add ML-KEM as an option for base OT

This makes the base OT post-quantum secure by utilizing ML-KEM key
encapsulation via https://crates.io/crates/ml-kem.

We keep the Simplest OT as default base OT and make ML-KEM optional by
adding compile-time features for different variants (k = 512/768/1024).

References:

MR19: https://eprint.iacr.org/2019/706
FIPS 203: https://csrc.nist.gov/pubs/fips/203/final
libOTe: https://github.com/osu-crypto/libOTe/blob/d0e499206d1d4d16c6b4ca6c0e712490e0632f80/thirdparty/KyberOT/KyberOT.c#L40-L41
ML-KEM implementation: https://github.com/RustCrypto/KEMs/blob/5a7f3ab7af5420cacca9befc9212532e4c7f6ca1/ml-kem/src/
ml-kem crate: https://crates.io/crates/ml-kem
module-lattice crate: https://crates.io/crates/module-lattice

Author: dartdart26

.github/workflows/pull_request.yml

@@ -35,8 +35,11 @@ jobs:
         if: ${{ matrix.os == 'windows-latest' }}
         uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b # 1.5.2
 
-      - name: Run tests
-        run: cargo test --workspace --verbose --all-features --no-fail-fast
+      - name: Run tests (all features)
+        run: cargo test --workspace --verbose --all-features --no-fail-fast ${{ runner.os == 'macOS' && '-- --test-threads=1' || '' }}
+
+      - name: Run tests (no features)
+        run: cargo test --workspace --verbose --no-fail-fast ${{ runner.os == 'macOS' && '-- --test-threads=1' || '' }}
 
   miri:
     name: Miri

.github/workflows/push.yml

@@ -23,5 +23,8 @@ jobs:
       - name: Show CPU info
         run: lscpu
 
-      - name: Test
+      - name: Run tests (all features)
         run: cargo test --workspace --verbose --all-features --no-fail-fast
+
+      - name: Run tests (no features)
+        run: cargo test --workspace --verbose --no-fail-fast

Cargo.lock

@@ -20,6 +20,7 @@ bincode = "1.3.3"
 bitvec = "1.0.1"
 blake3 = "1.5.5"
 bytemuck = { version = "1.25.0", features = ["must_cast"] }
+cfg-if = "1"
 cpufeatures = "0.3.0"
 criterion = { version = "0.8", features = ["async_tokio", "html_reports"] }
 cryprot-codes = { version = "0.2.2", path = "cryprot-codes" }
@@ -28,19 +29,23 @@ cryprot-net = { version = "0.2.2", path = "cryprot-net" }
 cryprot-pprf = { version = "0.2.2", path = "cryprot-pprf" }
 curve25519-dalek = "4.1.3"
 fastdivide = "0.4.2"
-futures = "0.3.30"
-hybrid-array = { version = "0.4.7", features = ["bytemuck"] }
-libc = "0.2.181"
+futures = "0.3.32"
+hybrid-array = { version = "0.4.8", features = ["bytemuck"] }
+libc = "0.2.183"
+ml-kem = "0.2.2"
+module-lattice = "0.1.0"
+sha3 = "0.10.8"
 ndarray = "0.17.2"
 num-traits = "0.2.19"
 rand = "0.10.0"
 rand_core = "0.10.0"
 rand_core_0_6 = { package = "rand_core", version = "0.6" }
 rayon = "1.10.0"
-s2n-quic = "1.74.0"
+s2n-quic = "1.75.0"
 seq-macro = "=0.3.6"
 serde = "1.0.203"
-subtle = "2.6.1"
+serde_bytes = "0.11.19"
+subtle = { version = "2.6.1", features = ["const-generics"] }
 thiserror = "2.0.18"
 tokio = "1.50.0"
 tokio-serde = "0.9.0"

Cargo.toml

@@ -11,7 +11,7 @@ The `cryprot` crates implement several **cryp**tographic **prot**ocols and utili
 | [`cryprot-net`] | Networking abstractions built atop [s2n-quic](https://docs.rs/s2n-quic/latest/s2n_quic/). | [![crates.io](https://img.shields.io/crates/v/cryprot-net)](https://crates.io/crates/cryprot-net) | [![docs.rs](https://img.shields.io/docsrs/cryprot-net)](https://docs.rs/cryprot-net) |
 | [`cryprot-pprf`] | Distributed PPRF implementation used in Silent OT [[BCG+19]](https://eprint.iacr.org/2019/1159), based on [libOTe](https://github.com/osu-crypto/libOTe). | [![crates.io](https://img.shields.io/crates/v/cryprot-pprf)](https://crates.io/crates/cryprot-pprf) | [![docs.rs](https://img.shields.io/docsrs/cryprot-pprf)](https://docs.rs/cryprot-pprf) |
 | [`cryprot-codes`] | Expand-convolute linear code [[RRT23]](https://eprint.iacr.org/2023/882), based on [libOTe](https://github.com/osu-crypto/libOTe), used in Silent OT. | [![crates.io](https://img.shields.io/crates/v/cryprot-codes)](https://crates.io/crates/cryprot-codes) | [![docs.rs](https://img.shields.io/docsrs/cryprot-codes)](https://docs.rs/cryprot-codes) |
-| [`cryprot-ot`] | Oblivious transfer implementations:<br>• Base OT: "Simplest OT" [[CO15]](https://eprint.iacr.org/2015/267)<br>• OT extensions: [[IKNP03]](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf)<br>• Malicious OT extension: [[KOS15]](https://eprint.iacr.org/2015/546.pdf)<br>• Silent OT extension: [[BCG+19]](https://eprint.iacr.org/2019/1159) Silent OT using [[RRT23]](https://eprint.iacr.org/2023/882) code and optional [[YWL+20]](https://dl.acm.org/doi/pdf/10.1145/3372297.3417276) consistency check for malicious security. | [![crates.io](https://img.shields.io/crates/v/cryprot-ot)](https://crates.io/crates/cryprot-ot) | [![docs.rs](https://img.shields.io/docsrs/cryprot-ot)](https://docs.rs/cryprot-ot) |
+| [`cryprot-ot`] | Oblivious transfer implementations:<br>• Base OT: "Simplest OT" [[CO15]](https://eprint.iacr.org/2015/267)<br>• Base OT (post-quantum, optional): [ML-KEM](https://crates.io/crates/ml-kem) based OT [[FIPS 203]](https://csrc.nist.gov/pubs/fips/203/final)<br>• OT extensions: [[IKNP03]](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf)<br>• Malicious OT extension: [[KOS15]](https://eprint.iacr.org/2015/546.pdf)<br>• Silent OT extension: [[BCG+19]](https://eprint.iacr.org/2019/1159) Silent OT using [[RRT23]](https://eprint.iacr.org/2023/882) code and optional [[YWL+20]](https://dl.acm.org/doi/pdf/10.1145/3372297.3417276) consistency check for malicious security. | [![crates.io](https://img.shields.io/crates/v/cryprot-ot)](https://crates.io/crates/cryprot-ot) | [![docs.rs](https://img.shields.io/docsrs/cryprot-ot)](https://docs.rs/cryprot-ot) |
 
 Documentation for the latest main branch state is available [here](https://robinhundt.github.io/CryProt/cryprot_ot/).
 ## Platform Support
@@ -45,7 +45,7 @@ Silent OT will perform faster for smaller numbers of OTs at slightly increased c
 
 Our OT implementations should be on par or faster than those in libOTe. In the future we want to benchmark libOTe on the same hardware for a fair comparison.
 
-**Base OT Benchmark:**
+**Base OT Benchmark (Simplest OT):**
 
 | Benchmark      | Mean Time (ms) |
 |---------------|---------------|

README.md

@@ -9,6 +9,14 @@ version = "0.2.2"
 authors.workspace = true
 repository.workspace = true
 
+[features]
+# ML-KEM-based base OT. Pick only one variant.
+ml-kem-base-ot-512 = ["_ml-kem-base-ot"]
+ml-kem-base-ot-768 = ["_ml-kem-base-ot"]
+ml-kem-base-ot-1024 = ["_ml-kem-base-ot"]
+# Internal feature — do not enable directly.
+_ml-kem-base-ot = ["dep:ml-kem", "dep:module-lattice", "dep:hybrid-array", "dep:sha3"]
+
 [lints]
 workspace = true
 
@@ -19,13 +27,20 @@ bench = false
 [dependencies]
 bitvec = { workspace = true, features = ["serde"] }
 bytemuck.workspace = true
+cfg-if.workspace = true
 cryprot-codes.workspace = true
 cryprot-core = { workspace = true, features = ["tokio-rayon"] }
 cryprot-net.workspace = true
 cryprot-pprf.workspace = true
 curve25519-dalek = { workspace = true, features = ["rand_core", "serde"] }
 futures.workspace = true
+hybrid-array = { workspace = true, optional = true }
+ml-kem = { workspace = true, optional = true }
+module-lattice = { workspace = true, optional = true }
 rand.workspace = true
+sha3 = { workspace = true, optional = true }
+serde_bytes.workspace = true
+serde = { workspace = true, features = ["derive"] }
 subtle.workspace = true
 thiserror.workspace = true
 tokio = { workspace = true, features = ["io-util"] }