Expand description
CryProt-OT implements several oblivious transfer protocols.
- base OT: “Simplest OT” [CO15]
- semi-honest OT extension: optimized [IKNP03] protocol
- malicious OT extension: optimized [KOS15] protocol
- silent OT extension: [BCG+19] silent OT using [RRT23] code (semi-honest and malicious with [YWL+20] consistency check)
This library is heavily inspired by and in parts a port of the C++ libOTe library.
§Benchmarks
We continously run the benchmark suite in CI witht the results publicly available on bencher.dev. The raw criterion output, including throughput is available in the logs of the bench workflow (latest run > benchmarks job > Run Benchmarks step).
§OT Extension Benchmarks
Following are benchmark numbers for several OT protocols on a 4-core VM running on an AMD EPYC 9454P. For up to date benchmarks view the links in the benchmarks section. Each OT sender/receiver uses one worker thread and number of cores many background threads for communication (which by default is also encrypted as part of QUIC).
| Benchmark | Mean Throughput (million OT/s) |
|---|---|
| Semi-honest R-OT ext. (2^24 R-OTs) | 51.539 |
| Malicious R-OT ext. (2^24 R-OTs) | 33.663 |
| Semi-Honest Silent C-OT ext. (2^21 C-OTs) | 4.2306 |
| Semi-Honest Silent R-OT ext. (2^21 R-OTs) | 9.5426 |
| Malicious Silent R-OT ext. (2^21 R-OTs) | 7.4180 |
Silent OT will perform faster for smaller numbers of OTs at slightly increased communication.
Our OT implementations should be on par or faster than those in libOTe. In the future we want to benchmark libOTe on the same hardware for a fair comparison.
Base OT Benchmark:
| Benchmark | Mean Time (ms) |
|---|---|
| 128 base R-OTs | 28.001 |
Modules§
- adapter
- Adapters for OT types.
- base
- Simplest-OT base OT protocol by [CO15] (malicious security).
- extension
- Fast OT extension using optimized [IKNP03] (semi-honest) or [KOS15] (malicious) protocol.
- noisy_
vole - Noisy-Vole computes for chosen c and delta, a and b s.t. a = b + c * delta in GF(2^128).
- phase
- Phase identifiers used for
cryprot_net::metrics. - silent_
ot - Semi-honest and malicious Silent OT implementation using expand-convolute code [RRT23].
Structs§
- Malicious
Marker - Used as a marker type for malicious security OT implementation.
- Semi
Honest Marker - Used as a marker type for semi-honest security OT implementation.
Traits§
- Connected
- Trait for OT receivers/senders which hold a
Connection. - CotReceiver
- CotSender
- Correlated OT sender (C-OT).
- Malicious
- Marker trait for OT implementations secure against malicious adversaries.
- Rand
Choice RotReceiver - Returns a random choice vector alongside OTs.
- Rand
Choice RotSender - Marker trait for R-OT Senders that are paired with a random choice receiver.
- RotReceiver
- A random OT receiver.
- RotSender
- A random OT sender.
- Security
- Used to abstract over
SemiHonestMarkerorMaliciousMarker - Semi
Honest - Marker trait for OT implementations secure against semi-honest adversaries.
Functions§
- random_
choices - Sample
countmanyChoicees using the provided rng.