- Install prerequisites using instructions here.
- Install emp-tool.
git clone https://github.com/emp-toolkit/emp-ot.git
- Optionally, if lattice-based OT is desired, install dependencies with
emp-ot/install_packages_lattice.sh
cd emp-ot && cmake . && sudo make install
- Alternatively, you can also
cd emp-ot && mkdir -p build && cd build && cmake .. && sudo make install
if out-of-source build is preferred. - By default it will build for Release.
-DCMAKE_BUILD_TYPE=[Release|Debug]
option is also available. - To build with lattice OT, add the flag
-DLATTICEOT=true
- No sudo? change CMAKE_INSTALL_PREFIX
- Alternatively, you can also
./run ./bin/[binary] 12345
with [binary]=shot
to test semi-honest OTs and [binary]=mot
for malicious OTs
-
Change the IP address in the test code (e.g. here)
-
run
./bin/[binary] 1 [port]
on one machine andrun
./bin/[binary] 2 [port]
on the other machine.
All numbers are based on single thread, measured in terms of OT per second. Using three threads is expected to fill a 10Gbps network.
Communication through loopback. c4.2xlarge is used.
OT | COT | ROT | |
---|---|---|---|
NPOT | 7.3 thousand | ||
SemiHonest OTe | 13.5 million | 14 million | 15 million |
COOT | 12.6 thousand | ||
Malicious OTe | 10.5 million | 10.8 million | 11.6 million |
Communication through 2.32 Gbps network with ping <= 0.2ms. Two c4.2xlarge are used.
OT | COT | ROT | |
---|---|---|---|
NPOT | 7.3 thousand | ||
SemiHonest OTe | 6 million | 8.9 million | 12 million |
COOT | 12.5 thousand | ||
Malicious OTe | 5.4 million | 7.6 million | 9.7 million |
All oblivious transfer protocols are implemented with network as a template. Therefore customized network implementation with sending and receiving can be easily hooked up with emp-ot
. NetIO
is used for all tests and examples in the following.
#include<emp-tool/emp-tool.h> // for NetIO, etc
#include<emp-ot/emp-ot.h> // for OTs
block b0[length], b1[length];
bool c[length];
NetIO io(party==ALICE ? nullptr:"127.0.0.1", port); // Create a network with Bob connecting to 127.0.0.1
NPOT<NetIO> np(&io); // create a Naor Pinkas OT using the network above
if (party == ALICE)
// ALICE is sender, with b0[i] and b1[i] as messages to send
np.send(b0, b1, length);
else
// Bob is receiver, with c[i] as the choice bit
// and obtains b0[i] if c[i]==0 and b1[i] if c[i]==1
np.recv(b0, c, length);
Note that NPOT
can be replaced to COOT
, SHOTExtension
or MOTExtension
(default rho=40) without changing any other part of the code. In fact, *OTExtension
calls baseOT internally so you should (almost) never need to call NPOT
or COOT
yourself.
Correlated OT and Random OT are supported for *OTExtension
. See following as an example.
block delta;
SHOTExtension<NetIO> ote(&io); // create a semi honest OT extension
//Correlated OT
if (party == ALICE)
ote.send_cot(b0, delta, length);
else
ote.recv_cot(b0, c, length);
//Random OT
if (party == ALICE)
ote.send_rot(b0, b1, length);
else
ote.recv_rot(b0, c, length);
The above code also works for MOTExtension<NetIO>
. However, cot no longer guarantee that same Delta is used. An additional interface is provided.
block deltas[length];
//Correlated OT
if (party == ALICE)
ote.send_cot(b0, deltas, length);
else
ote.recv_cot(b0, c, length);
Note that you can call send
or send_cot
or send_rot
multiple times without repeating baseOT; however, the role (send
/recv
) cannot be reversed for the same object.
- Base OTs are accelerated using ECC, from relic.
- Inspired by Keller et al.[KOS15], F_COTe is split out separately, from which semi-honest and malicious OT extension are built. Future works that optimize OT extension, but still uses IKNP can also be built on top of that.
MOTextension
also supports committing OT, which allows the sender to open all messages at a later stage. See here for more parameters in the constructor and here on how to open.- As part of
emp-toolkit
, it is being used inemp-sh2pc
,emp-m2pc
, and other projects that will be open sourced soon.
@misc{emp-toolkit,
author = {Xiao Wang and Alex J. Malozemoff and Jonathan Katz},
title = {{EMP-toolkit: Efficient MultiParty computation toolkit}},
howpublished = {\url{https://github.com/emp-toolkit}},
year={2016}
}
Please send email to wangxiao@cs.umd.edu
Lattice-based OT is contributed by David Van Cleve, Matthew Soulanille, and William Wang.
This work was supported in part by the National Science Foundation under Awards #1111599 and #1563722.