A Survey of Oblivious Transfer Protocol

ACM Computing Surveys (CSUR) Pub Date : 2022-01-05 DOI:10.1145/3503045

V. K. Yadav, Nitish Andola, S. Verma, S. Venkatesan

{"title":"A Survey of Oblivious Transfer Protocol","authors":"V. K. Yadav, Nitish Andola, S. Verma, S. Venkatesan","doi":"10.1145/3503045","DOIUrl":null,"url":null,"abstract":"Oblivious transfer (OT) protocol is an essential tool in cryptography that provides a wide range of applications such as secure multi-party computation, private information retrieval, private set intersection, contract signing, and privacy-preserving location-based services. The OT protocol has different variants such as one-out-of-2, one-out-of-n, k-out-of-n, and OT extension. In the OT (one-out-of-2, one-out-of-n, and OT extension) protocol, the sender has a set of messages, whereas the receiver has a key. The receiver sends that key to the sender in a secure way; the sender cannot get any information about the received key. The sender encrypts every message by operating on every message using the received key and sends all the encrypted messages to the receiver. The receiver is able to extract only the required message using his key. However, in the k-out-of-n OT protocol, the receiver sends a set of k keys to the sender, and in replay, the sender sends all the encrypted messages. The receiver uses his keys and extracts the required messages, but it cannot gain any information about the messages that it has not requested. Generally, the OT protocol requires high communication and computation cost if we transfer millions of oblivious messages. The OT extension protocol provides a solution for this, where the receiver transfers a set of keys to the sender by executing a few numbers of OT protocols. Then, the sender encrypts all the messages using cheap symmetric key cryptography with the help of a received set of keys and transfers millions of oblivious messages to the receiver. In this work, we present different variants of OT protocols such as one-out-of-2, one-out-of-n, k-out-of-n, and OT extension. Furthermore, we cover various aspects of theoretical security guarantees such as semi-honest and malicious adversaries, universally composable, used techniques, computation, and communication efficiency aspects. From the analysis, we found that the semi-honest adversary-based OT protocols required low communication and computation costs as compared to malicious adversary-based OT protocols.","PeriodicalId":7000,"journal":{"name":"ACM Computing Surveys (CSUR)","volume":"149 1","pages":"1 - 37"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys (CSUR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3503045","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Oblivious transfer (OT) protocol is an essential tool in cryptography that provides a wide range of applications such as secure multi-party computation, private information retrieval, private set intersection, contract signing, and privacy-preserving location-based services. The OT protocol has different variants such as one-out-of-2, one-out-of-n, k-out-of-n, and OT extension. In the OT (one-out-of-2, one-out-of-n, and OT extension) protocol, the sender has a set of messages, whereas the receiver has a key. The receiver sends that key to the sender in a secure way; the sender cannot get any information about the received key. The sender encrypts every message by operating on every message using the received key and sends all the encrypted messages to the receiver. The receiver is able to extract only the required message using his key. However, in the k-out-of-n OT protocol, the receiver sends a set of k keys to the sender, and in replay, the sender sends all the encrypted messages. The receiver uses his keys and extracts the required messages, but it cannot gain any information about the messages that it has not requested. Generally, the OT protocol requires high communication and computation cost if we transfer millions of oblivious messages. The OT extension protocol provides a solution for this, where the receiver transfers a set of keys to the sender by executing a few numbers of OT protocols. Then, the sender encrypts all the messages using cheap symmetric key cryptography with the help of a received set of keys and transfers millions of oblivious messages to the receiver. In this work, we present different variants of OT protocols such as one-out-of-2, one-out-of-n, k-out-of-n, and OT extension. Furthermore, we cover various aspects of theoretical security guarantees such as semi-honest and malicious adversaries, universally composable, used techniques, computation, and communication efficiency aspects. From the analysis, we found that the semi-honest adversary-based OT protocols required low communication and computation costs as compared to malicious adversary-based OT protocols.

查看原文本刊更多论文

无关传输协议综述

遗忘传输(OT)协议是密码学中的一个重要工具，它提供了广泛的应用，如安全多方计算、私有信息检索、私有集合交叉、合同签署和基于位置的隐私保护服务。OT协议有不同的变体，如1 of-2、1 of-n、k of-n和OT扩展。在OT(1 / 2、1 / n和OT扩展)协议中，发送方拥有一组消息，而接收方拥有一个密钥。接收方以安全的方式将密钥发送给发送方;发送方无法获得有关所接收密钥的任何信息。发送方使用接收到的密钥对每条消息进行操作，从而对每条消息进行加密，并将所有加密消息发送给接收方。接收方只能使用其密钥提取所需的消息。然而，在k-out- n OT协议中，接收方向发送方发送一组k个密钥，在重播中，发送方发送所有加密消息。接收方使用他的密钥并提取所需的消息，但是它不能获得关于它没有请求的消息的任何信息。通常情况下，如果传输数百万条无关消息，OT协议需要很高的通信和计算成本。OT扩展协议为此提供了一种解决方案，其中接收方通过执行少量OT协议将一组密钥传输给发送方。然后，发送方借助接收到的一组密钥，使用便宜的对称密钥加密所有消息，并将数百万条无关消息传输给接收方。在这项工作中，我们提出了OT协议的不同变体，如1 -out- 2, 1 -out- n, k-out- n和OT扩展。此外，我们还涵盖了理论上安全保证的各个方面，例如半诚实和恶意对手，普遍可组合，使用的技术，计算和通信效率方面。从分析中，我们发现与基于恶意对手的OT协议相比，半诚实的基于对手的OT协议需要较低的通信和计算成本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Computing Surveys (CSUR)

自引率

0.00%

发文量