disable silver by default

CMakePresets.json

@@ -13,7 +13,7 @@
         "ENABLE_SSE": false,
         "ENABLE_AVX": false,
         "ENABLE_BITPOLYMUL": false,
-        "LIBOTE_STD_VER": "14",
+        "LIBOTE_STD_VER": "17",
         "CMAKE_PREFIX_PATH": "${sourceDir}/../out/install",
         "CMAKE_INSTALL_PREFIX": "${sourceDir}/out/install/${presetName}"
       },
@@ -34,7 +34,8 @@
       },
       "cacheVariables": {
         "CMAKE_BUILD_TYPE": "Debug",
-        "LIBOTE_STD_VER": "14",
+        "ENABLE_INSECURE_SILVER": true,
+        "LIBOTE_STD_VER": "17",
         "ENABLE_ALL_OT": true,
         "ENABLE_KKRT": "ON",
         "ENABLE_IKNP": "ON",

README.md

@@ -14,7 +14,7 @@ This library currently implements:
 * The semi-honest 1-out-of-2 Delta-OT [[IKNP03]](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf),[[BLNNOOSS15]](https://eprint.iacr.org/2015/472.pdf).
 * The semi-honest 1-out-of-2 OT [[Roy22]](https://eprint.iacr.org/2022/192).
 * The semi-honest 1-out-of-N OT [[KKRT16]](https://eprint.iacr.org/2016/799). 
-* The malicious secure 1-out-of-2 Silent+Silver [[CRR21]](https://eprint.iacr.org/2021/1150).
+* The malicious secure 1-out-of-2 Silent+Expand Convolute [[RRT23]](https://eprint.iacr.org/2023/882).
 * The malicious secure 1-out-of-2 OT [[KOS15]](https://eprint.iacr.org/2015/546).
 * The malicious secure 1-out-of-2 Delta-OT [[KOS15]](https://eprint.iacr.org/2015/546),[[BLNNOOSS15]](https://eprint.iacr.org/2015/472.pdf).
 * The malicious 1-out-of-2 OT [[Roy22]](https://eprint.iacr.org/2022/192).
@@ -73,7 +73,7 @@ LibOTe can be built with various only the selected protocols enabled. `-D ENABLE
  * `ENABLE_KOS` the Keller et al [[KOS15]](https://eprint.iacr.org/2015/546) malicious protocol.
  * `ENABLE_DELTA_KOS` the Burra et al [[BLNNOOSS15]](https://eprint.iacr.org/2015/472.pdf),[[KOS15]](https://eprint.iacr.org/2015/546) malicious Delta-OT protocol.
  * `ENABLE_SOFTSPOKEN_OT` the Roy [Roy22](https://eprint.iacr.org/2022/192) semi-honest/malicious protocol.
- * `ENABLE_SILENTOT` the Couteau et al [CRR21],[[BCGIKRS19]](https://eprint.iacr.org/2019/1159.pdf) semi-honest/malicious protocol.
+ * `ENABLE_SILENTOT` the Couteau et al [RRT23],[[BCGIKRS19]](https://eprint.iacr.org/2019/1159.pdf) semi-honest/malicious protocol.
 
  **Vole:**
  * `ENABLE_SILENT_VOLE` the Couteau et al [CRR21] semi-honest/malicious protocol.
@@ -225,3 +225,5 @@ or running the library.
 [CRR21] - Geoffroy Couteau ,Srinivasan Raghuraman and Peter Rindal, _Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes_.
 
 [Roy22] - Lawrence Roy, SoftSpokenOT: Communication--Computation Tradeoffs in OT Extension. [eprint/2022/192](https://eprint.iacr.org/2022/192)
+
+[RRT23] - Srinivasan Raghuraman, Peter Rindal and  Titouan Tanguy, _Expand-Convolute Codes for Pseudorandom Correlation Generators from LPN_. [eeprint/2023/882](https://eprint.iacr.org/2023/882)

cmake/buildOptions.cmake

@@ -98,7 +98,11 @@ option(ENABLE_SILENT_VOLE    "Build the Silent Vole protocol." OFF)
 #option(COPROTO_ENABLE_BOOST  "Build with coproto boost support." OFF)
 #option(COPROTO_ENABLE_OPENSSL  "Build with coproto boost open ssl support." OFF)
 
-option(NO_SILVER_WARNING     "Build with no silver security warning." OFF)
+option(ENABLE_INSECURE_SILVER   "Build with silver codes." OFF)
+option(ENABLE_LDPC              "Build with ldpc functions." OFF)
+if(ENABLE_INSECURE_SILVER)
+	set(ENABLE_LDPC ON)
+endif()
 option(NO_KOS_WARNING        "Build with no kos security warning." OFF)
 
 #option(FETCH_BITPOLYMUL		"download and build bitpolymul" OFF))
@@ -155,7 +159,6 @@ message(STATUS "Option: ENABLE_KKRT           = ${ENABLE_KKRT}\n\n")
 
 
 message(STATUS "other \n=======================================================")
-message(STATUS "Option: NO_SILVER_WARNING    = ${NO_SILVER_WARNING}")
 message(STATUS "Option: NO_KOS_WARNING       = ${NO_KOS_WARNING}\n\n")
 
 #############################################

frontend/benchmark.h

@@ -170,6 +170,7 @@ namespace osuCrypto
 
     inline void encodeBench(CLP& cmd)
     {
+#ifdef ENABLE_INSECURE_SILVER
         u64 trials = cmd.getOr("t", 10);
 
         // the message length of the code. 
@@ -221,6 +222,9 @@ namespace osuCrypto
 
         if (v)
             std::cout << verbose << std::endl;
+#else
+        std::cout << "disabled, ENABLE_INSECURE_SILVER not defined " << std::endl;
+#endif
     }
 
 

frontend/main.cpp

@@ -112,7 +112,7 @@ int main(int argc, char** argv)
 	cmd.parse(argc, argv);
 	bool flagSet = false;
 
-
+	// various benchmarks
 	if (cmd.isSet("bench"))
 	{
 		if (cmd.isSet("silver"))
@@ -128,18 +128,22 @@ int main(int argc, char** argv)
 		return 0;
 	}
 
+
+	// minimum distance checker for EA codes.
 	if (cmd.isSet("ea"))
 	{
 		EAChecker(cmd);
 		return 0;
 	}
-
+#ifdef ENABLE_LDPC
 	if (cmd.isSet("ldpc"))
 	{
 		LdpcDecode_impulse(cmd);
 		return 0;
 	}
+#endif
 
+	// unit tests.
 	if (cmd.isSet(unitTestTag))
 	{
 		flagSet = true;
@@ -151,6 +155,7 @@ int main(int argc, char** argv)
 	}
 
 #ifdef ENABE_BOOST
+	// compute the network latency.
 	if (cmd.isSet("latency"))
 	{
 		getLatency(cmd);
@@ -159,6 +164,8 @@ int main(int argc, char** argv)
 #endif
 
 
+	// run various examples.
+
 
 #ifdef ENABLE_SIMPLESTOT
 	flagSet |= runIf(baseOT_example<SimplestOT>, cmd, simple);

libOTe/Tools/LDPC/LdpcDecoder.cpp

@@ -1,4 +1,6 @@
 #include "LdpcDecoder.h"
+#ifdef ENABLE_LDPC
+
 #include <cassert>
 #include "Mtx.h"
 #include "LdpcEncoder.h"
@@ -607,4 +609,5 @@ namespace osuCrypto {
 
 
 
-}
+}
+#endif

libOTe/Tools/LDPC/LdpcDecoder.h

@@ -7,6 +7,9 @@
 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 // This code implements features described in [Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes, https://eprint.iacr.org/2021/1150]; the paper is licensed under Creative Commons Attribution 4.0 International Public License (https://creativecommons.org/licenses/by/4.0/legalcode).
+#include "libOTe/config.h"
+
+#ifdef ENABLE_LDPC
 
 #include <vector>
 #include "cryptoTools/Common/Defines.h"
@@ -114,4 +117,5 @@ namespace osuCrypto
 
     }
 
-}
+}
+#endif

libOTe/Tools/LDPC/LdpcEncoder.cpp

@@ -1,4 +1,6 @@
 #include "LdpcEncoder.h"
+#ifdef  ENABLE_INSECURE_SILVER
+
 //#include <eigen/dense>
 #include <set>
 #include "cryptoTools/Crypto/PRNG.h"
@@ -969,4 +971,5 @@ namespace osuCrypto
 	}
 
 
-}
+}
+#endif

libOTe/Tools/LDPC/LdpcEncoder.h

@@ -7,6 +7,8 @@
 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 // This code implements features described in [Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes, https://eprint.iacr.org/2021/1150]; the paper is licensed under Creative Commons Attribution 4.0 International Public License (https://creativecommons.org/licenses/by/4.0/legalcode).
+#include "libOTe/config.h"
+#ifdef  ENABLE_INSECURE_SILVER
 
 #include "Mtx.h"
 #include "cryptoTools/Crypto/PRNG.h"
@@ -1165,6 +1167,6 @@ namespace osuCrypto
 
 
 
+}
+#endif //  ENABLE_INSECURE_SILVER
 
-
-}

libOTe/Tools/LDPC/LdpcImpulseDist.cpp

@@ -2,6 +2,9 @@
 
 #define _CRT_SECURE_NO_WARNINGS
 #include "LdpcImpulseDist.h"
+
+#ifdef ENABLE_LDPC
+
 #include "LdpcDecoder.h"
 #include "Util.h"
 #include <unordered_set>
@@ -1125,3 +1128,5 @@ namespace osuCrypto
 
 
 }
+
+#endif

libOTe/Tools/LDPC/LdpcImpulseDist.h

@@ -7,6 +7,8 @@
 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 // This code implements features described in [Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes, https://eprint.iacr.org/2021/1150]; the paper is licensed under Creative Commons Attribution 4.0 International Public License (https://creativecommons.org/licenses/by/4.0/legalcode).
+#include "libOTe/config.h"
+#ifdef ENABLE_LDPC
 
 #include "Mtx.h"
 #include "LdpcDecoder.h"
@@ -34,4 +36,5 @@ namespace osuCrypto
 
     //u64 impulseDist(LdpcDecoder& D, u64 i, u64 n, u64 k, u64 Ne, u64 maxIter);
     //u64 impulseDist(SparseMtx& mH, u64 Ne, u64 w, u64 maxIter, u64 numThreads, bool randImpulse, u64 trials, BPAlgo algo, bool verbose);
-}
+}
+#endif

libOTe/Tools/LDPC/LdpcSampler.cpp

@@ -1,4 +1,6 @@
 #include "libOTe/Tools/LDPC/LdpcSampler.h"
+#ifdef ENABLE_LDPC
+
 #include "libOTe/Tools/LDPC/LdpcEncoder.h"
 #include <fstream>
 #include "libOTe/Tools/LDPC/Util.h"
@@ -251,3 +253,4 @@ namespace osuCrypto
 
     }
 }
+#endif

libOTe/Tools/LDPC/LdpcSampler.h

@@ -7,7 +7,8 @@
 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 // This code implements features described in [Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes, https://eprint.iacr.org/2021/1150]; the paper is licensed under Creative Commons Attribution 4.0 International Public License (https://creativecommons.org/licenses/by/4.0/legalcode).
-
+#include "libOTe/config.h"
+#ifdef ENABLE_LDPC
 #include "Mtx.h"
 #include "cryptoTools/Crypto/PRNG.h"
 #include <vector>
@@ -746,4 +747,5 @@ namespace osuCrypto
 
 
 
-}
+}
+#endif

libOTe/Tools/LDPC/Mtx.cpp

@@ -1546,6 +1546,7 @@ namespace osuCrypto
 
     void tests::Mtx_block_test()
     {
+#ifdef ENABLE_DLPC
         oc::PRNG prng(block(0, 0));
 
         u64 n = 10, w = 4;
@@ -1598,11 +1599,11 @@ namespace osuCrypto
                 assert(M.isSet(i + n2, j + n2) == M11.isSet(i, j));
             }
         }
+#endif
 
     }
 
 
-
 }
 
 

libOTe/TwoChooseOne/ConfigureCode.cpp

@@ -142,8 +142,8 @@ namespace osuCrypto
         mEncoder.config(numOTs, numOTs * mScaler, w, a, true);
     }
 
+#ifdef ENABLE_INSECURE_SILVER
 
-    bool gSilverWarning = true;
     void SilverConfigure(
         u64 numOTs, u64 secParam,
         MultType mMultType,
@@ -155,26 +155,20 @@ namespace osuCrypto
         u64& gap,
         SilverEncoder& mEncoder)
     {
-#ifndef NO_SILVER_WARNING
-
         // warn the user on program exit.
         struct Warned
         {
             ~Warned()
             {
-                if (gSilverWarning)
                 {
                     std::cout << oc::Color::Red << "WARNING: This program made use of the LPN silver encoder. "
-                        << "This encoder is experimental and should not be used in production."
-                        << " Rebuild libOTe with `-DNO_SILVER_WARNING=TRUE` to disable this message or build the library with "
-                        << "`-DENABLE_BITPOLYMUL=TRUE` to use an encoding with provable minimum distance. "
+                        << "This encoder is insecure and should not be used in production." 
+                        << " It remains here for performance comparison reasons only. \n\nDo not use this encode.\n\n"
                         << LOCATION << oc::Color::Default << std::endl;
                 }
-
             }
         };
         static Warned wardned;
-#endif
 
         mRequestedNumOTs = numOTs;
         auto mScaler = 2;
@@ -196,7 +190,7 @@ namespace osuCrypto
         mEncoder.mL.init(mN, code);
         mEncoder.mR.init(mN, code, true);
     }
-
+#endif
 
     void QuasiCyclicConfigure(
         u64 numOTs, u64 secParam,

libOTe/TwoChooseOne/ConfigureCode.h

@@ -9,8 +9,10 @@ namespace osuCrypto
 	enum class MultType
 	{
 		QuasiCyclic = 1,
+#ifdef ENABLE_INSECURE_SILVER
 		slv5,
 		slv11,
+#endif
 		ExAcc7, // fast
 		ExAcc11,// fast but more conservative
 		ExAcc21,
@@ -26,12 +28,14 @@ namespace osuCrypto
 		case osuCrypto::MultType::QuasiCyclic:
 			o << "QuasiCyclic";
 			break;
+#ifdef ENABLE_INSECURE_SILVER
 		case osuCrypto::MultType::slv5:
 			o << "slv5";
 			break;
 		case osuCrypto::MultType::slv11:
 			o << "slv11";
 			break;
+#endif
 		case osuCrypto::MultType::ExAcc7:
 			o << "ExAcc7";
 			break;
@@ -96,6 +100,7 @@ namespace osuCrypto
 		ExConvCode& mEncoder
 	);
 
+#ifdef ENABLE_INSECURE_SILVER
 	struct SilverEncoder;
 	void SilverConfigure(
 		u64 numOTs, u64 secParam,
@@ -107,7 +112,7 @@ namespace osuCrypto
 		u64& mN,
 		u64& gap,
 		SilverEncoder& mEncoder);
-
+#endif
 
 	void QuasiCyclicConfigure(
 		u64 numOTs, u64 secParam,