Fast Actively Secure OT Extension for Short Secrets

TL;DR

This paper introduces a fast actively secure OT extension protocol optimized for short secrets, significantly outperforming existing protocols in the 1-out-of-n OT setting.

Contribution

It presents a novel OT extension protocol for short secrets that is faster and more efficient than previous actively secure protocols, based on the KK13 protocol.

Findings

Outperforms all known actively secure OT extensions for 1-out-of-n OTs

Built on the KK13 semi-honest secure extension protocol

Optimized for short secrets in active security setting

Abstract

Oblivious Transfer (OT) is one of the most fundamental cryptographic primitives with wide-spread application in general secure multi-party computation (MPC) as well as in a number of tailored and special-purpose problems of interest such as private set intersection (PSI), private information retrieval (PIR), contract signing to name a few. Often the instantiations of OT require prohibitive communication and computation complexity. OT extension protocols are introduced to compute a very large number of OTs referred to as extended OTs at the cost of a small number of OTs referred to as seed OTs. We present a fast OT extension protocol for small secrets in the active setting. Our protocol when used to produce 1-out-of-n OTs outperforms all the known actively secure OT extensions. Our protocol is built on the semi-honest secure extension protocol of Kolesnikov and Kumaresan of CRYPTO'13 (referred to as KK13 protocol henceforth) which is the best known OT extension for short secrets.