Module mpc_engine::primitives::ot

This module implements “The Simplest Protocol for Oblivious Transfer” due to Orlandi and Chou. (cf. https://eprint.iacr.org/archive/2015/267/1527602042.pdf)

The protocol works as follows in an elliptic curve group G with base point B and scalars Scalars

Sender(l, r)            Receiver(c)
y <-$ Scalars
S := yB
T := yS    -- S -->     x <-$ Scalars
                        R := cS + xB
           <-- R --
k_l                     k = H(S, R, xS)
 = H(S, R, yR)       
k_r
 = H(S, R, yR - T)

c_l = E(k_l, l)
c_r = E(k_r, r)

         -- c_l -->
         -- c_r -->     output = D(k, c_l) if decryption successful
                        otherwise output = D(k, c_r)

We instantiate the primitives as follows: - H: HKDF(SHA-256) - group G: P256 - Encryption scheme: Chacha20Poly1305

Structs

• OTCiphertext
  The encryption of an OT input.
• OTReceiver
  The state of the receiver
• OTReceiverSelect
  The OT receiver’s first message.
• OTSender
  The state of the sender
• OTSenderInit
  The OT sender’s first message.
• OTSenderSend
  The OT sender’s second message.