Abstract
Oblivious transfer (OT) is an essential building block for secure multiparty computation when there is no honest majority. In this setting, current protocols for n ≥ 3 parties require each pair of parties to engage in a single OT for each gate in the circuit being evaluated. Since implementing OT typically requires expensive public-key operations (alternatively, expensive setup or physical infrastructure), minimizing the number of OTs is a highly desirable goal.
In this work we initiate a study of this problem in both an information-theoretic and a computational setting and obtain the following results.
-
If the adversary can corrupt up to t = (1 − ε)n parties, where ε> 0 is an arbitrarily small constant, then a total of O(n) OT channels between pairs of parties are necessary and sufficient for general secure computation. Combined with previous protocols for “extending OTs”, O(nk) invocations of OT are sufficient for computing arbitrary functions with computational security, where k is a security parameter.
-
The above result does not improve over the previous state of the art in the important case where t = n − 1, when the number of parties is small, or in the information-theoretic setting. For these cases, we show that an arbitrary function f:{0,1}n→{0,1}* can be securely computed by a protocol which makes use of a single OT (of strings) between each pair of parties. This result is tight in the sense that at least one OT between each pair of parties is necessary in these cases. A major disadvantage of this protocol is that its communication complexity grows exponentially with n. We present natural classes of functions f for which this exponential overhead can be avoided.
Research supported by grant 1310/06 from the Israel Science Foundation and the Technion VPR fund. Part of this research was done while visiting IPAM.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC0 In: 45th FOCS, pp. 166–175 (2004)
Barkol, O., Ishai, Y.: Secure computation of constant-depth circuits with applications to database search problems. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 395–411. Springer, Heidelberg (2005)
Beaver, D.: Precomputing oblivious transfer. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 97–109. Springer, Heidelberg (1995)
Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: 28th STOC, pp. 479–488 (1996)
Beimel, A., Malkin, T.: A quantitative approach to reductions in secure computation. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 238–257. Springer, Heidelberg (2004)
Beimel, A., Malkin, T., Micali, S.: The all-or-nothing nature of two-party secure computation. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 80–97. Springer, Heidelberg (1999)
BenOr, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: 20th STOC, pp. 1–10 (1988)
Berman, P., Garay, J., Perry, K.: Bit optimal distributed consensus. In: Computer Science Research, pp. 313–332. Plenum Publishing Corporation (1992)
Bracha, G.: An o(logn) expected rounds randomized byzantine generals protocol. Journal of the ACM 34(4), 910–920 (1987)
Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 13(1), 143–202 (2000)
Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: 20th STOC, pp. 11–19 (1988)
Coan, B., Welch, J.: Modular construction of a byzantine agreement protocol with optimal message bit complexity. Information and Computation 97(1) (1992)
Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions. In: 29th FOCS, pp. 42–52 (1988)
Damgård, I., Kilian, J., Salvail, L.: On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)
Dodis, Y., Micali, S.: Lower bounds for oblivious transfer reductions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 42–55. Springer, Heidelberg (1999)
Erdos, P., Simonovits, M.: A limit theorem in graph theory. Stud. Sci. Math. Hung 1, 51–57 (1966)
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)
Fitzi, M., Franklin, M., Garay, J., Vardhan, H.: Towards optimal and efficient perfectly secure message transmission. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, Springer, Heidelberg (2007)
Franklin, M., Haber, S.: Joint encryption and message-efficient secure computation. J. Cryptology 9(4), 217–232 (1996)
Gabber, O., Galil, Z.: Explicit constructions of linear-sized superconcentrators. JCSS 22(3), 407–420 (1981)
Goldreich, O.: Foundations of Cryptography, vol. 2. Cambridge University Press, Cambridge (2004)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game - a completeness theorem for protocols with honest majority. In: 19th STOC, pp. 218–229 (1987)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity, or all languages in NP have zero-knowledge proof system. Journal of the ACM 38(1), 691–729 (1991)
Goldreich, O., Vainish, R.: How to solve any protocol problem - an efficiency improvement. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 73–86. Springer, Heidelberg (1988)
Goldreich, O., Wigderson, A.: Tiny families of functions with random properties: A quality-size trade-off for hashin. Rand. Structs. and Algs. 11(4), 315–343 (1997)
Gradwohl, R., Kindler, G., Reingold, O., Ta-Shma, A.: On the error parameter of dispersers. In: APPROX-RANDOM, pp. 294–305 (2005)
Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A.: On tolerant combiners for oblivious transfer and other primitives. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 96–113. Springer, Heidelberg (2005)
Harnik, D., Naor, M., Reingold, O., Rosen, A.: Completeness in two-party secure computation - a computational view. In: 36th STOC, pp. 252–261 (2004)
Hirt, M., Maurer, U.: Player simulation and general adversary structures in perfect multiparty computation. Journal of Cryptology 13(1), 31–60 (2000)
Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st STOC, pp. 44–61 (1989)
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)
Kamp, J., Zuckerman, D.: Deterministic extractors for bit-fixing sources and exposure-resilient cryptography. In: 44th FOCS, pp. 92–101 (2003)
Kilian, J.: Founding cryptography on oblivious transfer. In: 20th STOC, pp. 20–31 (1988)
Kilian, J.: A general completeness theorem for two-party games. In: 23rd STOC, pp. 553–560 (1991)
King, V., Saia, J., Sanwalani, V., Vee, E.: Towards secure and scalable computation in peer-to-peer networks. In: 47th FOCS, pp. 87–98 (2006)
Margulis, G.: Explicit constructions of concentrators. Problemy peredaci informacii 9(4), 71–80 (1973)
Meier, R., Przydatek, B., Wullschleger, J.: Robuster combiners for oblivious transfer. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, Springer, Heidelberg (2007)
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA 2001. SIAM Symposium on Discrete Algorithms, pp. 448–457 (2001)
Ostrovsky, R., Rajagopalan, S., Vazirani, U.: Simple and efficient leader election in the full information model. In: 26th STOC, pp. 234–242 (1994)
Rabin, M.O.: How to exchange secrets by oblivious transfer. TR-81, Harvard (1981)
Radhakrishnan, J., Ta-Shma, A.: Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Discrete Math. 13(1), 2–24 (2000)
Reingold, O., Vadhan, S., Wigderson, A.: Entropy waves, the zig-zag graph product, and new constant-degree expanders and extractors. ECCC 8(18) (2001)
Shaltiel, R.: Recent developments in explicit constructions of extractors. Bulletin of the EATCS 77, 67–95 (2002)
Wiesner, S.: Conjugate coding. SIGACT News 15(1), 78–88 (1983)
Wullschleger, J.: Oblivious transfer amplification. In: EUROCRYPT 2007, vol. 4515, pp. 555–572. Springer, Heidelberg (2004)
Yao, A.C.: Protocols for secure computations. In: 23rd FOCS, pp. 160–164 (1982)
Yao, A.C.: How to generate and exchange secrets. In: 27th FOCS, pp. 162–167 (1986)
Zuckerman, D.: Randomness-optimal sampling, extractors, and constructive leader election. In: 28th STOC, pp. 286–295 (1996)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Harnik, D., Ishai, Y., Kushilevitz, E. (2007). How Many Oblivious Transfers Are Needed for Secure Multiparty Computation?. In: Menezes, A. (eds) Advances in Cryptology - CRYPTO 2007. CRYPTO 2007. Lecture Notes in Computer Science, vol 4622. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74143-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-74143-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74142-8
Online ISBN: 978-3-540-74143-5
eBook Packages: Computer ScienceComputer Science (R0)