Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation

OTExtension Build Status


Implementation of the passive secure OT extension protocol of [1] and the active secure OT extension protocols of [2] and [3]. Implements the general OT (G_OT), correlated OT (C_OT), global correlated OT (GC_OT), sender random OT (SR_OT), and receiver random OT (RR_OT) (Definitions of the functionalities will follow). Implements the base-OTs by Naor-Pinkas [4], Peikert-Vaikuntanathan-Waters [5], and Chou-Orlandi [6]. The code is based on the OT extension implementation of [7] and uses the MIRACL libary [8] for elliptic curve arithmetic.

Update: Implemented 1-out-of-2 OT from the 1-out-of-N OT extension of [9].


  • A Linux distribution of your choice (the OT extension code was developed under Ubuntu).

  • Required packages:

    Install these packages with your favorite package manager, e.g, sudo apt-get install <package-name>.


  1. Clone a copy of the OTExtension git repository:

    git clone
  2. Enter the Framework directory: cd OTExtension/

  3. Create and enter a build directory: mkdir build && cd build

  4. Use CMake to create build files. Use

    cmake ..

    The following options are available:

    • -DCMAKE_INSTALL_PREFIX=/path/to/installation
    • -DOTEXTENSION_BUILD_EXE=On to build executables (they are written to mains/ in the build directory)

In case ENCRYPTO_utils cannot be found on your system, it will automatically be compiled. If it is installed in a non-standard location, the path can be provided via -DCMAKE_PREFIX_PATH=/some/path.

  1. Call make in the build directory to compile.


To start OT extension, open two terminals on the same PC and call otmain -r 0 in one terminal to start OT extension as sender and call otmain -r 1 in the second terminal to start OT extension as receiver. This will invoke the passive secure IKNP 1-out-of-2 OT extension protocol for 1 million OTs on 8-bit strings. The result of the OT will be checked for correctness and the times (in ms) for the base-OTs, for the OT extensions, the number of bytes sent and the number of bytes received will be printed on the terminals. A list of all available options can be obtained via otmain -h.


An example implementation of OT extension can be found in mains/otmain.cpp.

OT related source code is found in ot/.

Some compilation flags can be set in ot/OTconstants.h.


  • [1] G. Asharov, Y. Lindell, T. Schneider, M. Zohner: More Efficient Oblivious Transfer and Extensions for Faster Secure Computation (CCS'13).
  • [2] G. Asharov, Y. Lindell, T. Schneider, M. Zohner: More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries. EUROCRYPT (1) 2015: 673-701.
  • [3] J. B. Nielsen, P. S. Nordholt, C. Orlandi, S. S. Burra: A New Approach to Practical Active-Secure Two-Party Computation. CRYPTO 2012: 681-700.
  • [4] M. Naor, B. Pinkas: Efficient oblivious transfer protocols. SODA 2001: 448-457.
  • [5] C. Peikert, V. Vaikuntanathan, B. Waters: A Framework for Efficient and Composable Oblivious Transfer. CRYPTO 2008: 554-571.
  • [6] T. Chou, C. Orlandi: The Simplest Protocol for Oblivious Transfer. Online at:
  • [7] S.G. Choi, K.W. Hwang, J.Katz, T. Malkin, D. Rubenstein: Secure multi-party computation of Boolean circuits with applications to privacy in on-line market-places. In CT-RSA’12. LNCS, vol. 7178, pp. 416–432.
  • [8] CertiVox, Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL)
  • [9] V. Kolesnikov, R. Kumaresan: Improved OT Extension for Transferring Short Secrets. In CRYPTO'13 (2).
  • [10] D. Demmler, T. Schneider, M. Zohner: ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. NDSS 2015.