emp-ot icon indicating copy to clipboard operation
emp-ot copied to clipboard

Published 20 hours ago verified publisher icon emp-toolkit

Is there a good way to generate OTs ahead of time?

Open joerowell opened this issue 1 year ago • 1 comments

I have a use case where I need to carry out multiple oblivious transfers over time. For example, I might have code that looks like this:

template<unsigned length>
void do_ot(int party, int port, unsigned n) {
  emp::block b0[length], emp::block b1[length]; 
  bool c[length];
  NetIO io(party==ALICE ? nullptr:"127.0.0.1", port); 
  OTNP<NetIO> np(&io); 
  for(unsigned i = 0; i < n; i++) {
     // Populate b0, b1 if sender, populate c if receiver.

    // Do the OT
    if (party == ALICE)
      np.send(b0, b1, length); 
    else
      np.recv(b0, c, length);  
 }
}

Note that I'm just using OTNP as an example here.

Here I know that I need n*length OTs. However, each time I call send or receive (especially for, say, Ferret), the protocol will generate new OT material, which is expensive during an online stage.

Is there a good way in emp to do this ahead of time? I'm thinking of something like:

OTNP<NetIO> np(&io);
np.prepare_ot(n*length);

I know that Ferret supports something similar, but it doesn't appear to do quite the right thing.

joerowell avatar Mar 07 '23 11:03 joerowell

We have something similar at https://github.com/emp-toolkit/emp-ot/blob/master/emp-ot/ferret/preot.h. Used for internals of ferret. You need to call an COT to get all materials and feed them to send_pre/recv_pre. Then you can call send/recv incrementally.

wangxiao1254 avatar Mar 07 '23 16:03 wangxiao1254