Statistically Secure Linear-Rate Dimension Extension for Oblivious Affine Function Evaluation

  • Nico Döttling
  • Daniel Kraschewski
  • Jörn Müller-Quade
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7412)


Consider the following natural generalization of the well-known Oblivious Transfer (OT) primitive, which we call Oblivious Affine Function Evaluation (OAFE): Given some finite vector space \({\mathbb F}_q^k\), a designated sender party can specify an arbitrary affine function \(f:{\mathbb F}_q\to{\mathbb F}_q^k\), such that a designated receiver party learns f(x) for a single argument \(x\in{\mathbb F}_q\) of its choice. This primitive is of particular interest, since analogously to the construction of garbled boolean circuits based on OT one can construct garbled arithmetic circuits based on OAFE.

In this work we treat the quite natural question, if general \({\mathbb F}_q^k\)-OAFE can be efficiently reduced to \({\mathbb F}_q\)-OAFE (i.e. the sender only inputs an affine function \(f:{\mathbb F}_q\to{\mathbb F}_q\)). The analogous question for OT has previously been answered positively, but the respective construction turns out to be not applicable to OAFE due to an unobvious, yet non-artificial security problem. Nonetheless, we are able to provide an efficient, information-theoretically secure reduction along with a formal security proof based on some specific algebraic properties of random \({\mathbb F}_q\)-matrices.


secure function evaluation information-theoretic reductions oblivious transfer universal composability garbled arithmetic circuits 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AIK11]
    Applebaum, B., Ishai, Y., Kushilevitz, E.: How to garble arithmetic circuits. In: Ostrovsky, R. (ed.) Proceedings of FOCS 2011, pp. 120–129. IEEE (2011)Google Scholar
  2. [BBCM95]
    Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.M.: Generalized privacy amplification. IEEE Transactions on Information Theory 41(6), 1915–1923 (1995)zbMATHCrossRefGoogle Scholar
  3. [BBR88]
    Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy amplification by public discussion. SIAM J. Comput. 17(2), 210–229 (1988)MathSciNetCrossRefGoogle Scholar
  4. [BCS96]
    Brassard, G., Crépeau, C., Santha, M.: Oblivious transfers and intersecting codes. IEEE Transactions on Information Theory 42(6), 1769–1780 (1996)zbMATHCrossRefGoogle Scholar
  5. [Can01]
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of FOCS 2001, pp. 136–145 (2001),
  6. [CFIK03]
    Cramer, R., Fehr, S., Ishai, Y., Kushilevitz, E.: Efficient Multi-party Computation Over Rings. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 596–613. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. [CLOS02]
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Reif, J.H. (ed.) Proceedings of STOC 2002, pp. 494–503. ACM (2002)Google Scholar
  8. [CMW05]
    Crépeau, C., Morozov, K., Wolf, S.: Efficient Unconditional Oblivious Transfer from Almost any Noisy Channel. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 47–59. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. [CvdGT95]
    Crépeau, C., van de Graaf, J., Tapp, A.: Committed Oblivious Transfer and Private Multi-party Computation. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 110–123. Springer, Heidelberg (1995)Google Scholar
  10. [DKMQ11]
    Döttling, N., Kraschewski, D., Müller-Quade, J.: Efficient Reductions for Non-Signaling Cryptographic Primitives. In: Fehr, S. (ed.) ICITS 2011. LNCS, vol. 6673, pp. 120–137. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. [GIS+10]
    Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding Cryptography on Tamper-Proof Hardware Tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. [GKR08]
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-Time Programs. In: Micciancio, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)Google Scholar
  13. [GL91]
    Goldwasser, S., Levin, L.A.: Fair Computation of General Functions in Presence of Immoral Majority. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991)Google Scholar
  14. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A.V. (ed.) Proceedings of STOC 1987, pp. 218–229. ACM (1987)Google Scholar
  15. [IKO+11]
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Prabhakaran, M., Sahai, A., Wullschleger, J.: Constant-Rate Oblivious Transfer from Noisy Channels. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 667–684. Springer, Heidelberg (2011)Google Scholar
  16. [ILL89]
    Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions (extended abstracts). In: Proceedings of STOC 1989, pp. 12–24. ACM (1989)Google Scholar
  17. [IPS08]
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding Cryptography on Oblivious Transfer – Efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008)Google Scholar
  18. [Kil88]
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of STOC 1988, pp. 20–31. ACM (1988)Google Scholar
  19. [Kil91]
    Kilian, J.: A general completeness theorem for two-party games. In: Koutsougeras, C., Vitter, J.S. (eds.) Proceedings of STOC 1991, pp. 553–560. ACM (1991)Google Scholar
  20. [Kil00]
    Kilian, J.: More general completeness theorems for secure two-party computation. In: Frances, F.Y., Luks, E.M. (eds.) Proceedings of STOC 2000, pp. 316–324. ACM (2000)Google Scholar
  21. [KMQ11]
    Kraschewski, D., Müller-Quade, J.: Completeness Theorems with Constructive Proofs for Finite Deterministic 2-Party Functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 364–381. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  22. [NP99]
    Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: Vitter, J.S., Larmore, L.L., Leighton, F.T. (eds.) Proceedings of STOC 1999, pp. 245–254. ACM (1999)Google Scholar
  23. [Rab81]
    Michael, O., Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical report, Aiken Computation Laboratory. Harvard University (1981)Google Scholar
  24. [WW06]
    Wolf, S., Wullschleger, J.: Oblivious Transfer is Symmetric. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 222–232. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. [Yao82]
    Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: Proceedings of FOCS 1982, pp. 160–164. IEEE Computer Society Press (1982)Google Scholar
  26. [Yao86]
    Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: Proceedings of FOCS 1986, pp. 162–167. IEEE Computer Society Press (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Nico Döttling
    • 1
  • Daniel Kraschewski
    • 1
  • Jörn Müller-Quade
    • 1
  1. 1.Institute of Cryptography and Security, Department of InformaticsKarlsruhe Institute of TechnologyGermany

Personalised recommendations