A fast and portable C++14 library for Oblivious Transfer extension (OTe). The primary design goal of this library to obtain high performance while being easy to use. Checkout version 1.6 for the previous version. This library currently implements:
- The semi-honest 1-out-of-2 OT [IKNP03].
- The semi-honest 1-out-of-2 Silent OT [BCGIKRS19].
- The semi-honest 1-out-of-2 Delta-OT [IKNP03],[BLNNOOSS15].
- The semi-honest 1-out-of-2 OT [Roy22].
- The semi-honest 1-out-of-N OT [KKRT16].
- The malicious secure 1-out-of-2 Silent+Silver [CRR21].
- The malicious secure 1-out-of-2 OT [KOS15].
- The malicious secure 1-out-of-2 Delta-OT [KOS15],[BLNNOOSS15].
- The malicious 1-out-of-2 OT [Roy22].
- The malicious secure 1-out-of-N OT [OOS16].
- The malicious secure 1-out-of-2 base OT [NP01].
- The malicious secure 1-out-of-2 base OT [CO15] (Faster Linux ASM version disabled by default).
- The malicious secure 1-out-of-2 base OT [MR19]
- Several malicious secure batched 1-out-of-2 base OTs from [MRR21]
Introduction
This library provides several different classes of OT protocols. First is the
base OT protocol of [CO15, MR19, MRR21]. These protocol bootstraps all the other
OT extension protocols. Within the OT extension protocols, we have 1-out-of-2,
1-out-of-N, and VOLE both in the semi-honest and malicious settings. See The frontend
or libOTe_Tests
folder for examples.
All implementations are highly optimized using fast SSE instructions and vectorization to obtain optimal performance both in the single and multi-threaded setting.
Networking can be performed using both the sockets provided by the library and external socket classes. The simplest integration can be achieved via the message passing interface where the user is given the protocol messages that need to be sent/received. Users can also integrate their own socket type for maximum performance. See the coproto tutorial for examples.
Build
The library is cross platform and has been tested on Windows, Mac and Linux. There is one mandatory dependency on coproto (networking), and three optional dependencies on libsodium, Relic, or SimplestOT (Unix only) for Base OTs. Boost Asio tcp networking and OpenSSL support can optionally be enabled. CMake 3.15+ is required and the build script assumes python 3.
The library can be built with libsodium, all OT protocols enabled and boost asio TCP networking as
git clone https://github.com/osu-crypto/libOTe.git
cd libOTe
python build.py --all --boost --sodium
The main executable with examples is frontend
and is located in the build directory, eg out/build/linux/frontend/frontend.exe, out/build/x64-Release/frontend/Release/frontend.exe
depending on the OS.
Build Options
LibOTe can be built with various only the selected protocols enabled. -D ENABLE_ALL_OT=ON
will enable all available protocols depending on platform/dependencies. The ON
/OFF
options include
Malicious base OT:
ENABLE_SIMPLESTOT
the SimplestOT [CO15] protocol (relic or sodium).ENABLE_SIMPLESTOT_ASM
the SimplestOT base OT protocol [CO15] protocol (linux assembly).ENABLE_MRR
the McQuoid Rosulek Roy [MRR20] protocol (relic or sodium).ENABLE_MRR_TWIST
the McQuoid Rosulek Roy [MRR21] protocol (sodium fork).ENABLE_MR
the Masny Rindal [MR19] protocol (relic or sodium).ENABLE_MR_KYBER
the Masny Rindal [MR19] protocol (Kyber fork).ENABLE_NP
the Naor Pinkas [NP01] base OT (relic or sodium).
1-out-of-2 OT Extension:
ENABLE_IKNP
the Ishai et al [IKNP03] semi-honest protocol.ENABLE_KOS
the Keller et al [KOS15] malicious protocol.ENABLE_DELTA_KOS
the Burra et al [BLNNOOSS15],[KOS15] malicious Delta-OT protocol.ENABLE_SOFTSPOKEN_OT
the Roy Roy22 semi-honest/malicious protocol.ENABLE_SILENTOT
the Couteau et al [CRR21],[BCGIKRS19] semi-honest/malicious protocol.
Vole:
ENABLE_SILENT_VOLE
the Couteau et al [CRR21] semi-honest/malicious protocol.
Addition options can be set for cryptoTools. See the cmake output.
Dependencies
Dependencies can be managed by cmake/build.py or installed via an external tool. If an external tool is used install to system location or set -D CMAKE_PREFIX_PATH=path/to/install
. By default build.py
calls cmake with the command line argument
-D FETCH_AUTO=true
. This tells cmake to first look for dependencies on the system and if not found then it will be downloaded and built automatically. If set to false
then the build will fail if not found. Each dependency can downloaded and build for you by explicitly setting it's FETCH_***
variable to true
. See blow. The python build.py
script by default sets FETCH_AUTO=true
and can be set to false
by calling it with --noauto
.
Enabling/Disabling Relic (for base OTs): The library can be built with Relic as
python build.py --relic
Relic can be disabled by removing --relic
from the setup and setting -D ENABLE_RELIC=false
. This will always download and build relic. To only enable but not download relic, use python build.py -D ENABLE_RELIC=true
.
Enabling/Disabling libsodium (for base OTs): The library can be built with libsodium as
python build.py --sodium
libsodium can be disabled by removing --sodium
from the setup and setting -D ENABLE_SODIUM=false
. This will always download and build sodium. To only enable but not download relic, use python build.py -D ENABLE_SODIUM=true
.
The McQuoid Rosulek Roy 2021 Base OTs uses a twisted curve which additionally require the noclamp
option for Montgomery curves and is currently only in a fork of libsodium. If you prefer the stable libsodium, then install it and add -D SODIUM_MONTGOMERY=false
as a cmake argument to libOTe.
Enabling/Disabling boost asio (for TCP networking): The library can be built with boost as
python build.py --boost
boost can be disabled by removing --boost
from the setup and setting -D ENABLE_BOOST=false
. This will always download and build boost. To only enable but not download relic, use python build.py -D ENABLE_BOOST=true
.
Enabling/Disabling OpenSSL (for TLS networking): The library can be built with boost as
python build.py --openssl
OpenSSL can be disabled by removing --openssl
from the setup and setting -D ENABLE_OPENSSL=false
. OpenSSL is never downloaded for you and is always found using your system installs.
Install
libOTe can be installed and linked the same way as other cmake projects. To install the library and all downloaded dependencies, run the following
python build.py --install
Sudo is not used. If installation requires sudo access, then install as root. See python build.py --help
for full details.
Linking
libOTe can be linked via cmake as
find_package(libOTe REQUIRED)
target_link_libraries(myProject oc::libOTe)
Other exposed targets are oc::cryptoTools, oc::tests_cryptoTools, oc::libOTe_Tests
. In addition, cmake variables libOTe_LIB, libOTe_INC, ENABLE_XXX
will be defined, where XXX
is one of the libOTe options.
To ensure that cmake can find libOTe, you can either install libOTe or build it locally and set -D CMAKE_PREFIX_PATH=path/to/libOTe
or provide its location as a cmake HINTS
, i.e. find_package(libOTe HINTS path/to/libOTe)
.
libOTe can be found with the following components:
find_package(libOTe REQUIRED
COMPONENTS
std_14
std_17
std_20
Debug
Release
RelWithDebInfo
boost
relic
sodium
bitpolymul
openssl
circuits
sse
avx
asan
pic
no_sse
no_avx
no_asan
no_pic
simplestot
simplestot_asm
mrr
mrr_twist
mr
mr_kyber
kos
iknp
silentot
softspoken_ot
delta_kos
silent_vole
oos
kkrt
)
Help
Contact Peter Rindal [email protected] for any assistance on building or running the library.
Citing
Spread the word!
@misc{libOTe,
author = {Peter Rindal, Lance Roy},
title = {{libOTe: an efficient, portable, and easy to use Oblivious Transfer Library}},
howpublished = {\url{https://github.com/osu-crypto/libOTe}},
}
Citation
[NP01] - Moni Naor, Benny Pinkas, Efficient Oblivious Transfer Protocols.
[IKNP03] - Yuval Ishai and Joe Kilian and Kobbi Nissim and Erez Petrank, Extending Oblivious Transfers Efficiently.
[KOS15] - Marcel Keller and Emmanuela Orsini and Peter Scholl, Actively Secure OT Extension with Optimal Overhead. eprint/2015/546
[OOS16] - Michele OrrΓΉ and Emmanuela Orsini and Peter Scholl, Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection. eprint/2016/933
[KKRT16] - Vladimir Kolesnikov and Ranjit Kumaresan and Mike Rosulek and Ni Trieu, Efficient Batched Oblivious PRF with Applications to Private Set Intersection. eprint/2016/799
[RR16] - Peter Rindal and Mike Rosulek, Improved Private Set Intersection against Malicious Adversaries. eprint/2016/746
[BLNNOOSS15] - Sai Sheshank Burra and Enrique Larraia and Jesper Buus Nielsen and Peter Sebastian Nordholt and Claudio Orlandi and Emmanuela Orsini and Peter Scholl and Nigel P. Smart, High Performance Multi-Party Computation for Binary Circuits Based on Oblivious Transfer. eprint/2015/472
[ALSZ15] - Gilad Asharov and Yehuda Lindell and Thomas Schneider and Michael Zohner, More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries. eprint/2015/061
[CRR21] - Geoffroy Couteau ,Srinivasan Raghuraman and Peter Rindal, Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes.
[Roy22] - Lawrence Roy, SoftSpokenOT: Communication--Computation Tradeoffs in OT Extension. eprint/2022/192