[PDF] Top 20 More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries

... of oblivious transfers must be run, which can become prohibitively ...with security in the presence of active adversaries of [PVW08] achieves approximately 350 random OTs per second on standard ...OT ... See full document

... same security guar- ...an oblivious- transfer protocol that is vulnerable to input dependent abort by a malicious sender to full ...learn more than one output and extracting a ... See full document

... raises more security and privacy issues. The primary security issue is the protection of the plain biometric templates against malicious adversary because they cannot be replaced with a new ... See full document

... of efficient OT extension protocols [Bea96a], where a large number of OT executions can be obtained from a smaller number of “base” OT executions and symmetric key ...as efficient as possible presents a ... See full document

... new efficient, provably secure membership encryption scheme and have applied it to develop an efficient 1-out-of-n POT ...have more efficient scheme that combines both of them in a single ... See full document

... various extensions/variants of the plain UC framework in which secure computation can be achieved [8], with notable examples being the assumption of a common reference string (CRS) [7, 9, 11] or a public-key ... See full document

... adaptive security, blackbox-usage of the seed OTs is not possible in our construction since it would violate the results of [LZ13, ...adaptive adversaries, imply OT protocol secure against static ... See full document

... on efficient 4 distributed RSA key generation was started with the seminal result of Boneh and Franklin ...an efficient al- gorithm for verifying biprimality of a modulus without knowledge of its ...the ... See full document

... the extension. Beaver showed that if one starts with say n seeds, it is possi- ble to obtain any polynomial number (in n) of extended OTs. His solution is very elegant and concerns feasibility, but it is inherently ... See full document

... secret transfer with access structure, with the aim of revealing as little information as ...on oblivious polynomial evaluation, and the other one is based on a new variant of garbled Bloom ...stronger ... See full document

... Advantages Over Previous Input Consistency Proofs. Note that the number of commit- ments in Protocol 3.2 is only 2s for every circuit. In the online/offline setting, the number of circuits is very small (typically 5-10, ... See full document

... [13]. Security is achieved by the fact that the randomness is kept secret throughout the computation, and so any cheating by the adversary will be ...for malicious adversaries up to an additive ... See full document

... obliviously transfer n random bits. The actual oblivious transfer is carried out by applying a universal hash function to the random strings and using the result to mask the actual bits being ...for ... See full document

... obliviously transfer n random bits. The actual oblivious transfer is carried out by applying a universal hash function to the random strings and using the result to mask the actual bits being ...for ... See full document

... compute oblivious transfer (OT) information theoretically securely against a general adversary structure in an incomplete network of reliable, private ... See full document

... - SIOT. In section 4, we present a conclusion of the security analysis of the proposed protocol. An implementation of the proposed protocol is presented in section 5. In section 6, we present a performance ... See full document

... and security properties of programs making use of public key ...of more complicated ...a security and correctness proof of an implementation in a real-world programming ... See full document

... the more general LWE problem allows for such (rich cryptographic) objects, but LPN does not?” A simple answer would be: “LPN arithmetize but LWE ...much more accessible while still capturing most existing ... See full document

... against malicious adversaries in plain model and it is a generally realizable ...simulation-based security of their ...simulation-based security guarantee, while in the case that the sender is ... See full document

... for security against semi-honest adversaries inspired by Malkhi et al’s [9] Fairplay ...no more information than ...the security of the BMR protocol [10] addressing a flaw in their ... See full document