Inferensys

Glossary

Oblivious Transfer (OT)

A fundamental cryptographic protocol where a sender transmits one of potentially many pieces of information to a receiver, but remains oblivious to which piece was selected.
Moody home-office setup in a converted highrise loft, analyst working late with multiple screens showing knowledge graph visualizations, city lights through large windows behind.
FOUNDATIONAL CRYPTOGRAPHIC PRIMITIVE

What is Oblivious Transfer (OT)?

Oblivious Transfer is a fundamental two-party protocol enabling a receiver to select and learn a specific piece of information from a sender without the sender discovering which piece was selected.

Oblivious Transfer (OT) is a cryptographic protocol where a sender inputs multiple messages, and a receiver retrieves exactly one message of their choice. The protocol enforces two critical privacy guarantees: the sender remains oblivious to which message was selected, and the receiver learns nothing about the unselected messages. This primitive is a foundational building block for more complex secure computation schemes.

In the standard 1-out-of-2 OT variant, the sender holds two strings, and the receiver chooses a selection bit. The protocol ensures the receiver obtains only the chosen string, while the sender gains no information about the bit. OT is often computationally expensive but is essential for constructing garbled circuits and Multi-Party Computation (MPC) protocols, frequently relying on public-key cryptographic assumptions for its security.

CRYPTOGRAPHIC PRIMITIVES

Key Properties of Oblivious Transfer

Oblivious Transfer (OT) is a foundational building block for secure computation. These cards break down its essential security guarantees, common protocol flavors, and the computational mechanisms that make it indispensable for privacy-preserving systems.

01

Sender Privacy (Obliviousness)

The core security guarantee for the sender. After the protocol executes, the sender learns absolutely nothing about which message the receiver selected. This is not merely computational hiding; it is information-theoretic in many constructions. The sender's view is statistically independent of the receiver's choice index, meaning even an adversary with unbounded computational power cannot determine which secret was accessed. This property is critical for protocols like Private Set Intersection (PSI) where the sender's database contents must remain private beyond the single intersection element.

02

Receiver Privacy (Indistinguishability)

The core security guarantee for the receiver. The receiver's choice input must remain computationally hidden from the sender. Specifically, the sender cannot distinguish between a receiver selecting message m0 versus message m1 with any probability significantly greater than random chance. This is typically achieved through public-key cryptography where the receiver crafts two public keys—one real and one fake—but the sender cannot tell which is which. This property relies on hard problems like the Decisional Diffie-Hellman assumption.

03

1-out-of-2 OT (The Standard Flavor)

The most fundamental and widely implemented variant. The sender inputs two messages (m0, m1), and the receiver inputs a single choice bit b (0 or 1). The receiver learns mb but learns nothing about m1-b, while the sender learns nothing about b. This primitive is the atomic unit of secure computation; any multi-party computation (MPC) circuit can be theoretically constructed from a sufficient number of 1-out-of-2 OT executions combined with garbled circuits.

04

1-out-of-n OT (Database Access)

A generalization where the sender holds a database of n messages, and the receiver retrieves a single record at index i without revealing i to the sender. A naive approach using repeated 1-out-of-2 OT would require O(n) complexity, but optimized protocols using OT Extension can reduce the computational overhead dramatically. This variant is the direct cryptographic backbone of Private Information Retrieval (PIR) systems, allowing users to query databases without exposing their search terms.

05

OT Extension (Amortized Efficiency)

A critical performance optimization that allows a small number of 'base' OTs (typically 128) to be extended into millions of effective OTs using only fast symmetric-key operations (like AES hashes). This technique, introduced by Ishai et al., breaks the reliance on expensive public-key crypto for every single transfer. By generating a matrix of correlated randomness, OT Extension makes OT practical for high-volume secure computation tasks, such as evaluating deep neural networks in MPC frameworks.

06

Random OT (Pre-computation Phase)

A variant where the sender does not input specific messages; instead, the protocol generates random messages and the receiver randomly learns one of them. This produces a pool of correlated randomness that can be stored offline. Later, in an online phase, the sender can simply XOR their actual messages with the pre-computed random values to convert the Random OT into a Standard OT with minimal latency. This separation of phases is vital for low-latency encrypted inference.

OBLIVIOUS TRANSFER

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the mechanics, security, and applications of Oblivious Transfer protocols.

Oblivious Transfer (OT) is a fundamental cryptographic protocol where a sender transmits one of potentially many pieces of information to a receiver, but remains oblivious to which piece was selected. In the classic 1-out-of-2 OT, the sender inputs two messages m0 and m1, and the receiver inputs a choice bit b. The receiver learns mb and nothing about m1-b, while the sender learns nothing about b. The protocol works by leveraging asymmetric cryptography: the receiver generates a public key pair where they know the secret key for only one of two possible public keys, forcing the sender to encrypt each message under a different key. The receiver can only decrypt the message corresponding to their chosen key, achieving the dual privacy guarantees. This primitive is a complete building block for secure multi-party computation, meaning any secure function evaluation can be constructed from OT alone.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.