This issue is just to leave a note. It is mainly an engineering addition.
Currently, we generate the offline materials in big batches of N. This is because efficient LPN map K -> N is often "big".
Therefore, even if two parties are proving very small statements, the one-shot time is not small.
There are many solutions to this:
-
When computing the LPN map K -> N, we instead just compute K -> N' where N' < N. The limitation is that it does not fully use K, and K could be smaller if one computes the parameters more carefully.
-
Use the original OT extension.
Both might be worthwhile of looking.
This issue is just to leave a note. It is mainly an engineering addition.
Currently, we generate the offline materials in big batches of N. This is because efficient LPN map K -> N is often "big".
Therefore, even if two parties are proving very small statements, the one-shot time is not small.
There are many solutions to this:
When computing the LPN map K -> N, we instead just compute K -> N' where N' < N. The limitation is that it does not fully use K, and K could be smaller if one computes the parameters more carefully.
Use the original OT extension.
Both might be worthwhile of looking.