Add part of feedback

ot/mpz-ot/src/kos/mod.rs

@@ -6,8 +6,6 @@ mod sender;
 
 pub use error::{ReceiverError, ReceiverVerifyError, SenderError};
 use futures_util::{SinkExt, StreamExt};
-use rand_chacha::ChaCha20Rng;
-use rand_core::{RngCore, SeedableRng};
 pub use receiver::Receiver;
 pub use sender::Sender;
 
@@ -39,19 +37,6 @@ pub(crate) fn into_base_stream<'a, St: IoStream<msgs::Message<T>> + Send + Unpin
     })
 }
 
-/// Stretches a 16-byte seed to arbitrary length using ChaCha20.
-fn random_bytes_from_seed<const N: usize>(seed: [u8; 16]) -> [u8; N] {
-    let mut stretched_seed = [0_u8; 32];
-    let double_seed = [seed, seed].concat();
-
-    stretched_seed.copy_from_slice(&double_seed);
-    let mut rng = ChaCha20Rng::from_seed(stretched_seed);
-
-    let mut output = [0_u8; N];
-    rng.fill_bytes(&mut output);
-    output
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;

ot/mpz-ot/src/kos/receiver.rs

@@ -1,28 +1,26 @@
 use async_trait::async_trait;
 use futures::SinkExt;
 use itybity::{FromBitIterator, IntoBitIterator};
-use mpz_core::{cointoss, Block, ProtocolMessage};
+use mpz_core::{cointoss, prg::Prg, Block, ProtocolMessage};
 use mpz_ot_core::kos::{
     msgs::Message, receiver_state as state, Receiver as ReceiverCore, ReceiverConfig, CSP, SSP,
 };
 
 use enum_try_as_inner::EnumTryAsInner;
 use rand::{thread_rng, Rng};
+use rand_core::{RngCore, SeedableRng};
 use utils_aio::{
     non_blocking_backend::{Backend, NonBlockingBackend},
     sink::IoSink,
     stream::{ExpectStreamExt, IoStream},
 };
 
+use super::{into_base_sink, into_base_stream, ReceiverError, ReceiverVerifyError};
 use crate::{
-    ChosenMessageRandomOTReceiver, OTError, OTReceiver, OTSender, OTSetup, VerifiableOTReceiver,
+    OTError, OTReceiver, OTSender, OTSetup, RandomOTReceiver, VerifiableOTReceiver,
     VerifiableOTSender,
 };
 
-use super::{
-    into_base_sink, into_base_stream, random_bytes_from_seed, ReceiverError, ReceiverVerifyError,
-};
-
 #[derive(Debug, EnumTryAsInner)]
 #[derive_err(Debug)]
 pub(crate) enum State {
@@ -309,11 +307,19 @@ where
 }
 
 #[async_trait]
-impl<BaseOT> ChosenMessageRandomOTReceiver<bool, Block> for Receiver<BaseOT>
+impl<BaseOT> RandomOTReceiver<bool, Block> for Receiver<BaseOT>
 where
     BaseOT: ProtocolMessage + Send,
 {
-    async fn receive(&mut self, count: usize) -> Result<(Vec<bool>, Vec<Block>), OTError> {
+    async fn receive_random<
+        Si: IoSink<Message<BaseOT::Msg>> + Send + Unpin,
+        St: IoStream<Message<BaseOT::Msg>> + Send + Unpin,
+    >(
+        &mut self,
+        _sink: &mut Si,
+        _stream: &mut St,
+        count: usize,
+    ) -> Result<(Vec<bool>, Vec<Block>), OTError> {
         let receiver = self
             .state
             .try_as_extension_mut()
@@ -376,11 +382,19 @@ where
 }
 
 #[async_trait]
-impl<const N: usize, BaseOT> ChosenMessageRandomOTReceiver<bool, [u8; N]> for Receiver<BaseOT>
+impl<const N: usize, BaseOT> RandomOTReceiver<bool, [u8; N]> for Receiver<BaseOT>
 where
     BaseOT: ProtocolMessage + Send,
 {
-    async fn receive(&mut self, count: usize) -> Result<(Vec<bool>, Vec<[u8; N]>), OTError> {
+    async fn receive_random<
+        Si: IoSink<Message<BaseOT::Msg>> + Send + Unpin,
+        St: IoStream<Message<BaseOT::Msg>> + Send + Unpin,
+    >(
+        &mut self,
+        _sink: &mut Si,
+        _stream: &mut St,
+        count: usize,
+    ) -> Result<(Vec<bool>, Vec<[u8; N]>), OTError> {
         let receiver = self
             .state
             .try_as_extension_mut()
@@ -395,7 +409,12 @@ where
             choices,
             random_outputs
                 .into_iter()
-                .map(|block| random_bytes_from_seed(block.to_bytes()))
+                .map(|block| {
+                    let mut prg = Prg::from_seed(block);
+                    let mut out = [0_u8; N];
+                    prg.fill_bytes(&mut out);
+                    out
+                })
                 .collect(),
         ))
     }

ot/mpz-ot/src/kos/sender.rs

@@ -1,25 +1,24 @@
-use crate::{
-    kos::SenderError, CommittedOTReceiver, CommittedOTSender, OTError, OTReceiver, OTSender,
-    OTSetup, RandomOTSender,
-};
-
 use async_trait::async_trait;
+use enum_try_as_inner::EnumTryAsInner;
 use futures_util::SinkExt;
 use itybity::IntoBits;
-use mpz_core::{cointoss, Block, ProtocolMessage};
+use mpz_core::{cointoss, prg::Prg, Block, ProtocolMessage};
 use mpz_ot_core::kos::{
     msgs::Message, sender_state as state, Sender as SenderCore, SenderConfig, CSP, SSP,
 };
 use rand::{thread_rng, Rng};
+use rand_core::{RngCore, SeedableRng};
 use utils_aio::{
     non_blocking_backend::{Backend, NonBlockingBackend},
     sink::IoSink,
     stream::{ExpectStreamExt, IoStream},
 };
 
-use enum_try_as_inner::EnumTryAsInner;
-
-use super::{into_base_sink, into_base_stream, random_bytes_from_seed};
+use super::{into_base_sink, into_base_stream};
+use crate::{
+    kos::SenderError, CommittedOTReceiver, CommittedOTSender, OTError, OTReceiver, OTSender,
+    OTSetup, RandomOTSender,
+};
 
 #[derive(Debug, EnumTryAsInner)]
 #[derive_err(Debug)]
@@ -341,7 +340,15 @@ impl<BaseOT> RandomOTSender<[Block; 2]> for Sender<BaseOT>
 where
     BaseOT: ProtocolMessage + Send,
 {
-    async fn random_messages(&mut self, count: usize) -> Result<Vec<[Block; 2]>, OTError> {
+    async fn send_random<
+        Si: IoSink<Message<BaseOT::Msg>> + Send + Unpin,
+        St: IoStream<Message<BaseOT::Msg>> + Send + Unpin,
+    >(
+        &mut self,
+        _sink: &mut Si,
+        _stream: &mut St,
+        count: usize,
+    ) -> Result<Vec<[Block; 2]>, OTError> {
         let sender = self
             .state
             .try_as_extension_mut()
@@ -396,23 +403,33 @@ impl<const N: usize, BaseOT> RandomOTSender<[[u8; N]; 2]> for Sender<BaseOT>
 where
     BaseOT: ProtocolMessage + Send,
 {
-    async fn random_messages(&mut self, count: usize) -> Result<Vec<[[u8; N]; 2]>, OTError> {
+    async fn send_random<
+        Si: IoSink<Message<BaseOT::Msg>> + Send + Unpin,
+        St: IoStream<Message<BaseOT::Msg>> + Send + Unpin,
+    >(
+        &mut self,
+        _sink: &mut Si,
+        _stream: &mut St,
+        count: usize,
+    ) -> Result<Vec<[[u8; N]; 2]>, OTError> {
         let sender = self
             .state
             .try_as_extension_mut()
             .map_err(SenderError::from)?;
 
         let random_outputs = sender.keys(count).map_err(SenderError::from)?;
 
+        let prng = |block| {
+            let mut prg = Prg::from_seed(block);
+            let mut out = [0_u8; N];
+            prg.fill_bytes(&mut out);
+            out
+        };
+
         Ok(random_outputs
             .take_keys()
             .into_iter()
-            .map(|[a, b]| {
-                [
-                    random_bytes_from_seed(a.to_bytes()),
-                    random_bytes_from_seed(b.to_bytes()),
-                ]
-            })
+            .map(|[a, b]| [prng(a), prng(b)])
             .collect())
     }
 }

ot/mpz-ot/src/lib.rs

@@ -69,19 +69,27 @@ where
 }
 
 /// A random OT sender.
-///
-/// The OT sender gets two messages which are guaranteed to be random by the protocol.
 #[async_trait]
-pub trait RandomOTSender<T>
+pub trait RandomOTSender<T>: ProtocolMessage
 where
     T: Send + Sync,
 {
     /// Outputs two random messages.
     ///
     /// # Arguments
     ///
+    /// * `sink` - The IO sink to the receiver.
+    /// * `stream` - The IO stream from the receiver.
     /// * `count` - The number of random messages to get.
-    async fn random_messages(&mut self, count: usize) -> Result<Vec<T>, OTError>;
+    async fn send_random<
+        Si: IoSink<Self::Msg> + Send + Unpin,
+        St: IoStream<Self::Msg> + Send + Unpin,
+    >(
+        &mut self,
+        sink: &mut Si,
+        stream: &mut St,
+        count: usize,
+    ) -> Result<Vec<T>, OTError>;
 }
 
 /// An oblivious transfer receiver.
@@ -107,13 +115,8 @@ where
 }
 
 /// A random OT receiver.
-///
-/// ATTENTION: This is a random OT receiver trait where from a security perspective the receiver
-/// could make the choice of which message to receive. Although this is not exposed in the interface,
-/// this trait is meant for protocols, where the receiver could choose the choice bit. So do NOT
-/// use this trait in your protocol if it is required that the receiver's choices are random.
 #[async_trait]
-pub trait ChosenMessageRandomOTReceiver<T, U>
+pub trait RandomOTReceiver<T, U>: ProtocolMessage
 where
     T: Send + Sync,
     U: Send + Sync,
@@ -122,8 +125,18 @@ where
     ///
     /// # Arguments
     ///
+    /// * `sink` - The IO sink to the sender.
+    /// * `stream` - The IO stream from the sender.
     /// * `count` - The number of random messages to receive.
-    async fn receive(&mut self, count: usize) -> Result<(Vec<T>, Vec<U>), OTError>;
+    async fn receive_random<
+        Si: IoSink<Self::Msg> + Send + Unpin,
+        St: IoStream<Self::Msg> + Send + Unpin,
+    >(
+        &mut self,
+        sink: &mut Si,
+        stream: &mut St,
+        count: usize,
+    ) -> Result<(Vec<T>, Vec<U>), OTError>;
 }
 
 /// An oblivious transfer sender that is committed to its messages and can reveal them