address review comments

dartdart26 · dartdart26 · commit c73a47bfecf6 · 2026-01-31T21:21:45.000Z
* no devcontainer files
 * fix ML-KEM-768 reference
 * fix cargo fmt
 * fix cargo doc
 * try --test-threads=1 for MacOS to see test if it helps
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -32,7 +32,7 @@ jobs:
         uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b # 1.5.2
 
       - name: Run tests
-        run: cargo test --workspace --verbose --all-features --no-fail-fast
+        run: cargo test --workspace --verbose --all-features --no-fail-fast ${{ runner.os == 'macOS' && '-- --test-threads=1' || '' }}
 
   miri:
     name: Miri
diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ The `cryprot` crates implement several **cryp**tographic **prot**ocols and utili
 | [`cryprot-net`] | Networking abstractions built atop [s2n-quic](https://docs.rs/s2n-quic/latest/s2n_quic/). | [![crates.io](https://img.shields.io/crates/v/cryprot-net)](https://crates.io/crates/cryprot-net) | [![docs.rs](https://img.shields.io/docsrs/cryprot-net)](https://docs.rs/cryprot-net) |
 | [`cryprot-pprf`] | Distributed PPRF implementation used in Silent OT [[BCG+19]](https://eprint.iacr.org/2019/1159), based on [libOTe](https://github.com/osu-crypto/libOTe). | [![crates.io](https://img.shields.io/crates/v/cryprot-pprf)](https://crates.io/crates/cryprot-pprf) | [![docs.rs](https://img.shields.io/docsrs/cryprot-pprf)](https://docs.rs/cryprot-pprf) |
 | [`cryprot-codes`] | Expand-convolute linear code [[RRT23]](https://eprint.iacr.org/2023/882), based on [libOTe](https://github.com/osu-crypto/libOTe), used in Silent OT. | [![crates.io](https://img.shields.io/crates/v/cryprot-codes)](https://crates.io/crates/cryprot-codes) | [![docs.rs](https://img.shields.io/docsrs/cryprot-codes)](https://docs.rs/cryprot-codes) |
-| [`cryprot-ot`] | Oblivious transfer implementations:<br>• Base OT: "Simplest OT" [[CO15]](https://eprint.iacr.org/2015/267)<br>• Base OT (post-quantum, optional): [ML-KEM-768](https://crates.io/crates/ml-kem) based OT [[FIPS 203]](https://csrc.nist.gov/pubs/fips/203/final)<br>• OT extensions: [[IKNP03]](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf)<br>• Malicious OT extension: [[KOS15]](https://eprint.iacr.org/2015/546.pdf)<br>• Silent OT extension: [[BCG+19]](https://eprint.iacr.org/2019/1159) Silent OT using [[RRT23]](https://eprint.iacr.org/2023/882) code and optional [[YWL+20]](https://dl.acm.org/doi/pdf/10.1145/3372297.3417276) consistency check for malicious security. | [![crates.io](https://img.shields.io/crates/v/cryprot-ot)](https://crates.io/crates/cryprot-ot) | [![docs.rs](https://img.shields.io/docsrs/cryprot-ot)](https://docs.rs/cryprot-ot) |
+| [`cryprot-ot`] | Oblivious transfer implementations:<br>• Base OT: "Simplest OT" [[CO15]](https://eprint.iacr.org/2015/267)<br>• Base OT (post-quantum, optional): [ML-KEM](https://crates.io/crates/ml-kem) based OT [[FIPS 203]](https://csrc.nist.gov/pubs/fips/203/final)<br>• OT extensions: [[IKNP03]](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf)<br>• Malicious OT extension: [[KOS15]](https://eprint.iacr.org/2015/546.pdf)<br>• Silent OT extension: [[BCG+19]](https://eprint.iacr.org/2019/1159) Silent OT using [[RRT23]](https://eprint.iacr.org/2023/882) code and optional [[YWL+20]](https://dl.acm.org/doi/pdf/10.1145/3372297.3417276) consistency check for malicious security. | [![crates.io](https://img.shields.io/crates/v/cryprot-ot)](https://crates.io/crates/cryprot-ot) | [![docs.rs](https://img.shields.io/docsrs/cryprot-ot)](https://docs.rs/cryprot-ot) |
 
 Documentation for the latest main branch state is available [here](https://robinhundt.github.io/CryProt/cryprot_ot/).
 ## Platform Support
diff --git a/cryprot-ot/src/lib.rs b/cryprot-ot/src/lib.rs
@@ -1,8 +1,10 @@
 #![warn(clippy::unwrap_used)]
 //! CryProt-OT implements several [oblivious transfer](https://en.wikipedia.org/wiki/Oblivious_transfer) protocols.
 //!
-//! - base OT: "Simplest OT" [[CO15](https://eprint.iacr.org/2015/267)] (classical security)
-//! - post-quantum base OT: ML-KEM-768 based OT [[MR19](https://eprint.iacr.org/2019/706)] (post-quantum security)
+//! - base OT: "Simplest OT" [[CO15](https://eprint.iacr.org/2015/267)]
+//!   (classical security)
+//! - post-quantum base OT: ML-KEM-768 based OT [[MR19](https://eprint.iacr.org/2019/706)]
+//!   (post-quantum security)
 //! - semi-honest OT extension: optimized [[IKNP03](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf)]
 //!   protocol
 //! - malicious OT extension: optimized [[KOS15](https://eprint.iacr.org/2015/546.pdf)]
@@ -19,9 +21,9 @@
 //! Enable the `ml-kem-base-ot` feature to use ML-KEM-based OT for the base OT
 //! protocol, providing post-quantum security:
 //!
-//! This replaces the classical "Simplest OT" with an ML-KEM-based construction following
-//! FIPS 203 at https://csrc.nist.gov/pubs/fips/203/final, similar to libOTe's `ENABLE_MR_KYBER` option.
-//! We use the ML-KEN crate https://crates.io/crates/ml-kem.
+//! This replaces the classical "Simplest OT" with an ML-KEM-based construction
+//! following FIPS 203 at <https://csrc.nist.gov/pubs/fips/203/final>, similar to libOTe's `ENABLE_MR_KYBER` option.
+//! We use the ML-KEM crate <https://crates.io/crates/ml-kem>.
 //!
 //! ## Benchmarks
 //! We continously run the benchmark suite in CI witht the results publicly
@@ -80,7 +82,8 @@ pub type BaseOt = mlkem_ot::MlKemOt;
 
 /// Base OT implementation used by extension protocols.
 ///
-/// When the `ml-kem-base-ot` feature is not enabled, use [`simplest_ot::SimplestOt`].
+/// When the `ml-kem-base-ot` feature is not enabled, use
+/// [`simplest_ot::SimplestOt`].
 #[cfg(not(feature = "ml-kem-base-ot"))]
 pub type BaseOt = simplest_ot::SimplestOt;
 
diff --git a/cryprot-ot/src/mlkem_ot.rs b/cryprot-ot/src/mlkem_ot.rs
@@ -1,15 +1,15 @@
 //! Post-quantum base OT using ML-KEM.
 
-// ML-KEM variant: change to MlKem512/MlKem512Params or MlKem768/MlKem768Params for different security levels.
-use ml_kem::{MlKem1024 as MlKem, MlKem1024Params as MlKemParams};
-
 use std::io;
 
 use cryprot_core::{Block, buf::Buf, rand_compat::RngCompat, random_oracle::RandomOracle};
 use cryprot_net::{Connection, ConnectionError};
 use futures::{SinkExt, StreamExt};
+// ML-KEM variant: change to MlKem512/MlKem512Params or MlKem768/MlKem768Params
+// for different security levels.
 use ml_kem::{
-    Ciphertext as MlKemCiphertext, EncodedSizeUser, KemCore, SharedKey,
+    Ciphertext as MlKemCiphertext, EncodedSizeUser, KemCore, MlKem1024 as MlKem,
+    MlKem1024Params as MlKemParams, SharedKey,
     array::typenum::Unsigned,
     kem::{Decapsulate, DecapsulationKey, Encapsulate, EncapsulationKey as MlKemEncapsulationKey},
 };
@@ -249,7 +249,8 @@ fn encapsulate(ek: &EncapKeyBytes, rng: &mut StdRng) -> (CtBytes, SharedKey<MlKe
     )
 }
 
-// Derive an OT key from the ML-KEM shared key using a random oracle XOF, extracting a Block-sized (128-bit) output.
+// Derive an OT key from the ML-KEM shared key using a random oracle XOF,
+// extracting a Block-sized (128-bit) output.
 fn hash(key: &SharedKey<MlKem>, tweak: usize) -> Block {
     let mut ro = RandomOracle::new();
     ro.update(HASH_DOMAIN_SEPARATOR);
