WeDPR 1_out_of_2 OT 协议 ，算法实现见：https://github.com/WeBankBlockchain/WeDPR-Lab-Crypto/tree/main/crypto/oblivious_transfer/base_ot

---

message = [message_0, message_1 ]

步骤一 receiver初始化:

• ​ 生成随机数 a , b

• ​ 计算 c = a * b

• ​ 计算 point_x = a * G1

​ point_y = b * G1

• 如果选择 message _0 则

​ point_z = c * G1

否则

​ point_z = (c -1) * G1

• 最后得到 ReceiverSecret= { b } ， ReceiverCommitment = {point_x ，point_y ，point_z }

​ 并将ReceiverCommitment 发送给sender

步骤二 sender加密message：

• 加密 message_0

• 选择r , s

• 计算 key_basepoint_0 = s * point_x + r * G1

• 计算 bytes_key = point_to_bytes ( s * point_z + r * point_y) //point_to_bytes 将点转成byte

• encrypted_message_0 = message_0 ^ bytes_key

​ (按位异或，注意bytes_key 的长度要大于message的长度)

• 加密 message_1，重新计算 point_z = point_z + G1

• 选择r , s

• 计算 key_basepoint_1 = s * point_x + r * G1

• 计算 bytes_key = point_to_bytes ( s * point_z + r * point_y)

• encrypted_message_1 = message_1 ^ bytes_key

​ 最后将{key_basepoint_0 ，encrypted_message_0 } {key_basepoint_1,encrypted_message_1 }发送给 receiver

步骤三 receiver解密：

• 解密message_0

• 计算 ：bytes_key =point_to_bytes( b * key_basepoint_0 )

• 解密： message_0= encrypted_message_0 ^ bytes_key

• 解密message_1

• 计算：bytes_key = point_to_bytes( b * key_basepoint_1 )

• 解密： message_1 = encrypted_message_1 ^ bytes_key

​

​