Fast Actively Secure OT Extension for Short Secrets
This work addresses efficiency issues in secure multi-party computation and related applications like private set intersection, but it is incremental as it builds on prior semi-honest secure protocols.
The paper tackles the problem of high communication and computation costs in Oblivious Transfer (OT) by presenting a fast OT extension protocol for small secrets in the active security setting, which outperforms all known actively secure OT extensions when producing 1-out-of-n OTs.
Oblivious Transfer (OT) is one of the most fundamental cryptographic primitives with wide-spread application in general secure multi-party computation (MPC) as well as in a number of tailored and special-purpose problems of interest such as private set intersection (PSI), private information retrieval (PIR), contract signing to name a few. Often the instantiations of OT require prohibitive communication and computation complexity. OT extension protocols are introduced to compute a very large number of OTs referred to as extended OTs at the cost of a small number of OTs referred to as seed OTs. We present a fast OT extension protocol for small secrets in the active setting. Our protocol when used to produce 1-out-of-n OTs outperforms all the known actively secure OT extensions. Our protocol is built on the semi-honest secure extension protocol of Kolesnikov and Kumaresan of CRYPTO'13 (referred to as KK13 protocol henceforth) which is the best known OT extension for short secrets.