Documentation ¶
Overview ¶
Package kos in an implementation of maliciously secure OT extension protocol defined in "Protocol 9" of [DKLs18](https://eprint.iacr.org/2018/499.pdf). The original protocol was presented in [KOS15](https://eprint.iacr.org/2015/546.pdf).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ReceiverStreamCOtRun ¶
func ReceiverStreamCOtRun(receiver *Receiver, hashKeySeed [simplest.DigestSize]byte, choice []byte, rw io.ReadWriter) error
ReceiverStreamCOtRun exposes an end-to-end "streaming" version of the cOT process for the receiver. this is similar to what we're also doing in the base OT side. the user only passes an arbitrary `ReadWriter` here, together with the relevant inputs (namely a choice vector); this method handles all parts of the process, including both encoding / decoding and writing to / reading from the stream.
func SenderStreamCOtRun ¶
func SenderStreamCOtRun(sender *Sender, hashKeySeed [simplest.DigestSize]byte, input [][]curves.Scalar, rw io.ReadWriter) error
SenderStreamCOtRun exposes the end-to-end "streaming" version of cOT for the sender. the sender should pass an arbitrary ReadWriter together with their input; this will handle the whole process, including all component methods, plus reading to and writing from the network.
Types ¶
type Receiver ¶
type Receiver struct { Kappa uint KappaBytes uint L uint COtBlockSizeBytes uint OtWidth uint OutputAdditiveShares [][]curves.Scalar // contains filtered or unexported fields }
func NewCOtReceiver ¶
func NewCOtReceiver(kappa uint, s uint, seedOTResults *simplest.SenderOutput, curve *curves.Curve) *Receiver
NewCOtReceiver creates a `Receiver` instance, ready for use as the receiver in the KOS cOT protocol you must supply the output gotten by running an instance of seed OT as the _sender_ (note the reversal of roles)
func (*Receiver) Round1Initialize ¶
func (receiver *Receiver) Round1Initialize(uniqueSessionId [simplest.DigestSize]byte, choice []byte) (*Round1Output, error)
Round1Initialize initializes the OT Extension. see page 17, steps 1), 2), 3) and 4) of Protocol 9 of the paper. The input `choice` vector is "packed" (i.e., the underlying abstract vector of `L` bits is represented as a `cOTBlockSizeBytes` bytes).
func (*Receiver) Round3Transfer ¶
func (receiver *Receiver) Round3Transfer(round2Output *Round2Output) error
Round3Transfer does the receiver (Bob)'s step 7) of Protocol 9, namely the computation of the outputs tB.
type Round1Output ¶
type Round1Output struct { U [][]byte WPrime [simplest.DigestSize]byte VPrime [simplest.DigestSize]byte }
Round1Output is Bob's first message to Alice during cOT extension; these outputs are described in step 4) of Protocol 9) https://eprint.iacr.org/2018/499.pdf
type Round2Output ¶
Round2Output this is Alice's response to Bob in cOT extension; the values `tau` are specified in Alice's step 6) of Protocol 9) https://eprint.iacr.org/2018/499.pdf
type Sender ¶
type Sender struct { Kappa uint KappaBytes uint L uint COtBlockSizeBytes uint OtWidth uint OutputAdditiveShares [][]curves.Scalar // contains filtered or unexported fields }
func NewCOtSender ¶
func NewCOtSender(kappa uint, s uint, seedOTResults *simplest.ReceiverOutput, curve *curves.Curve) *Sender
NewCOtSender creates a `Sender` instance, ready for use as the sender in the KOS cOT protocol. you must supply the output gotten by running an instance of seed OT as the _receiver_ (note the reversal of roles)
func (*Sender) Round2Transfer ¶
func (sender *Sender) Round2Transfer(uniqueSessionId [simplest.DigestSize]byte, input [][]curves.Scalar, round1Output *Round1Output) (*Round2Output, error)
Round2Transfer computes the OT sender ("Alice")'s part of cOT; this includes steps 2) 5) and 6) of Protocol 9 `input` is the sender's main vector of inputs alpha_j; these are the things tA_j and tB_j will add to if w_j == 1. `message` contains the message the receiver ("Bob") sent us. this itself contains Bob's values WPrime, VPrime, and U the output is just the values `Tau` we send back to Bob. as a side effect of this function, our (i.e., the sender's) outputs tA_j from the cOT will be populated.