A fast and portable C++20 library for Oblivious Transfer extension (OTe). The primary design goal of this library to obtain high performance while being easy to use. Checkout version 1.6 for the previous version.

Semi-honest OT extension:

• 1-out-of-2 Silent OT [BCGIKRS19],[RRT23].
• 1-out-of-2 OT [IKNP03].
• 1-out-of-2 Correlated-OT [IKNP03],[BLNNOOSS15].
• 1-out-of-2 OT [Roy22].
• 1-out-of-N OT [KKRT16].

Malicious OT extension:

• 1-out-of-2 Silent OT [BCGIKRS19],[RRT23].
• 1-out-of-2 OT [KOS15].
• 1-out-of-2 Correlated-OT [KOS15].
• 1-out-of-2 OT [Roy22].
• 1-out-of-2 base OT, several protocols.

Vole:

• Generic subfield noisy VOLE (semi-honest) [BCGIKRS19]
• Generic subfield silent VOLE (malicious/semi-honest) [BCGIKRS19],[RRT23].

OLE and Beaver Triples:

• Foleage Binary Beaver Triples and F4 OLE (semi-honest) [BBCCDS2024].
• Binary Beaver Triples and OLE from the Silent OT[BCGIKRS19],[RRT23] semi-honest/malicious protocol.

Distributed Point Functions:

• Distributed Point Function (DPF)[BGI18] with [Distributed] Key Generation (DKG) [Ds17].
• Ternary Distributed Point Function (DPF)[BBCCDS2024] with Distributed Key Generation (DKG).
• Sparse Distributed Point Function (DPF) with Distributed Key Generation (DKG).

Introduction

This library provides several different classes of OT, VOLE and Beaver Triple generation protocols. First is the base OT protocol of [CO15, MR19, MRR21]. These protocol bootstraps all the other protocols. Within the OT extension protocols, we have 1-out-of-2, 1-out-of-N, and VOLE both in the semi-honest and malicious settings. Binary beaver triples can be generating using the Foleage protocol. The library also includes a distributed point function (DPF) protocol with distributed key generation (DKG) for secure computation. See The frontend or libOTe_Tests folder for examples.

All implementations are highly optimized using fast SSE instructions and vectorization to obtain optimal performance both in the single and multi-threaded setting.

Networking can be performed using both the sockets provided by the library and external socket classes. The simplest integration can be achieved via the message passing interface where the user is given the protocol messages that need to be sent/received. Users can also integrate their own socket type for maximum performance. See the coproto tutorial for examples.

Build

The library is cross platform and has been tested on Windows, Mac and Linux. There is one mandatory dependency on coproto (networking), and three optional dependencies on libsodium, Relic, or SimplestOT (Unix only) for Base OTs. Boost Asio tcp networking and OpenSSL support can optionally be enabled. CMake 3.15+ is required and the build script assumes python 3.

The library can be built with libsodium, all OT protocols enabled and boost asio TCP networking as

git clone https://github.com/osu-crypto/libOTe.git
cd libOTe
python build.py --all --boost --sodium

The main executable with examples is

./out/build/<platform>/frontend/frontend_libOTe

where <platform> is the build directory, eg linux, x64-Release, osx, etc. Unit Tests and example code can be run with this excutable. Run the program with no options for a list of available options.

Build Options

LibOTe can be built with various only the selected protocols enabled. -D ENABLE_ALL_OT=ON will enable all available protocols depending on platform/dependencies. The ON/OFF options include

Malicious base OT:

• ENABLE_SIMPLESTOT the SimplestOT [CO15] protocol (relic or sodium).
• ENABLE_SIMPLESTOT_ASM the SimplestOT base OT protocol [CO15] protocol (linux assembly).
• ENABLE_MRR the McQuoid Rosulek Roy [MRR20] protocol (relic or sodium).
• ENABLE_MRR_TWIST the McQuoid Rosulek Roy [MRR21] protocol (sodium fork).
• ENABLE_MR the Masny Rindal [MR19] protocol (relic or sodium).
• ENABLE_MR_KYBER the Masny Rindal [MR19] protocol (Kyber fork).
• ENABLE_NP the Naor Pinkas [NP01] base OT (relic or sodium).

1-out-of-2 OT Extension:

• ENABLE_IKNP the Ishai et al [IKNP03] semi-honest protocol.
• ENABLE_KOS the Keller et al [KOS15] malicious protocol.
• ENABLE_DELTA_KOS the Burra et al [BLNNOOSS15],[KOS15] malicious Delta-OT protocol.
• ENABLE_SOFTSPOKEN_OT the Roy Roy22 semi-honest/malicious protocol.
• ENABLE_SILENTOT the [BCGIKRS19],[RRT23] semi-honest/malicious protocol.

1-out-of-N OT Extension:

• ENABLE_KKRT the Kolesnikov et al [KKRT16] semi-honest protocol.
• ENABLE_OOS the Orrù et al [OOS16] semi-honest/malicious protocol.

Vole:

• ENABLE_SILENT_VOLE the [BCGIKRS19],[RRT23] semi-honest/malicious protocol.

DPF:

• ENABLE_REGULAR_DPF the Boyle et al [BGI18] semi-honest protocol.
• ENABLE_TERNARY_DPF the Bombar et al [BBCCDS2024] semi-honest protocol.
• ENABLE_SPARSE_DPF protocol allowing a sparse set of DPF leaf values.

Beaver Triples:

• ENABLE_FOLEAGE the Bombar et al [BBCCDS2024] semi-honest protocol.
• ENABLE_SILENTOT the [BCGIKRS19],[RRT23] semi-honest/malicious protocol.

Addition options can be set for cryptoTools. See the cmake output.

Dependencies

Dependencies can be managed by cmake/build.py or installed via an external tool. If an external tool is used install to system location or set -D CMAKE_PREFIX_PATH=path/to/install. By default build.py calls cmake with the command line argument

-D FETCH_AUTO=true

. This tells cmake to first look for dependencies on the system and if not found then it will be downloaded and built automatically. If set to false then the build will fail if not found. Each dependency can downloaded and build for you by explicitly setting it's FETCH_*** variable to true. See blow. The python build.py script by default sets FETCH_AUTO=true and can be set to false by calling it with --noauto.

Enabling/Disabling Relic (for base OTs): The library can be built with Relic as

python build.py --relic

Relic can be disabled by removing --relic from the setup and setting -D ENABLE_RELIC=false. This will always download and build relic. To only enable but not download relic, use python build.py -D ENABLE_RELIC=true.

Enabling/Disabling libsodium (for base OTs): The library can be built with libsodium as

python build.py --sodium

libsodium can be disabled by removing --sodium from the setup and setting -D ENABLE_SODIUM=false. This will always download and build sodium. To only enable but not download relic, use python build.py -D ENABLE_SODIUM=true.

The McQuoid Rosulek Roy 2021 Base OTs uses a twisted curve which additionally require the noclamp option for Montgomery curves and is currently only in a fork of libsodium. If you prefer the stable libsodium, then install it and add -D SODIUM_MONTGOMERY=false as a cmake argument to libOTe.

Enabling/Disabling boost asio (for TCP networking): The library can be built with boost as

python build.py --boost

boost can be disabled by removing --boost from the setup and setting -D ENABLE_BOOST=false. This will always download and build boost. To only enable but not download relic, use python build.py -D ENABLE_BOOST=true.

Enabling/Disabling OpenSSL (for TLS networking): The library can be built with boost as