ot

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CorreOTReceive 

func CorreOTReceive(ctxHash *hash.Hash, setup *CorreOTReceiveSetup, choices []byte) (*CorreOTReceiveMessage, *CorreOTReceiveResult)

CorreOTReceive runs the Receiver's end of the Correlated OT protocol.

The Sender will get binary vectors q_j, and the Receiver will get vectors t_j satsifying t_j = q_j ^ (choices_j * Delta).

This follows the extend section of Figure 3 in https://eprint.iacr.org/2015/546.

A single setup can be used for multiple runs of the protocol, but it's important that ctxHash be initialized with some kind of nonce in that case.

func ExtendedOTReceive 

func ExtendedOTReceive(ctxHash *hash.Hash, setup *CorreOTReceiveSetup, choices []byte) (*ExtendedOTReceiveMessage, *ExtendedOTReceiveResult)

ExtendedOTReceive runs the Receiver's side of the Extended OT Protocol.

The goal of this protocol is to conduct a large number of random oblivious transfers.

This follows Figure 7 of https://eprint.iacr.org/2015/546.

A single setup can be used for many invocations of this protocol, so long as the hash is initialized with some kind of nonce.

func RandomOTSetupSend 

func RandomOTSetupSend(hash *hash.Hash, group curve.Curve) (*RandomOTSetupSendMessage, *RandomOTSendSetup)

RandomOTSetupSend runs the Sender's part of the setup protocol for Random OT.

The hash should be used to tie the execution of the protocol to the ambient context, if that's desired.

This setup can be done once and then used for multiple executions.

Types

type AdditiveOTReceiveResult 

type AdditiveOTReceiveResult [][2]curve.Scalar

AdditiveOTReceiveResult is the Receiver's result for an Additive OT.

For each choice_j, we receive choice_j * alpha - pad.

type AdditiveOTReceiveRound1Message 

type AdditiveOTReceiveRound1Message struct {
	Msg *ExtendedOTReceiveMessage
}

AdditiveOTReceiveRound1Message is the first message sent by the Receiver in an Additive OT.

type AdditiveOTReceiver 

type AdditiveOTReceiver struct {
	// contains filtered or unexported fields
}

AdditiveOTReceiver holds the Receiver's state for the Additive OT Protocol.

func NewAdditiveOTReceiver 

func NewAdditiveOTReceiver(ctxHash *hash.Hash, setup *CorreOTReceiveSetup, group curve.Curve, choices []byte) *AdditiveOTReceiver

NewAdditiveOTReceiver initializes the receiver of an Additive OT.

This follows Protocol 9 of https://eprint.iacr.org/2018/499 to a certain extent. The main difference is that we strictly conform to the underlying extended OT, removing Doerner's modifications to the check.

The goal of this protocol is for the Sender to learn random pads, each pad being two scalars, and for the Receiver to receive choice_j * alpha_j - pad_j for each of the pads, and their choices.

A single setup can be used for multiple protocol executions, but should be initialized with a nonce.

func (*AdditiveOTReceiver) Round1 

func (r *AdditiveOTReceiver) Round1() *AdditiveOTReceiveRound1Message

Round1 executes the Receiver's first round of an Additive OT.

func (*AdditiveOTReceiver) Round2 

func (r *AdditiveOTReceiver) Round2(msg *AdditiveOTSendRound1Message) (AdditiveOTReceiveResult, error)

Round2 executes the Receiver's second round of an Additive OT.

type AdditiveOTSendResult 

type AdditiveOTSendResult [][2]curve.Scalar

AdditiveOTSendResult is the result of running the Additive OT protocol.

The sender receives a collection of random pads.

type AdditiveOTSendRound1Message 

type AdditiveOTSendRound1Message struct {
	CombinedPads [][2][]byte
}

AdditiveOTSendRound1Message is the first message by the Sender in the Additive OT protocol.

type AdditiveOTSender 

type AdditiveOTSender struct {
	// contains filtered or unexported fields
}

AdditiveOTSender holds the Sender's state for the Additive OT Protocol.

func NewAdditiveOTSender 

func NewAdditiveOTSender(ctxHash *hash.Hash, setup *CorreOTSendSetup, batchSize int, alpha [2]curve.Scalar) *AdditiveOTSender

NewAdditiveOTSender initializes the sender of an Additive OT.

This follows Protocol 9 of https://eprint.iacr.org/2018/499 to a certain extent. The main difference is that we strictly conform to the underlying extended OT, removing Doerner's modifications to the check.

The goal of this protocol is for the Sender to learn random pads, each pad being two scalars, and for the Receiver to receive choice_j * alpha_j - pad_j for each of the pads, and their choices.

A single setup can be used for multiple protocol executions, but should be initialized with a nonce.

func (*AdditiveOTSender) Round1 

func (r *AdditiveOTSender) Round1(msg *AdditiveOTReceiveRound1Message) (*AdditiveOTSendRound1Message, AdditiveOTSendResult, error)

type CorreOTReceiveMessage 

type CorreOTReceiveMessage struct {
	// The columns of the U matrix from the paper.
	U [params.OTParam][]byte
}

CorreOTReceiveMessage is the first message the Receiver sends to the Sender in the Correlated OT protocol.

type CorreOTReceiveResult 

type CorreOTReceiveResult struct {
	// contains filtered or unexported fields
}

CorreOTReceiveResult is the Receiver's result at the end of the Correlated OT protocol.

type CorreOTReceiveSetup 

type CorreOTReceiveSetup struct {
	// contains filtered or unexported fields
}

CorreOTReceiveSetup is the result of the Receiver's part of the Correlated OT setup.

The Receiver gets two random matrices, and they know that the Sender has a striping of their columns, based on their correlation vector.

type CorreOTSendResult 

type CorreOTSendResult struct {
	// contains filtered or unexported fields
}

CorreOTSendResult is the Sender's result after executing the Correlated OT protocol.

func CorreOTSend 

func CorreOTSend(ctxHash *hash.Hash, setup *CorreOTSendSetup, batchSize int, msg *CorreOTReceiveMessage) (*CorreOTSendResult, error)

CorreOTSend runs the Sender's end of the Correlated OT protocol.

The Sender will get binary vectors q_j, and the Receiver will get vectors t_j satsifying t_j = q_j ^ (choices_j * Delta).

This follows the extend section of Figure 3 in https://eprint.iacr.org/2015/546.

A single setup can be used for multiple runs of the protocol, but it's important that ctxHash be initialized with some kind of nonce in that case.

type CorreOTSendSetup 

type CorreOTSendSetup struct {
	// contains filtered or unexported fields
}

CorreOTSendSetup contains the results of the Sender's setup of a Correlated OT.

type CorreOTSetupReceiveRound1Message 

type CorreOTSetupReceiveRound1Message struct {
	Msg RandomOTSetupSendMessage
}

CorreOTSetupReceiveRound1Message is the first message sent by the Receiver in a Correlated OT Setup.

func EmptyCorreOTSetupReceiveRound1Message 

func EmptyCorreOTSetupReceiveRound1Message(group curve.Curve) *CorreOTSetupReceiveRound1Message

EmptyCorreOTSetupReceiveRound1Message initializes a message with a given group, so that it can be unmarshalled.

type CorreOTSetupReceiveRound2Message 

type CorreOTSetupReceiveRound2Message struct {
	Msgs [params.OTParam]RandomOTSendRound1Message
}

CorreOTSetupReceiveRound1Message is the second message sent by the Receiver in a Correlated OT Setup.

type CorreOTSetupReceiveRound3Message 

type CorreOTSetupReceiveRound3Message struct {
	Msgs [params.OTParam]RandomOTSendRound2Message
}

CorreOTSetupReceiveRound1Message is the third message sent by the Receiver in a Correlated OT Setup.

type CorreOTSetupReceiver 

type CorreOTSetupReceiver struct {
	// contains filtered or unexported fields
}

CorreOTSetupReceiver holds the Receiver's state on a Correlated OT Setup.

This is necessary, because the setup process takes multiple rounds.

func NewCorreOTSetupReceiver 

func NewCorreOTSetupReceiver(pl *pool.Pool, hash *hash.Hash, group curve.Curve) *CorreOTSetupReceiver

NewCorreOTSetupReceiver initializes the state for setting up the Receiver part of a Correlated OT.

This follows the Initialize part of Figure 3, in https://eprint.iacr.org/2015/546.

func (*CorreOTSetupReceiver) Round1 

func (r *CorreOTSetupReceiver) Round1() *CorreOTSetupReceiveRound1Message

Round1 runs the first round of a Receiver's correlated OT Setup.

func (*CorreOTSetupReceiver) Round2 

func (r *CorreOTSetupReceiver) Round2(msg *CorreOTSetupSendRound1Message) (*CorreOTSetupReceiveRound2Message, error)

Round1 runs the second round of a Receiver's correlated OT Setup.

func (*CorreOTSetupReceiver) Round3 

func (r *CorreOTSetupReceiver) Round3(msg *CorreOTSetupSendRound2Message) (*CorreOTSetupReceiveRound3Message, *CorreOTReceiveSetup, error)

Round1 runs the third round of a Receiver's correlated OT Setup.

type CorreOTSetupSendRound1Message 

type CorreOTSetupSendRound1Message struct {
	// We have to forward all the messages for the underlying Random OT instances.
	Msgs [params.OTParam]RandomOTReceiveRound1Message
}

CorreOTSetupSendRound1Message is the first message sent by the Sender in the Correlated OT setup.

type CorreOTSetupSendRound2Message 

type CorreOTSetupSendRound2Message struct {
	Msgs [params.OTParam]RandomOTReceiveRound2Message
}

CorreOTSetupSendRound1Message is the second message sent by the Sender in the Correlated OT setup.

type CorreOTSetupSender 

type CorreOTSetupSender struct {
	// contains filtered or unexported fields
}

CorreOTSetupSender contains all of the state to run the Sender's setup of a Correlated OT.

This struct is needed, because there are multiple rounds in the setup.

func NewCorreOTSetupSender 

func NewCorreOTSetupSender(pl *pool.Pool, hash *hash.Hash) *CorreOTSetupSender

NewCorreOTSetupSender initializes the state for setting up the Sender part of a Correlated OT.

This follows the Initialize part of Figure 3, in https://eprint.iacr.org/2015/546.

func (*CorreOTSetupSender) Round1 

func (r *CorreOTSetupSender) Round1(msg *CorreOTSetupReceiveRound1Message) (*CorreOTSetupSendRound1Message, error)

Round1 executes the Sender's first round of the Correlated OT setup.

func (*CorreOTSetupSender) Round2 

func (r *CorreOTSetupSender) Round2(msg *CorreOTSetupReceiveRound2Message) *CorreOTSetupSendRound2Message

Round2 executes the Sender's second round of the Correlated OT setup.

func (*CorreOTSetupSender) Round3 

func (r *CorreOTSetupSender) Round3(msg *CorreOTSetupReceiveRound3Message) (*CorreOTSendSetup, error)

Round2 executes the Sender's final round of the Correlated OT setup.

type ExtendedOTReceiveMessage 

type ExtendedOTReceiveMessage struct {
	CorreMsg *CorreOTReceiveMessage
	X        [params.OTBytes]byte
	T        fieldElement
}

ExtendedOTReceiveMessage is the Receiver's first message for an Extended OT.

type ExtendedOTReceiveResult 

type ExtendedOTReceiveResult struct {
	// contains filtered or unexported fields
}

ExtendedOTReceiveResult is the Receiver's result for an Extended OT.

We receive the random vectors corresponding to our choice bits.

type ExtendedOTSendResult 

type ExtendedOTSendResult struct {
	// contains filtered or unexported fields
}

ExtendedOTSendResult is the Sender's result for an Extended OT.

The Sender receives two batches of random vectors, and the Receiver receives a batch of selections from these random vectors.

func ExtendedOTSend 

func ExtendedOTSend(ctxHash *hash.Hash, setup *CorreOTSendSetup, batchSize int, msg *ExtendedOTReceiveMessage) (*ExtendedOTSendResult, error)

ExtendedOTSend runs the Sender's side of the Extended OT Protocol.

The goal of this protocol is to conduct a large number of random oblivious transfers.

This follows Figure 7 of https://eprint.iacr.org/2015/546.

A single setup can be used for many invocations of this protocol, so long as the hash is initialized with some kind of nonce.

type MultiplyReceiveRound1Message 

type MultiplyReceiveRound1Message struct {
	Msg *AdditiveOTReceiveRound1Message
}

MultiplyReceiveRound1Message is the first message from the Receiver in the multiplication protocol.

type MultiplyReceiver 

type MultiplyReceiver struct {
	// contains filtered or unexported fields
}

MultiplyReceiver contains the state for the Receiver of the multiplication protocol.

func NewMultiplyReceiver 

func NewMultiplyReceiver(ctxHash *hash.Hash, setup *CorreOTReceiveSetup, beta curve.Scalar) (*MultiplyReceiver, error)

NewMultiplyReceiver initializes the Receiver for the multiplication protocol.

The Sender has a scalar alpha, the Receiver beta, and the goal is to create an additive sharing of alpha * beta.

This follows Protocol 5 of https://eprint.iacr.org/2018/4990.

func (*MultiplyReceiver) EmptyMultiplySendRound1Message 

func (r *MultiplyReceiver) EmptyMultiplySendRound1Message() *MultiplySendRound1Message

EmptyMultiplySendRound1Message initializes the message with the correct group and size, for unmarshalling.

func (*MultiplyReceiver) Round1 

func (r *MultiplyReceiver) Round1() *MultiplyReceiveRound1Message

Round1 runs the first round for the Receiver in the multiplication protocol.

func (*MultiplyReceiver) Round2 

func (r *MultiplyReceiver) Round2(msg *MultiplySendRound1Message) (curve.Scalar, error)

Round2 runs the second round for the Receiver in the multiplication protocol.

type MultiplySendRound1Message 

type MultiplySendRound1Message struct {
	Msg    *AdditiveOTSendRound1Message
	RCheck []curve.Scalar
	UCheck curve.Scalar
}

MultiplySendRound1Message is the first message from the Sender in the multiplication protocol.

type MultiplySender 

type MultiplySender struct {
	// contains filtered or unexported fields
}

MultiplySender contains the state for the Sender of the multiplication protocol.

func NewMultiplySender 

func NewMultiplySender(ctxHash *hash.Hash, setup *CorreOTSendSetup, alpha curve.Scalar) *MultiplySender

NewMultiplySender initializes the Sender for the multiplication protocol.

The Sender has a scalar alpha, the Receiver beta, and the goal is to create an additive sharing of alpha * beta.

This follows Protocol 5 of https://eprint.iacr.org/2018/4990.

func (*MultiplySender) Round1 

func (r *MultiplySender) Round1(msg *MultiplyReceiveRound1Message) (*MultiplySendRound1Message, curve.Scalar, error)

Round1 runs the Sender's first round in the multiplication protocol.

type RandomOTReceiever 

type RandomOTReceiever struct {
	// contains filtered or unexported fields
}

RandomOTReceiver contains the state needed for a single execution of a Random OT.

This should be created from a saved setup, for each execution.

func NewRandomOTReceiver 

func NewRandomOTReceiver(nonce []byte, result *RandomOTReceiveSetup, choice safenum.Choice) (out RandomOTReceiever)

NewRandomOTReceiver sets up the receiver's state for a single Random OT.

The nonce should be 32 bytes, and must be different if a single setup is used for multiple OTs.

choice indicates which of the two random messages should be received.

func (*RandomOTReceiever) Round1 

func (r *RandomOTReceiever) Round1() (outMsg RandomOTReceiveRound1Message, err error)

Round1 executes the receiver's side of round 1 of a Random OT.

This is the starting point for a Random OT.

func (*RandomOTReceiever) Round2 

func (r *RandomOTReceiever) Round2(msg *RandomOTSendRound1Message) (outMsg RandomOTReceiveRound2Message)

Round2 executes the receiver's side of round 2 of a Random OT.

func (*RandomOTReceiever) Round3 

func (r *RandomOTReceiever) Round3(msg *RandomOTSendRound2Message) ([params.OTBytes]byte, error)

Round3 finalizes the result for the receiver, performing verification.

The random choice is returned as the first argument, upon success.

type RandomOTReceiveRound1Message 

type RandomOTReceiveRound1Message struct {
	ABytes []byte
}

RandomOTReceiveRound1Message is the first message sent by the receiver in a Random OT.

type RandomOTReceiveRound2Message 

type RandomOTReceiveRound2Message struct {
	// A Response to the challenge submitted by the sender.
	Response [params.OTBytes]byte
}

RandomOTReceiveRound2Message is the second message sent by the receiver in a Random OT.

type RandomOTReceiveSetup 

type RandomOTReceiveSetup struct {
	// contains filtered or unexported fields
}

RandomOTReceiveSetup is the result that should be saved for the receiver.

func RandomOTSetupReceive 

func RandomOTSetupReceive(hash *hash.Hash, msg *RandomOTSetupSendMessage) (*RandomOTReceiveSetup, error)

RandomOTSetupReceive runs the Receiver's part of the setup protocol for Random OT.

The hash should be used to tie the execution of the protocol to the ambient context, if that's desired.

This setup can be done once and then used for multiple executions.

type RandomOTSendResult 

type RandomOTSendResult struct {
	// Rand0 is the first random message.
	Rand0 [params.OTBytes]byte
	// Rand1 is the second random message.
	Rand1 [params.OTBytes]byte
}

RandomOTSendResult is the result for a sender in a Random OT.

We have two random results with a symmetric security parameter's worth of bits each.

type RandomOTSendRound1Message 

type RandomOTSendRound1Message struct {
	Challenge [params.OTBytes]byte
}

RandomOTSendRound1Message is the message sent by the sender in round 1.

type RandomOTSendRound2Message 

type RandomOTSendRound2Message struct {
	Decommit0 [params.OTBytes]byte
	Decommit1 [params.OTBytes]byte
}

RandomOTSendRound2Message is the message sent by the sender in round 2 of a Random OT.

type RandomOTSendSetup 

type RandomOTSendSetup struct {
	// contains filtered or unexported fields
}

RandomOTSendSetup is the result that should be saved for the sender.

This result can be used for multiple random OTs later.

type RandomOTSender 

type RandomOTSender struct {
	// contains filtered or unexported fields
}

RandomOTSender holds the state needed for a single execution of a Random OT.

This should be created from a saved setup, for each execution.

func NewRandomOTSender 

func NewRandomOTSender(nonce []byte, result *RandomOTSendSetup) (out RandomOTSender)

NewRandomOTSender sets up the receiver's state for a single Random OT.

The nonce should be 32 bytes, and must be different if a single setup is used for multiple OTs.

func (*RandomOTSender) Round1 

func (r *RandomOTSender) Round1(msg *RandomOTReceiveRound1Message) (outMsg RandomOTSendRound1Message, err error)

Round1 executes the sender's side of round 1 for a Random OT.

func (*RandomOTSender) Round2 

func (r *RandomOTSender) Round2(msg *RandomOTReceiveRound2Message) (outMsg RandomOTSendRound2Message, res RandomOTSendResult, err error)

Round2 executes the sender's side of round 2 in a Random OT.

type RandomOTSetupSendMessage 

type RandomOTSetupSendMessage struct {
	// A public key used for subsequent random OTs.
	B curve.Point
	// A proof of the discrete log of this public key.
	BProof *zksch.Proof
}

RandomOTSetupSendMessage is the message generated by the sender of the OT.

func EmptyRandomOTSetupSendMessage 

func EmptyRandomOTSetupSendMessage(group curve.Curve) *RandomOTSetupSendMessage

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.