ACE Seminar: Malicious-for-free OT Extension and Its Application to MPC

Speaker: Dr Marcel Keller

Date/Time: 01-Jan-1970, 00:00 UTC




Oblivious Transfer (OT) is an essential building block for cryptographic  protocols including multiparty computation (MPC). It requires public key cryptography, which makes it relatively expensive in the context of MPC. Ishai et al. introduced the notion of OT extension, which allows to generate new OT instances from a few base instances, using only symmetric primitives. Previously, actively secure variants of this extension incurred a linear communication overhead over the passive one. In this talk, I will present an actively secure protocol with negligible overhead. Furthermore, I will show how consequential usage of modern CPU  instructions allows to reduce the computation time to less than 20 percent of the wall time of the protocol. Multiparty computation allows to compute on data held by different parties without revealing anything but the result. An MPC protocol is called full-threshold if there needs only be one trusted party. It is known that full-threshold protocol require some form of cryptography (unlike information-theoretic protocols with lower thresholds). This has led to offline-online protocols such as SPDZ, where most expensive computation can be done ahead, independently of the input data. The result of this offline phase is some correlated randomness shared by the parties, which is later used for the actual computation. I will present how the OT extension can be used to speed up the offline phase by a  factor of 100 for two parties compared to SPDZ.


Marcel Keller is a research associate at the University of Bristol. He obtained his PhD under the supervision of Ivan Damgård at Aarhus University in 2012. His research focuses on practical multiparty computation, with a strong emphasis on implementation.

This page was last modified on 27 Mar 2014.