Abstract
Oblivious transfer (OT) is an essential building block for secure multiparty computation when there is no honest majority. In this setting, current protocols for nāā„ā3 parties require each pair of parties to engage in a single OT for each gate in the circuit being evaluated. Since implementing OT typically requires expensive public-key operations (alternatively, expensive setup or physical infrastructure), minimizing the number of OTs is a highly desirable goal.
In this work we initiate a study of this problem in both an information-theoretic and a computational setting and obtain the following results.
-
If the adversary can corrupt up to tā=ā(1āāāĪµ)n parties, where Īµ>ā0 is an arbitrarily small constant, then a total of O(n) OT channels between pairs of parties are necessary and sufficient for general secure computation. Combined with previous protocols for āextending OTsā, O(nk) invocations of OT are sufficient for computing arbitrary functions with computational security, where k is a security parameter.
-
The above result does not improve over the previous state of the art in the important case where tā=ānāāā1, when the number of parties is small, or in the information-theoretic setting. For these cases, we show that an arbitrary function f:{0,1}nā{0,1}* can be securely computed by a protocol which makes use of a single OT (of strings) between each pair of parties. This result is tight in the sense that at least one OT between each pair of parties is necessary in these cases. A major disadvantage of this protocol is that its communication complexity grows exponentially with n. We present natural classes of functions f for which this exponential overhead can be avoided.
Research supported by grant 1310/06 from the Israel Science Foundation and the Technion VPR fund. Part of this research was done while visiting IPAM.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC0 In: 45th FOCS, pp. 166ā175 (2004)
Barkol, O., Ishai, Y.: Secure computation of constant-depth circuits with applications to database search problems. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.Ā 3621, pp. 395ā411. Springer, Heidelberg (2005)
Beaver, D.: Precomputing oblivious transfer. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol.Ā 963, pp. 97ā109. Springer, Heidelberg (1995)
Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: 28th STOC, pp. 479ā488 (1996)
Beimel, A., Malkin, T.: A quantitative approach to reductions in secure computation. In: Naor, M. (ed.) TCC 2004. LNCS, vol.Ā 2951, pp. 238ā257. Springer, Heidelberg (2004)
Beimel, A., Malkin, T., Micali, S.: The all-or-nothing nature of two-party secure computation. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol.Ā 1666, pp. 80ā97. Springer, Heidelberg (1999)
BenOr, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: 20th STOC, pp. 1ā10 (1988)
Berman, P., Garay, J., Perry, K.: Bit optimal distributed consensus. In: Computer Science Research, pp. 313ā332. Plenum Publishing Corporation (1992)
Bracha, G.: An o(logn) expected rounds randomized byzantine generals protocol. Journal of the ACMĀ 34(4), 910ā920 (1987)
Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of CryptologyĀ 13(1), 143ā202 (2000)
Chaum, D., CrĆ©peau, C., DamgĆ„rd, I.: Multiparty unconditionally secure protocols. In: 20th STOC, pp. 11ā19 (1988)
Coan, B., Welch, J.: Modular construction of a byzantine agreement protocol with optimal message bit complexity. Information and Computation 97(1) (1992)
CrĆ©peau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions. In: 29th FOCS, pp. 42ā52 (1988)
DamgĆ„rd, I., Kilian, J., Salvail, L.: On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol.Ā 1592, pp. 56ā73. Springer, Heidelberg (1999)
Dodis, Y., Micali, S.: Lower bounds for oblivious transfer reductions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol.Ā 1592, pp. 42ā55. Springer, Heidelberg (1999)
Erdos, P., Simonovits, M.: A limit theorem in graph theory. Stud. Sci. Math. HungĀ 1, 51ā57 (1966)
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACMĀ 28(6), 637ā647 (1985)
Fitzi, M., Franklin, M., Garay, J., Vardhan, H.: Towards optimal and efficient perfectly secure message transmission. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol.Ā 4392, Springer, Heidelberg (2007)
Franklin, M., Haber, S.: Joint encryption and message-efficient secure computation. J. CryptologyĀ 9(4), 217ā232 (1996)
Gabber, O., Galil, Z.: Explicit constructions of linear-sized superconcentrators. JCSSĀ 22(3), 407ā420 (1981)
Goldreich, O.: Foundations of Cryptography, vol.Ā 2. Cambridge University Press, Cambridge (2004)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game - a completeness theorem for protocols with honest majority. In: 19th STOC, pp. 218ā229 (1987)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity, or all languages in NP have zero-knowledge proof system. Journal of the ACMĀ 38(1), 691ā729 (1991)
Goldreich, O., Vainish, R.: How to solve any protocol problem - an efficiency improvement. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol.Ā 293, pp. 73ā86. Springer, Heidelberg (1988)
Goldreich, O., Wigderson, A.: Tiny families of functions with random properties: A quality-size trade-off for hashin. Rand. Structs. and Algs.Ā 11(4), 315ā343 (1997)
Gradwohl, R., Kindler, G., Reingold, O., Ta-Shma, A.: On the error parameter of dispersers. In: APPROX-RANDOM, pp. 294ā305 (2005)
Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A.: On tolerant combiners for oblivious transfer and other primitives. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol.Ā 3494, pp. 96ā113. Springer, Heidelberg (2005)
Harnik, D., Naor, M., Reingold, O., Rosen, A.: Completeness in two-party secure computation - a computational view. In: 36th STOC, pp. 252ā261 (2004)
Hirt, M., Maurer, U.: Player simulation and general adversary structures in perfect multiparty computation. Journal of CryptologyĀ 13(1), 31ā60 (2000)
Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st STOC, pp. 44ā61 (1989)
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.Ā 2729, pp. 145ā161. Springer, Heidelberg (2003)
Kamp, J., Zuckerman, D.: Deterministic extractors for bit-fixing sources and exposure-resilient cryptography. In: 44th FOCS, pp. 92ā101 (2003)
Kilian, J.: Founding cryptography on oblivious transfer. In: 20th STOC, pp. 20ā31 (1988)
Kilian, J.: A general completeness theorem for two-party games. In: 23rd STOC, pp. 553ā560 (1991)
King, V., Saia, J., Sanwalani, V., Vee, E.: Towards secure and scalable computation in peer-to-peer networks. In: 47th FOCS, pp. 87ā98 (2006)
Margulis, G.: Explicit constructions of concentrators. Problemy peredaci informaciiĀ 9(4), 71ā80 (1973)
Meier, R., Przydatek, B., Wullschleger, J.: Robuster combiners for oblivious transfer. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol.Ā 4392, Springer, Heidelberg (2007)
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA 2001. SIAM Symposium on Discrete Algorithms, pp. 448ā457 (2001)
Ostrovsky, R., Rajagopalan, S., Vazirani, U.: Simple and efficient leader election in the full information model. In: 26th STOC, pp. 234ā242 (1994)
Rabin, M.O.: How to exchange secrets by oblivious transfer. TR-81, Harvard (1981)
Radhakrishnan, J., Ta-Shma, A.: Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Discrete Math.Ā 13(1), 2ā24 (2000)
Reingold, O., Vadhan, S., Wigderson, A.: Entropy waves, the zig-zag graph product, and new constant-degree expanders and extractors. ECCC 8(18) (2001)
Shaltiel, R.: Recent developments in explicit constructions of extractors. Bulletin of the EATCSĀ 77, 67ā95 (2002)
Wiesner, S.: Conjugate coding. SIGACT NewsĀ 15(1), 78ā88 (1983)
Wullschleger, J.: Oblivious transfer amplification. In: EUROCRYPT 2007, vol.Ā 4515, pp. 555ā572. Springer, Heidelberg (2004)
Yao, A.C.: Protocols for secure computations. In: 23rd FOCS, pp. 160ā164 (1982)
Yao, A.C.: How to generate and exchange secrets. In: 27th FOCS, pp. 162ā167 (1986)
Zuckerman, D.: Randomness-optimal sampling, extractors, and constructive leader election. In: 28th STOC, pp. 286ā295 (1996)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
Ā© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Harnik, D., Ishai, Y., Kushilevitz, E. (2007). How Many Oblivious Transfers Are Needed for Secure Multiparty Computation?. In: Menezes, A. (eds) Advances in Cryptology - CRYPTO 2007. CRYPTO 2007. Lecture Notes in Computer Science, vol 4622. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74143-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-74143-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74142-8
Online ISBN: 978-3-540-74143-5
eBook Packages: Computer ScienceComputer Science (R0)