – CRYPTO 2018},
  series={Lecture Notes in Computer Science},
  author={Sanjam Garg and Mohammad Mahmoody and Daniel Masny and Izaak Meckler},