A randomized protocol for signing contracts
Communications of the ACM
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Founding crytpography on oblivious transfer
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
A note on computational indistinguishability
Information Processing Letters
Correlated pseudorandomness and the complexity of private computations
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Precomputing Oblivious Transfer
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Priced Oblivious Transfer: How to Sell Digital Goods
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
The relationship between public key encryption and oblivious transfer
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Adaptively Secure Two-Party Computation with Erasures
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
On the efficiency of classical and quantum oblivious transfer reductions
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Black-Box Constructions of Protocols for Secure Computation
SIAM Journal on Computing
Adaptive Zero-Knowledge Proofs and Adaptively Secure Oblivious Transfer
Journal of Cryptology
Oblivious transfer is symmetric
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
Oblivious transfer is one of the most basic and important building blocks in cryptography. As such, understanding its cost is of prime importance. Beaver (STOC 1996) showed that it is possible to obtain poly(n) oblivious transfers given only n actual oblivious transfer calls and using one-way functions, where n is the security parameter. In addition, he showed that it is impossible to extend oblivious transfer information theoretically. The notion of extending oblivious transfer is important theoretically (to understand the complexity of computing this primitive) and practically (since oblivious transfers can be expensive and thus extending them using only one-way functions is very attractive). Despite its importance, very little is known about the feasibility of extending oblivious transfer, beyond the fact that it is impossible information theoretically. Specifically, it is not known whether or not one-way functions are actually necessary for extending oblivious transfer, whether or not it is possible to extend oblivious transfers with adaptive security, and whether or not it is possible to extend oblivious transfers when starting with O(logn) oblivious transfers. In this paper, we address these questions and provide almost complete answers to all of them. We show that the existence of any oblivious transfer extension protocol with security for static semi-honest adversaries implies one-way functions, that an oblivious transfer extension protocol with adaptive security implies oblivious transfer with static security, and that the existence of an oblivious transfer extension protocol from only O(logn) oblivious transfers implies oblivious transfer itself.