Oblivious Transfer with Constant Computational Overhead

Elette Boyle; Geoffroy Couteau; Niv Gilboa; Yuval Ishai; Lisa Kohl; Nicolas Resch; Peter Scholl

Paper 2023/817

Oblivious Transfer with Constant Computational Overhead

Elette Boyle, IDC Herzliya, NTT Research

Geoffroy Couteau

, IRIF

Niv Gilboa

, Ben-Gurion University of the Negev

Yuval Ishai, Technion – Israel Institute of Technology

Lisa Kohl, Centrum Wiskunde & Informatica

Nicolas Resch

, University of Amsterdam

Peter Scholl

, Aarhus University

Abstract

The computational overhead of a cryptographic task is the asymptotic ratio between the computational cost of securely realizing the task and that of realizing the task with no security at all. Ishai, Kushilevitz, Ostrovsky, and Sahai (STOC 2008) showed that secure two-party computation of Boolean circuits can be realized with constant computational overhead, independent of the desired level of security, assuming the existence of an oblivious transfer (OT) protocol and a local pseudorandom generator (PRG). However, this only applies to the case of semi-honest parties. A central open question in the area is the possibility of a similar result for malicious parties. This question is open even for the simpler task of securely realizing many instances of a constant-size function, such as OT of bits. We settle the question in the affirmative for the case of OT, assuming: (1) a standard OT protocol, (2) a slightly stronger "correlation-robust" variant of a local PRG, and (3) a standard sparse variant of the Learning Parity with Noise (LPN) assumption. An optimized version of our construction requires fewer than 100 bit operations per party per bit-OT. For 128-bit security, this improves over the best previous protocols by 1-2 orders of magnitude. We achieve this by constructing a constant-overhead pseudorandom correlation generator (PCG) for the bit-OT correlation. Such a PCG generates $N$ pseudorandom instances of bit-OT by locally expanding short, correlated seeds. As a result, we get an end-to-end protocol for generating $N$ pseudorandom instances of bit-OT with $o(N)$ communication, $O(N)$ computation, and security that scales sub-exponentially with $N$. Finally, we present applications of our main result to realizing other secure computation tasks with constant computational overhead. These include protocols for general circuits with a relaxed notion of security against malicious parties, protocols for realizing $N$ instances of natural constant-size functions, and reducing the main open question to a potentially simpler question about fault-tolerant computation.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: A major revision of an IACR publication in EUROCRYPT 2023
Keywords: multi-party computation oblivious transfer pseudorandom correlation generators learning parity with noise
Contact author(s): eboyle @ alum mit edu
couteau @ irif fr
niv gilboa @ gmail com
yuvali @ cs technion ac il
lisa kohl @ cwi nl
n a resch @ uva nl
peter scholl @ cs au dk
History: 2023-06-06: approved; 2023-06-02: received; See all versions
Short URL: https://ia.cr/2023/817
License: CC BY

BibTeX

@misc{cryptoeprint:2023/817,
      author = {Elette Boyle and Geoffroy Couteau and Niv Gilboa and Yuval Ishai and Lisa Kohl and Nicolas Resch and Peter Scholl},
      title = {Oblivious Transfer with Constant Computational Overhead},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/817},
      year = {2023},
      url = {https://eprint.iacr.org/2023/817}
}