CryptoDB

Paper: On the Round Complexity of OT Extension

Authors: Sanjam Garg Mohammad Mahmoody Daniel Masny Izaak Meckler DOI: 10.1007/978-3-319-96878-0_19 Search ePrint Search Google CRYPTO 2018 We show that any OT extension protocol based on one-way functions (or more generally any symmetric-key primitive) either requires an additional round compared to the base OTs or must make a non-black-box use of one-way functions. This result also holds in the semi-honest setting or in the case of certain setup models such as the common random string model. This implies that OT extension in any secure computation protocol must come at the price of an additional round of communication or the non-black-box use of symmetric key primitives. Moreover, we observe that our result is tight in the sense that positive results can indeed be obtained using non-black-box techniques or at the cost of one additional round of communication.
BibTeX
@inproceedings{crypto-2018-28798,
title={On the Round Complexity of OT Extension},
booktitle={Advances in Cryptology – CRYPTO 2018},
series={Lecture Notes in Computer Science},
publisher={Springer},
volume={10993},
pages={545-574},
doi={10.1007/978-3-319-96878-0_19},
author={Sanjam Garg and Mohammad Mahmoody and Daniel Masny and Izaak Meckler},
year=2018
}