International Association
for Cryptologic Research

On top of the passively secure extension protocol of [IKNP03] we build

a new construction secure against active adversaries.

We can replace the invocation of the hash function that is used

to check the receiver is well-behaved with the XOR of bit strings.

This is possible by applying a cut-and-choose

technique on the length of the bit strings that the receiver sends

in the reversed OT. We also improve on the number

of seeds required for the extension, both asymptotically and practically.

Moreover, the protocol used to test receiver\'s behaviour enjoys

unconditional security.