This repo contains state-of-the-art OT implementations. Include two base OTs, IKNP OT extension and Ferret OT extension. All hash functions used for OTs are implemented with MiTCCR for optimal concrete security.

1. python install.py --install --tool --ot
   1. You can use --ot=[release] to install a particular branch or release
   2. By default it will build for Release. -DCMAKE_BUILD_TYPE=[Release|Debug] option is also available.
   3. No sudo? Change CMAKE_INSTALL_PREFIX.

./run ./bin/[binary] logn

with [binary]=ot for common OT functionalities, [binary]=ferret for ferret specific functionalities, logn as the log(number of OT). The script run will locally open two programs.

1. Change the IP address in the test code (e.g. here)

2. run ./bin/[binary] 1 [port] logn on one machine and

   run ./bin/[binary] 2 [port] logn on the other machine.

All tested between two AWS c5.4xlarge instances.

50 Mbps
128 NPOTs:	Tests passed.	12577 us
Passive IKNP OT	Tests passed.	129262 OTps
Passive IKNP COT	Tests passed.	388316 OTps
Passive IKNP ROT	Tests passed.	386190 OTps
128 COOTs:	Tests passed.	11073 us
Active IKNP OT	Tests passed.	129152 OTps
Active IKNP COT	Tests passed.	387380 OTps
Active IKNP ROT	Tests passed.	385235 OTps

10 Gbps
128 NPOTs:	Tests passed.	11739 us
Passive IKNP OT	Tests passed.	1.55476e+07 OTps
Passive IKNP COT	Tests passed.	2.96661e+07 OTps
Passive IKNP ROT	Tests passed.	1.65765e+07 OTps
128 COOTs:	Tests passed.	20064 us
Active IKNP OT	Tests passed.	1.39589e+07 OTps
Active IKNP COT	Tests passed.	2.42705e+07 OTps
Active IKNP ROT	Tests passed.	1.47379e+07 OTps

(unit: million random correlated OT per second)

Our test files already provides useful sample code. Here we provide an overview.

#include<emp-tool/emp-tool.h> // for NetIO, etc
#include<emp-ot/emp-ot.h>   // for OTs

block b0[length], b1[length];
bool c[length];
NetIO io(party==ALICE ? nullptr:"127.0.0.1", port); // Create a network with Bob connecting to 127.0.0.1
OTNP<NetIO> np(&io); // create a Naor Pinkas OT using the network above
if (party == ALICE)
// ALICE is sender, with b0[i] and b1[i] as messages to send
    np.send(b0, b1, length); 
else
// Bob is receiver, with c[i] as the choice bit 
// and obtains b0[i] if c[i]==0 and b1[i] if c[i]==1
    np.recv(b0, c, length);  

Note that NPOT can be replaced to OTCO, IKNP, or FerretCOT without changing any other part of the code. They all share the same API

Random correlated OT is supported for IKNP and FerretCOT. See following as an example. They all share extra APIs The current interface allows specifying the Delta value once and get COT correlation in multiple batches.

IKNP<NetIO> ote(&io, false); // create a semi honest OT extension
//Correlated OT
if (party == ALICE)
    ote.send_cot(b0, length); //ote.Delta is the correlation
else
    ote.recv_cot(br, c, length);   //br[i] = b0[i]\xor c[i]*ote.Delta
    
//Random OT
if (party == ALICE)
    ote.send_rot(b0, b1, length);
else
    ote.recv_rot(br, c, length);    //br[i] = c[i] ? b1[i] : b0[i]

Ferret OT produces correlated OT with random choice bits (rcot). Extra APIs are here. Our implementation provides two interface ferretot.rcot() and ferretot.rcot_inplace(). While the first one support filling an external array of any length, an extra memcpy is needed. The second option work on the provided array directly and thus avoid the memcpy. However, it produces a fixed number of OTs (ferretcot->n) for every invocation. The sample code is mostly self-explainable on how to use it.

Note that the choice bit is embedded to the least bit of the block on the receiver's side. To make sure the correlation works for all bits, the least bit of Delta is 1. This can be viewed as an extension of the point-and-permute technique. See this code on how ferret is used to fullfil standard cot interface.

FerretCOT<NetIO> ferretcot(party, threads, ios);
if (party == ALICE)
    ferretcot.rcot(b0, length); //ote.Delta is the correlation
else
    ferretcot.rcot(br, length); //br[i] = b0[i] \xor LSB(br[i]) * ferretcot.Delta

@misc{emp-toolkit,
   author = {Xiao Wang and Alex J. Malozemoff and Jonathan Katz},
   title = {{EMP-toolkit: Efficient MultiParty computation toolkit}},
   howpublished = {\url{https://github.com/emp-toolkit}},
   year={2016}
}

Please send email to [email protected]. Ferret is also developed and maintained by Chenkai Weng ([email protected]).

This work was supported in part by the National Science Foundation under Awards #1111599 and #1563722. The Ferret implementation is partially based upon work supported by DARPA under Contract No. HR001120C0087. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA. The authors would also like to thank the support from PlatON Network and Facebook.