feat: Benchmark in progress OLE-based OT

[devloper]

The MPZ repo has a new implementation of VOLE "OT" in progress.

In particular,
[wip] VOPE: privacy-scaling-explorations/mpz#159
[wip] Ferret OT: privacy-scaling-explorations/mpz#137
[merged] mpz-ole crate: privacy-scaling-explorations/mpz#135
[merged] IO Wrapper for Ole: privacy-scaling-explorations/mpz#138
[merged] Add "Role": privacy-scaling-explorations/mpz#103
[merged] Add shared "role" core: privacy-scaling-explorations/mpz#115

Some other notable recent improvements:
[merged] Batch garbling (50% perf boost): privacy-scaling-explorations/mpz#140

The top 7 PRs look approximately equivalent to a fully working alternative to existing OT approaches. Is it possible for us to wire this up to TLSN ourselves so we can get a sense for the state-of-the art here?

[devloper]

Inspecting the mpz-ole related PRs that are already merged into the threading-refactor branch.

A general overview of OLE is here: https://eprint.iacr.org/2020/635.pdf

This crate does not implement OLE in this way. Instead, it builds it up on top of pure oblivious transfer (using ideal OT). I suspect this can be built much more efficiently using the techniques in the above paper. We will need to talk with the TLSN team to understand why they chose this route.

My assumption is that this OLE can be used to more efficiently model some part of the auth_decode commitments (?).

[devloper]

First PR, VOPE is an implementation of the quicksilver paper: https://eprint.iacr.org/2021/076.pdf
Second PR, this quicksilver paper depends on a COT implementation called Ferret OT: https://eprint.iacr.org/2020/924.pdf

It appears that ferret OT is not connected in anyway to the garbling logic yet. My hunch is this will require a new arithmetic circuit abstraction to build on top of VOPE, then a re-implementation of all the TLSN components. I expect over time the TLSN team will pursue this work, but perhaps we could start implementing some of these ourselves.

Next steps:

• Look more closely at the implementations, how close are they to completion? Ferret appears to be complete. VOPE is less clear.
• Investigate constructing a CircuitBuilder on top of the VOPE implementation.

[devloper]

Investigating IZK further:

• One substantial benefit here is the ability to "blind sign" data which has had computation confidentially performed. This would allow things like parsing/extracting content and then committing that the content is correct.
• The final ZKP can then simply verify the notary's signature without also verifying the extraction of the content
• My intuitive sense is that this IZK can take over a substantial part of the MPC that is currently performed. If data can be "committed", then "proven" as in the xx paper.

Additional Next Steps:

• Read through the Garble-then-prove paper: https://eprint.iacr.org/2023/964 (these are the incoming changes for TLSN)
• How are these extractors doing this process today? Is it guaranteed correct?
• Explore extractors (json, html, protobuf) on top of the VOPE arithmetic circuit.

[Autoparallel]

@0xJepsen I think we can close this if you push on updating the TLSN version. wdyt

[0xJepsen]

yeah i agree