WeDPR 1_out_of_2 OT 协议 ,算法实现见:https://github.com/WeBankBlockchain/WeDPR-Lab-Crypto/tree/main/crypto/oblivious_transfer/base_ot
message = [message_0, message_1 ]
步骤一 receiver初始化:
-
生成随机数 a , b
-
计算 c = a * b
-
计算 point_x = a * G1
point_y = b * G1
- 如果选择 message _0 则
point_z = c * G1
否则
point_z = (c -1) * G1
- 最后得到 ReceiverSecret= { b } , ReceiverCommitment = {point_x ,point_y ,point_z }
并将ReceiverCommitment 发送给sender
步骤二 sender加密message:
-
加密 message_0
-
选择r , s
-
计算 key_basepoint_0 = s * point_x + r * G1
-
计算 bytes_key = point_to_bytes ( s * point_z + r * point_y) //point_to_bytes 将点转成byte
-
encrypted_message_0 = message_0 ^ bytes_key
(按位异或,注意bytes_key 的长度要大于message的长度)
-
加密 message_1,重新计算 point_z = point_z + G1
-
选择r , s
-
计算 key_basepoint_1 = s * point_x + r * G1
-
计算 bytes_key = point_to_bytes ( s * point_z + r * point_y)
-
encrypted_message_1 = message_1 ^ bytes_key
最后将{key_basepoint_0 ,encrypted_message_0 } {key_basepoint_1,encrypted_message_1 }发送给 receiver
步骤三 receiver解密:
-
解密message_0
-
计算 :bytes_key =point_to_bytes( b * key_basepoint_0 )
-
解密: message_0= encrypted_message_0 ^ bytes_key
-
解密message_1
-
计算:bytes_key = point_to_bytes( b * key_basepoint_1 )
-
解密: message_1 = encrypted_message_1 ^ bytes_key