@Override public List<StrictBitVector> extend(StrictBitVector choices) { // The underlying scheme requires computational security parameter plus lambda security // parameter extra OTs int minOts = choices.getSize() + resources.getComputationalSecurityParameter() + resources .getLambdaSecurityParam(); // Round up to nearest two-power, which is required by the underlying scheme int ellPrime = (int) Math.pow(2, Math.ceil(Math.log(minOts) / Math.log(2))); // Extend the choices with random choices for padding StrictBitVector paddingChoices = new StrictBitVector(ellPrime - choices.getSize(), resources .getRandomGenerator()); StrictBitVector extendedChoices = StrictBitVector.concat(choices, paddingChoices); // Use the choices along with the random padding uses for correlated OT with // errors List<StrictBitVector> tlist = receiver.extend(extendedChoices); // Agree on challenges for linear combination test List<StrictBitVector> chiList = getChallenges(ellPrime); StrictBitVector xvec = computeBitLinearCombination(extendedChoices, chiList); network.send(resources.getOtherId(), xvec.toByteArray()); StrictBitVector tvec = computeInnerProduct(chiList, tlist); network.send(resources.getOtherId(), tvec.toByteArray()); // Remove the correlation of the OTs by hashing List<StrictBitVector> vvec = hashBitVector(tlist, choices.getSize()); return vvec; }
/** * Receive the serialized message from the current 1-out-of-2 OT. * * @param choiceBit * Choice-bit. False for message 0, true for message 1. * @return The serialized message from the OT */ public byte[] receive(boolean choiceBit) { // Check if there is still an unused random OT stored, if not, execute a // random OT extension if (offset < 0 || offset >= batchSize) { choices = new StrictBitVector(batchSize, resources.getRandomGenerator()); randomMessages = receiver.extend(choices); offset = 0; } // Notify the sender if it should switch the 0 and 1 messages around (s.t. // the random choice bit in the preprocessed random OTs matches the true // choice bit sendSwitchBit(choiceBit); // Receive the serialized adjusted messages byte[] zeroAdjustment = network.receive(resources.getOtherId()); byte[] oneAdjustment = network.receive(resources.getOtherId()); byte[] res = doActualReceive(zeroAdjustment, oneAdjustment); offset++; return res; }