Spcot fixes

ot/mpz-ot-core/src/ferret/spcot/mod.rs

@@ -10,8 +10,10 @@ mod tests {
     use mpz_core::prg::Prg;
 
     use super::{receiver::Receiver as SpcotReceiver, sender::Sender as SpcotSender};
-    use crate::ferret::CSP;
-    use crate::ideal::ideal_cot::{CotMsgForReceiver, CotMsgForSender, IdealCOT};
+    use crate::{
+        ferret::CSP,
+        ideal::ideal_cot::{CotMsgForReceiver, CotMsgForSender, IdealCOT},
+    };
 
     #[test]
     fn spcot_test() {
@@ -71,12 +73,12 @@ mod tests {
 
         let output_receiver = receiver.check(&z_star, check).unwrap();
 
-        output_sender
+        assert!(output_sender
             .iter_mut()
             .zip(output_receiver.iter())
             .all(|(vs, (ws, alpha))| {
                 vs[*alpha as usize] ^= delta;
                 vs == ws
-            });
+            }));
     }
 }

ot/mpz-ot-core/src/ferret/spcot/msgs.rs

@@ -3,7 +3,7 @@
 use mpz_core::{hash::Hash, Block};
 use serde::{Deserialize, Serialize};
 
-/// A SPCOT message.
+/// An SPCOT message.
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[allow(missing_docs)]
 pub enum Message<CotMsg> {
@@ -15,14 +15,14 @@ pub enum Message<CotMsg> {
 }
 
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
-/// The mask bits sent from the receiver.
+/// The mask bits sent by the receiver.
 pub struct MaskBits {
-    /// The mask bits sent from the receiver.
+    /// The mask bits sent by the receiver.
     pub bs: Vec<bool>,
 }
 
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
-/// The extend messages that sent from the sender.
+/// The extend messages sent by the sender.
 pub struct ExtendFromSender {
     /// The mask `m0` and `m1`.
     pub ms: Vec<[Block; 2]>,

ot/mpz-ot-core/src/ferret/spcot/receiver.rs

@@ -64,15 +64,15 @@ impl Receiver<state::Extension> {
             ));
         }
 
-        if alpha > (1 << h) {
+        if alpha >= (1 << h) {
             return Err(ReceiverError::InvalidInput(
-                "the input pos should be no more than 2^h".to_string(),
+                "the input pos should be no more than 2^h-1".to_string(),
             ));
         }
 
         if rs.len() != h {
             return Err(ReceiverError::InvalidLength(
-                "the length of b should be h".to_string(),
+                "the length of r should be h".to_string(),
             ));
         }
 
@@ -101,7 +101,7 @@ impl Receiver<state::Extension> {
     /// * `h` - The depth of the GGM tree.
     /// * `alpha` - The chosen position.
     /// * `ts` - The message from COT ideal functionality for the receiver. Only the chosen blocks are used.
-    /// * `extendfr` - The message sent from the sender.
+    /// * `extendfs` - The message sent by the sender.
     pub fn extend(
         &mut self,
         h: usize,
@@ -115,9 +115,9 @@ impl Receiver<state::Extension> {
             ));
         }
 
-        if alpha > (1 << h) {
+        if alpha >= (1 << h) {
             return Err(ReceiverError::InvalidInput(
-                "the input pos should be no more than 2^h".to_string(),
+                "the input pos should be no more than 2^h-1".to_string(),
             ));
         }
 
@@ -140,7 +140,7 @@ impl Receiver<state::Extension> {
 
         let alpha_bar_vec: Vec<bool> = alpha.iter_msb0().skip(32 - h).map(|a| !a).collect();
 
-        // Setp 5 in Figure 6.
+        // Step 5 in Figure 6.
         let k: Vec<Block> = ms
             .into_iter()
             .zip(ts)
@@ -210,14 +210,14 @@ impl Receiver<state::Extension> {
         Ok(CheckFromReceiver { x_prime })
     }
 
-    /// Performs the final consistency check.
+    /// Performs the final step of the consistency check.
     ///
     /// See step 9 in Figure 6.
     ///
     /// # Arguments
     ///
     /// * `z_star` - The message from COT ideal functionality for the receiver. Only the chosen blocks are used.
-    /// * `check` - The hashed value sent from the Sender.
+    /// * `check` - The hashed value sent by the Sender.
     pub fn check(
         &mut self,
         z_star: &[Block],
@@ -300,7 +300,7 @@ pub mod state {
         /// This is to prevent the receiver from extending twice
         pub(super) extended: bool,
 
-        /// A hasher to generate chi seed.
+        /// A hasher to generate chi seed from the protocol transcript.
         pub(super) hasher: blake3::Hasher,
     }
 

ot/mpz-ot-core/src/ferret/spcot/sender.rs

@@ -55,6 +55,7 @@ impl Sender<state::Extension> {
     ///
     /// * `h` - The depth of the GGM tree.
     /// * `qs`- The blocks received by calling the COT functionality.
+    /// * `mask`- The mask bits sent by the receiver.
     pub fn extend(
         &mut self,
         h: usize,
@@ -134,7 +135,7 @@ impl Sender<state::Extension> {
     /// # Arguments
     ///
     /// * `y_star` - The blocks received from the ideal functionality for the check.
-    /// * `checkfr` - The blocks received from the receiver for the check.
+    /// * `checkfr` - The bits received from the receiver for the check.
     pub fn check(
         &mut self,
         y_star: &[Block],
@@ -156,7 +157,7 @@ impl Sender<state::Extension> {
 
         // Step 8 in Figure 6.
 
-        // Computes y = y^star + x' * Delta
+        // Computes y = y_star + x' * Delta
         let y: Vec<Block> = y_star
             .iter()
             .zip(x_prime.iter())
@@ -170,7 +171,6 @@ impl Sender<state::Extension> {
         let mut v = Block::inn_prdt_red(&y, &base);
 
         // Computes V
-        // let mut prg = Prg::from_seed(chis_seed);
         let seed = *self.state.hasher.finalize().as_bytes();
         let mut prg = Prg::from_seed(Block::try_from(&seed[0..16]).unwrap());
 
@@ -185,13 +185,14 @@ impl Sender<state::Extension> {
         // Computes H'(V)
         let hashed_v = Hash::from(blake3(&v.to_bytes()));
 
+        self.state.cot_counter += self.state.unchecked_vs.len();
+
         let mut res = Vec::new();
         for n in &self.state.vs_length {
             let tmp: Vec<Block> = self.state.unchecked_vs.drain(..*n as usize).collect();
             res.push(tmp);
         }
 
-        self.state.cot_counter += self.state.unchecked_vs.len();
         self.state.extended = true;
 
         Ok((res, CheckFromSender { hashed_v }))

ot/mpz-ot-core/src/ideal/ideal_cot.rs

@@ -1,4 +1,4 @@
-//! Define ideal functionality of COT with random choise bit.
+//! Define ideal functionality of COT with random choice bit.
 
 use mpz_core::{prg::Prg, Block};
 use serde::{Deserialize, Serialize};
@@ -15,7 +15,7 @@ pub struct CotMsgForSender {
 pub struct CotMsgForReceiver {
     /// The random bits that receiver receives from the COT functionality.
     pub rs: Vec<bool>,
-    /// The chosen blocks that receiver receivers from the COT functionality.
+    /// The chosen blocks that receiver receives from the COT functionality.
     pub ts: Vec<Block>,
 }
 #[allow(missing_docs)]