Inferensys

Glossary

Oblivious Transfer (OT)

A fundamental cryptographic primitive where a sender transmits one of potentially many pieces of information to a receiver, but remains oblivious to which piece was selected.
Moody home-office setup in a converted highrise loft, analyst working late with multiple screens showing knowledge graph visualizations, city lights through large windows behind.
CRYPTOGRAPHIC PRIMITIVE

What is Oblivious Transfer (OT)?

A fundamental cryptographic protocol where a sender transmits one of potentially many pieces of information to a receiver, but remains oblivious to which piece was selected.

Oblivious Transfer (OT) is a cryptographic primitive that enables a sender to transmit one of many pieces of information to a receiver, while the sender remains oblivious to which specific piece was selected and the receiver learns nothing about the unchosen items. This asymmetric information exchange forms the foundational building block for more complex secure multi-party computation (MPC) protocols, including garbled circuits and private set intersection.

The most common variant, 1-out-of-2 OT, involves a sender with two messages and a receiver with a choice bit; the receiver obtains only the chosen message, and the sender learns nothing about the choice. Modern implementations rely on oblivious transfer extension to efficiently generate millions of OTs from a small base set using only symmetric-key cryptography, dramatically reducing the computational overhead in protocols like SPDZ and secure aggregation.

FOUNDATIONAL PRIMITIVE

Key Properties of Oblivious Transfer

Oblivious Transfer is a cornerstone of modern cryptography, enabling secure computation by solving a deceptively simple problem: how to send a message without knowing which one was received.

01

1-out-of-2 OT: The Standard Form

The most common variant where a sender inputs two messages (m₀, m₁) and a receiver inputs a choice bit (c). The receiver learns m_c and nothing about m_{1-c}, while the sender remains oblivious to the value of c. This primitive is complete for secure computation, meaning any multi-party computation can be built from it. The protocol typically relies on public-key cryptography for the base transfers, though extensions use symmetric keys for efficiency.

Complete
Cryptographic Power
02

Oblivious Transfer Extension

A performance-critical optimization that reduces computational overhead by orders of magnitude. The protocol uses a small number (e.g., 128) of base OTs executed with expensive public-key operations to bootstrap a much larger number (millions) of OTs using only fast symmetric-key primitives like AES hashing. This makes OT practical for large-scale secure computation tasks such as private neural network inference where millions of gates require OT-based evaluation.

10,000x+
Efficiency Gain Over Base OT
03

Random OT: Preprocessing for Speed

A variant where the sender's messages are not chosen but generated as random strings by the protocol itself. This decouples the OT into an offline, input-independent phase and an online phase. In the online phase, the random outputs are consumed to mask real inputs using simple XOR operations. This preprocessing model is essential for achieving low-latency secure computation, shifting heavy cryptographic work to idle periods before the actual inputs are known.

Sub-millisecond
Online Phase Latency
04

Correlated OT: Reducing Communication

A specialized form where the sender's two messages are not independent but satisfy a specific correlation, typically a linear relationship (e.g., m₁ = m₀ + Δ for a fixed global secret Δ). This structure drastically reduces communication complexity. Correlated OT is a fundamental building block for silent OT extension protocols, which can generate an unbounded number of OTs with near-zero communication overhead, revolutionizing the scalability of secure computation.

05

Chosen-One Malicious Security

Standard OT security assumes a semi-honest adversary that follows the protocol. Real-world deployments require malicious security against arbitrary deviations. A key technique is the 'chosen-one' approach where the receiver commits to its choice bit and proves in zero-knowledge that it followed the protocol correctly without revealing the bit itself. This prevents selective failure attacks where a malicious sender could subtly corrupt the receiver's output based on the choice bit.

06

OT in Garbled Circuits

In Yao's Garbled Circuits protocol, OT serves as the input wire transfer mechanism. The circuit generator encrypts truth tables for each gate. For each input bit of the evaluator, a 1-out-of-2 OT is run: the generator inputs two random labels (one for 0, one for 1), and the evaluator selects the label corresponding to its private input bit. This allows the evaluator to start the circuit evaluation without the generator learning its input. Free-XOR and half-gate optimizations further reduce the cryptographic cost of the surrounding gates.

CRYPTOGRAPHIC PRIMITIVES

Frequently Asked Questions

Explore the foundational mechanics and security properties of Oblivious Transfer, a cornerstone protocol for private computation.

Oblivious Transfer (OT) is a fundamental cryptographic protocol between a sender and a receiver where the sender transmits one of potentially many pieces of information, but remains oblivious to which piece was selected. In the classic 1-out-of-2 OT, the sender inputs two messages (m0, m1), and the receiver inputs a choice bit (c). The receiver learns mc but gains no information about m(1-c), while the sender learns nothing about c. The protocol typically relies on public-key cryptography, often using the Diffie-Hellman key exchange as a building block. The sender generates two random keys, and the receiver uses a blinding factor to derive the key corresponding to their choice without the sender being able to distinguish which key was derived. This asymmetry is the core mechanism enabling privacy-preserving computation.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.