Oblivious Linear Evaluation

We can view an oblivious transfer as a protocol that privately computes \(s_b = s_0 + (s_1 - s_0)b\) for \(b\in \mathbb{Z}_2\). In other words, it computes a linear function over \(b\), which is binary. Oblivious linear evaluations (OLEs) extend oblivious transfers to compute linear functions over elements from larger groups \(\mathbb{Z}_q\). More precisely, the sender holds values \(u\) and \(v\), and the receiver learns \(w=ux+v\) for some \(x\) of its choosing.

In some cases, a receiver might want to perform a large amount of OLEs with the same input \(x\). We call this special case as vector oblivious linear evaluations (VOLEs), which are cheaper to evaluate.