WeDPR t_out_of_n 不经意传输协议

WeDPR t_out_of_n OT 协议 ，算法实现见：https://github.com/WeBankBlockchain/WeDPR-Lab-Crypto/tree/main/crypto/oblivious_transfer/base_ot

messageList = [{id _0,message_0}, {id_1,message_1}, {id_2, message_2} , {id_3, message_3} ]

其中id_i 为对应message_i 的标识，id_i 公开

步骤一 receiver初始化:

• ​ 生成随机数 a , b

• ​ 计算 c = a * b

• ​ 计算 point_x = a * G1

​ point_y = b * G1

• 假设receiver 想要获取消息message_1和message_3，设idList =[id_1, id_3 ], 计算如下

  for id_i in idList {

  • 计算 point_z_i = (c- id_i) * G1 // i =0 … len(idList)-1

  }

  point_z_list =[point_z_i]

• 最后得到 ReceiverSecret= { b } ， ReceiverCommitment = {point_x ，point_y ，point_z_list}

​ 并将ReceiverCommitment 发送给sender

步骤二 sender加密message：

for {id _j, message_j} in message { //j = 0 … len(messageList)-1

• 选择随机数r，s

• 计算key_basepoint_j = s * point_x + r * G1

• 计算finger_j = hah(message_j)

  for point_z_i in point_z_list {

  • 计算bytes_key_i_j = s * point_z_i + (s * id_j ) * G1 + r * point_y
  • 计算encrypted_message_i_j = bytes_key_i_j ^ message_j

  }

}

最后将key_basepoint_List 和 encrypted_message_list和finger_list 发送给receiver

key_basepoint_List = [key_basepoint_j ]

encrypted_message_list=[encrypted_message_i_j ] //列表长度 i*j

finger_list = [finger_j ]

步骤三 receiver解密：

for key_basepoint_j in key_basepoint_List {

• bytes_key_j = b * key_basepoint_j

for encrypted_message_i_j in encrypted_message_list {

• 解密decrypted_message = encrypted_message_i_j ^ bytes_key_j
• 判断 decrypted_message 是否包含在finger_list中 ，如果包含，则 decrypted_message 是正确的解密消息

​ }

}

​

​