CryptoDB
Batching Base Oblivious Transfers
| Authors: |
|
|---|---|
| Download: | |
| Conference: | ASIACRYPT 2021 |
| Abstract: | Protocols that make use of oblivious transfer (OT) rarely require just one instance. Usually a batch of OTs is required — notably, when generating base OTs for OT extension. There is a natural way to optimize 2-round OT protocols when generating a batch, by reusing certain protocol messages across all instances. In this work we show that this batch optimization is error-prone. We catalog many implementations and papers that have an incorrect treatment of this batch optimization, some of them leading to catastrophic leakage in OT extension protocols. We provide a full treatment of how to properly optimize recent 2-round OT protocols for the batch setting. Along the way we show several performance improvements to the OT protocol of McQuoid, Rosulek, and Roy (ACM CCS 2020). In particular, we show an extremely simple OT construction that may be of pedagogical interest. |
Video from ASIACRYPT 2021
BibTeX
@inproceedings{asiacrypt-2021-31440,
title={Batching Base Oblivious Transfers},
publisher={Springer-Verlag},
doi={10.1007/978-3-030-92078-4_10},
author={Ian McQuoid and Mike Rosulek and Lawrence Roy},
year=2021
}