I recently read the KKRT paper on item coding, and I noticed that each item is encoded using 4-AES for extended OT. However, in the implementation, it seems that mulAES_sk(item) ^ item is used instead of just "mulAES_sk(item)". Is there a specific reason for this approach? Could you please clarify the considerations behind this choice?
Xor the item makes it one way. The adversary can't find small distance codewords. But I guess it doesn't matter as kkrt is Semi-honest. So no reason....
Hi,
I recently read the KKRT paper on item coding, and I noticed that each item is encoded using 4-AES for extended OT. However, in the implementation, it seems that mulAES_sk(item) ^ item is used instead of just "mulAES_sk(item)". Is there a specific reason for this approach? Could you please clarify the considerations behind this choice?
Thank you.
https://github.com/osu-crypto/libOTe/blob/e59724e49c3edcc046a8ac7df0188ccca44e189f/libOTe/NChooseOne/Kkrt/KkrtNcoOtReceiver.cpp#L228