Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Supersonic OT: Fast Unconditionally Secure Oblivious Transfer

Aydin Abadi, Yvo Desmedt

TL;DR

The paper tackles the challenge of achieving unconditional security for oblivious transfer (OT) without relying on multi-party replication, noisy channels, or a trusted initializer, in the face of quantum-era threats. It introduces Supersonic OT, a highly efficient 1-out-of-2 OT that delivers a constant-size response and relies only on standard primitives: a simple XOR-based secret sharing scheme, a controlled swap (Fredkin gate), a one-time pad, and a semi-honest third-party helper. The authors prove security in the simulation-based, passive-adversary model and provide a concrete implementation that achieves approximately $0.35$ ms per invocation, up to $2000 imes$ faster than state-of-the-art base OTs and competitive with OT extensions in large-scale use. This work offers a pragmatic path to rapid, post-quantum secure OT suitable for secure MPC, Federated Learning, and Private Set Intersection, while highlighting a trade-off involving a helper party that may be semi-honest. The results suggest that large-scale deployment of OT-based primitives can be dramatically accelerated without public-key cryptography, potentially boosting the performance of downstream privacy-preserving protocols.

Abstract

Oblivious Transfer (OT) is a fundamental cryptographic protocol with applications in secure Multi-Party Computation, Federated Learning, and Private Set Intersection. With the advent of quantum computing, it is crucial to develop unconditionally secure core primitives like OT to ensure their continued security in the post-quantum era. Despite over four decades since OT's introduction, the literature has predominantly relied on computational assumptions, except in cases using unconventional methods like noisy channels or a fully trusted party. Introducing "Supersonic OT", a highly efficient and unconditionally secure OT scheme that avoids public-key-based primitives, we offer an alternative to traditional approaches. Supersonic OT enables a receiver to obtain a response of size O(1). Its simple (yet non-trivial) design facilitates easy security analysis and implementation. The protocol employs a basic secret-sharing scheme, controlled swaps, the one-time pad, and a third-party helper who may be corrupted by a semi-honest adversary. Our implementation and runtime analysis indicate that a single instance of Supersonic OT completes in 0.35 milliseconds, making it up to 2000 times faster than the state-of-the-art base OT.

Supersonic OT: Fast Unconditionally Secure Oblivious Transfer

TL;DR

The paper tackles the challenge of achieving unconditional security for oblivious transfer (OT) without relying on multi-party replication, noisy channels, or a trusted initializer, in the face of quantum-era threats. It introduces Supersonic OT, a highly efficient 1-out-of-2 OT that delivers a constant-size response and relies only on standard primitives: a simple XOR-based secret sharing scheme, a controlled swap (Fredkin gate), a one-time pad, and a semi-honest third-party helper. The authors prove security in the simulation-based, passive-adversary model and provide a concrete implementation that achieves approximately ms per invocation, up to faster than state-of-the-art base OTs and competitive with OT extensions in large-scale use. This work offers a pragmatic path to rapid, post-quantum secure OT suitable for secure MPC, Federated Learning, and Private Set Intersection, while highlighting a trade-off involving a helper party that may be semi-honest. The results suggest that large-scale deployment of OT-based primitives can be dramatically accelerated without public-key cryptography, potentially boosting the performance of downstream privacy-preserving protocols.

Abstract

Oblivious Transfer (OT) is a fundamental cryptographic protocol with applications in secure Multi-Party Computation, Federated Learning, and Private Set Intersection. With the advent of quantum computing, it is crucial to develop unconditionally secure core primitives like OT to ensure their continued security in the post-quantum era. Despite over four decades since OT's introduction, the literature has predominantly relied on computational assumptions, except in cases using unconventional methods like noisy channels or a fully trusted party. Introducing "Supersonic OT", a highly efficient and unconditionally secure OT scheme that avoids public-key-based primitives, we offer an alternative to traditional approaches. Supersonic OT enables a receiver to obtain a response of size O(1). Its simple (yet non-trivial) design facilitates easy security analysis and implementation. The protocol employs a basic secret-sharing scheme, controlled swaps, the one-time pad, and a third-party helper who may be corrupted by a semi-honest adversary. Our implementation and runtime analysis indicate that a single instance of Supersonic OT completes in 0.35 milliseconds, making it up to 2000 times faster than the state-of-the-art base OT.
Paper Structure (25 sections, 1 theorem, 8 equations, 2 figures, 4 tables)

This paper contains 25 sections, 1 theorem, 8 equations, 2 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Notations
  4. Security Model
  5. Two-party Computation.
  6. Security in the Presence of Passive Adversaries.
  7. Controlled Swap
  8. Secret Sharing
  9. Related Work
  10. Unconditionally and Post-Quantum Secure OTs
  11. OT with Constant Response Size
  12. Supersonic OT
  13. Security Definition
  14. The Protocol
  15. Proof of Security
  16. ...and 10 more sections

Key Result

theorem thmcountertheorem

Let $\mathcal{F}_{\mathcal{OT}^{ 2}_{ 1}\xspace}$ be the functionality defined in Section sec::Ultra-OT-definition. Then, Supersonic OT (presented in Figure fig::Ultrasonic-OT) securely computes $\mathcal{F}_{\mathcal{OT}^{ 2}_{ 1}\xspace}$ in the presence of semi-honest adversaries, w.r.t. Definiti

Figures (2)

  • Figure 1: Supersonic OT.
  • Figure 2: Comparison of Runtimes for Different OTs.

Theorems & Definitions (4)

  • definition thmcounterdefinition
  • definition thmcounterdefinition: $\mathcal{OT}^{ 2}_{ 1}$
  • theorem thmcountertheorem
  • proof