[Resource Topic] 2022/1371: On the Security of KOS

Welcome to the resource topic for 2022/1371

On the Security of KOS

Authors: Benjamin E. Diamond


We present a full proof of security of the original random oblivious transfer extension protocol of Keller, Orsini, and Scholl (CRYPTO '15), without altering that protocol as written. Our result circumvents a recent negative result of Roy (CRYPTO '22), which shows that a key lemma in the original proof of KOS is false. Our proof leverages a new simulation strategy, and a careful analysis of that protocol’s “correlation check”. We thus reestablish evidence of security for this important, widely used protocol.

ePrint: https://eprint.iacr.org/2022/1371

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .