Auxilary files and code for the paper OPRFs from Isogenies: Designs and Analysis, by Lena Heimberger, Tobias Hennerbichler, Fredrik Meisingseth, Sebastian Ramacher and Christian Rechberger.

NOTE: This is academic research code and not production-ready. The implementation is not constant-time and may have other errors.

The _ code/ _ folder contains the following implementations:

• mobile_psi_cpp optimizes the ECNR implementation from the droidCrypto PSI protocol
• nr_ot implements the NR-OT stand-alone and with Private Set Intersection
• opaque contains a copy of the libopaque library using isogeny-based primitives
• opus implements OPUS stand-alone
• opus-psi implements OPUS with Private Set Intersection

While make compiles all four variants below, we briefly give an overview of the produced binaries.

• To compile opus.c, please run make opus.
• To compile prf.c which was used for Figure 4, run make prf, which will generate a file noopt.csv with the respective data.
• To compile updatable.c for Figure 5, run make updatable to generate updatable.csv.
• To compile the client/server binaries used for Figure 10, use make networked . Note this was tested on several Linux machines using gcc. We link with -pthread, other platforms or compilers may need -lphtread instead.

In addition, we provide the file leak_OPRF_key_csidh.py, which estimates how many random iterations are necessary to recover the key for the NR-OT OPRF if CSI-FiSh is not used.

CSIDH Reference implementation CSI-FiSh droidCrypto libopaque