CowGear, more protocols with replicated secret sharing.

BMR/CommonParty.cpp

@@ -30,7 +30,7 @@ CommonParty::CommonParty() :
 #endif
 	cpu_timer.start();
 	timer.start();
-	gf2n::init_field(128);
+	gf2n_long::init_field(128);
 	mac_key.randomize(prng);
 }
 

BMR/CommonParty.h

@@ -15,7 +15,6 @@ using namespace std;
 #include "proto_utils.h"
 #include "network/Node.h"
 #include "Tools/random.h"
-#include "Auth/MAC_Check.h"
 #include "Tools/time-func.h"
 #include "GC/Program.h"
 #include "Tools/FlexBuffer.h"
@@ -67,7 +66,7 @@ class CommonParty
     Timer timers[2];
     Timer timer;
 
-    gf2n mac_key;
+    gf2n_long mac_key;
 
     LocalBuffer wires;
     ReceivedMsgStore wire_storage;
@@ -103,7 +102,7 @@ class CommonParty
     gate_id_t next_gate(int skip) { return gate_counter2 += skip; }
     size_t get_garbled_tbl_size() { return garbled_tbl_size; }
 
-    gf2n get_mac_key() { return mac_key; }
+    gf2n_long get_mac_key() { return mac_key; }
 };
 
 class CommonFakeParty : virtual public CommonParty, public NodeUpdatable

BMR/Party.cpp

@@ -23,7 +23,7 @@
 
 #include "CommonParty.hpp"
 #include "ProgramParty.hpp"
-#include "Auth/MAC_Check.hpp"
+#include "Protocols/MAC_Check.hpp"
 #include "BMR/Register.hpp"
 #include "GC/Machine.hpp"
 #include "GC/Processor.hpp"
@@ -33,6 +33,7 @@
 #include "GC/Program.hpp"
 #include "GC/Instruction.hpp"
 #include "Processor/Instruction.hpp"
+#include "Protocols/Share.hpp"
 
 #ifdef __PURE_SHE__
 #include "mpirxx.h"
@@ -825,6 +826,11 @@ void FakeProgramParty::_compute_prfs_outputs(Key* keys)
 	first_phase(program, prf_processor, prf_machine);
 }
 
+void FakeProgramParty::_check_evaluate()
+{
+	FakeProgramPartySuper::_check_evaluate();
+}
+
 void ProgramParty::reset()
 {
 	CommonParty::reset();
@@ -898,11 +904,11 @@ void FakeProgramParty::receive_spdz_wires(ReceivedMsg& msg)
 #endif
 	if (op == SPDZ_MAC)
 	{
-		gf2n spdz_mac_key;
+		gf2n_long spdz_mac_key;
 		spdz_mac_key.unpack(spdz_wires[op].back());
 		if (!MC)
 		{
-			MC = new Passing_MAC_Check<gf2n>(spdz_mac_key, N, 0);
+			MC = new Passing_MAC_Check<gf2n_long>(spdz_mac_key, N, 0);
 			cout << "MAC key: " << hex << spdz_mac_key << endl;
 			mac_key = spdz_mac_key;
 		}

BMR/Party.h

@@ -289,7 +289,7 @@ class FakeProgramParty : virtual public BaseParty, virtual public FakeProgramPar
 
 	void store_garbled_circuit(ReceivedMsg& msg) {  ProgramParty::store_garbled_circuit(msg); }
 
-	void _check_evaluate() { FakeProgramPartySuper::_check_evaluate(); }
+	void _check_evaluate();
 
 	void receive_keys(Register& reg);
 	void receive_all_keys(Register& reg, bool external);

BMR/RealGarbleWire.hpp

@@ -5,7 +5,7 @@
 
 #include "RealGarbleWire.h"
 #include "RealProgramParty.h"
-#include "Processor/MascotPrep.h"
+#include "Protocols/MascotPrep.h"
 
 template<class T>
 void RealGarbleWire<T>::garble(PRFOutputs& prf_output,

BMR/RealProgramParty.hpp

@@ -21,6 +21,7 @@
 #include "GC/Secret.hpp"
 #include "GC/Thread.hpp"
 #include "GC/ThreadMaster.hpp"
+#include "Math/Z2k.hpp"
 
 template<class T>
 RealProgramParty<T>* RealProgramParty<T>::singleton = 0;
@@ -34,7 +35,7 @@ RealProgramParty<T>::RealProgramParty(int argc, const char** argv) :
 
 	ez::ezOptionParser opt;
 	opt.add(
-			T::needs_ot ? "2" : "3", // Default.
+			T::dishonest_majority ? "2" : "3", // Default.
 			0, // Required?
 			1, // Number of args expected.
 			0, // Delimiter if expecting multiple args.
@@ -48,7 +49,11 @@ RealProgramParty<T>::RealProgramParty(int argc, const char** argv) :
 	this->check(nparties);
 
 	NetworkOptions network_opts(opt, argc, argv);
-	OnlineOptions online_opts(opt, argc, argv);
+	OnlineOptions& online_opts = OnlineOptions::singleton;
+	if (T::needs_ot)
+	    online_opts = {opt, argc, argv, 1000};
+	else
+	    online_opts = {opt, argc, argv};
 	assert(not online_opts.interactive);
 
 	online_opts.finalize(opt, argc, argv);
@@ -66,7 +71,7 @@ RealProgramParty<T>::RealProgramParty(int argc, const char** argv) :
 	this->_id = online_opts.playerno + 1;
 	Server* server = Server::start_networking(N, online_opts.playerno, nparties,
 			network_opts.hostname, network_opts.portnum_base);
-	if (T::needs_ot)
+	if (T::dishonest_majority)
 	    P = new PlainPlayer(N, 0);
 	else
 	    P = new CryptoPlayer(N, 0);
@@ -232,5 +237,5 @@ void RealProgramParty<T>::push_spdz_wire(SpdzOp op, const RealGarbleWire<T>& wir
 	for (int i = 0; i < 2; i++)
 		spdz_wire.my_keys[i] = wire.keys[i][this->N.my_num()];
 	spdz_wire.pack(this->spdz_wires[op].back());
-	this->spdz_storage += sizeof(SpdzWire);
+	this->spdz_storage += sizeof(spdz_wire);
 }

BMR/Register.cpp

@@ -914,12 +914,6 @@ void GarbleRegister::load(vector<GC::ReadAccess< GC::Secret<GarbleRegister> > >&
 			TrustedProgramParty::s().load_wire(reg);
 }
 
-void KeyVector::operator=(const KeyVector& other)
-{
-	resize(other.size());
-	avx_memcpy(data(), other.data(), byte_size());
-}
-
 KeyVector KeyVector::operator^(const KeyVector& other) const
 {
 	if (size() != other.size())

BMR/Register.h

@@ -65,6 +65,7 @@ class KeyVector : public BaseKeyVector
 {
 public:
 	KeyVector(int size = 0) : BaseKeyVector(size) {}
+	KeyVector(const KeyVector& other) : BaseKeyVector() { *this = other; }
 	size_t byte_size() const { return size() * sizeof(Key); }
 	void operator=(const KeyVector& source);
     KeyVector operator^(const KeyVector& other) const;
@@ -390,6 +391,12 @@ inline Register::Register(int n_parties) :
 {
 }
 
+inline void KeyVector::operator=(const KeyVector& other)
+{
+	resize(other.size());
+	avx_memcpy(data(), other.data(), byte_size());
+}
+
 inline void KeyVector::unserialize(ReceivedMsg& source, int n_parties)
 {
 	resize(n_parties);

BMR/Register.hpp

@@ -63,7 +63,7 @@ void EvalRegister::store(GC::Memory<U>& mem,
 	check_for_doubles(accesses, "storing");
 	auto& party = ProgramPartySpec<U>::s();
 	vector<U> S, S2, S3, S4, S5, SS;
-	vector<gf2n> exts;
+	vector<gf2n_long> exts;
 	int n_registers = 0;
 	for (auto access : accesses)
 		n_registers += access.source.get_regs().size();
@@ -78,11 +78,11 @@ void EvalRegister::store(GC::Memory<U>& mem,
 			party.get_spdz_wire(SPDZ_STORE, spdz_wire);
 			const EvalRegister& reg = sources[i];
 			U tmp;
-			gf2n ext = (int)reg.get_external();
+			gf2n_long ext = (int)reg.get_external();
 			//cout << "ext:" << ext << "/" << (int)reg.get_external() << " " << endl;
 			tmp.add(spdz_wire.mask, ext, (int)party.get_id() - 1, party.get_mac_key());
 			S.push_back(tmp);
-			tmp *= gf2n(1) << i;
+			tmp *= gf2n_long(1) << i;
 			dest += tmp;
 			const Key& key = reg.external_key(party.get_id());
 			Key& expected_key = spdz_wire.my_keys[(int)reg.get_external()];
@@ -193,7 +193,7 @@ void EvalRegister::load(vector<GC::ReadAccess<T> >& accesses,
 	party.MC->Check(*party.P);
 #endif
 
-	vector<gf2n> masked;
+	vector<gf2n_long> masked;
 	party.MC->POpen_Begin(masked, shares, *party.P);
 	party.MC->POpen_End(masked, shares, *party.P);
 	vector<octetStream> keys(party.get_n_parties());

BMR/SpdzWire.h

@@ -6,7 +6,7 @@
 #ifndef BMR_SPDZWIRE_H_
 #define BMR_SPDZWIRE_H_
 
-#include "Math/Share.h"
+#include "Protocols/Share.h"
 #include "Key.h"
 
 template<class T>

BMR/TrustedParty.cpp

@@ -15,12 +15,12 @@
 #include "proto_utils.h"
 #include "msg_types.h"
 #include "SpdzWire.h"
-#include "Auth/fake-stuff.h"
+#include "Protocols/fake-stuff.h"
 
 #include "Register_inline.h"
 
 #include "CommonParty.hpp"
-#include "Auth/fake-stuff.hpp"
+#include "Protocols/fake-stuff.hpp"
 #include "BMR/Register.hpp"
 #include "GC/Machine.hpp"
 #include "GC/Processor.hpp"
@@ -30,6 +30,7 @@
 #include "GC/Program.hpp"
 #include "GC/Instruction.hpp"
 #include "Processor/Instruction.hpp"
+#include "Protocols/Share.hpp"
 
 TrustedProgramParty* TrustedProgramParty::singleton = 0;
 
@@ -421,7 +422,7 @@ void TrustedProgramParty::garble()
 	NoMemory dynamic_memory;
 	second_phase(program, processor, machine, dynamic_memory);
 
-	vector< Share<gf2n> > tmp;
+	vector< Share<gf2n_long> > tmp;
 	make_share(tmp, 1, get_n_parties(), mac_key, prng);
 	for (int i = 0; i < get_n_parties(); i++)
 		tmp[i].get_mac().pack(spdz_wires[SPDZ_MAC][i]);
@@ -444,7 +445,8 @@ void TrustedProgramParty::garble()
 
 void TrustedProgramParty::store_spdz_wire(SpdzOp op, const Register& reg)
 {
-	make_share(mask_shares, gf2n(reg.get_mask()), get_n_parties(), gf2n(get_mac_key()), prng);
+    make_share(mask_shares, gf2n_long(reg.get_mask()), get_n_parties(),
+            gf2n_long(get_mac_key()), prng);
 	for (int i = 0; i < get_n_parties(); i++)
 	{
 		SpdzWire wire;

BMR/TrustedParty.h

@@ -121,7 +121,7 @@ class TrustedProgramParty : public BaseTrustedParty {
 #endif
 
 	vector<octetStream> spdz_wires[SPDZ_OP_N];
-	vector< Share<gf2n> > mask_shares;
+	vector< Share<gf2n_long> > mask_shares;
 
 	Timer random_timer;
 

BMR/network/Node.cpp

@@ -168,7 +168,7 @@ void Node::Broadcast2(SendBuffer& msg) {
 
 void Node::_identify() {
 	char* msg = id_msg;
-	strncpy(msg, ID_HDR, strlen(ID_HDR));
+	memcpy(msg, ID_HDR, strlen(ID_HDR));
 	memcpy(msg+strlen(ID_HDR), (const char *)&_id, sizeof(_id));
 	//printf("Node:: identifying myself:\n");
 	SendBuffer buffer;

CHANGELOG.md

@@ -1,5 +1,12 @@
 The changelog explains changes pulled through from the private development repository. Bug fixes and small enchancements are committed between releases and not documented here.
 
+## 0.1.0
+
+- CowGear protocol (LowGear with covert security)
+- Protocols that sacrifice after than before
+- More protocols for replicated secret sharing over rings
+- Fixed security bug: Some protocols with supposed malicious security wouldn't check players' inputs when generating random bits.
+
 ## 0.0.9 (Apr 30, 2019)
 
 - Complete BMR for all GF(2^n) protocols

CONFIG

@@ -17,13 +17,14 @@ USE_NTL = 0
 USE_GF2N_LONG = 1
 
 # set to -march=<architecture> for optimization
+# SSE4.2 is required homomorphic encryption in GF(2^n) when compiling with clang
 # AES-NI is required for BMR
 # PCLMUL is required for GF(2^128) computation
 # AVX2 support (Haswell or later) is used to optimize OT
 # AVX/AVX2 is required for replicated binary secret sharing
 # BMI2 is used to optimize multiplication modulo a prime
 # ADX is used to optimize big integer additions
-ARCH = -mtune=native -msse4.1 -maes -mpclmul -mavx -mavx2 -mbmi2 -madx
+ARCH = -mtune=native -msse4.1 -msse4.2 -maes -mpclmul -mavx -mavx2 -mbmi2 -madx
 
 # allow to set compiler in CONFIG.mine
 CXX = g++
@@ -35,9 +36,11 @@ ifeq ($(USE_GF2N_LONG),1)
 GF2N_LONG = -DUSE_GF2N_LONG
 endif
 
-# MAX_MOD_SZ must be at least ceil(len(p)/len(word))
-# Default is 2, which suffices for 128-bit p
-# MOD = -DMAX_MOD_SZ=2
+# MAX_MOD_SZ (for FHE) must be least and GFP_MOD_SZ (for computation)
+# must be exactly ceil(len(p)/len(word)) for the relevant prime p
+# Default for GFP_MOD_SZ is 2, which is good for 128-bit p
+# Default for MAX_MOD_SZ is 10, which suffices for all Overdrive protocols
+# MOD = -DMAX_MOD_SZ=10 -DGFP_MOD_SZ=2
 
 LDLIBS = -lmpirxx -lmpir -lsodium $(MY_LDLIBS)
 LDLIBS += -lboost_system -lssl -lcrypto

Check-Offline-Z2k.cpp

@@ -1,11 +1,12 @@
 
 #include "Math/Z2k.h"
-#include "Math/Share.h"
+#include "Protocols/Share.h"
 #include "Math/Setup.h"
-#include "Math/Spdz2kShare.h"
-#include "Auth/fake-stuff.h"
+#include "Protocols/Spdz2kShare.h"
+#include "Protocols/fake-stuff.h"
 
-#include "Auth/fake-stuff.hpp"
+#include "Protocols/fake-stuff.hpp"
+#include "Math/Z2k.hpp"
 
 #include <fstream>
 #include <vector>

Check-Offline.cpp

@@ -5,18 +5,19 @@
 
 #include "Math/gf2n.h"
 #include "Math/gfp.h"
-#include "Math/Share.h"
-#include "Auth/fake-stuff.h"
-#include "Auth/MAC_Check.h"
+#include "Protocols/Share.h"
+#include "Protocols/fake-stuff.h"
+#include "Protocols/MAC_Check.h"
 #include "Tools/ezOptionParser.h"
 #include "Exceptions/Exceptions.h"
 #include "GC/MaliciousRepSecret.h"
 
 #include "Math/Setup.h"
 #include "Processor/Data_Files.h"
 
-#include "Auth/fake-stuff.hpp"
+#include "Protocols/fake-stuff.hpp"
 #include "Processor/Data_Files.hpp"
+#include "Math/Z2k.hpp"
 
 #include <sstream>
 #include <fstream>
@@ -309,7 +310,7 @@ int main(int argc, const char** argv)
   cout << "--------------\n";
   cout << "Final Keys :\t p: " << keyp << "\n\t\t 2: " << key2 << endl;
 
-  check<sgfp>(keyp, N);
+  check<Share<gfp>>(keyp, N);
   check<Share<gf2n>>(key2, N);
 
   if (N == 3)