LR-OT: Leakage-resilient oblivious transfer

Francesco Berti; Carmit Hazay; Itamar Levi

doi:10.1007/s12095-025-00824-4

LR-OT: Leakage-resilient oblivious transfer

Francesco Berti, Carmit Hazay, Itamar Levi

Research output: Contribution to journal › Article › peer-review

Abstract

Oblivious Transfer (OT) is a fundamental cryptographic primitive that becomes a crucial component of a practical secure protocol. OT is typically implemented in software, and one way to accelerate its running time is by using hardware implementations. However, such implementations are vulnerable to side-channel attacks (SCAs). On the other hand, protecting interactive protocols against SCA is highly challenging due to their longer secrets (which include inputs and randomness), more complex design, and the need to run multiple instances. Consequently, there are no truly practical leakage-resistant OT protocols yet. In this paper, we introduce two tailored indistinguishability-based security definitions for leakage-resilient OT, focusing on protecting the sender’s state. Second, we propose a practical semi-honest secure OT protocol that achieves these security levels while minimizing the assumptions on the protocol’s building blocks and the use of a secret state.

Original language	English
Pages (from-to)	1191-1248
Number of pages	58
Journal	Cryptography and Communications
Volume	17
Issue number	5
DOIs	https://doi.org/10.1007/s12095-025-00824-4
State	Published - 1 Sep 2025
Externally published	Yes

Keywords

Interactive protocols
Leakage-resilience
Oblivious transfer

ASJC Scopus subject areas

Computer Networks and Communications
Computational Theory and Mathematics
Applied Mathematics

Access to Document

10.1007/s12095-025-00824-4

Cite this

@article{14c3d6a29a5449b1b61ccf221347e078,

title = "LR-OT: Leakage-resilient oblivious transfer",

abstract = "Oblivious Transfer (OT) is a fundamental cryptographic primitive that becomes a crucial component of a practical secure protocol. OT is typically implemented in software, and one way to accelerate its running time is by using hardware implementations. However, such implementations are vulnerable to side-channel attacks (SCAs). On the other hand, protecting interactive protocols against SCA is highly challenging due to their longer secrets (which include inputs and randomness), more complex design, and the need to run multiple instances. Consequently, there are no truly practical leakage-resistant OT protocols yet. In this paper, we introduce two tailored indistinguishability-based security definitions for leakage-resilient OT, focusing on protecting the sender{\textquoteright}s state. Second, we propose a practical semi-honest secure OT protocol that achieves these security levels while minimizing the assumptions on the protocol{\textquoteright}s building blocks and the use of a secret state.",

keywords = "Interactive protocols, Leakage-resilience, Oblivious transfer",

author = "Francesco Berti and Carmit Hazay and Itamar Levi",

note = "Publisher Copyright: {\textcopyright} The Author(s) 2025.",

year = "2025",

month = sep,

day = "1",

doi = "10.1007/s12095-025-00824-4",

language = "English",

volume = "17",

pages = "1191--1248",

journal = "Cryptography and Communications",

issn = "1936-2447",

publisher = "Springer Publishing Company",

number = "5",

}

TY - JOUR

T1 - LR-OT

T2 - Leakage-resilient oblivious transfer

AU - Berti, Francesco

AU - Hazay, Carmit

AU - Levi, Itamar

N1 - Publisher Copyright: © The Author(s) 2025.

PY - 2025/9/1

Y1 - 2025/9/1

N2 - Oblivious Transfer (OT) is a fundamental cryptographic primitive that becomes a crucial component of a practical secure protocol. OT is typically implemented in software, and one way to accelerate its running time is by using hardware implementations. However, such implementations are vulnerable to side-channel attacks (SCAs). On the other hand, protecting interactive protocols against SCA is highly challenging due to their longer secrets (which include inputs and randomness), more complex design, and the need to run multiple instances. Consequently, there are no truly practical leakage-resistant OT protocols yet. In this paper, we introduce two tailored indistinguishability-based security definitions for leakage-resilient OT, focusing on protecting the sender’s state. Second, we propose a practical semi-honest secure OT protocol that achieves these security levels while minimizing the assumptions on the protocol’s building blocks and the use of a secret state.

AB - Oblivious Transfer (OT) is a fundamental cryptographic primitive that becomes a crucial component of a practical secure protocol. OT is typically implemented in software, and one way to accelerate its running time is by using hardware implementations. However, such implementations are vulnerable to side-channel attacks (SCAs). On the other hand, protecting interactive protocols against SCA is highly challenging due to their longer secrets (which include inputs and randomness), more complex design, and the need to run multiple instances. Consequently, there are no truly practical leakage-resistant OT protocols yet. In this paper, we introduce two tailored indistinguishability-based security definitions for leakage-resilient OT, focusing on protecting the sender’s state. Second, we propose a practical semi-honest secure OT protocol that achieves these security levels while minimizing the assumptions on the protocol’s building blocks and the use of a secret state.

KW - Interactive protocols

KW - Leakage-resilience

KW - Oblivious transfer

UR - https://www.scopus.com/pages/publications/105011152457

U2 - 10.1007/s12095-025-00824-4

DO - 10.1007/s12095-025-00824-4

M3 - Article

AN - SCOPUS:105011152457

SN - 1936-2447

VL - 17

SP - 1191

EP - 1248

JO - Cryptography and Communications

JF - Cryptography and Communications

IS - 5

ER -

LR-OT: Leakage-resilient oblivious transfer

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this