Rewrite CO15 (#36)

* refactor co15

* fix comments

* remove old message type

* fix comments

* fix itybity dep

* update OT traits

* seed receiver with cointoss

* updated comments and error

* cointoss -> coin toss

* change choice log to Vec<bool>

* comments

* last PR feedback

Cargo.toml

@@ -22,8 +22,8 @@ mpz-share-conversion = { path = "share-conversion/mpz-share-conversion" }
 clmul = { path = "clmul" }
 matrix-transpose = { path = "matrix-transpose" }
 
-tlsn-utils = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "f3e3f07" }
-tlsn-utils-aio = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "f3e3f07" }
+tlsn-utils = { git = "https://github.com/tlsnotary/tlsn-utils" }
+tlsn-utils-aio = { git = "https://github.com/tlsnotary/tlsn-utils", branch = "feature/duplex" }
 
 # rand
 rand_chacha = "0.3"

ot/mpz-ot-core/Cargo.toml

@@ -6,6 +6,10 @@ edition = "2021"
 [lib]
 name = "mpz_ot_core"
 
+[features]
+default = ["rayon"]
+rayon = ["dep:rayon", "itybity/rayon"]
+
 [dependencies]
 mpz-core.workspace = true
 clmul.workspace = true
@@ -19,12 +23,15 @@ cipher.workspace = true
 rand.workspace = true
 rand_core.workspace = true
 rand_chacha.workspace = true
+rayon = { workspace = true, optional = true }
 curve25519-dalek = { workspace = true, features = ["serde", "rand_core"] }
 serde = { workspace = true, features = ["derive"] }
 thiserror.workspace = true
 derive_builder.workspace = true
-merlin.workspace = true
 itybity.workspace = true
+opaque-debug.workspace = true
+cfg-if.workspace = true
+enum-try-as-inner = { tag = "0.1.0", git = "https://github.com/sinui0/enum-try-as-inner" }
 
 [dev-dependencies]
 rstest.workspace = true

ot/mpz-ot-core/benches/ot.rs

@@ -1,71 +1,36 @@
-use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion};
-use itybity::IntoBits;
+use criterion::{black_box, criterion_group, criterion_main, BenchmarkId, Criterion};
 use mpz_core::Block;
-use mpz_ot_core::{DhOtReceiver, DhOtSender, Kos15Receiver, Kos15Sender};
+use mpz_ot_core::chou_orlandi;
 use rand::{RngCore, SeedableRng};
 use rand_chacha::ChaCha12Rng;
 
-fn base_ot(c: &mut Criterion) {
-    let mut group = c.benchmark_group("base_ot");
-    for n in [256, 1024, 4096] {
+fn chou_orlandi(c: &mut Criterion) {
+    let mut group = c.benchmark_group("chou_orlandi");
+    for n in [128, 256, 1024] {
         group.bench_with_input(BenchmarkId::from_parameter(n), &n, |b, &n| {
             let msgs = vec![[Block::ONES; 2]; n];
             let mut rng = ChaCha12Rng::from_entropy();
-            let mut choice = vec![0u8; n / 8];
-            rng.fill_bytes(&mut choice);
-            let choice = choice.into_msb0_vec();
+            let mut choices = vec![0u8; n / 8];
+            rng.fill_bytes(&mut choices);
             b.iter(|| {
-                let mut sender = DhOtSender::default();
-                let sender_setup = sender.setup(&mut rng).unwrap();
+                let sender = chou_orlandi::Sender::default();
+                let receiver = chou_orlandi::Receiver::default();
 
-                let mut receiver = DhOtReceiver::default();
+                let (sender_setup, mut sender) = sender.setup();
+                let mut receiver = receiver.setup(sender_setup);
 
-                let receiver_setup = receiver.setup(&mut rng, &choice, sender_setup).unwrap();
-                let send = sender.send(&msgs, receiver_setup).unwrap();
-                let _ = receiver.receive(send).unwrap();
-            })
-        });
-    }
-}
-
-fn ext_ot(c: &mut Criterion) {
-    let mut group = c.benchmark_group("ext_ot");
-    for n in [256, 1024, 4096, 12288, 40960] {
-        group.bench_with_input(BenchmarkId::from_parameter(n), &n, |b, &n| {
-            let msgs = vec![[Block::ONES; 2]; n];
-            let mut rng = ChaCha12Rng::from_entropy();
-            let mut choice = vec![0u8; n / 8];
-            rng.fill_bytes(&mut choice);
-            let choice = choice.into_msb0_vec();
-            b.iter(|| {
-                let receiver = Kos15Receiver::default();
-                let (receiver, base_sender_setup) = receiver.base_setup().unwrap();
-
-                let sender = Kos15Sender::default();
-                let (sender, base_receiver_setup) = sender.base_setup(base_sender_setup).unwrap();
-
-                let (receiver, send_seeds) = receiver.base_send(base_receiver_setup).unwrap();
-                let sender = sender.base_receive(send_seeds).unwrap();
-                let (mut receiver, receiver_setup) = receiver.extension_setup(&choice).unwrap();
-                let mut sender = sender
-                    .extension_setup(choice.len(), receiver_setup)
-                    .unwrap();
-
-                let send = sender.send(&msgs).unwrap();
-                let _received = receiver.receive(send).unwrap();
+                let receiver_payload = receiver.receive_random(choices.as_slice());
+                let sender_payload = sender.send(&msgs, receiver_payload).unwrap();
+                black_box(receiver.receive(sender_payload).unwrap())
             })
         });
     }
 }
 
 criterion_group! {
-    name = base_ot_benches;
+    name = chou_orlandi_benches;
     config = Criterion::default().sample_size(50);
-    targets = base_ot
+    targets = chou_orlandi
 }
-criterion_group! {
-    name = ext_ot_benches;
-    config = Criterion::default().sample_size(50);
-    targets = ext_ot
-}
-criterion_main!(base_ot_benches, ext_ot_benches);
+
+criterion_main!(chou_orlandi_benches);

ot/mpz-ot-core/examples/ot.rs

@@ -1,46 +1,33 @@
-// This example demonstrates how to securely and privately transfer data using OT extension.
+// This example demonstrates how to securely and privately transfer data using OT.
 // In practical situations data would be communicated over a channel such as TCP.
-// For simplicity, this example shows how to use OT components in memory.
+// For simplicity, this example shows how to use CO15 OT in memory.
 
 use mpz_core::Block;
-use mpz_ot_core::dh_ot::{DhOtReceiver, DhOtSender};
-use rand::thread_rng;
+use mpz_ot_core::chou_orlandi::{Receiver, Sender};
 
 pub fn main() {
-    let mut rng = thread_rng();
-
     // Receiver choice bits
-    let choice = vec![false, true, false, false, true, true, false, true];
+    let choices = vec![false, true, false, false, true, true, false, true];
 
-    println!("Receiver choices: {:?}", &choice);
+    println!("Receiver choices: {:?}", &choices);
 
     // Sender messages the receiver chooses from
-    let inputs = [
-        [Block::new(0), Block::new(1)],
-        [Block::new(2), Block::new(3)],
-        [Block::new(4), Block::new(5)],
-        [Block::new(6), Block::new(7)],
-        [Block::new(8), Block::new(9)],
-        [Block::new(10), Block::new(11)],
-        [Block::new(12), Block::new(13)],
-        [Block::new(14), Block::new(15)],
-    ];
+    let inputs = [[Block::ZERO, Block::ONES]; 8];
 
     println!("Sender inputs: {:?}", &inputs);
 
-    // First the sender creates a setup message and passes it to sender
-    let mut sender = DhOtSender::default();
-    let setup = sender.setup(&mut rng).unwrap();
+    // First the sender creates a setup message and passes it to receiver
+    let (sender_setup, mut sender) = Sender::default().setup();
 
-    // Receiver takes sender's setup and creates its own setup message
-    let mut receiver = DhOtReceiver::default();
-    let setup = receiver.setup(&mut rng, &choice, setup).unwrap();
+    // Receiver takes sender's setup and generates the receiver payload
+    let mut receiver = Receiver::default().setup(sender_setup);
+    let receiver_payload = receiver.receive_random(&choices);
 
     // Finally, sender encrypts their inputs and sends them to receiver
-    let payload = sender.send(&inputs, setup).unwrap();
+    let sender_payload = sender.send(&inputs, receiver_payload).unwrap();
 
     // Receiver takes the encrypted inputs and is able to decrypt according to their choice bits
-    let received = receiver.receive(payload).unwrap();
+    let received = receiver.receive(sender_payload).unwrap();
 
     println!("Transferred messages: {:?}", received);
 }