diff --git a/crypto/ot/ot_receiver.go b/crypto/ot/ot_receiver.go
index 2e55217e..fe773ff0 100644
--- a/crypto/ot/ot_receiver.go
+++ b/crypto/ot/ot_receiver.go
@@ -17,6 +17,7 @@ package ot
 import (
 	"crypto/subtle"
 	"math/big"
+	"strconv"
 
 	pt "github.com/getamis/alice/crypto/ecpointgrouplaw"
 	"github.com/getamis/alice/crypto/utils"
@@ -104,8 +105,14 @@ func (otR *OtReceiver) Response(otSenderMsg *OtSenderMessage) (*OtReceiverVerify
 		if err != nil {
 			return nil, nil, err
 		}
-		// compute pibi := RO2(sid, z^alphai)
-		pib[i], err = utils.HashProtos(otR.sid, zalphaiMSg)
+		// compute pibi := if bi = 0, then RO2(sid, z^alphai, i). If bi == 1, then compute RO2(sid, z^alphai). Ref: ref: Batching Base Oblivious Transfers https://eprint.iacr.org/2021/682.pdf.
+		if otR.b[i] == 0 {
+			pib[i], err = utils.HashProtos(otR.sid, zalphaiMSg, &any.Any{
+				Value: []byte(strconv.Itoa(i)),
+			})
+		} else {
+			pib[i], err = utils.HashProtos(otR.sid, zalphaiMSg)
+		}
 		if err != nil {
 			return nil, nil, err
 		}
diff --git a/crypto/ot/ot_sender.go b/crypto/ot/ot_sender.go
index ce62bcf0..5d6cf39a 100644
--- a/crypto/ot/ot_sender.go
+++ b/crypto/ot/ot_sender.go
@@ -18,6 +18,7 @@ import (
 	"crypto/subtle"
 	"errors"
 	"math/big"
+	"strconv"
 
 	pt "github.com/getamis/alice/crypto/ecpointgrouplaw"
 	"github.com/getamis/alice/crypto/oprf/hasher"
@@ -82,7 +83,11 @@ func NewSender(sid []byte, otReceiverMsg *OtReceiverMessage) (*OtSender, error)
 		if err != nil {
 			return nil, err
 		}
-		p0[i], err = utils.HashProtos(sid, msgbir)
+		// Instead of p0 = H(sid, g^ab), use p0 = H(sid,g^ab,i) in Section 3.3 ref: Batching Base Oblivious Transfers https://eprint.iacr.org/2021/682.pdf.
+		p0[i], err = utils.HashProtos(sid, msgbir,
+			&any.Any{
+				Value: []byte(strconv.Itoa(i)),
+			})
 		if err != nil {
 			return nil, err
 		}