International Association
for Cryptologic Research

We present a general framework for efficient, universally composable oblivious transfer (OT) protocols in which a single, global common reference string (CRS) can be used for multiple invocations of oblivious transfer, by arbitrary pairs of parties. In addition:

* Our framework is round-efficient. In particular, under the DLIN or SXDH assumptions we achieve (round-optimal) two-round protocols with static security, or three-round protocols with adaptive security (assuming erasure).

* Our protocols are more efficient than any known previously, and in particular yield protocols for string OT using O(1) exponentiations and sending O(1) group elements. Our result improves upon that of Peikert et al. (Crypto 2008) which requires a CRS of length

linear in the number of parties and achieves only static security. Compared to Garay et al. (Crypto 2009), we achieve better efficiency and can rely on a larger class of assumptions.