Comments (5)
How does silent OT work?
- The sender samples a scaler
d
in some fieldF
- The receiver samples a sparse binary vector
A'
- The parties use a PPRF to get secret shares of
d * A'
which we will denote asB',C'
. Note thatdA'=B-C
- The parties use an LPN friendly matrix
G
to compute A=GA'
B=GB'
C=GC'
- We now have uniformly random
A,B,C
such thatdA = B-C
. In particular,A
is no longer sparse. - The receiver outputs Choice bits
A
and messagesm_{i,Ai}=H(B_i)
- The sender outputs messages
, m_i0=H(C_i), m_i1=H(C_i+d)
Where does this fail for VOLE? Well the definition of VOLE is to have d*A=B-C
where all are over the field F
. However, the basic protocol for silent OT only works when A
is binary.
Why? the functionality of PPRF allows one party to choose a index i
and another to choose a value d
. They then get to learn two random vector B',C'
such that B'-C'
is a unit vector with the value d'
at position i
. e.g.
B'-C' = 0000000000000d0000
^
i'th position.
You can repeat this several times, once for each non-zero of A'
and add the results together.
Since A'
is binary for silent OT, this is exactly what we want. A'_i*d=1*d=d
. For VOLE, we need need the A'
vector to be a sparse vector over F
, not binary. So now A'_i
is some random element in F
and we want B'-C'
to have the value A'_i * d
at position i
. The idea for doing this is cleaver.
We first perform another VOLE (noisy vole), where the inputs are a vector A''
and the scaler d
, where A''
are the t
non-zero values of A'
. This gives us a secret sharing of A''*d
. Instead of using d
as the value to be used in the PPRF, this party (sender) will use their j
th share of A''*d
for the j
th PPRF input scaler. The parties then get vectors B'-C'
which is sparse and at the non-zero locations holds the sender's shares of A''*d
. We can translate these shares to be what we want (i.e. dA'=B'-C'
) by having the receiver add their shares of A''*d
to B'
at the positions that they know the non-zeros are at. That is, they chose A'
so that know where the non-zeros are.
Hope this help,
Peter
from libote.
Thanks for your reply! That really helps a lot!
And is it unsecured to use subfield VOLE directly in PSI construction?
from libote.
Your set would need to be binary or something. Doesn't make much sense.
from libote.
You could use subfield but not binary (aka OT).
And when you arent doing binary you need to noisy vole subprotocol for the construction to work. If you did use binary in the vole, the A vector would be binary and would not not be able to use it to securely mask the okvs. Since you need to one time pad encrypt the okvs with A.
So that's what I meant. You need to run psi with a binary okvs. But that doesn't meet the requirements of the psi protocol.
from libote.
Got it!
Thanks again for your help!
from libote.
Related Issues (20)
- Some questions about Silver HOT 2
- is using a TCR hash with KOS safe? HOT 9
- libOTe does not build HOT 5
- Question about performance
- How to use (IKNP) correlated OT? HOT 20
- Building only Errors HOT 1
- Add support for subfield VOLE HOT 10
- SoftSpoken Test question HOT 2
- Question about slient VOLE HOT 12
- optimizations about silent ot HOT 2
- Fork of fork issue? HOT 1
- SoftSpokenOT doesn't work when using non-power-of-two as the fieldBits parameter HOT 2
- frontend examples does not correctly flush sockets HOT 1
- How to fix Segmantation fault HOT 27
- The network Problem HOT 4
- Can this code generate Random OTs using actively secure IKNP protocol? HOT 1
- libOTe does not build HOT 3
- Questions about codes in silent VOLE HOT 2
- Reverse the direction of the noisy_vole protocols (performance improvement)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libote.