bool nnobRevealOblivBit(ProtocolDesc* pd, NnobProtocolDesc* npd, bool* output, OblivBit* input) { bool success = true; nnob_key_t inputMac; bool inputBit; if(pd->thisParty==1) { osend(pd, 2, input->nnob.shareAndMac.mac, NNOB_KEY_BYTES); osend(pd, 2, &input->nnob.shareAndMac.share, 1); orecv(pd, 2, inputMac, NNOB_KEY_BYTES); orecv(pd, 2, &inputBit, 1); if(inputBit) memxor(inputMac, npd->globalDelta, NNOB_KEY_BYTES); success&=memcmp(inputMac, input->nnob.key.key,NNOB_KEY_BYTES)==0?true:false; } else { orecv(pd, 1, inputMac, NNOB_KEY_BYTES); orecv(pd, 1, &inputBit, 1); if(inputBit) memxor(inputMac, npd->globalDelta, NNOB_KEY_BYTES); success&=memcmp(inputMac, input->nnob.key.key,NNOB_KEY_BYTES)==0?true:false; osend(pd, 1, input->nnob.shareAndMac.mac, NNOB_KEY_BYTES); osend(pd, 1, &input->nnob.shareAndMac.share, 1); } *output = inputBit^input->nnob.shareAndMac.share; assert(success); return success; }
void nnobANDGetSKey(ProtocolDesc* pd, NnobKey* s, NnobShareAndMac* r, const NnobShareAndMac* x, const NnobKey* y) { NnobProtocolDesc* npd = pd->extra; assert(npd!=NULL); NnobShareAndMac u0, u1, f, g; bool other_d; NnobKey c, w, d; int destparty = pd->thisParty==1?1:2; getRandomAOTQuadrupleKeyOfZ(npd, &u0, &u1, &c, &w); d=c; nnobKeyXOR(&d, y); orecv(pd, destparty, &other_d, 1); hashMacCheckKey(npd, &d, other_d); f=u0; nnobShareAndMacXOR(&f, &u1); nnobShareAndMacXOR(&f, x); g=u0; nnobShareAndMacXOR(&g, r); if(other_d) nnobShareAndMacXOR(&g, x); osend(pd, destparty, &f.share, 1); osend(pd, destparty, &g.share, 1); hashMacCheckShareAndMac(npd, &f); hashMacCheckShareAndMac(npd, &g); *s=w; if(f.share) nnobKeyXOR(s, &c); nnobKeyXORConst(s, g.share, npd->globalDelta); }
void LaOTCombineKeyOfZ(ProtocolDesc* pd, NnobShareAndMac* x10, const NnobShareAndMac* x20, NnobShareAndMac* x11, const NnobShareAndMac* x21, NnobKey* c1, const NnobKey* c2, NnobKey* z1, const NnobKey* z2, const unsigned* permutation, int n, int k) { bool* d = malloc(n); int i,pos,destparty = pd->thisParty==1?1:2; for(i=0;i<n;i++) { pos = permutation[i+k*n]; d[i]=x10[i].share^x11[i].share^ x20[pos].share^x21[pos].share; } osend(pd, destparty, d, n); for(i=0;i<n;i++) { pos = permutation[i+k*n]; nnobKeyXOR(&z1[i], &z2[pos]); if(d[i]) nnobKeyXOR(&z1[i], &c1[i]); nnobKeyXOR(&c1[i], &c2[pos]); x11[i]=x10[i]; nnobShareAndMacXOR(&x11[i], &x21[pos]); nnobShareAndMacXOR(&x10[i], &x20[pos]); } free(d); }
void nnobANDGetSShareAndMac(ProtocolDesc* pd, NnobShareAndMac* s, NnobKey* r, const NnobKey* x, const NnobShareAndMac* y) { NnobProtocolDesc* npd = pd->extra; assert(npd!=NULL); NnobKey u0, u1, f, g; NnobShareAndMac c, w, d; bool other_f, other_g; int destparty = pd->thisParty==1?1:2; getRandomAOTQuadrupleShareAndMacOfZ(npd, &u0, &u1, &c, &w); d=c; nnobShareAndMacXOR(&d, y); osend(pd, destparty, &d.share, 1); hashMacCheckShareAndMac(npd, &d); f=u0; nnobKeyXOR(&f, &u1); nnobKeyXOR(&f, x); g=*r; nnobKeyXOR(&g, &u0); if(d.share) nnobKeyXOR(&g, x); orecv(pd, destparty, &other_f, 1); orecv(pd, destparty, &other_g, 1); hashMacCheckKey(npd, &f, other_f); hashMacCheckKey(npd, &g, other_g); *s=w; if(other_f) nnobShareAndMacXOR(s, &c); nnobShareAndMacXORConst(s, other_g); }
void nnobANDGetXYShareAndMac(ProtocolDesc* pd, NnobShareAndMac* xy, const NnobShareAndMac* x, const NnobShareAndMac* y) { NnobProtocolDesc* npd = pd->extra; assert(npd!=NULL); int destparty=pd->thisParty==1?1:2; NnobShareAndMac u,v,w,f,g; getRandomAANDTripleShareAndMac(npd, &u, &v, &w); f=u; nnobShareAndMacXOR(&f, x); g=v; nnobShareAndMacXOR(&g, y); osend(pd, destparty, &f.share, 1); osend(pd, destparty, &g.share, 1); hashMacCheckShareAndMac(npd, &f); hashMacCheckShareAndMac(npd, &g); *xy = w; if(f.share) nnobShareAndMacXOR(xy, y); if(g.share) nnobShareAndMacXOR(xy, x); if(f.share&&g.share) nnobShareAndMacXORConst(xy, true); }
void LaANDCombineShareAndMac(ProtocolDesc* pd, NnobShareAndMac* x1, const NnobShareAndMac* x2, NnobShareAndMac* y1, const NnobShareAndMac* y2, NnobShareAndMac* z1, const NnobShareAndMac* z2) { bool d; int destparty = pd->thisParty==1?1:2; d=y1->share^y2->share; osend(pd, destparty, &d, 1); nnobShareAndMacXOR(z1, z2); if(d) nnobShareAndMacXOR(z1, x2); nnobShareAndMacXOR(x1, x2); }
bool aOTShareAndMacOfZ(ProtocolDesc *pd, AOTShareAndMacOfZ* sm) { NnobProtocolDesc* npd = pd->extra; assert(npd!=NULL); int i,k, bucketSize = npd->bucketSize, n = sm->n, numLaOTs = sm->n*bucketSize, destparty = pd->thisParty==1?1:2; bool success = true; unsigned* permutation = malloc(numLaOTs*sizeof(unsigned)); NnobKey* LaOTx0 = malloc(numLaOTs*sizeof(NnobKey)); NnobKey* LaOTx1 = malloc(numLaOTs*sizeof(NnobKey)); NnobShareAndMac* LaOTc = malloc(numLaOTs*sizeof(NnobShareAndMac)); NnobShareAndMac* LaOTr = malloc(numLaOTs*sizeof(NnobShareAndMac)); NnobShareAndMac* LaOTz = malloc(numLaOTs*sizeof(NnobShareAndMac)); BCipherRandomGen* gen = newBCipherRandomGen(); BCipherRandomGen* padder = newBCipherRandomGen(); int nonce = 0; for(i=0;i<numLaOTs;i++) { randomOblivAuthenticationKey(npd, &LaOTx0[i]); randomOblivAuthenticationKey(npd, &LaOTx1[i]); randomOblivAuthenticationShareAndMac(npd, &LaOTc[i]); randomOblivAuthenticationShareAndMac(npd, &LaOTr[i]); } success &= LaOTShareAndMacOfZ(pd, LaOTx0, LaOTx1, LaOTc, LaOTr, LaOTz, padder, gen, &nonce, numLaOTs); bcRandomPermutation(gen, permutation, numLaOTs); osend(pd, destparty, permutation, numLaOTs*sizeof(unsigned)); for(i=0;i<n;i++) { sm->x0[i]=LaOTx0[permutation[i]]; sm->x1[i]=LaOTx1[permutation[i]]; sm->c[i]=LaOTc[permutation[i]]; sm->z[i]=LaOTz[permutation[i]]; } for(k=1;k<bucketSize;k++) { LaOTCombineShareAndMacOfZ(pd, sm->x0, LaOTx0, sm->x1, LaOTx1, sm->c, LaOTc, sm->z, LaOTz, permutation, n, k); } free(permutation); releaseBCipherRandomGen(gen); releaseBCipherRandomGen(padder); free(LaOTx0); free(LaOTx1); free(LaOTc); free(LaOTr); free(LaOTz); return success; }
void nnobSendBitOblivInputs(ProtocolDesc* pd, OblivBit* oblivInput, bool b, int destparty) { NnobProtocolDesc* npd = pd->extra; bool sendbit; char const* globalDelta = npd->globalDelta; randomOblivAuthenticationShareAndMac(npd, &oblivInput->nnob.shareAndMac); sendbit = b^oblivInput->nnob.shareAndMac.share; osend(pd, destparty, &sendbit, 1); memset(oblivInput->nnob.key.key, 0, NNOB_KEY_BYTES); nnobKeyXORConst(&oblivInput->nnob.key, sendbit, globalDelta); oblivInput->unknown=true; debugPrintOblivBit(oblivInput); nl(); }
void debugNnobSendOblivInput(ProtocolDesc* pd, bool* input, OblivBit* oblivInput, int numOblivInput) { NnobProtocolDesc* npd = pd->extra; int i, destparty = pd->thisParty==1?1:2; bool* b = malloc(numOblivInput); char const* globalDelta = npd->globalDelta; for(i=0;i<numOblivInput;i++) { randomOblivAuthenticationShareAndMac(npd, &oblivInput[i].nnob.shareAndMac); b[i] = input[i] ^ oblivInput[i].nnob.shareAndMac.share; memset(oblivInput[i].nnob.key.key, 0, NNOB_KEY_BYTES); nnobKeyXORConst(&oblivInput[i].nnob.key, b[i], globalDelta); } osend(pd, destparty, b, numOblivInput); free(b); }
void nnobRevealOblivInputsSend(ProtocolDesc* pd, widest_t* dest,const OblivBit* o,size_t n, bool* share ,int destparty) { NnobProtocolDesc* npd = pd->extra; int i; fprintf(stderr, "B\n"); for(i=0;i<n;i++) { share[i]=o[i].nnob.shareAndMac.share; hashMacCheckShareAndMac(npd, &o[i].nnob.shareAndMac); } osend(pd, destparty, share, n); fprintf(stderr, "error? = %d\n", npd->error); npd->error |= !ocEqualityCheck(pd, npd->gen, npd->cumulativeHashCheckMac,NNOB_KEY_BYTES, destparty); fprintf(stderr, "error? = %d\n", npd->error); npd->nonce+=1; assert(!npd->error); fprintf(stderr, "in nnobRevealOblivInputs\n"); }
bool aANDShareAndMac(ProtocolDesc *pd, AANDShareAndMac* sm) { NnobProtocolDesc* npd = pd->extra; assert(npd!=NULL); int i,k,n = sm->n,bucketSize = npd->bucketSize, numLaANDs = n*bucketSize, nonce = 0, destparty = pd->thisParty==1?1:2; bool success = true; unsigned* permutation = malloc(numLaANDs*sizeof(unsigned)); NnobShareAndMac* LaANDx = malloc(numLaANDs*sizeof(NnobShareAndMac)); NnobShareAndMac* LaANDy = malloc(numLaANDs*sizeof(NnobShareAndMac)); NnobShareAndMac* LaANDr = malloc(numLaANDs*sizeof(NnobShareAndMac)); NnobShareAndMac* LaANDz = malloc(numLaANDs*sizeof(NnobShareAndMac)); char dummy[NNOB_HASH_ALGO_KEYBYTES]; BCipherRandomGen* gen = newBCipherRandomGen(); BCipherRandomGen* padder = newBCipherRandomGenByAlgoKey(NNOB_HASH_ALGO, dummy); for(i=0;i<numLaANDs;i++) { randomOblivAuthenticationShareAndMac(npd, &LaANDx[i]); randomOblivAuthenticationShareAndMac(npd, &LaANDy[i]); randomOblivAuthenticationShareAndMac(npd, &LaANDr[i]); } success &= LaANDShareAndMac(pd, LaANDx, LaANDy, LaANDr, LaANDz, padder, gen, &nonce, numLaANDs); assert(success); bcRandomPermutation(gen, permutation, numLaANDs); osend(pd, destparty, permutation, numLaANDs*sizeof(unsigned)); for(i=0;i<n;i++) { sm->x[i]=LaANDx[permutation[i]]; sm->y[i]=LaANDy[permutation[i]]; sm->z[i]=LaANDz[permutation[i]]; } for(k=1;k<bucketSize;k++) { for(i=0;i<n;i++) { LaANDCombineShareAndMac(pd, &sm->x[i], &LaANDx[permutation[i+k*n]], &sm->y[i], &LaANDy[permutation[i+k*n]], &sm->z[i], &LaANDz[permutation[i+k*n]]); } } free(permutation); releaseBCipherRandomGen(gen); releaseBCipherRandomGen(padder); free(LaANDx); free(LaANDy); free(LaANDr); free(LaANDz); return success; }
bool LaANDKey(ProtocolDesc* pd, const NnobKey* x, const NnobKey* y, const NnobKey* r, NnobKey* z, BCipherRandomGen* padder, BCipherRandomGen* gen, int* nonce, int numLaANDs) { NnobProtocolDesc* npd = pd->extra; assert(npd!=NULL); int i, destparty = pd->thisParty==1?1:2; bool* d = malloc(numLaANDs); char (*U)[NNOB_KEY_BYTES] = malloc(numLaANDs*NNOB_KEY_BYTES); char (*V)[NNOB_KEY_BYTES] = malloc(numLaANDs*NNOB_KEY_BYTES); char temp[2*NNOB_KEY_BYTES]; char temp2[NNOB_KEY_BYTES]; char zeroes[NNOB_KEY_BYTES]; memset(zeroes, 0, NNOB_KEY_BYTES); const char* globalDelta = npd->globalDelta; bool success = true; orecv(pd, destparty, d, numLaANDs); for(i=0;i<numLaANDs;i++) { z[i]=r[i]; nnobKeyXORConst(&z[i], d[i], globalDelta); /*assert(z[i].ShareAndMac.value == (x[i].ShareAndMac.value && y[i].ShareAndMac.value));*/ memcpy(temp, x[i].key, NNOB_KEY_BYTES); memcpy(temp+NNOB_KEY_BYTES, z[i].key, NNOB_KEY_BYTES); nnobHash(padder, temp, 2*NNOB_KEY_BYTES, *nonce, temp2, zeroes); memcpy(temp, x[i].key, NNOB_KEY_BYTES); memxor(temp, globalDelta, NNOB_KEY_BYTES); memcpy(temp+NNOB_KEY_BYTES, y[i].key, NNOB_KEY_BYTES); memxor(temp+NNOB_KEY_BYTES, z[i].key, NNOB_KEY_BYTES); nnobHash(padder, temp, 2*NNOB_KEY_BYTES, *nonce, U[i], temp2); } osend(pd, destparty, U, NNOB_KEY_BYTES*numLaANDs); for(i=0;i<numLaANDs;i++) { memcpy(V[i], temp2, NNOB_KEY_BYTES); *nonce+=1; } success &= ocEqualityCheck(pd, gen, V, numLaANDs*NNOB_KEY_BYTES, destparty); free(d); free(U); free(V); return success; }
bool LaANDShareAndMac(ProtocolDesc* pd, const NnobShareAndMac* x, const NnobShareAndMac* y, const NnobShareAndMac* r, NnobShareAndMac* z, BCipherRandomGen* padder, BCipherRandomGen* gen, int* nonce, int numLaANDs) { int i, destparty = pd->thisParty==1?1:2; bool* d = malloc(numLaANDs); char (*U)[NNOB_KEY_BYTES] = malloc(numLaANDs*NNOB_KEY_BYTES); char (*V)[NNOB_KEY_BYTES] = malloc(numLaANDs*NNOB_KEY_BYTES); char temp[2*NNOB_KEY_BYTES]; char zeroes[NNOB_KEY_BYTES]; memset(zeroes, 0, NNOB_KEY_BYTES); bool success = true; for(i=0;i<numLaANDs;i++) { z[i].share = x[i].share && y[i].share; d[i] = z[i].share^r[i].share; } osend(pd, destparty, d, numLaANDs); for(i=0;i<numLaANDs;i++) { z[i]=r[i]; nnobShareAndMacXORConst(&z[i], d[i]); /*assert(z[i].ShareAndMac.value == (x[i].ShareAndMac.value && y[i].ShareAndMac.value));*/ } orecv(pd, destparty, U, NNOB_KEY_BYTES*numLaANDs); for(i=0;i<numLaANDs;i++) { memcpy(temp, x[i].mac, NNOB_KEY_BYTES); memcpy(temp+NNOB_KEY_BYTES, z[i].mac, NNOB_KEY_BYTES); if(x[i].share) { memxor(temp+NNOB_KEY_BYTES, y[i].mac, NNOB_KEY_BYTES); nnobHash(padder, temp, 2*NNOB_KEY_BYTES, *nonce, V[i], U[i]); } else { nnobHash(padder, temp, 2*NNOB_KEY_BYTES, *nonce, V[i], zeroes); } *nonce+=1; } success &= ocEqualityCheck(pd, gen, V, numLaANDs*NNOB_KEY_BYTES, destparty); free(d); free(U); free(V); return success; }
static int linux_send(struct proc *p, struct linux_send_args *args, int *retval) { struct linux_send_args linux_args; struct osend_args /* { int s; caddr_t buf; int len; int flags; } */ bsd_args; int error; if ((error=copyin((caddr_t)args, (caddr_t)&linux_args, sizeof(linux_args)))) return error; bsd_args.s = linux_args.s; bsd_args.buf = linux_args.msg; bsd_args.len = linux_args.len; bsd_args.flags = linux_args.flags; return osend(p, &bsd_args, retval); }
bool LaOTKeyOfZ(ProtocolDesc* pd, const NnobShareAndMac* x0, const NnobShareAndMac* x1, const NnobKey* c, const NnobKey* r, NnobKey* z, BCipherRandomGen* padder, BCipherRandomGen* gen, int* nonce, int numLaOTs) { NnobProtocolDesc* npd = pd->extra; assert(npd!=NULL); int i, destparty = pd->thisParty==1?1:2; bool success = true; const int XOTBytes = 1+2*NNOB_KEY_BYTES; char (*X0)[XOTBytes] = malloc(numLaOTs*XOTBytes); char (*X1)[XOTBytes] = malloc(numLaOTs*XOTBytes); char (*I0)[NNOB_KEY_BYTES] = malloc(numLaOTs*NNOB_KEY_BYTES); char (*I1)[NNOB_KEY_BYTES] = malloc(numLaOTs*NNOB_KEY_BYTES); char (*T0)[NNOB_KEY_BYTES] = malloc(numLaOTs*NNOB_KEY_BYTES); char (*T1)[NNOB_KEY_BYTES] = malloc(numLaOTs*NNOB_KEY_BYTES); char temp[NNOB_KEY_BYTES]; char (*mc)[XOTBytes] = malloc(numLaOTs*XOTBytes); bool* d = malloc(numLaOTs); const char* globalDelta = npd->globalDelta; for(i=0;i<numLaOTs;i++) { char m0[XOTBytes], m1[XOTBytes]; randomizeBuffer(gen, T0[i], NNOB_KEY_BYTES); randomizeBuffer(gen, T1[i], NNOB_KEY_BYTES); m0[0] = x0[i].share; memcpy(m0+1, x0[i].mac, NNOB_KEY_BYTES); if(x0[i].share) memcpy(m0+1+NNOB_KEY_BYTES, T1[i], NNOB_KEY_BYTES); else memcpy(m0+1+NNOB_KEY_BYTES, T0[i], NNOB_KEY_BYTES); m1[0] = x1[i].share; memcpy(m1+1, x1[i].mac, NNOB_KEY_BYTES); if(x1[i].share) memcpy(m1+1+NNOB_KEY_BYTES, T1[i], NNOB_KEY_BYTES); else memcpy(m1+1+NNOB_KEY_BYTES, T0[i], NNOB_KEY_BYTES); nnobPRG(padder, c[i].key, NNOB_KEY_BYTES, *nonce, X0[i], m0, XOTBytes); memcpy(temp, c[i].key, NNOB_KEY_BYTES); memxor(temp, globalDelta, NNOB_KEY_BYTES); nnobPRG(padder, temp, NNOB_KEY_BYTES, *nonce, X1[i], m1, XOTBytes); *nonce+=1; } osend(pd, destparty, X0, numLaOTs*XOTBytes); osend(pd, destparty, X1, numLaOTs*XOTBytes); orecv(pd, destparty, d, numLaOTs); for(i=0;i<numLaOTs;i++) { z[i]=r[i]; nnobKeyXORConst(&z[i], d[i], globalDelta); nnobHash(padder, z[i].key, NNOB_KEY_BYTES, *nonce, I0[i], T1[i]); memcpy(temp, z[i].key, NNOB_KEY_BYTES); memxor(temp, globalDelta, NNOB_KEY_BYTES); nnobHash(padder, temp, NNOB_KEY_BYTES, *nonce, I1[i], T0[i]); *nonce+=1; } osend(pd, destparty, I0, numLaOTs*NNOB_KEY_BYTES); osend(pd, destparty, I1, numLaOTs*NNOB_KEY_BYTES); success &= ocEqualityCheck(pd, gen, T0, numLaOTs*NNOB_KEY_BYTES, destparty); success &= ocEqualityCheck(pd, gen, T1, numLaOTs*NNOB_KEY_BYTES, destparty); free(X0); free(X1); free(I0); free(I1); free(T0); free(T1); free(mc); free(d); return success; }
bool LaOTShareAndMacOfZ(ProtocolDesc* pd, const NnobKey* x0, const NnobKey* x1, const NnobShareAndMac* c, const NnobShareAndMac* r, NnobShareAndMac* z, BCipherRandomGen* padder, BCipherRandomGen* gen, int* nonce, int numLaOTs) { NnobProtocolDesc* npd = pd->extra; assert(npd!=NULL); int i, destparty = pd->thisParty==1?1:2; bool success = true; const int XOTBytes = 1+2*NNOB_KEY_BYTES; char (*X0)[XOTBytes] = malloc(numLaOTs*XOTBytes); char (*X1)[XOTBytes] = malloc(numLaOTs*XOTBytes); char (*I0)[NNOB_KEY_BYTES] = malloc(numLaOTs*NNOB_KEY_BYTES); char (*I1)[NNOB_KEY_BYTES] = malloc(numLaOTs*NNOB_KEY_BYTES); char (*T0)[NNOB_KEY_BYTES] = malloc(numLaOTs*NNOB_KEY_BYTES); char (*T1)[NNOB_KEY_BYTES] = malloc(numLaOTs*NNOB_KEY_BYTES); char temp[NNOB_KEY_BYTES]; char (*mc)[XOTBytes] = malloc(numLaOTs*XOTBytes); bool* d = malloc(numLaOTs); const char* globalDelta = npd->globalDelta; orecv(pd, destparty, X0, numLaOTs*XOTBytes); orecv(pd, destparty, X1, numLaOTs*XOTBytes); for(i=0;i<numLaOTs;i++) { if(c[i].share) nnobPRG(padder, c[i].mac, NNOB_KEY_BYTES, *nonce, mc[i], X1[i], XOTBytes); else nnobPRG(padder, c[i].mac, NNOB_KEY_BYTES, *nonce, mc[i], X0[i], XOTBytes); *nonce+=1; z[i].share = mc[i][0]; if(c[i].share) memcpy(temp, x1[i].key, NNOB_KEY_BYTES); else memcpy(temp, x0[i].key, NNOB_KEY_BYTES); if(z[i].share) memxor(temp, globalDelta, NNOB_KEY_BYTES); success &= memcmp(mc[i]+1, temp, NNOB_KEY_BYTES)==0?true:false; assert(success); d[i] = z[i].share^r[i].share; } osend(pd, destparty, d, numLaOTs); for(i=0;i<numLaOTs;i++) { z[i]=r[i]; nnobShareAndMacXORConst(&z[i], d[i]); } orecv(pd, destparty, I0, numLaOTs*NNOB_KEY_BYTES); orecv(pd, destparty, I1, numLaOTs*NNOB_KEY_BYTES); for(i=0;i<numLaOTs;i++) { if(z[i].share) { memcpy(T1[i], mc[i]+1+NNOB_KEY_BYTES, NNOB_KEY_BYTES); nnobHash(padder, z[i].mac, NNOB_KEY_BYTES, *nonce, T0[i], I1[i]); } else { memcpy(T0[i], mc[i]+1+NNOB_KEY_BYTES, NNOB_KEY_BYTES); nnobHash(padder, z[i].mac, NNOB_KEY_BYTES, *nonce, T1[i], I0[i]); } *nonce+=1; } success &= ocEqualityCheck(pd, gen, T0, numLaOTs*NNOB_KEY_BYTES, destparty); success &= ocEqualityCheck(pd, gen, T1, numLaOTs*NNOB_KEY_BYTES, destparty); free(X0); free(X1); free(I0); free(I1); free(T0); free(T1); free(mc); free(d); return success; }