ot

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 3, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CorreOTReceive

func CorreOTReceive(ctxHash *hash.Hash, setup *CorreOTReceiveSetup, choices []byte) (*CorreOTReceiveMessage, *CorreOTReceiveResult)

CorreOTReceive runs the Receiver's end of the Correlated OT protocol.

The Sender will get binary vectors q_j, and the Receiver will get vectors t_j satsifying t_j = q_j ^ (choices_j * Delta).

This follows the extend section of Figure 3 in https://eprint.iacr.org/2015/546.

A single setup can be used for multiple runs of the protocol, but it's important that ctxHash be initialized with some kind of nonce in that case.

func ExtendedOTReceive

func ExtendedOTReceive(ctxHash *hash.Hash, setup *CorreOTReceiveSetup, choices []byte) (*ExtendedOTReceiveMessage, *ExtendedOTReceiveResult)

ExtendedOTReceive runs the Receiver's side of the Extended OT Protocol.

The goal of this protocol is to conduct a large number of random oblivious transfers.

This follows Figure 7 of https://eprint.iacr.org/2015/546.

A single setup can be used for many invocations of this protocol, so long as the hash is initialized with some kind of nonce.

func RandomOTSetupSend

func RandomOTSetupSend(hash *hash.Hash, group curve.Curve) (*RandomOTSetupSendMessage, *RandomOTSendSetup)

RandomOTSetupSend runs the Sender's part of the setup protocol for Random OT.

The hash should be used to tie the execution of the protocol to the ambient context, if that's desired.

This setup can be done once and then used for multiple executions.

Types

type AdditiveOTReceiveResult

type AdditiveOTReceiveResult [][2]curve.Scalar

AdditiveOTReceiveResult is the Receiver's result for an Additive OT.

For each choice_j, we receive choice_j * alpha - pad.

type AdditiveOTReceiveRound1Message

type AdditiveOTReceiveRound1Message struct {
	Msg *ExtendedOTReceiveMessage
}

AdditiveOTReceiveRound1Message is the first message sent by the Receiver in an Additive OT.

type AdditiveOTReceiver

type AdditiveOTReceiver struct {
	// contains filtered or unexported fields
}

AdditiveOTReceiver holds the Receiver's state for the Additive OT Protocol.

func NewAdditiveOTReceiver

func NewAdditiveOTReceiver(ctxHash *hash.Hash, setup *CorreOTReceiveSetup, group curve.Curve, choices []byte) *AdditiveOTReceiver

NewAdditiveOTReceiver initializes the receiver of an Additive OT.

This follows Protocol 9 of https://eprint.iacr.org/2018/499 to a certain extent. The main difference is that we strictly conform to the underlying extended OT, removing Doerner's modifications to the check.

The goal of this protocol is for the Sender to learn random pads, each pad being two scalars, and for the Receiver to receive choice_j * alpha_j - pad_j for each of the pads, and their choices.

A single setup can be used for multiple protocol executions, but should be initialized with a nonce.

func (*AdditiveOTReceiver) Round1

Round1 executes the Receiver's first round of an Additive OT.

func (*AdditiveOTReceiver) Round2

Round2 executes the Receiver's second round of an Additive OT.

type AdditiveOTSendResult

type AdditiveOTSendResult [][2]curve.Scalar

AdditiveOTSendResult is the result of running the Additive OT protocol.

The sender receives a collection of random pads.

type AdditiveOTSendRound1Message

type AdditiveOTSendRound1Message struct {
	CombinedPads [][2][]byte
}

AdditiveOTSendRound1Message is the first message by the Sender in the Additive OT protocol.

type AdditiveOTSender

type AdditiveOTSender struct {
	// contains filtered or unexported fields
}

AdditiveOTSender holds the Sender's state for the Additive OT Protocol.

func NewAdditiveOTSender

func NewAdditiveOTSender(ctxHash *hash.Hash, setup *CorreOTSendSetup, batchSize int, alpha [2]curve.Scalar) *AdditiveOTSender

NewAdditiveOTSender initializes the sender of an Additive OT.

This follows Protocol 9 of https://eprint.iacr.org/2018/499 to a certain extent. The main difference is that we strictly conform to the underlying extended OT, removing Doerner's modifications to the check.

The goal of this protocol is for the Sender to learn random pads, each pad being two scalars, and for the Receiver to receive choice_j * alpha_j - pad_j for each of the pads, and their choices.

A single setup can be used for multiple protocol executions, but should be initialized with a nonce.

type CorreOTReceiveMessage

type CorreOTReceiveMessage struct {
	// The columns of the U matrix from the paper.
	U [params.OTParam][]byte
}

CorreOTReceiveMessage is the first message the Receiver sends to the Sender in the Correlated OT protocol.

type CorreOTReceiveResult

type CorreOTReceiveResult struct {
	// contains filtered or unexported fields
}

CorreOTReceiveResult is the Receiver's result at the end of the Correlated OT protocol.

type CorreOTReceiveSetup

type CorreOTReceiveSetup struct {
	// contains filtered or unexported fields
}

CorreOTReceiveSetup is the result of the Receiver's part of the Correlated OT setup.

The Receiver gets two random matrices, and they know that the Sender has a striping of their columns, based on their correlation vector.

type CorreOTSendResult

type CorreOTSendResult struct {
	// contains filtered or unexported fields
}

CorreOTSendResult is the Sender's result after executing the Correlated OT protocol.

func CorreOTSend

func CorreOTSend(ctxHash *hash.Hash, setup *CorreOTSendSetup, batchSize int, msg *CorreOTReceiveMessage) (*CorreOTSendResult, error)

CorreOTSend runs the Sender's end of the Correlated OT protocol.

The Sender will get binary vectors q_j, and the Receiver will get vectors t_j satsifying t_j = q_j ^ (choices_j * Delta).

This follows the extend section of Figure 3 in https://eprint.iacr.org/2015/546.

A single setup can be used for multiple runs of the protocol, but it's important that ctxHash be initialized with some kind of nonce in that case.

type CorreOTSendSetup

type CorreOTSendSetup struct {
	// contains filtered or unexported fields
}

CorreOTSendSetup contains the results of the Sender's setup of a Correlated OT.

type CorreOTSetupReceiveRound1Message

type CorreOTSetupReceiveRound1Message struct {
	Msg RandomOTSetupSendMessage
}

CorreOTSetupReceiveRound1Message is the first message sent by the Receiver in a Correlated OT Setup.

func EmptyCorreOTSetupReceiveRound1Message

func EmptyCorreOTSetupReceiveRound1Message(group curve.Curve) *CorreOTSetupReceiveRound1Message

EmptyCorreOTSetupReceiveRound1Message initializes a message with a given group, so that it can be unmarshalled.

type CorreOTSetupReceiveRound2Message

type CorreOTSetupReceiveRound2Message struct {
	Msgs [params.OTParam]RandomOTSendRound1Message
}

CorreOTSetupReceiveRound1Message is the second message sent by the Receiver in a Correlated OT Setup.

type CorreOTSetupReceiveRound3Message

type CorreOTSetupReceiveRound3Message struct {
	Msgs [params.OTParam]RandomOTSendRound2Message
}

CorreOTSetupReceiveRound1Message is the third message sent by the Receiver in a Correlated OT Setup.

type CorreOTSetupReceiver

type CorreOTSetupReceiver struct {
	// contains filtered or unexported fields
}

CorreOTSetupReceiver holds the Receiver's state on a Correlated OT Setup.

This is necessary, because the setup process takes multiple rounds.

func NewCorreOTSetupReceiver

func NewCorreOTSetupReceiver(pl *pool.Pool, hash *hash.Hash, group curve.Curve) *CorreOTSetupReceiver

NewCorreOTSetupReceiver initializes the state for setting up the Receiver part of a Correlated OT.

This follows the Initialize part of Figure 3, in https://eprint.iacr.org/2015/546.

func (*CorreOTSetupReceiver) Round1

Round1 runs the first round of a Receiver's correlated OT Setup.

func (*CorreOTSetupReceiver) Round2

Round1 runs the second round of a Receiver's correlated OT Setup.

func (*CorreOTSetupReceiver) Round3

Round1 runs the third round of a Receiver's correlated OT Setup.

type CorreOTSetupSendRound1Message

type CorreOTSetupSendRound1Message struct {
	// We have to forward all the messages for the underlying Random OT instances.
	Msgs [params.OTParam]RandomOTReceiveRound1Message
}

CorreOTSetupSendRound1Message is the first message sent by the Sender in the Correlated OT setup.

type CorreOTSetupSendRound2Message

type CorreOTSetupSendRound2Message struct {
	Msgs [params.OTParam]RandomOTReceiveRound2Message
}

CorreOTSetupSendRound1Message is the second message sent by the Sender in the Correlated OT setup.

type CorreOTSetupSender

type CorreOTSetupSender struct {
	// contains filtered or unexported fields
}

CorreOTSetupSender contains all of the state to run the Sender's setup of a Correlated OT.

This struct is needed, because there are multiple rounds in the setup.

func NewCorreOTSetupSender

func NewCorreOTSetupSender(pl *pool.Pool, hash *hash.Hash) *CorreOTSetupSender

NewCorreOTSetupSender initializes the state for setting up the Sender part of a Correlated OT.

This follows the Initialize part of Figure 3, in https://eprint.iacr.org/2015/546.

func (*CorreOTSetupSender) Round1

Round1 executes the Sender's first round of the Correlated OT setup.

func (*CorreOTSetupSender) Round2

Round2 executes the Sender's second round of the Correlated OT setup.

func (*CorreOTSetupSender) Round3

Round2 executes the Sender's final round of the Correlated OT setup.

type ExtendedOTReceiveMessage

type ExtendedOTReceiveMessage struct {
	CorreMsg *CorreOTReceiveMessage
	X        [params.OTBytes]byte
	T        fieldElement
}

ExtendedOTReceiveMessage is the Receiver's first message for an Extended OT.

type ExtendedOTReceiveResult

type ExtendedOTReceiveResult struct {
	// contains filtered or unexported fields
}

ExtendedOTReceiveResult is the Receiver's result for an Extended OT.

We receive the random vectors corresponding to our choice bits.

type ExtendedOTSendResult

type ExtendedOTSendResult struct {
	// contains filtered or unexported fields
}

ExtendedOTSendResult is the Sender's result for an Extended OT.

The Sender receives two batches of random vectors, and the Receiver receives a batch of selections from these random vectors.

func ExtendedOTSend

func ExtendedOTSend(ctxHash *hash.Hash, setup *CorreOTSendSetup, batchSize int, msg *ExtendedOTReceiveMessage) (*ExtendedOTSendResult, error)

ExtendedOTSend runs the Sender's side of the Extended OT Protocol.

The goal of this protocol is to conduct a large number of random oblivious transfers.

This follows Figure 7 of https://eprint.iacr.org/2015/546.

A single setup can be used for many invocations of this protocol, so long as the hash is initialized with some kind of nonce.

type MultiplyReceiveRound1Message

type MultiplyReceiveRound1Message struct {
	Msg *AdditiveOTReceiveRound1Message
}

MultiplyReceiveRound1Message is the first message from the Receiver in the multiplication protocol.

type MultiplyReceiver

type MultiplyReceiver struct {
	// contains filtered or unexported fields
}

MultiplyReceiver contains the state for the Receiver of the multiplication protocol.

func NewMultiplyReceiver

func NewMultiplyReceiver(ctxHash *hash.Hash, setup *CorreOTReceiveSetup, beta curve.Scalar) (*MultiplyReceiver, error)

NewMultiplyReceiver initializes the Receiver for the multiplication protocol.

The Sender has a scalar alpha, the Receiver beta, and the goal is to create an additive sharing of alpha * beta.

This follows Protocol 5 of https://eprint.iacr.org/2018/4990.

func (*MultiplyReceiver) EmptyMultiplySendRound1Message

func (r *MultiplyReceiver) EmptyMultiplySendRound1Message() *MultiplySendRound1Message

EmptyMultiplySendRound1Message initializes the message with the correct group and size, for unmarshalling.

func (*MultiplyReceiver) Round1

Round1 runs the first round for the Receiver in the multiplication protocol.

func (*MultiplyReceiver) Round2

Round2 runs the second round for the Receiver in the multiplication protocol.

type MultiplySendRound1Message

type MultiplySendRound1Message struct {
	Msg    *AdditiveOTSendRound1Message
	RCheck []curve.Scalar
	UCheck curve.Scalar
}

MultiplySendRound1Message is the first message from the Sender in the multiplication protocol.

type MultiplySender

type MultiplySender struct {
	// contains filtered or unexported fields
}

MultiplySender contains the state for the Sender of the multiplication protocol.

func NewMultiplySender

func NewMultiplySender(ctxHash *hash.Hash, setup *CorreOTSendSetup, alpha curve.Scalar) *MultiplySender

NewMultiplySender initializes the Sender for the multiplication protocol.

The Sender has a scalar alpha, the Receiver beta, and the goal is to create an additive sharing of alpha * beta.

This follows Protocol 5 of https://eprint.iacr.org/2018/4990.

func (*MultiplySender) Round1

Round1 runs the Sender's first round in the multiplication protocol.

type RandomOTReceiever

type RandomOTReceiever struct {
	// contains filtered or unexported fields
}

RandomOTReceiver contains the state needed for a single execution of a Random OT.

This should be created from a saved setup, for each execution.

func NewRandomOTReceiver

func NewRandomOTReceiver(nonce []byte, result *RandomOTReceiveSetup, choice safenum.Choice) (out RandomOTReceiever)

NewRandomOTReceiver sets up the receiver's state for a single Random OT.

The nonce should be 32 bytes, and must be different if a single setup is used for multiple OTs.

choice indicates which of the two random messages should be received.

func (*RandomOTReceiever) Round1

func (r *RandomOTReceiever) Round1() (outMsg RandomOTReceiveRound1Message, err error)

Round1 executes the receiver's side of round 1 of a Random OT.

This is the starting point for a Random OT.

func (*RandomOTReceiever) Round2

Round2 executes the receiver's side of round 2 of a Random OT.

func (*RandomOTReceiever) Round3

Round3 finalizes the result for the receiver, performing verification.

The random choice is returned as the first argument, upon success.

type RandomOTReceiveRound1Message

type RandomOTReceiveRound1Message struct {
	ABytes []byte
}

RandomOTReceiveRound1Message is the first message sent by the receiver in a Random OT.

type RandomOTReceiveRound2Message

type RandomOTReceiveRound2Message struct {
	// A Response to the challenge submitted by the sender.
	Response [params.OTBytes]byte
}

RandomOTReceiveRound2Message is the second message sent by the receiver in a Random OT.

type RandomOTReceiveSetup

type RandomOTReceiveSetup struct {
	// contains filtered or unexported fields
}

RandomOTReceiveSetup is the result that should be saved for the receiver.

func RandomOTSetupReceive

func RandomOTSetupReceive(hash *hash.Hash, msg *RandomOTSetupSendMessage) (*RandomOTReceiveSetup, error)

RandomOTSetupReceive runs the Receiver's part of the setup protocol for Random OT.

The hash should be used to tie the execution of the protocol to the ambient context, if that's desired.

This setup can be done once and then used for multiple executions.

type RandomOTSendResult

type RandomOTSendResult struct {
	// Rand0 is the first random message.
	Rand0 [params.OTBytes]byte
	// Rand1 is the second random message.
	Rand1 [params.OTBytes]byte
}

RandomOTSendResult is the result for a sender in a Random OT.

We have two random results with a symmetric security parameter's worth of bits each.

type RandomOTSendRound1Message

type RandomOTSendRound1Message struct {
	Challenge [params.OTBytes]byte
}

RandomOTSendRound1Message is the message sent by the sender in round 1.

type RandomOTSendRound2Message

type RandomOTSendRound2Message struct {
	Decommit0 [params.OTBytes]byte
	Decommit1 [params.OTBytes]byte
}

RandomOTSendRound2Message is the message sent by the sender in round 2 of a Random OT.

type RandomOTSendSetup

type RandomOTSendSetup struct {
	// contains filtered or unexported fields
}

RandomOTSendSetup is the result that should be saved for the sender.

This result can be used for multiple random OTs later.

type RandomOTSender

type RandomOTSender struct {
	// contains filtered or unexported fields
}

RandomOTSender holds the state needed for a single execution of a Random OT.

This should be created from a saved setup, for each execution.

func NewRandomOTSender

func NewRandomOTSender(nonce []byte, result *RandomOTSendSetup) (out RandomOTSender)

NewRandomOTSender sets up the receiver's state for a single Random OT.

The nonce should be 32 bytes, and must be different if a single setup is used for multiple OTs.

func (*RandomOTSender) Round1

Round1 executes the sender's side of round 1 for a Random OT.

func (*RandomOTSender) Round2

Round2 executes the sender's side of round 2 in a Random OT.

type RandomOTSetupSendMessage

type RandomOTSetupSendMessage struct {
	// A public key used for subsequent random OTs.
	B curve.Point
	// A proof of the discrete log of this public key.
	BProof *zksch.Proof
}

RandomOTSetupSendMessage is the message generated by the sender of the OT.

func EmptyRandomOTSetupSendMessage

func EmptyRandomOTSetupSendMessage(group curve.Curve) *RandomOTSetupSendMessage

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL