Extending Oblivious Transfers Efficiently

  • Yuval Ishai
  • Joe Kilian
  • Kobbi Nissim
  • Erez Petrank
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


We consider the problem of extending oblivious transfers: Given a small number of oblivious transfers “for free,” can one implement a large number of oblivious transfers? Beaver has shown how to extend oblivious transfers given a one-way function. However, this protocol is inefficient in practice, in part due to its non-black-box use of the underlying one-way function.

We give efficient protocols for extending oblivious transfers in the random oracle model. We also put forward a new cryptographic primitive which can be used to instantiate the random oracle in our constructions. Our methods suggest particularly fast heuristics for oblivious transfer that may be useful in a wide range of applications.


Random Oracle Random Oracle Model Oblivious Transfer Secure Multiparty Computation Corrupted Party 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Beaver, D.: Correlated Pseudorandomness and the Complexity of Private Computations. In: STOC, pp. 479–488 (1996)Google Scholar
  2. 2.
    Bellare, M., Boldyreva, A., Palacio, A.: A Separation between the Random- Oracle Model and the Standard Model for a Hybrid Encryption Problem, Electronic Colloquium on Computational Complexity. In: ECCC (2003)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: a Paradigm for Designing Efficient Protocols. In: Proc. of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM press, New York (1993)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 91–111. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Brassard, G., Crépeau, C., Robert, J.-M.: All-or-nothing disclosure of secrets. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 234–238. Springer, Heidelberg (1987)Google Scholar
  7. 7.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. of Cryptology 13(1) (2000)Google Scholar
  8. 8.
    Canetti, R., Goldreich, G., Halevi, S.: The Random Oracle Methodology, Revisited (preliminary version), STOC: ACM Symposium on Theory of Computing (1998)Google Scholar
  9. 9.
    Crépeau, C.: Equivalence between two flavors of oblivious transfers. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 350–354. Springer, Heidelberg (1988)Google Scholar
  10. 10.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. C. ACM 28, 637–647 (1985)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. Journal of Cryptology 10(3), 151–162 (Summer 1997); Earlier version in Matsumoto, T., Imai, H., Rivest, R.L. (eds.): ASIACRYPT 1991. LNCS, vol. 739, pp. 210–224. Springer, Heidelberg (1993)Google Scholar
  12. 12.
    Feigenbaum, J., Ishai, Y., Malkin, T., Nissim, K., Strauss, M., Wright, R.N.: Secure multiparty computation of approximations. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 927–938. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  14. 14.
    Gennaro, R., Trevisan, L.: Lower Bounds on the Efficiency of Generic Cryptographic Constructions. In: IEEE Symposium on Foundations of Computer Science, pp. 305–313 (2000)Google Scholar
  15. 15.
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The Relationship between Public Key Encryption and Oblivious Transfer. In: Proc. of the 41st Annual Symposium on Foundations of Computer Science, FOCS 2000 (2000)Google Scholar
  16. 16.
    Gertner, Y., Malkin, T., Reingold, O.: On the Impossibility of Basing Trapdoor Functions on Trapdoor Predicates. In: Proc. of the 42st Annual Symposium on Foundations of Computer Science, FOCS 2001 (2001)Google Scholar
  17. 17.
    Gilboa, N.: Two Party RSA Key Generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Goldreich, O.: Secure multi-party computation (February 1999), Available at
  19. 19.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design. In: Proc. of the 27th FOCS, pp. 174–187 (1986)Google Scholar
  20. 20.
    Goldreich, O., Vainish, R.: How to Solve Any Protocol problem – an Efficiency Improvement. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 73–86. Springer, Heidelberg (1988)Google Scholar
  21. 21.
    Goldwasser, S., Tauman, Y.: On the (In)security of the Fiat-Shamir Paradigm. In: Electronic Colloquium on Computational Complexity, ECCC (2003)Google Scholar
  22. 22.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of 21st Annual ACM Symposium on the Theory of Computing, pp. 44–61 (1989)Google Scholar
  23. 23.
    Kilian, J.: Founding Cryptography on Oblivious Transfer. In: Proc of the 20th STOC, pp. 20–29. ACM, New York (1988)Google Scholar
  24. 24.
    Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252–267. Springer, Heidelberg (1996)Google Scholar
  25. 25.
    Kim, J.H., Simon, D.R., Tetali, P.: Limits on the efficiency of one-way permutations- based hash functions. In: Proceedings of the 40th IEEE Symposium on Foundations of Computer Science, pp. 535–542 (1999)Google Scholar
  26. 26.
    Lindell, Y., Pinkas, B.: Privacy Preserving Data Mining. Journal of Cryptology 15(3), 177–206 (2002)Google Scholar
  27. 27.
    Naor, M., Nissim, K.: Communication preserving protocols for secure function evaluation. In: STOC 2001, pp. 590–599 (2001)Google Scholar
  28. 28.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA 2001 (2001)Google Scholar
  29. 29.
    Naor, M., Pinkas, B.: Oblivious Transfer and Polynomial Evaluation. In: STOC: ACM Symposium on Theory of Computing, STOC (1999)Google Scholar
  30. 30.
    Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: ACM Conference on Electronic Commerce, pp. 129–139 (1999)Google Scholar
  31. 31.
    Nielsen, J.: Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  32. 32.
    Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard Aiken Computation Laboratory (1981)Google Scholar
  33. 33.
    Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  34. 34.
    Simon, D.: Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  35. 35.
    Petrank, E., Rackoff, C.: Message Authentication of Unknown Variable Length Data. Journal of Cryptology 13(3), 315–338 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  36. 36.
    Yao, A.: Protocols for Secure Computations (Extended Abstract). In: Proc. of FOCS 1982, pp. 160–164 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Yuval Ishai
    • 1
  • Joe Kilian
    • 2
  • Kobbi Nissim
    • 2
  • Erez Petrank
    • 1
  1. 1.Department of Computer ScienceTechnion — Israel, Institute of TechnologyHaifaIsrael
  2. 2.NEC Laboratories AmericaPrincetonUSA

Personalised recommendations