kos

Documentation

Overview

Package kos in an implementation of maliciously secure OT extension protocol defined in "Protocol 9" of [DKLs18](https://eprint.iacr.org/2018/499.pdf). The original protocol was presented in [KOS15](https://eprint.iacr.org/2015/546.pdf).

Index

• Constants
• func ReceiverStreamCOtRun(receiver *Receiver, hashKeySeed [simplest.DigestSize]byte, ...) error
• func SenderStreamCOtRun(sender *Sender, hashKeySeed [simplest.DigestSize]byte, ...) error
• type Receiver
  • func NewCOtReceiver(seedOTResults *simplest.SenderOutput, curve *curves.Curve) *Receiver
  • func (receiver *Receiver) Round1Initialize(uniqueSessionId [simplest.DigestSize]byte, choice [COtBlockSizeBytes]byte) (*Round1Output, error)
  • func (receiver *Receiver) Round3Transfer(round2Output *Round2Output) error
• type Round1Output
• type Round2Output
• type Sender
  • func NewCOtSender(seedOTResults *simplest.ReceiverOutput, curve *curves.Curve) *Sender
  • func (sender *Sender) Round2Transfer(uniqueSessionId [simplest.DigestSize]byte, input [L][OtWidth]curves.Scalar, ...) (*Round2Output, error)

Constants

const (

	// Kappa is the computational security parameter.
	Kappa = 256

	// KappaBytes is same as Kappa // 8, but avoids cpu division.
	KappaBytes = Kappa >> 3

	// L is the batch size used in the cOT functionality.
	L = 2*Kappa + 2*s

	// COtBlockSizeBytes is same as L // 8, but avoids cpu division.
	COtBlockSizeBytes = L >> 3

	// OtWidth is the number of scalars processed per "slot" of the cOT. by definition of this parameter,
	// for each of the receiver's choice bits, the sender will provide `OTWidth` scalars.
	// in turn, both the sender and receiver will obtain `OTWidth` shares _per_ slot / bit of the cOT.
	// by definition of the cOT, these "vectors of" scalars will add (componentwise) to the sender's original scalars.
	OtWidth = 2
)

Functions

func ReceiverStreamCOtRun

func ReceiverStreamCOtRun(receiver *Receiver, hashKeySeed [simplest.DigestSize]byte, choice [COtBlockSizeBytes]byte, rw io.ReadWriter) error

ReceiverStreamCOtRun exposes an end-to-end "streaming" version of the cOT process for the receiver. this is similar to what we're also doing in the base OT side. the user only passes an arbitrary `ReadWriter` here, together with the relevant inputs (namely a choice vector); this method handles all parts of the process, including both encoding / decoding and writing to / reading from the stream.

func SenderStreamCOtRun

func SenderStreamCOtRun(sender *Sender, hashKeySeed [simplest.DigestSize]byte, input [L][OtWidth]curves.Scalar, rw io.ReadWriter) error

SenderStreamCOtRun exposes the end-to-end "streaming" version of cOT for the sender. the sender should pass an arbitrary ReadWriter together with their input; this will handle the whole process, including all component methods, plus reading to and writing from the network.

Types

type Receiver

type Receiver struct {
	// OutputAdditiveShares are the ultimate output received. basically just the "pads".
	OutputAdditiveShares [L][OtWidth]curves.Scalar
	// contains filtered or unexported fields
}

func NewCOtReceiver

func NewCOtReceiver(seedOTResults *simplest.SenderOutput, curve *curves.Curve) *Receiver

NewCOtReceiver creates a `Receiver` instance, ready for use as the receiver in the KOS cOT protocol you must supply the output gotten by running an instance of seed OT as the _sender_ (note the reversal of roles)

func (*Receiver) Round1Initialize

func (receiver *Receiver) Round1Initialize(uniqueSessionId [simplest.DigestSize]byte, choice [COtBlockSizeBytes]byte) (*Round1Output, error)

Round1Initialize initializes the OT Extension. see page 17, steps 1), 2), 3) and 4) of Protocol 9 of the paper. The input `choice` vector is "packed" (i.e., the underlying abstract vector of `L` bits is represented as a `cOTBlockSizeBytes` bytes).

func (*Receiver) Round3Transfer

func (receiver *Receiver) Round3Transfer(round2Output *Round2Output) error

Round3Transfer does the receiver (Bob)'s step 7) of Protocol 9, namely the computation of the outputs tB.

type Round1Output

type Round1Output struct {
	U      [Kappa][cOtExtendedBlockSizeBytes]byte
	WPrime [simplest.DigestSize]byte
	VPrime [simplest.DigestSize]byte
}

Round1Output is Bob's first message to Alice during cOT extension; these outputs are described in step 4) of Protocol 9) https://eprint.iacr.org/2018/499.pdf

type Round2Output

type Round2Output struct {
	Tau [L][OtWidth]curves.Scalar
}

Round2Output this is Alice's response to Bob in cOT extension; the values `tau` are specified in Alice's step 6) of Protocol 9) https://eprint.iacr.org/2018/499.pdf

type Sender

type Sender struct {
	// OutputAdditiveShares are the ultimate output received. basically just the "pads".
	OutputAdditiveShares [L][OtWidth]curves.Scalar
	// contains filtered or unexported fields
}

func NewCOtSender

func NewCOtSender(seedOTResults *simplest.ReceiverOutput, curve *curves.Curve) *Sender

NewCOtSender creates a `Sender` instance, ready for use as the sender in the KOS cOT protocol. you must supply the output gotten by running an instance of seed OT as the _receiver_ (note the reversal of roles)

func (*Sender) Round2Transfer

func (sender *Sender) Round2Transfer(uniqueSessionId [simplest.DigestSize]byte, input [L][OtWidth]curves.Scalar, round1Output *Round1Output) (*Round2Output, error)

Round2Transfer computes the OT sender ("Alice")'s part of cOT; this includes steps 2) 5) and 6) of Protocol 9 `input` is the sender's main vector of inputs alpha_j; these are the things tA_j and tB_j will add to if w_j == 1. `message` contains the message the receiver ("Bob") sent us. this itself contains Bob's values WPrime, VPrime, and U the output is just the values `Tau` we send back to Bob. as a side effect of this function, our (i.e., the sender's) outputs tA_j from the cOT will be populated.