Inferensys

Glossary

Oblivious Transfer (OT)

A fundamental cryptographic protocol where a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to which piece was selected.
Moody home-office setup in a converted highrise loft, analyst working late with multiple screens showing knowledge graph visualizations, city lights through large windows behind.
CRYPTOGRAPHIC PRIMITIVE

What is Oblivious Transfer (OT)?

Oblivious Transfer is a fundamental cryptographic protocol enabling a sender to transmit one of several pieces of information to a receiver without knowing which piece was selected.

Oblivious Transfer (OT) is a cryptographic protocol where a sender inputs multiple messages, and a receiver selects and learns only one, while the sender remains oblivious to the choice. This primitive simultaneously enforces sender privacy—the receiver learns nothing about the unselected messages—and receiver privacy—the sender gains zero knowledge of the index chosen.

In the classic 1-out-of-2 OT, the sender holds two strings m0 and m1; the receiver inputs a choice bit c and receives mc without the sender learning c. OT serves as a foundational building block for Secure Multi-Party Computation (SMPC) and Private Set Intersection (PSI), enabling collaborative fraud analytics across institutions without exposing proprietary transaction data.

CRYPTOGRAPHIC PRIMITIVES

Key Properties of Oblivious Transfer

Oblivious Transfer (OT) is a foundational cryptographic protocol that resolves a seemingly paradoxical requirement: a sender transmits one of several messages, but remains completely unaware of which message was selected by the receiver.

01

Sender Obliviousness

The defining property of OT. After the protocol executes, the sender has zero information about which secret the receiver chose. This is not merely a promise; it is a mathematically provable guarantee based on computational hardness assumptions.

  • Mechanism: Achieved by masking all sender messages with cryptographic keys, only one of which the receiver can decrypt.
  • Contrast: Unlike a simple encrypted download where a server logs access, OT leaves no digital trace of the selection.
  • Requirement: The sender must hold multiple inputs (typically 2 in the base case, denoted as 1-out-of-2 OT) for the choice to be meaningful.
02

Receiver Privacy

The receiver learns exactly one piece of information and nothing about the other messages. This is enforced by the protocol's cryptographic construction, not by trust.

  • 1-out-of-2 OT: The receiver chooses bit b and learns message M_b, but gains no information about M_{1-b}.
  • 1-out-of-n OT: Extends the concept to n messages, where the receiver selects a single index i and learns only M_i.
  • Security Guarantee: Even a malicious sender with unbounded computational power cannot force the receiver to learn more than one message (information-theoretic security for the receiver in some constructions).
03

Foundation for Secure Computation

OT is cryptographically complete for secure multi-party computation (SMPC). Any arbitrary function that can be computed jointly by multiple parties with private inputs can be constructed solely from OT protocols.

  • Garbled Circuits: OT is the essential mechanism for the evaluator to obliviously receive the wire labels corresponding to their private input without the garbler learning that input.
  • AND Gate Evaluation: A 1-out-of-2 OT directly implements a secure AND gate, which is a universal gate for boolean circuits.
  • Efficiency Driver: Because OT is the primary bottleneck in many SMPC protocols, massive engineering effort focuses on OT extension techniques to generate millions of OT instances from a small number of base OTs.
04

OT Extension

A performance breakthrough that allows a small number of computationally expensive base OTs (using public-key cryptography) to be extended into a virtually unlimited number of OTs using only fast symmetric-key operations.

  • IKNP Protocol: The foundational OT extension protocol by Ishai, Kilian, Nissim, and Petrank (2003) that dramatically reduced the computational cost.
  • Impact: Reduces the public-key overhead from linear in the number of OTs to a constant, making OT practical for large-scale SMPC applications like private set intersection on million-element datasets.
  • Correlated OT: A variant where the sender's messages are not independent but satisfy a linear correlation, further optimizing specific SMPC sub-protocols.
05

Application in Fraud Analytics

OT enables competing financial institutions to collaboratively detect fraud without exposing their proprietary transaction data or customer lists to one another.

  • Private Set Intersection (PSI): Banks can use OT-based PSI to discover accounts appearing on multiple institutions' fraud watchlists without revealing any non-intersecting accounts.
  • Private Database Query: An investigator can query a consortium's shared fraud database for a specific entity's risk score without the database learning which entity was queried.
  • Regulatory Compliance: Satisfies data localization and privacy regulations (like GDPR) by ensuring raw data never leaves the originating institution's control during collaborative analytics.
06

Random OT

A highly efficient variant where the sender's messages are not chosen by the sender but are generated as random strings by the protocol itself. The sender learns the random pair, and the receiver learns one of them based on their choice bit.

  • Pre-computation Phase: Random OTs can be generated in bulk during an offline phase, independent of the actual data to be computed on.
  • Online Phase: When the actual inputs are known, the random strings are used as one-time pads to mask the real messages, requiring only trivial XOR operations.
  • Benefit: Shifts heavy cryptographic work to an offline, non-latency-critical phase, enabling extremely fast online secure computation.
OBLIVIOUS TRANSFER EXPLAINED

Frequently Asked Questions

Clear, technically precise answers to the most common questions about Oblivious Transfer protocols, their cryptographic foundations, and their role in privacy-preserving fraud analytics.

Oblivious Transfer (OT) is a fundamental cryptographic protocol where a sender transmits one of potentially many pieces of information to a receiver, but remains oblivious as to which piece was selected. The receiver, in turn, learns only the chosen piece and gains no information about the others. The classic 1-out-of-2 OT works as follows: the sender holds two messages, m0 and m1; the receiver inputs a choice bit b (0 or 1); the protocol outputs mb to the receiver, while the sender learns nothing about b. This is achieved through public-key cryptography, typically using the Diffie-Hellman assumption. The sender generates a key pair, and the receiver creates a blinded public key that encodes their choice. The sender encrypts both messages using derived keys, but the receiver can only decrypt the one corresponding to their original choice. OT is a complete primitive for Secure Multi-Party Computation (SMPC), meaning any secure computation can be built from it.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.