Oblivious Transfer (OT) is a fundamental cryptographic primitive enabling privacy-preserving computation and constitutes a core building block for secure multi-party computation while supporting a wide range of security-sensitive applications: private information retrieval, zero-knowledge proofs, and password-authenticated key exchange, to cite a few. While recent advances in OT extension have significantly reduced amortised costs, their reliance on batches of random base OTs and substantial pre-computation phases limits their practicality in scenarios where the number of transfers is modest or where communication latency and client-side computation are critical constraints. In such settings, efficient base OT protocols remain both relevant and necessary. In this work, we introduce $I$-$(OT)^2$, a novel base 1-out-of-2 OT protocol grounded in the quadratic residuosity problem, specifically designed to minimise receiver-side computation and interaction. Our construction is particularly appealing on client--server architectures in which the receiver operates on low-power hardware, such as Internet of Things (IoT) devices. Through a lightweight offline pre-computation phase, $I$-$(OT)^2$ shifts the on-transfer computational burden almost entirely to the Sender, while reducing online communication to only six messages and four digests exchanged. We provide a detailed description of the protocol, accompanied by a formal proof of its security. Moreover, to demonstrate the viability of $I$-$(OT)^2$, we also present an open-source proof-of-concept implementation (in C language) evaluated on real IoT hardware. Results are staggering: for 128-bit security using a 3072-bit RSA modulus, the receiver incurs an average online cost per OT as low as 2.80 μs on desktop platforms and 39.90 μs on IoT devices, more than 10$\times$ faster than the well known SimplestOT.

翻译：不经意传输（OT）是实现隐私保护计算的基础密码学原语，构成安全多方计算的核心构建模块，并支持多种安全敏感应用：如隐私信息检索、零知识证明和口令认证密钥交换等。尽管OT扩展技术的最新进展显著降低了摊销成本，但其对批量随机基础OT的依赖以及大量的预计算阶段，限制了其在传输次数较少或通信延迟与客户端计算能力成为关键约束场景中的实用性。在此类场景中，高效的基础OT协议仍具有重要性和必要性。本文提出$I$-$(OT)^2$，一种基于二次剩余问题的新型基础1选2 OT协议，专门设计用于最小化接收方计算量与交互开销。我们的构造在客户端-服务器架构中尤为适用，其中接收端运行在低功耗硬件（如物联网设备）上。通过轻量级离线预计算阶段，$I$-$(OT)^2$将在线传输的计算负担几乎完全转移至发送方，同时将在线通信量减少至仅需交换六条消息和四个摘要值。我们提供了协议的详细描述及其安全性形式化证明。此外，为验证$I$-$(OT)^2$的可行性，我们在真实物联网硬件上基于C语言实现了开源概念验证系统。实验结果表明：在128位安全强度下（使用3072位RSA模数），接收方在桌面平台和物联网设备上每次OT的平均在线开销分别低至2.80 μs和39.90 μs，比著名的SimplestOT协议快10倍以上。