This is the companion OCaml code for Xavier Leroy's 2025 course at Collège de France, Secure computing: computing on encrypted or private data.
-
Weakly homomorphic encryption (lecture #2)
- ElGamal's cipher: interface, implementation
- Paillier's cipher: interface, implementation
-
Somewhat homomorphic encryption (lecture #2)
- The impractical integer-based SHE of van Dijk, Gentry, Halevy, Vaikuntanathan (2010): interface, implementation
-
Secure multiparty computation (lectures #4, #5)
- GMW sharing of Booleans, using OT for multiplication (Goldreich, Micali, Wigderson, 1987): interface, implementation
- GMW sharing of Booleans, using Beaver triples for multiplication: interface, implementation
- Shamir sharing of small integers: interface, implementation
- Replicated 2-among-3 sharing of large integers: interface, implementation
- Yao's garbled circuits: interface, implementation
-
Oblivious transfer (lecture #5)
- 1-out-of-2 OT of small integers: interface, implementation
- 1-out-of-4 OT of Booleans: interface, implementation
-
Zero-knowledge proofs (lecture #6)
- Sigma protocols: interface, implementation
-
Private set intersection (lecture #1)
- Freedman, Nissim, Pinkas (2004): interface, implementation
-
Oblivious RAM (lecture #7)
- Goldreich-Ostrovsky "square root" ORAM: interface, implementation
-
Auxiliary modules
- Groups, modular arithmetic, elliptic curves, rings, polynomials: interface, implementation
- Multi-party communication using MPI: interface, implementation
-
Yao's millionaire problem: compare two secret integers
- using somewhat homomorphic encryption: Millionaires_SHE [uses SHE]
- using GMW sharing: Millionaires_GMW [uses GMW, OT4]
- using GMW sharing + Beaver triples: Millionaires_Beaver [uses Beaver]
- using Shamir sharing: Millionaires_Shamir [uses Shamir]
- using Yao's garbled circuits: Millionaires_Yao [uses GarbledCircuits, OT]
-
Counting electronic votes
-
Private Set Intersection
- see which poets you have in common with the server: Poets [uses PSI, Paillier]
-
Threshold decryption
- sharing a private key between three shareholders; any two can decrypt: Threshold [uses Replicated23, ElGamal]
-
Oblivious RAM
- crude visualization of ORAM (absence of) memory access patterns: ObliviousRAM [uses ORAM]
- Installing dependencies:
opam install --deps-only .(watch the final dot!) - Building:
make all - Running a demo:
./<demo-name>.exe. This will print instructions on how to run the demo.
This code is provided for learning purposes only and should not be used in any high-security application. It contains many insecurities such as keys too small (SHE), insufficient randomness (GarbledCircuits), insecure messaging (MultiParty), naive protocols (Vote2), and timing leaks (everywhere).
All files copyright 2026 Xavier Leroy.
The files in lib/ are distributed under the terms of the GNU Lesser General Public License version 2.1 (LGPL 2.1) or, at your option, any later version of the LGPL, with the OCaml LGPL linking exception.
All other files are distributed under the terms of the GNU General Public License version 2 (GPL 2) or, at your option, any later version of the GPL.