Skip to content
This repository was archived by the owner on Oct 30, 2023. It is now read-only.

IntelLabs/emp-ot

BranchesTags

Repository files navigation

NOTICE - DISCONTINUATION OF PROJECT

This project will no longer be maintained by Intel.
Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project.
Intel no longer accepts patches to this project.
If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project.

This fork is adapted for TinyGarble 2.0.

Installation

  1. Install prerequisites using the instructions from TinyGarble 2.0. Follow the Detailed Installation instruction up to steps 2 since all the tools are not required for TinyGarble 2.0.
  2. Optionally, if lattice-based OT is desired, install dependencies with emp-ot/install_packages_lattice.sh
  3. Install emp-tool.
  4. To compile, run
    cmake .
    sudo make install

In case sudo is not available, change CMAKE_INSTALL_PREFIX:

    cmake . -DCMAKE_INSTALL_PREFIX=[include directory path]`
    make install

By default it will build for Release. -DCMAKE_BUILD_TYPE=[Release|Debug] option is also available. To build with lattice OT, add the flag -DLATTICEOT=true.

Test

Testing on localhost

./run ./bin/[binary] 12345

with [binary]=shot to test semi-honest OTs and [binary]=mot for malicious OTs

Testing on localhost

  1. Change the IP address in the test code (e.g. here)

  2. run ./bin/[binary] 1 [port] on one machine and

    run ./bin/[binary] 2 [port] on the other machine.

Performance

All numbers are based on single thread, measured in terms of OT per second. Using three threads is expected to fill a 10Gbps network.

Localhost

Communication through loopback. c4.2xlarge is used.

OT COT ROT
NPOT 7.3 thousand
SemiHonest OTe 13.5 million 14 million 15 million
COOT 12.6 thousand
Malicious OTe 10.5 million 10.8 million 11.6 million

Local Area Network

Communication through 2.32 Gbps network with ping <= 0.2ms. Two c4.2xlarge are used.

OT COT ROT
NPOT 7.3 thousand
SemiHonest OTe 6 million 8.9 million 12 million
COOT 12.5 thousand
Malicious OTe 5.4 million 7.6 million 9.7 million

Usage

All oblivious transfer protocols are implemented with network as a template. Therefore customized network implementation with sending and receiving can be easily hooked up with emp-ot. NetIO is used for all tests and examples in the following.

A Simple Example for String OT

#include<emp-tool/emp-tool.h> // for NetIO, etc
#include<emp-ot/emp-ot.h>   // for OTs

block b0[length], b1[length];
bool c[length];
NetIO io(party==ALICE ? nullptr:"127.0.0.1", port); // Create a network with Bob connecting to 127.0.0.1
NPOT<NetIO> np(&io); // create a Naor Pinkas OT using the network above
if (party == ALICE)
// ALICE is sender, with b0[i] and b1[i] as messages to send
    np.send(b0, b1, length); 
else
// Bob is receiver, with c[i] as the choice bit 
// and obtains b0[i] if c[i]==0 and b1[i] if c[i]==1
    np.recv(b0, c, length);

Note that NPOT can be replaced to COOT, SHOTExtension or MOTExtension (default rho=40) without changing any other part of the code. In fact, *OTExtension calls baseOT internally so you should (almost) never need to call NPOT or COOT yourself.

Variantions

Correlated OT and Random OT are supported for *OTExtension. See following as an example.

block delta;

SHOTExtension<NetIO> ote(&io); // create a semi honest OT extension

//Correlated OT
if (party == ALICE)
    ote.send_cot(b0, delta, length);
else
    ote.recv_cot(b0, c, length);
    
//Random OT
if (party == ALICE)
    ote.send_rot(b0, b1, length);
else
    ote.recv_rot(b0, c, length);

The above code also works for MOTExtension<NetIO>. However, cot no longer guarantee that same Delta is used. An additional interface is provided.

block deltas[length];
//Correlated OT
if (party == ALICE)
    ote.send_cot(b0, deltas, length);
else
    ote.recv_cot(b0, c, length);

Note that you can call send or send_cot or send_rot multiple times without repeating baseOT; however, the role (send/recv) cannot be reversed for the same object.

More details

  • Base OTs are accelerated using ECC, from relic.
  • Inspired by Keller et al.[KOS15], F_COTe is split out separately, from which semi-honest and malicious OT extension are built. Future works that optimize OT extension, but still uses IKNP can also be built on top of that.
  • MOTextension also supports committing OT, which allows the sender to open all messages at a later stage. See here for more parameters in the constructor and here on how to open.
  • As part of emp-toolkit, it is being used in emp-sh2pc, emp-m2pc, and other projects that will be open sourced soon.

Citation

@misc{emp-toolkit,
   author = {Xiao Wang and Alex J. Malozemoff and Jonathan Katz},
   title = {{EMP-toolkit: Efficient MultiParty computation toolkit}},
   howpublished = {\url{https://github.com/emp-toolkit}},
   year={2016}
}

Question

Please send email to wangxiao@cs.umd.edu

Acknowledgement

Lattice-based OT is contributed by David Van Cleve, Matthew Soulanille, and William Wang.

This work was supported in part by the National Science Foundation under Awards #1111599 and #1563722.

Reviewed, 12/16/2022 michaelbeale-il

About

No description, website, or topics provided.

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages