Skip to content

Commit

Permalink
Updated documentation.
Browse files Browse the repository at this point in the history
  • Loading branch information
@markkurossi
markkurossi committed Feb 16, 2023
1 parent 6625400 commit ab2abcd
Showing 1 changed file with 39 additions and 37 deletions.
76 changes: 39 additions & 37 deletions ot/co.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,15 @@ import (
"crypto/rand"
"crypto/sha256"
"encoding/binary"
"errors"
"hash"
"math/big"
)

var (
ErrNotImplementedYet = errors.New("not implemented yet")
bo = binary.BigEndian
bo = binary.BigEndian
)

// COSender implements CO OT sender.
type COSender struct {
curve elliptic.Curve
}
Expand All @@ -46,10 +45,12 @@ func NewCOSender() *COSender {
}
}

// Curve returns sender's elliptic curve.
func (s *COSender) Curve() elliptic.Curve {
return s.curve
}

// NewTransfer creates a new OT transfer for the values.
func (s *COSender) NewTransfer(m0, m1 []byte) (*COSenderXfer, error) {
curveParams := s.curve.Params()

Expand Down Expand Up @@ -84,6 +85,7 @@ func (s *COSender) NewTransfer(m0, m1 []byte) (*COSenderXfer, error) {
}, nil
}

// COSenderXfer implements sender OT transfer.
type COSenderXfer struct {
curve elliptic.Curve
hash hash.Hash
Expand All @@ -98,58 +100,41 @@ type COSenderXfer struct {
e1 []byte
}

// A returns sender's random value.
func (s *COSenderXfer) A() (x, y []byte) {
return s.Ax.Bytes(), s.Ay.Bytes()
}

// ReceiveB receives receiver's selection.
func (s *COSenderXfer) ReceiveB(x, y []byte) {
bx := big.NewInt(0).SetBytes(x)
by := big.NewInt(0).SetBytes(y)

bx, by = s.curve.ScalarMult(bx, by, s.a.Bytes())
bax, bay := s.curve.Add(bx, by, s.AaInvx, s.AaInvy)

s.e0 = xor(s.kdf(bx, by, 0), s.m0)
s.e1 = xor(s.kdf(bax, bay, 0), s.m1)
s.e0 = xor(kdf(s.hash, bx, by, 0), s.m0)
s.e1 = xor(kdf(s.hash, bax, bay, 0), s.m1)
}

// E returns sender's encrypted messages.
func (s *COSenderXfer) E() (e0, e1 []byte) {
return s.e0, s.e1
}

func (s *COSenderXfer) kdf(x, y *big.Int, id uint64) []byte {
s.hash.Reset()
s.hash.Write(x.Bytes())
s.hash.Write(y.Bytes())

var tmp [8]byte
bo.PutUint64(tmp[:], id)
s.hash.Write(tmp[:])

return s.hash.Sum(nil)
}

func xor(a, b []byte) []byte {
l := len(a)
if len(b) < l {
l = len(b)
}
for i := 0; i < l; i++ {
a[i] ^= b[i]
}
return a[:l]
}

// COReceiver implements CO OT receiver.
type COReceiver struct {
curve elliptic.Curve
}

// NewCOReceiver creates a new OT receiver.
func NewCOReceiver(curve elliptic.Curve) *COReceiver {
return &COReceiver{
curve: curve,
}
}

// NewTransfer creates a new OT transfer for the selection bit.
func (r *COReceiver) NewTransfer(bit uint) (*COReceiverXfer, error) {
curveParams := r.curve.Params()

Expand All @@ -167,6 +152,7 @@ func (r *COReceiver) NewTransfer(bit uint) (*COReceiverXfer, error) {
}, nil
}

// COReceiverXfer implements receiver OT transfer.
type COReceiverXfer struct {
curve elliptic.Curve
hash hash.Hash
Expand All @@ -178,6 +164,7 @@ type COReceiverXfer struct {
Asy *big.Int
}

// ReceiveA receives sender's random value.
func (r *COReceiverXfer) ReceiveA(x, y []byte) {
Ax := big.NewInt(0).SetBytes(x)
Ay := big.NewInt(0).SetBytes(y)
Expand All @@ -194,31 +181,46 @@ func (r *COReceiverXfer) ReceiveA(x, y []byte) {
r.Asy = Asy
}

// B returns receiver's selection.
func (r *COReceiverXfer) B() (x, y []byte) {
return r.Bx.Bytes(), r.By.Bytes()
}

// ReceiveE receives encrypted messages from the sender and returns
// the result value.
func (r *COReceiverXfer) ReceiveE(e0, e1 []byte) []byte {
var result []byte

kdf := r.kdf(r.Asx, r.Asy, 0)
data := kdf(r.hash, r.Asx, r.Asy, 0)

if r.bit != 0 {
result = xor(kdf, e1)
result = xor(data, e1)
} else {
result = xor(kdf, e0)
result = xor(data, e0)
}
return result
}

func (r *COReceiverXfer) kdf(x, y *big.Int, id uint64) []byte {
r.hash.Reset()
r.hash.Write(x.Bytes())
r.hash.Write(y.Bytes())
func kdf(hash hash.Hash, x, y *big.Int, id uint64) []byte {
hash.Reset()
hash.Write(x.Bytes())
hash.Write(y.Bytes())

var tmp [8]byte
bo.PutUint64(tmp[:], id)
r.hash.Write(tmp[:])
hash.Write(tmp[:])

return r.hash.Sum(nil)
// XXX specify argument slice to receive digest.
return hash.Sum(nil)
}

func xor(a, b []byte) []byte {
l := len(a)
if len(b) < l {
l = len(b)
}
for i := 0; i < l; i++ {
a[i] ^= b[i]
}
return a[:l]
}

0 comments on commit ab2abcd

Please sign in to comment.