add ML-KEM as an option for base OT

.github/workflows/pull_request.yml

@@ -35,8 +35,11 @@ jobs:
         if: ${{ matrix.os == 'windows-latest' }}
         uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b # 1.5.2
 
-      - name: Run tests
-        run: cargo test --workspace --verbose --all-features --no-fail-fast
+      - name: Run tests (all features)
+        run: cargo test --workspace --verbose --all-features --no-fail-fast ${{ runner.os == 'macOS' && '-- --test-threads=1' || '' }}
+
+      - name: Run tests (no features)
+        run: cargo test --workspace --verbose --no-fail-fast ${{ runner.os == 'macOS' && '-- --test-threads=1' || '' }}
 
   miri:
     name: Miri

.github/workflows/push.yml

@@ -23,5 +23,8 @@ jobs:
       - name: Show CPU info
         run: lscpu
 
-      - name: Test
+      - name: Run tests (all features)
         run: cargo test --workspace --verbose --all-features --no-fail-fast
+
+      - name: Run tests (no features)
+        run: cargo test --workspace --verbose --no-fail-fast

Cargo.toml

@@ -20,6 +20,7 @@ bincode = "1.3.3"
 bitvec = "1.0.1"
 blake3 = "1.5.5"
 bytemuck = { version = "1.25.0", features = ["must_cast"] }
+cfg-if = "1"
 cpufeatures = "0.3.0"
 criterion = { version = "0.8", features = ["async_tokio", "html_reports"] }
 cryprot-codes = { version = "0.2.2", path = "cryprot-codes" }
@@ -31,6 +32,9 @@ fastdivide = "0.4.2"
 futures = "0.3.32"
 hybrid-array = { version = "0.4.8", features = ["bytemuck"] }
 libc = "0.2.183"
+ml-kem = "0.2.2"
+module-lattice = "0.1.0"
+sha3 = "0.10.8"
 ndarray = "0.17.2"
 num-traits = "0.2.19"
 rand = "0.10.0"
@@ -40,7 +44,8 @@ rayon = "1.10.0"
 s2n-quic = "1.75.0"
 seq-macro = "=0.3.6"
 serde = "1.0.203"
-subtle = "2.6.1"
+serde_bytes = "0.11.19"
+subtle = { version = "2.6.1", features = ["const-generics"] }
 thiserror = "2.0.18"
 tokio = "1.50.0"
 tokio-serde = "0.9.0"

README.md

@@ -11,7 +11,7 @@ The `cryprot` crates implement several **cryp**tographic **prot**ocols and utili
 | [`cryprot-net`] | Networking abstractions built atop [s2n-quic](https://docs.rs/s2n-quic/latest/s2n_quic/). | [![crates.io](https://img.shields.io/crates/v/cryprot-net)](https://crates.io/crates/cryprot-net) | [![docs.rs](https://img.shields.io/docsrs/cryprot-net)](https://docs.rs/cryprot-net) |
 | [`cryprot-pprf`] | Distributed PPRF implementation used in Silent OT [[BCG+19]](https://eprint.iacr.org/2019/1159), based on [libOTe](https://github.com/osu-crypto/libOTe). | [![crates.io](https://img.shields.io/crates/v/cryprot-pprf)](https://crates.io/crates/cryprot-pprf) | [![docs.rs](https://img.shields.io/docsrs/cryprot-pprf)](https://docs.rs/cryprot-pprf) |
 | [`cryprot-codes`] | Expand-convolute linear code [[RRT23]](https://eprint.iacr.org/2023/882), based on [libOTe](https://github.com/osu-crypto/libOTe), used in Silent OT. | [![crates.io](https://img.shields.io/crates/v/cryprot-codes)](https://crates.io/crates/cryprot-codes) | [![docs.rs](https://img.shields.io/docsrs/cryprot-codes)](https://docs.rs/cryprot-codes) |
-| [`cryprot-ot`] | Oblivious transfer implementations:<br>• Base OT: "Simplest OT" [[CO15]](https://eprint.iacr.org/2015/267)<br>• OT extensions: [[IKNP03]](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf)<br>• Malicious OT extension: [[KOS15]](https://eprint.iacr.org/2015/546.pdf)<br>• Silent OT extension: [[BCG+19]](https://eprint.iacr.org/2019/1159) Silent OT using [[RRT23]](https://eprint.iacr.org/2023/882) code and optional [[YWL+20]](https://dl.acm.org/doi/pdf/10.1145/3372297.3417276) consistency check for malicious security. | [![crates.io](https://img.shields.io/crates/v/cryprot-ot)](https://crates.io/crates/cryprot-ot) | [![docs.rs](https://img.shields.io/docsrs/cryprot-ot)](https://docs.rs/cryprot-ot) |
+| [`cryprot-ot`] | Oblivious transfer implementations:<br>• Base OT: "Simplest OT" [[CO15]](https://eprint.iacr.org/2015/267)<br>• Base OT (post-quantum, optional): [ML-KEM](https://crates.io/crates/ml-kem) based OT [[FIPS 203]](https://csrc.nist.gov/pubs/fips/203/final)<br>• OT extensions: [[IKNP03]](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf)<br>• Malicious OT extension: [[KOS15]](https://eprint.iacr.org/2015/546.pdf)<br>• Silent OT extension: [[BCG+19]](https://eprint.iacr.org/2019/1159) Silent OT using [[RRT23]](https://eprint.iacr.org/2023/882) code and optional [[YWL+20]](https://dl.acm.org/doi/pdf/10.1145/3372297.3417276) consistency check for malicious security. | [![crates.io](https://img.shields.io/crates/v/cryprot-ot)](https://crates.io/crates/cryprot-ot) | [![docs.rs](https://img.shields.io/docsrs/cryprot-ot)](https://docs.rs/cryprot-ot) |
 
 Documentation for the latest main branch state is available [here](https://robinhundt.github.io/CryProt/cryprot_ot/).
 ## Platform Support
@@ -45,7 +45,7 @@ Silent OT will perform faster for smaller numbers of OTs at slightly increased c
 
 Our OT implementations should be on par or faster than those in libOTe. In the future we want to benchmark libOTe on the same hardware for a fair comparison.
 
-**Base OT Benchmark:**
+**Base OT Benchmark (Simplest OT):**
 
 | Benchmark      | Mean Time (ms) |
 |---------------|---------------|

cryprot-ot/Cargo.toml

@@ -9,6 +9,14 @@ version = "0.2.2"
 authors.workspace = true
 repository.workspace = true
 
+[features]
+# ML-KEM-based base OT. Pick only one variant.
+ml-kem-base-ot-512 = ["_ml-kem-base-ot"]
+ml-kem-base-ot-768 = ["_ml-kem-base-ot"]
+ml-kem-base-ot-1024 = ["_ml-kem-base-ot"]
+# Internal feature — do not enable directly.
+_ml-kem-base-ot = ["dep:ml-kem", "dep:module-lattice", "dep:hybrid-array", "dep:sha3"]
+
 [lints]
 workspace = true
 
@@ -19,13 +27,20 @@ bench = false
 [dependencies]
 bitvec = { workspace = true, features = ["serde"] }
 bytemuck.workspace = true
+cfg-if.workspace = true
 cryprot-codes.workspace = true
 cryprot-core = { workspace = true, features = ["tokio-rayon"] }
 cryprot-net.workspace = true
 cryprot-pprf.workspace = true
 curve25519-dalek = { workspace = true, features = ["rand_core", "serde"] }
 futures.workspace = true
+hybrid-array = { workspace = true, optional = true }
+ml-kem = { workspace = true, optional = true }
+module-lattice = { workspace = true, optional = true }
 rand.workspace = true
+sha3 = { workspace = true, optional = true }
+serde_bytes.workspace = true
+serde = { workspace = true, features = ["derive"] }
 subtle.workspace = true
 thiserror.workspace = true
 tokio = { workspace = true, features = ["io-util"] }

cryprot-ot/README.md

@@ -6,6 +6,7 @@
 Oblivious transfer implementations. Currently implemented are the following:
 
 - base OT: "Simplest OT" [[CO15](https://eprint.iacr.org/2015/267)]
+- base OT (post-quantum, optional): [ML-KEM-768](https://crates.io/crates/ml-kem) based OT [[FIPS 203](https://csrc.nist.gov/pubs/fips/203/final)]
 - semi-honest OT extension: optimized [[IKNP03](https://www.iacr.org/archive/crypto2003/27290145/27290145.pdf)] protocol
 - malicious OT extension: optimized [[KOS15]](https://eprint.iacr.org/2015/546.pdf) protocol
 - silent OT extension: [[BCG+19](https://eprint.iacr.org/2019/1159)] silent OT using [[RRT23](https://eprint.iacr.org/2023/882)] code (semi-honest and malicious with [[YWL+20](https://dl.acm.org/doi/pdf/10.1145/3372297.3417276)] consistency check)
@@ -27,7 +28,7 @@ Silent OT will perform faster for smaller numbers of OTs at slightly increased c
 
 Our OT implementations should be on par or faster than those in libOTe. In the future we want to benchmark libOTe on the same hardware for a fair comparison.
 
-**Base OT Benchmark:**
+**Base OT Benchmark (Simplest OT):**
 
 | Benchmark      | Mean Time (ms) |
 |---------------|---------------|

cryprot-ot/benches/bench.rs

@@ -8,7 +8,6 @@ use cryprot_core::{Block, alloc::HugePageMemory};
 use cryprot_net::testing::{init_bench_tracing, local_conn};
 use cryprot_ot::{
     CotReceiver, CotSender, RotReceiver, RotSender,
-    base::SimplestOt,
     extension::{
         MaliciousOtExtensionReceiver, MaliciousOtExtensionSender, SemiHonestOtExtensionReceiver,
         SemiHonestOtExtensionSender,
@@ -18,6 +17,7 @@ use cryprot_ot::{
         MaliciousSilentOtReceiver, MaliciousSilentOtSender, SemiHonestSilentOtReceiver,
         SemiHonestSilentOtSender,
     },
+    simplest_ot::SimplestOt,
 };
 use rand::{SeedableRng, rngs::StdRng};
 use tokio::runtime::{self, Runtime};