We give a construction of a two-round batch oblivious transfer (OT) protocol in the CRS model that is UC-secure against malicious adversaries and has (near) optimal communication cost. Specifically, to perform a batch of k oblivious transfers where the sender’s inputs are bits, the sender and the receiver need to communicate a total of 3k+o(k)·poly(λ) bits. We argue that 3k bits are required by any protocol with a black-box and straight-line simulator. The security of our construction is proven assuming the hardness of Quadratic Residuosity (QR) and the Learning Parity with Noise (LPN).
International Conference on the Theory and Application of Cryptographic Techniques (EuroCrypt)
2024-04-01
2024-07-18