Implementation of the passive secure OT extension protocol of  and the active secure OT extension protocols of  and . Implements the general OT (G_OT), correlated OT (C_OT), global correlated OT (GC_OT), sender random OT (SR_OT), and receiver random OT (RR_OT) (Definitions of the functionalities will follow). Implements the base-OTs by Naor-Pinkas , Peikert-Vaikuntanathan-Waters , and Chou-Orlandi . The code is based on the OT extension implementation of  and uses the MIRACL libary  for elliptic curve arithmetic.
Update: Implemented 1-out-of-2 OT from the 1-out-of-N OT extension of .
A Linux distribution of your choice (the OT extension code was developed under Ubuntu).
Install these packages with your favorite package manager, e.g,
sudo apt-get install <package-name>.
Clone a copy of the OTExtension git repository:
git clone https://github.com/encryptogroup/OTExtension.git
Enter the Framework directory:
Create and enter a build directory:
mkdir build && cd build
Use CMake to create build files. Use
The following options are available:
-DOTEXTENSION_BUILD_EXE=Onto build executables
In case ENCRYPTO_utils
cannot be found on your system, it will automatically be compiled. If it is
installed in a non-standard location, the path can be provided via
makein the build directory to compile.
To start OT extension, open two terminals on the same PC and call
ot.exe -r 0 in one terminal to start OT extension as sender and call
ot.exe -r 1 in the second terminal to start OT extension as receiver. This will invoke the passive secure IKNP 1-out-of-2 OT extension protocol for 1 million OTs on 8-bit strings. The result of the OT will be checked for correctness and the times (in ms) for the base-OTs, for the OT extensions, the number of bytes sent and the number of bytes received will be printed on the terminals.
A list of all available options can be obtained via
An example implementation of OT extension can be found in
OT related source code is found in
Some compilation flags can be set in
-  G. Asharov, Y. Lindell, T. Schneider, M. Zohner: More Efficient Oblivious Transfer and Extensions for Faster Secure Computation (CCS'13).
-  G. Asharov, Y. Lindell, T. Schneider, M. Zohner: More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries. EUROCRYPT (1) 2015: 673-701.
-  J. B. Nielsen, P. S. Nordholt, C. Orlandi, S. S. Burra: A New Approach to Practical Active-Secure Two-Party Computation. CRYPTO 2012: 681-700.
-  M. Naor, B. Pinkas: Efficient oblivious transfer protocols. SODA 2001: 448-457.
-  C. Peikert, V. Vaikuntanathan, B. Waters: A Framework for Efficient and Composable Oblivious Transfer. CRYPTO 2008: 554-571.
-  T. Chou, C. Orlandi: The Simplest Protocol for Oblivious Transfer. Online at: http://eprint.iacr.org/2015/267.
-  S.G. Choi, K.W. Hwang, J.Katz, T. Malkin, D. Rubenstein: Secure multi-party computation of Boolean circuits with applications to privacy in on-line market-places. In CT-RSA’12. LNCS, vol. 7178, pp. 416–432.
-  CertiVox, Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) https://github.com/CertiVox/MIRACL
-  V. Kolesnikov, R. Kumaresan: Improved OT Extension for Transferring Short Secrets. In CRYPTO'13 (2).
-  D. Demmler, T. Schneider, M. Zohner: ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. NDSS 2015. https://github.com/encryptogroup/ABY