oblivioustransfer alternatives and similar packages
Based on the "Cryptography" category.
Alternatively, view oblivioustransfer alternatives based on common mentions on social networks and blogs.

cryptonite
lowlevel set of cryptographic primitives for haskell 
merkletree
An implementation of a Merkle Tree and merkle tree proofs 
saltine
Cryptography that's easy to digest (NaCl/libsodium bindings) 
cacophony
A Haskell library implementing the Noise protocol. 
pedersencommitment
An implementation of Pedersen commitment schemes 
aossignature
AbeOhkuboSuzuki Linkable Ring Signatures 
arithmeticcircuits
Arithmetic circuits for zero knowledge proof systems 
cryptohash
efficient and practical cryptohashing in haskell. DEPRECATED in favor of cryptonite 
galoisfield
Finite field and algebraic extension field arithmetic 
cipheraes
DEPRECATED  use cryptonite  a comprehensive fast AES implementation for haskell that supports aesni and advanced cryptographic modes. 
cipherblowfish
DEPRECATED by cryptonite; A collection of cryptographic block and stream ciphers in haskell 
ellipticcurve
A polymorphic interface for elliptic curve operations 
cryptoapi
Haskell generic interface (type classes) for cryptographic algorithms 
ed25519
Minimal ed25519 Haskell package, binding to the ref10 SUPERCOP implementation. 
skein
Skein, a family of cryptographic hash functions. Includes SkeinMAC as well. 
qnapdecrypt
Decrypt files encrypted by the QNAP's Hybrid Backup Sync 
galoisfft
Finite field polynomial arithmetic based on fast Fourier transforms 
cryptohashsha256
Fast, pure and practical SHA256 implementation 
cryptopubkeytypes
Crypto Public Key algorithm generic types. 
cryptopubkey
DEPRECATED  use cryptonite  Cryptographic public key related algorithms in haskell (RSA,DSA,DH,ElGamal) 
cryptohashmd5
Fast, pure and practical MD5 implementation 
scrypt
Haskell bindings to Colin Percival's scrypt implementation. 
cryptopubkeyopenssh
OpenSSH keys decoder/encoder 
signable
Deterministic serialisation and signatures with protolens and protobufelixir support 
pureMD5
A reasonably performing MD5 implementation in pure Haskell 
cprngaes
Crypto Pseudo Random Number Generator using AES in counter mode 
cryptoenigma
A Haskell Enigma machine simulator with rich display and machine state details. 
cipheraes128
Based on cipheraes, but using a cryptoapi interface and providing resulting IVs for each mode 
cryptonumbers
DEPRECATED  use cryptonite  Cryptographic number related function and algorithms
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of oblivioustransfer or a related project?
Popular Comparisons
README
Oblivious Transfer (OT) is a cryptographic primitive in which a sender transfers some of potentially many pieces of information to a receiver. The sender doesn't know which pieces of information have been transferred.
1outof2 OT
Oblivious transfer is central to many of the constructions for secure multiparty computation. In its most basic form, the sender has two secret messages as inputs, m0 and m1; the receiver has a choice bit c as input. At the end of the 1outof2 OT protocol, the receiver should only learn message Mc, while the sender should not learn the value of the receiver's input c.
The protocol is defined for elliptic curves over finite fields E(Fq). The set of points E(Fq) is a finite abelian group. It works as follows:
 Alice samples a random a and computes A = aG. Sends A to Bob
 Bob has a choice c. He samples a random b.
 If c is 0, then he computes B = bG.
 If c is 1, then he computes B = A + bG.
Sends B to Alice
 Alice derives two keys:
 K0 = aB
 K1 = a(B  A)
It's easy to check that Bob can derive the key Kc corresponding to his choice bit, but cannot compute the other one.
1outofN OT
The 1outofN oblivious transfer protocol is a natural generalization of the 1outof2 OT protocol, in which the sender has a vector of messages (M0, ..., Mn1). The receiver only has a choice c.
We implement a protocol for random OT, where the sender, Alice, outputs n random keys and the receiver, Bob, only learns one of them. It consists on three parts:
Setup
Alice samples a ∈ Zp and computes A = aG and T = aA, where G and p are the generator and the order of the curve, respectively. She sends A to Bob, who aborts if A is not a valid point in the curve.
Choose
Bob takes his choice c ∈ Zn, samples b ∈ Zp and replies R = cA + bG. Alice aborts if R is not a valid point in the curve.
Key derivation
For all e ∈ Zn, Alice computes ke = aR  eT. She now has a vector of keys (k0, ..., kn1).
Bob computes kR = bA.
We can see that the key ke = aR  eT = abG + (c  e)T. If e = c, then kc = abG = bA = kR. Therefore, kR = kc if both parties are honest.
{# LANGUAGE ScopedTypeVariables #}
import Protolude
import Data.Curve.Weierstrass.SECP256K1
import qualified OT
testOT :: Integer > IO Bool
testOT n = do
 Alice sets up the procotol
(sPrivKey, sPubKey, t) :: (Fr, PA, PA) < OT.setup
 Bob picks a choice bit 'c'
(rPrivKey, response, c) < OT.choose n sPubKey
 Alice computes a set of n keys
let senderKeys = OT.deriveSenderKeys n sPrivKey response t
 Bob only gets to know one out of n keys. Alice doesn't know which one
let receiverKey = OT.deriveReceiverKey rPrivKey sPubKey
pure $ receiverKey == (senderKeys !! fromInteger c)
koutofN OT
1outofN oblivious transfer can be generalised one step further into koutofN. This is very similar in structure to the methods above comprising the same 3 parts:
Setup As above, Alice samples a ∈ Zp and computes A = aG and T = aA, where G and p are the generator and the order of the curve, respectively. She sends A to Bob, who aborts if A is not a valid point in the curve.
Choose Bob takes his choices ci ∈ Zn, samples bi ∈ Zp and replies Ri = ciA + biG. Alice aborts if Ri is not a valid point in the curve.
Key derivation
For all ei ∈ Zn, Alice computes kei = aRi  eiT. She now has a vector of vectors of keys (k0i, ..., kn1i).
Bob computes kRi = biA.
We can see that the key kei = aRi  eiT = abiG + (ci  ei)T. If e = c, then kci = abiG = biA = kRi. Therefore, kRi = kci if both parties are honest.
References:
 Chou, T. and Orlandi, C. "The Simplest Protocol for Oblivious Transfer" Technische Universiteit Eindhoven and Aarhus University
Notation:
k: Lowercase letters are scalars. P: Uppercase letters are points in an elliptic curve. kP: Multiplication of a point P with a scalar k over an elliptic curve defined over a finite field modulo a prime number.
License
Copyright 20182020 Adjoint Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*Note that all licence references and agreements mentioned in the oblivioustransfer README section above
are relevant to that project's source code only.