Oblivious transfer (OT) is a cryptographic primitive originally used to transfer a collection of messages from the sender to the receiver in an oblivious manner. OT extension protocol reduces expensive asymmetric operations by running a small number of OT instances first and then cheap symmetric operations. While most earlier works discussed security model or communication and computation complexity of OT in general case, we focus on concrete application scenarios, especially where the sender in the OT protocol is a database with less computation and limited interaction capability. In this paper, we propose a generic outsourced OT extension protocol ( ) that outsources all the asymmetric operations of the sender to a semihonest server so as to adapt to specific scenarios above. We give a standard security definition, and the proposed protocol is proven secure in the semihonest model. In , the sender works on the fly and performs only symmetric operations locally. Whatever the number of rounds OT to be executed and the length of messages in OT to be sent, our protocol realizes optimal complexity. Besides, can be used to construct high-level protocols, such as private membership test (PMT) and private set intersection (PSI). We believe our construction may be a building block in other applications as well.
[1]
Peng Xu,et al.
A Practical Framework for tout-of-n Oblivious Transfer with Security against Covert Adversaries ∗
,
2012
.
[2]
Oded Goldreich,et al.
A randomized protocol for signing contracts
,
1985,
CACM.
[3]
Benny Pinkas,et al.
Scalable Private Set Intersection Based on OT Extension
,
2018,
IACR Cryptol. ePrint Arch..
[4]
Rasmus Pagh,et al.
Cuckoo Hashing
,
2001,
Encyclopedia of Algorithms.
[5]
Patrick Traynor,et al.
Secure outsourced garbled circuit evaluation for mobile devices
,
2013,
J. Comput. Secur..