Weikeng Chen

Some update. I have implemented a prototype that replaces IKNP with FerretCOT: https://github.com/weikengchen/emp-agmpc/commit/7814c9ea29f80979324a57f4367095f25f14fa76. It is not ready for PR or deployment, as the code sometimes produces a segfault, sometimes okay....

Thanks! I updated my prototype so that it would approximate the amortized FUND_IND cost based on how many OTs are ready, how many OTs are used, by the following code:...

(And the prototype has occasion segfault because all the FerretCOT instances I used want to read/write to the same `pre_ot_data_reg_recv/send` files. ~Will fix soon.~ It has been fixed.)

While, in the case, it is just that all the parties now have to store 1/N of the first party's data? So, in total, it is still the same. And...

Then, would storing the preprocessing result of AND gate triples, which would be consumed during the circuit generation, be large?

Adding to this note. One potential storage reduction of ~50% is to observe that all the MAC keys are generated by the OT, so they are somehow the results of...

Yes, I was thinking about a one-time setup. (Note: indeed in my application the circuit would be already large, so K -> N' where N' < N may be the...

And one thing that may be relevant is whether the Montgomery modular multiplication (https://en.wikipedia.org/wiki/Montgomery_modular_multiplication) would be useful here since I assume that the heaviest operation is in the offline phase...

Related to this: https://github.com/l2iterative/ark-bn254-r0/blob/main/src/fields/fr.rs which aims to provide a drop-in replacement of ark-bn254 that uses RISC Zero

This has been implemented in the following fork of RISC Zero: https://github.com/l2iterative/risc0-bigint/commit/4a0558cdd8fdc55162d8c3165bd04c5a64e6fe96