A randomized protocol for signing contracts
Communications of the ACM
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
An O(log n) expected rounds randomized byzantine generals protocol
Journal of the ACM (JACM)
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Multiparty unconditionally secure protocols
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Founding crytpography on oblivious transfer
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A general completeness theorem for two party games
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Journal of the ACM (JACM)
Modular construction of a Byzantine agreement protocol with optimal message bit complexity
Information and Computation
Bit optimal distributed consensus
Computer science
Simple and efficient leader election in the full information model
STOC '94 Proceedings of the twenty-sixth annual ACM symposium on Theory of computing
Randomness-optimal sampling, extractors, and constructive leader election
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Correlated pseudorandomness and the complexity of private computations
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Tiny families of functions with random properties: a quality-size trade-off for hashing
Proceedings of the workshop on Randomized algorithms and computation
Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators
SIAM Journal on Discrete Mathematics
Efficient oblivious transfer protocols
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
How to Solve any Protocol Problem - An Efficiency Improvement
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Precomputing Oblivious Transfer
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Deterministic Extractors for Bit-Fixing Sources and Exposure-Resilient Cryptography
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Completeness in two-party secure computation: a computational view
STOC '04 Proceedings of the thirty-sixth annual ACM symposium on Theory of computing
ACM SIGACT News - A special issue on cryptography
FOCS '04 Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science
Towards Secure and Scalable Computation in Peer-to-Peer Networks
FOCS '06 Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science
Protocols for secure computations
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Achieving oblivious transfer using weakened security assumptions
SFCS '88 Proceedings of the 29th Annual Symposium on Foundations of Computer Science
Lower bounds for oblivious transfer reductions
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Towards optimal and efficient perfectly secure message transmission
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Robuster combiners for oblivious transfer
TCC'07 Proceedings of the 4th conference on Theory of cryptography
On the error parameter of dispersers
APPROX'05/RANDOM'05 Proceedings of the 8th international workshop on Approximation, Randomization and Combinatorial Optimization Problems, and Proceedings of the 9th international conference on Randamization and Computation: algorithms and techniques
Secure computation of constant-depth circuits with applications to database search problems
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On robust combiners for oblivious transfer and other primitives
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Scalable Multiparty Computation with Nearly Optimal Work and Resilience
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
OT-combiners via secure computation
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Semi-homomorphic encryption and multiparty computation
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Secure computation on the web: computing without simultaneous interaction
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
| Hi-index | 0.00 |
Oblivious transfer (OT) is an essential building block for secure multiparty computation when there is no honest majority. In this setting, current protocols for n ≥ 3 parties require each pair of parties to engage in a single OT for each gate in the circuit being evaluated. Since implementing OT typically requires expensive public-key operations (alternatively, expensive setup or physical infrastructure), minimizing the number of OTs is a highly desirable goal. In this work we initiate a study of this problem in both an information-theoretic and a computational setting and obtain the following results. - If the adversary can corrupt up to t = (1 - Ɛ)n parties, where Ɛ ≥ 0 is an arbitrarily small constant, then a total of O(n) OT channels between pairs of parties are necessary and sufficient for general secure computation. Combined with previous protocols for "extending OTs", O(nk) invocations of OT are sufficient for computing arbitrary functions with computational security, where k is a security parameter. - The above result does not improve over the previous state of the art in the important case where t = n - 1, when the number of parties is small, or in the information-theoretic setting. For these cases, we show that an arbitrary function f : {0, 1}n → {0, 1}* can be securely computed by a protocol which makes use of a single OT (of strings) between each pair of parties. This result is tight in the sense that at least one OT between each pair of parties is necessary in these cases. A major disadvantage of this protocol is that its communication complexity grows exponentially with n. We present natural classes of functions f for which this exponential overhead can be avoided.