sl-oblivious 1.1.0

OT protocols
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

// Copyright (c) Silence Laboratories Pte. Ltd. All Rights Reserved.
// This software is licensed under the Silence Laboratories License Agreement.

/// Domain labels
pub mod constants;

/// Soft spoken Oblivious Transfer
pub mod soft_spoken;

/// zkproofs
pub mod zkproofs;

/// Endemic 1 out of 2 Oblivious Transfer
pub mod endemic_ot;

/// Random Vector OLE
pub mod rvole;

/// Utility functions
pub mod utils {
    use std::ops::Index;

    use elliptic_curve::{
        ff::PrimeField,
        ops::Reduce,
        sec1::{ModulusSize, ToEncodedPoint},
        CurveArithmetic, FieldBytes,
    };
    use merlin::Transcript;

    /// Custom extension trait for the merlin transcript.
    pub trait TranscriptProtocol<C: CurveArithmetic> {
        /// Append a point to the transcript.
        fn append_point(
            &mut self,
            label: &'static [u8],
            point: &C::ProjectivePoint,
        );

        /// Append a scalar to the transcript.
        fn append_scalar(&mut self, label: &'static [u8], scalar: &C::Scalar);

        /// Get challenge as scalar from the transcript.
        fn challenge_scalar(&mut self, label: &'static [u8]) -> C::Scalar;

        /// New transcript for DLOG proof
        fn new_dlog_proof(
            session_id: &[u8],
            party_id: usize,
            action: &[u8],
            label: &'static [u8],
        ) -> Transcript;
    }

    impl<C> TranscriptProtocol<C> for Transcript
    where
        C: CurveArithmetic,
        C::FieldBytesSize: ModulusSize,
        C::ProjectivePoint: ToEncodedPoint<C>,
    {
        fn append_point(
            &mut self,
            label: &'static [u8],
            point: &C::ProjectivePoint,
        ) {
            self.append_message(label, point.to_encoded_point(true).as_ref())
        }

        fn append_scalar(
            &mut self,
            label: &'static [u8],
            scalar: &C::Scalar,
        ) {
            let bytes = scalar.to_repr();
            self.append_message(label, bytes.as_ref())
        }

        fn new_dlog_proof(
            session_id: &[u8],
            party_id: usize,
            action: &[u8],
            label: &'static [u8],
        ) -> Self {
            let mut transcript = Transcript::new(label);
            transcript.append_message(b"session_id", session_id.as_ref());
            transcript.append_u64(b"party_id", party_id as u64);
            transcript.append_message(b"action", action);

            transcript
        }

        fn challenge_scalar(&mut self, label: &'static [u8]) -> C::Scalar {
            let mut buf = FieldBytes::<C>::default();
            self.challenge_bytes(label, &mut buf);
            C::Scalar::reduce_bytes(&buf)
        }
    }

    /// Simple trait to extract a bit from a byte array.
    pub trait ExtractBit: Index<usize, Output = u8> {
        /// Extract a bit at given index (in little endian order) from a byte array.
        fn extract_bit(&self, idx: usize) -> bool {
            let byte_idx = idx >> 3;
            let bit_idx = idx & 0x7;
            let byte = self[byte_idx];
            let mask = 1 << bit_idx;
            (byte & mask) != 0
        }
    }

    impl ExtractBit for Vec<u8> {}
    impl<const T: usize> ExtractBit for [u8; T] {}

    pub fn bit_to_bit_mask(bit: u8) -> u8 {
        // constant time
        // outputs 0x00 if `bit == 0` and 0xFF if `bit == 1`
        -(bit as i8) as u8
    }
}

pub mod params;

pub mod label;

/// Random Vector OLE (base OT variant)
pub mod rvole_ot_variant;