From 715f67f4c561e81008019a48769a8f07ccabb3d3 Mon Sep 17 00:00:00 2001 From: Marcel Keller Date: Fri, 7 Jun 2019 15:26:03 +1000 Subject: [PATCH] CowGear, more protocols with replicated secret sharing. --- BMR/CommonParty.cpp | 2 +- BMR/CommonParty.h | 5 +- BMR/Party.cpp | 12 +- BMR/Party.h | 2 +- BMR/RealGarbleWire.hpp | 2 +- BMR/RealProgramParty.hpp | 13 +- BMR/Register.cpp | 6 - BMR/Register.h | 7 + BMR/Register.hpp | 8 +- BMR/SpdzWire.h | 2 +- BMR/TrustedParty.cpp | 10 +- BMR/TrustedParty.h | 2 +- BMR/network/Node.cpp | 2 +- CHANGELOG.md | 7 + CONFIG | 11 +- Check-Offline-Z2k.cpp | 9 +- Check-Offline.cpp | 11 +- Compiler/allocator.py | 10 +- Compiler/instructions.py | 7 +- Compiler/instructions_base.py | 8 +- Compiler/library.py | 25 +- Compiler/permutation.py | 3 + Compiler/program.py | 24 +- Compiler/types.py | 12 +- ExternalIO/bankers-bonus-client.cpp | 2 +- ExternalIO/bankers-bonus-commsec-client.cpp | 2 +- FHE/Ciphertext.cpp | 1 + FHE/Ciphertext.h | 5 + FHE/FFT_Data.cpp | 8 + FHE/FFT_Data.h | 1 + FHE/FHE_Keys.cpp | 18 +- FHE/FHE_Keys.h | 28 +- FHE/Matrix.cpp | 43 +- FHE/Matrix.h | 4 +- FHE/NTL-Subs.cpp | 33 +- FHE/P2Data.cpp | 48 +- FHE/P2Data.h | 7 +- FHE/Plaintext.cpp | 42 +- FHE/Plaintext.h | 7 +- FHE/Ring_Element.cpp | 51 +- FHE/Rq_Element.h | 19 +- FHEOffline/DataSetup.cpp | 6 +- FHEOffline/DistDecrypt.cpp | 1 + FHEOffline/DistKeyGen.cpp | 4 +- FHEOffline/DistKeyGen.h | 2 +- FHEOffline/EncCommit.cpp | 20 +- FHEOffline/EncCommit.h | 3 + FHEOffline/FHE-Subroutines.cpp | 2 +- FHEOffline/FullSetup.cpp | 2 +- FHEOffline/Multiplier.cpp | 85 +-- FHEOffline/Multiplier.h | 6 +- FHEOffline/PairwiseGenerator.cpp | 63 ++- FHEOffline/PairwiseGenerator.h | 11 +- FHEOffline/PairwiseMachine.cpp | 35 +- FHEOffline/PairwiseMachine.h | 8 +- FHEOffline/PairwiseSetup.cpp | 117 +++- FHEOffline/PairwiseSetup.h | 11 + FHEOffline/Producer.cpp | 2 + FHEOffline/Producer.h | 2 +- FHEOffline/Proof.cpp | 2 +- FHEOffline/Prover.cpp | 1 + FHEOffline/Reshare.cpp | 1 + FHEOffline/Sacrificing.cpp | 6 +- FHEOffline/Sacrificing.h | 5 +- FHEOffline/SimpleEncCommit.cpp | 12 +- FHEOffline/SimpleGenerator.cpp | 4 +- FHEOffline/SimpleGenerator.h | 18 +- FHEOffline/SimpleMachine.cpp | 17 +- FHEOffline/SimpleMachine.h | 3 + Fake-Offline.cpp | 17 +- GC/Machine.cpp | 8 +- GC/MaliciousRepThread.cpp | 4 +- GC/ReplicatedParty.h | 4 +- GC/ReplicatedSecret.cpp | 6 +- GC/ReplicatedSecret.h | 2 +- GC/Secret.h | 7 +- .../Player-Online.cpp | 3 +- .../Player-Online.hpp | 32 +- Machines/Rep.cpp | 51 -- Machines/Rep.hpp | 30 + Machines/SPDZ.cpp | 16 +- Machines/SPDZ2k.hpp | 18 + Machines/Semi.cpp | 25 - Machines/Semi.hpp | 23 + Machines/ShamirMachine.cpp | 20 +- .../bmr-program-party.cpp | 0 .../bmr-program-tparty.cpp | 0 brain-party.cpp => Machines/brain-party.cpp | 7 +- Machines/cowgear-party.cpp | 31 + .../mal-rep-bmr-party.cpp | 2 +- .../mal-shamir-bmr-party.cpp | 1 + .../malicious-rep-bin-party.cpp | 0 .../malicious-rep-field-party.cpp | 5 +- Machines/malicious-rep-ring-party.cpp | 30 + .../malicious-shamir-party.cpp | 2 +- Machines/mascot-party.cpp | 9 + Machines/ps-rep-field-party.cpp | 16 + Machines/ps-rep-ring-party.cpp | 30 + .../real-bmr-party.cpp | 0 .../rep-bmr-party.cpp | 2 +- .../replicated-bin-party.cpp | 0 Machines/replicated-field-party.cpp | 22 + .../replicated-ring-party.cpp | 3 +- semi-party.cpp => Machines/semi-party.cpp | 3 +- semi2k-party.cpp => Machines/semi2k-party.cpp | 3 +- .../shamir-bmr-party.cpp | 1 + shamir-party.cpp => Machines/shamir-party.cpp | 2 +- spdz2k-party.cpp => Machines/spdz2k-party.cpp | 3 +- yao-player.cpp => Machines/yao-party.cpp | 0 Makefile | 116 ++-- Math/FixedVec.h | 4 +- Math/Setup.cpp | 17 +- Math/Setup.h | 1 + Math/Subroutines.cpp | 2 + Math/Subroutines.h | 1 + Math/ValueInterface.cpp | 14 + Math/ValueInterface.h | 4 + Math/{Z2k.cpp => Z2k.hpp} | 16 +- Math/Zp_Data.cpp | 6 +- Math/Zp_Data.h | 50 +- Math/bigint.cpp | 24 +- Math/bigint.h | 19 +- Math/bigint.hpp | 32 ++ Math/gf2n.h | 8 +- Math/gf2nlong.h | 1 - Math/gfp.cpp | 87 +-- Math/gfp.h | 76 ++- Math/modp.h | 100 ++-- Math/{modp.cpp => modp.hpp} | 71 ++- Math/mpn_fixed.h | 17 +- Math/operators.h | 12 +- Networking/CryptoPlayer.cpp | 30 + Networking/CryptoPlayer.h | 4 + Networking/Player.cpp | 117 +--- Networking/Player.h | 47 +- Networking/Sender.cpp | 39 +- Networking/Sender.h | 16 +- Networking/ServerSocket.cpp | 8 + Networking/sockets.cpp | 14 +- Networking/sockets.h | 7 +- OT/BitMatrix.cpp | 1 + OT/BitVector.cpp | 25 +- OT/BitVector.h | 35 +- OT/NPartyTripleGenerator.cpp | 27 +- OT/NPartyTripleGenerator.h | 2 - OT/OTExtensionWithMatrix.cpp | 1 + OT/OTMultiplier.cpp | 9 +- OT/OTMultiplier.h | 3 +- OT/OTTripleSetup.h | 1 - OT/OTVole.hpp | 2 +- OT/TripleMachine.cpp | 35 +- OT/TripleMachine.h | 3 +- Processor/Binary_File_IO.h | 1 - Processor/BrainPrep.h | 21 - Processor/Data_Files.h | 4 +- Processor/Data_Files.hpp | 8 +- Processor/Input.h | 8 +- Processor/Input.hpp | 9 +- Processor/Instruction.h | 6 +- Processor/Instruction.hpp | 14 +- Processor/Machine.h | 3 +- Processor/Machine.hpp | 13 +- Processor/Memory.h | 2 +- Processor/Online-Thread.h | 3 +- Processor/Online-Thread.hpp | 9 +- Processor/OnlineOptions.cpp | 49 +- Processor/OnlineOptions.h | 6 +- Processor/Processor.h | 30 +- Processor/Processor.hpp | 44 +- Processor/ReplicatedMachine.h | 20 - Processor/config.h | 5 - Programs/Source/bankers_bonus_commsec.mpc | 16 +- Programs/Source/benchmark_conv.mpc | 32 +- Programs/Source/tutorial.mpc | 6 + {Processor => Protocols}/Beaver.h | 6 +- {Processor => Protocols}/Beaver.hpp | 2 + Protocols/BrainPrep.h | 21 + {Processor => Protocols}/BrainPrep.hpp | 44 +- {Math => Protocols}/BrainShare.h | 9 +- Protocols/CowGearOptions.cpp | 67 +++ Protocols/CowGearOptions.h | 25 + Protocols/CowGearPrep.h | 43 ++ Protocols/CowGearPrep.hpp | 142 +++++ Protocols/CowGearShare.h | 40 ++ {Auth => Protocols}/MAC_Check.h | 47 +- {Auth => Protocols}/MAC_Check.hpp | 41 +- Protocols/MAC_Check_Base.h | 41 ++ Protocols/MAC_Check_Base.hpp | 41 ++ Protocols/MalRepRingOptions.cpp | 30 + Protocols/MalRepRingOptions.h | 22 + Protocols/MalRepRingPrep.h | 34 ++ Protocols/MalRepRingPrep.hpp | 146 +++++ Protocols/MalRepRingShare.h | 50 ++ {Math => Protocols}/MaliciousRep3Share.h | 7 +- {Auth => Protocols}/MaliciousRepMC.h | 19 +- {Auth => Protocols}/MaliciousRepMC.hpp | 64 ++- {Processor => Protocols}/MaliciousRepPrep.h | 25 +- {Processor => Protocols}/MaliciousRepPrep.hpp | 108 ++-- {Auth => Protocols}/MaliciousShamirMC.h | 6 +- {Auth => Protocols}/MaliciousShamirMC.hpp | 0 {Math => Protocols}/MaliciousShamirShare.h | 10 +- {Processor => Protocols}/MascotPrep.h | 16 +- {Processor => Protocols}/MascotPrep.hpp | 5 +- Protocols/PostSacriRepFieldShare.h | 42 ++ Protocols/PostSacriRepRingShare.h | 56 ++ Protocols/PostSacrifice.h | 35 ++ Protocols/PostSacrifice.hpp | 73 +++ {Math => Protocols}/Rep3Share.h | 17 +- {Processor => Protocols}/Replicated.h | 7 +- {Processor => Protocols}/Replicated.hpp | 13 +- {Processor => Protocols}/ReplicatedInput.h | 14 +- {Processor => Protocols}/ReplicatedInput.hpp | 15 +- {Auth => Protocols}/ReplicatedMC.h | 13 +- {Auth => Protocols}/ReplicatedMC.hpp | 11 +- Protocols/ReplicatedMachine.h | 25 + .../ReplicatedMachine.hpp | 3 +- {Processor => Protocols}/ReplicatedPrep.h | 59 +- {Processor => Protocols}/ReplicatedPrep.hpp | 115 +++- .../ReplicatedPrivateOutput.h | 6 +- .../ReplicatedPrivateOutput.hpp | 2 +- {Processor => Protocols}/SPDZ.h | 6 +- {Math => Protocols}/Semi2kShare.h | 6 +- {Processor => Protocols}/SemiInput.h | 6 +- {Processor => Protocols}/SemiInput.hpp | 0 {Auth => Protocols}/SemiMC.h | 6 +- {Auth => Protocols}/SemiMC.hpp | 0 {Processor => Protocols}/SemiPrep.h | 8 +- {Processor => Protocols}/SemiPrep.hpp | 4 +- {Math => Protocols}/SemiShare.h | 11 +- {Processor => Protocols}/Shamir.h | 6 +- {Processor => Protocols}/Shamir.hpp | 2 +- {Processor => Protocols}/ShamirInput.h | 8 +- {Processor => Protocols}/ShamirInput.hpp | 0 {Auth => Protocols}/ShamirMC.h | 10 +- {Auth => Protocols}/ShamirMC.hpp | 0 {Math => Protocols}/ShamirShare.h | 18 +- {Math => Protocols}/Share.h | 18 +- Math/Share.cpp => Protocols/Share.hpp | 24 +- {Processor => Protocols}/Spdz2kPrep.h | 9 +- {Processor => Protocols}/Spdz2kPrep.hpp | 49 +- {Math => Protocols}/Spdz2kShare.h | 10 +- {Auth => Protocols}/Summer.cpp | 5 +- {Auth => Protocols}/Summer.h | 0 {Auth => Protocols}/fake-stuff.h | 8 +- {Auth => Protocols}/fake-stuff.hpp | 50 +- README.md | 74 +-- Scripts/build.sh | 1 - Scripts/cowgear.sh | 8 + Scripts/generate-cert.sh | 7 + Scripts/mal-rep-field.sh | 2 +- Scripts/mal-rep-ring.sh | 10 + Scripts/mascot.sh | 2 +- Scripts/ps-rep-field.sh | 10 + Scripts/ps-rep-ring.sh | 10 + Scripts/run-online.sh | 2 +- Scripts/shamir.sh | 2 +- Scripts/test_tutorial.sh | 11 +- Scripts/yao.sh | 2 +- Setup.cpp | 2 +- Tools/Buffer.cpp | 2 + Tools/Buffer.h | 3 +- Tools/Bundle.h | 24 + Tools/Commit.cpp | 22 +- Tools/Commit.h | 7 + Tools/Config.cpp | 76 --- Tools/Config.h | 5 - {Auth => Tools}/Subroutines.cpp | 47 +- {Auth => Tools}/Subroutines.h | 4 +- Tools/Subroutines.hpp | 39 ++ Tools/octetStream.cpp | 37 +- Tools/octetStream.h | 20 +- Tools/prep_dir.cpp | 16 + Tools/random.cpp | 11 +- Tools/random.h | 1 + Tools/sha1.cpp | 11 +- Tools/sha1.h | 25 +- Tools/time-func.cpp | 7 + Tools/time-func.h | 1 + bin/README.md | 1 + bin/ntl-license.txt | 534 ++++++++++++++++++ check-passive.cpp | 2 + client-setup.cpp | 4 +- compile.py | 2 + replicated-field-party.cpp | 14 - spdz2-offline.cpp | 2 +- 285 files changed, 4031 insertions(+), 1729 deletions(-) rename Player-Online.cpp => Machines/Player-Online.cpp (61%) rename Player-Online.hpp => Machines/Player-Online.hpp (87%) delete mode 100644 Machines/Rep.cpp create mode 100644 Machines/Rep.hpp create mode 100644 Machines/SPDZ2k.hpp delete mode 100644 Machines/Semi.cpp create mode 100644 Machines/Semi.hpp rename bmr-program-party.cpp => Machines/bmr-program-party.cpp (100%) rename bmr-program-tparty.cpp => Machines/bmr-program-tparty.cpp (100%) rename brain-party.cpp => Machines/brain-party.cpp (85%) create mode 100644 Machines/cowgear-party.cpp rename mal-rep-bmr-party.cpp => Machines/mal-rep-bmr-party.cpp (86%) rename mal-shamir-bmr-party.cpp => Machines/mal-shamir-bmr-party.cpp (91%) rename malicious-rep-bin-party.cpp => Machines/malicious-rep-bin-party.cpp (100%) rename malicious-rep-field-party.cpp => Machines/malicious-rep-field-party.cpp (68%) create mode 100644 Machines/malicious-rep-ring-party.cpp rename malicious-shamir-party.cpp => Machines/malicious-shamir-party.cpp (80%) create mode 100644 Machines/mascot-party.cpp create mode 100644 Machines/ps-rep-field-party.cpp create mode 100644 Machines/ps-rep-ring-party.cpp rename real-bmr-party.cpp => Machines/real-bmr-party.cpp (100%) rename rep-bmr-party.cpp => Machines/rep-bmr-party.cpp (85%) rename replicated-bin-party.cpp => Machines/replicated-bin-party.cpp (100%) create mode 100644 Machines/replicated-field-party.cpp rename replicated-ring-party.cpp => Machines/replicated-ring-party.cpp (90%) rename semi-party.cpp => Machines/semi-party.cpp (80%) rename semi2k-party.cpp => Machines/semi2k-party.cpp (90%) rename shamir-bmr-party.cpp => Machines/shamir-bmr-party.cpp (91%) rename shamir-party.cpp => Machines/shamir-party.cpp (81%) rename spdz2k-party.cpp => Machines/spdz2k-party.cpp (94%) rename yao-player.cpp => Machines/yao-party.cpp (100%) create mode 100644 Math/ValueInterface.cpp rename Math/{Z2k.cpp => Z2k.hpp} (88%) create mode 100644 Math/bigint.hpp rename Math/{modp.cpp => modp.hpp} (73%) delete mode 100644 Processor/BrainPrep.h delete mode 100644 Processor/ReplicatedMachine.h rename {Processor => Protocols}/Beaver.h (89%) rename {Processor => Protocols}/Beaver.hpp (97%) create mode 100644 Protocols/BrainPrep.h rename {Processor => Protocols}/BrainPrep.hpp (76%) rename {Math => Protocols}/BrainShare.h (81%) create mode 100644 Protocols/CowGearOptions.cpp create mode 100644 Protocols/CowGearOptions.h create mode 100644 Protocols/CowGearPrep.h create mode 100644 Protocols/CowGearPrep.hpp create mode 100644 Protocols/CowGearShare.h rename {Auth => Protocols}/MAC_Check.h (89%) rename {Auth => Protocols}/MAC_Check.hpp (92%) create mode 100644 Protocols/MAC_Check_Base.h create mode 100644 Protocols/MAC_Check_Base.hpp create mode 100644 Protocols/MalRepRingOptions.cpp create mode 100644 Protocols/MalRepRingOptions.h create mode 100644 Protocols/MalRepRingPrep.h create mode 100644 Protocols/MalRepRingPrep.hpp create mode 100644 Protocols/MalRepRingShare.h rename {Math => Protocols}/MaliciousRep3Share.h (88%) rename {Auth => Protocols}/MaliciousRepMC.h (71%) rename {Auth => Protocols}/MaliciousRepMC.hpp (60%) rename {Processor => Protocols}/MaliciousRepPrep.h (53%) rename {Processor => Protocols}/MaliciousRepPrep.hpp (54%) rename {Auth => Protocols}/MaliciousShamirMC.h (85%) rename {Auth => Protocols}/MaliciousShamirMC.hpp (100%) rename {Math => Protocols}/MaliciousShamirShare.h (81%) rename {Processor => Protocols}/MascotPrep.h (64%) rename {Processor => Protocols}/MascotPrep.hpp (95%) create mode 100644 Protocols/PostSacriRepFieldShare.h create mode 100644 Protocols/PostSacriRepRingShare.h create mode 100644 Protocols/PostSacrifice.h create mode 100644 Protocols/PostSacrifice.hpp rename {Math => Protocols}/Rep3Share.h (85%) rename {Processor => Protocols}/Replicated.h (93%) rename {Processor => Protocols}/Replicated.hpp (93%) rename {Processor => Protocols}/ReplicatedInput.h (81%) rename {Processor => Protocols}/ReplicatedInput.hpp (86%) rename {Auth => Protocols}/ReplicatedMC.h (58%) rename {Auth => Protocols}/ReplicatedMC.hpp (61%) create mode 100644 Protocols/ReplicatedMachine.h rename {Processor => Protocols}/ReplicatedMachine.hpp (95%) rename {Processor => Protocols}/ReplicatedPrep.h (59%) rename {Processor => Protocols}/ReplicatedPrep.hpp (73%) rename {Processor => Protocols}/ReplicatedPrivateOutput.h (71%) rename {Processor => Protocols}/ReplicatedPrivateOutput.hpp (94%) rename {Processor => Protocols}/SPDZ.h (87%) rename {Math => Protocols}/Semi2kShare.h (89%) rename {Processor => Protocols}/SemiInput.h (82%) rename {Processor => Protocols}/SemiInput.hpp (100%) rename {Auth => Protocols}/SemiMC.h (88%) rename {Auth => Protocols}/SemiMC.hpp (100%) rename {Processor => Protocols}/SemiPrep.h (53%) rename {Processor => Protocols}/SemiPrep.hpp (85%) rename {Math => Protocols}/SemiShare.h (92%) rename {Processor => Protocols}/Shamir.h (91%) rename {Processor => Protocols}/Shamir.hpp (98%) rename {Processor => Protocols}/ShamirInput.h (89%) rename {Processor => Protocols}/ShamirInput.hpp (100%) rename {Auth => Protocols}/ShamirMC.h (84%) rename {Auth => Protocols}/ShamirMC.hpp (100%) rename {Math => Protocols}/ShamirShare.h (86%) rename {Math => Protocols}/Share.h (95%) rename Math/Share.cpp => Protocols/Share.hpp (58%) rename {Processor => Protocols}/Spdz2kPrep.h (75%) rename {Processor => Protocols}/Spdz2kPrep.hpp (72%) rename {Math => Protocols}/Spdz2kShare.h (90%) rename {Auth => Protocols}/Summer.cpp (96%) rename {Auth => Protocols}/Summer.h (100%) rename {Auth => Protocols}/fake-stuff.h (89%) rename {Auth => Protocols}/fake-stuff.hpp (79%) create mode 100755 Scripts/cowgear.sh create mode 100755 Scripts/generate-cert.sh create mode 100755 Scripts/mal-rep-ring.sh create mode 100755 Scripts/ps-rep-field.sh create mode 100755 Scripts/ps-rep-ring.sh create mode 100644 Tools/Bundle.h rename {Auth => Tools}/Subroutines.cpp (83%) rename {Auth => Tools}/Subroutines.h (99%) create mode 100644 Tools/Subroutines.hpp create mode 100644 Tools/prep_dir.cpp create mode 100644 bin/ntl-license.txt delete mode 100644 replicated-field-party.cpp diff --git a/BMR/CommonParty.cpp b/BMR/CommonParty.cpp index 8add42bc6..af9db57ff 100644 --- a/BMR/CommonParty.cpp +++ b/BMR/CommonParty.cpp @@ -30,7 +30,7 @@ CommonParty::CommonParty() : #endif cpu_timer.start(); timer.start(); - gf2n::init_field(128); + gf2n_long::init_field(128); mac_key.randomize(prng); } diff --git a/BMR/CommonParty.h b/BMR/CommonParty.h index b6cb1d614..7e26dcc89 100644 --- a/BMR/CommonParty.h +++ b/BMR/CommonParty.h @@ -15,7 +15,6 @@ using namespace std; #include "proto_utils.h" #include "network/Node.h" #include "Tools/random.h" -#include "Auth/MAC_Check.h" #include "Tools/time-func.h" #include "GC/Program.h" #include "Tools/FlexBuffer.h" @@ -67,7 +66,7 @@ class CommonParty Timer timers[2]; Timer timer; - gf2n mac_key; + gf2n_long mac_key; LocalBuffer wires; ReceivedMsgStore wire_storage; @@ -103,7 +102,7 @@ class CommonParty gate_id_t next_gate(int skip) { return gate_counter2 += skip; } size_t get_garbled_tbl_size() { return garbled_tbl_size; } - gf2n get_mac_key() { return mac_key; } + gf2n_long get_mac_key() { return mac_key; } }; class CommonFakeParty : virtual public CommonParty, public NodeUpdatable diff --git a/BMR/Party.cpp b/BMR/Party.cpp index 3b76e5070..699d0287b 100644 --- a/BMR/Party.cpp +++ b/BMR/Party.cpp @@ -23,7 +23,7 @@ #include "CommonParty.hpp" #include "ProgramParty.hpp" -#include "Auth/MAC_Check.hpp" +#include "Protocols/MAC_Check.hpp" #include "BMR/Register.hpp" #include "GC/Machine.hpp" #include "GC/Processor.hpp" @@ -33,6 +33,7 @@ #include "GC/Program.hpp" #include "GC/Instruction.hpp" #include "Processor/Instruction.hpp" +#include "Protocols/Share.hpp" #ifdef __PURE_SHE__ #include "mpirxx.h" @@ -825,6 +826,11 @@ void FakeProgramParty::_compute_prfs_outputs(Key* keys) first_phase(program, prf_processor, prf_machine); } +void FakeProgramParty::_check_evaluate() +{ + FakeProgramPartySuper::_check_evaluate(); +} + void ProgramParty::reset() { CommonParty::reset(); @@ -898,11 +904,11 @@ void FakeProgramParty::receive_spdz_wires(ReceivedMsg& msg) #endif if (op == SPDZ_MAC) { - gf2n spdz_mac_key; + gf2n_long spdz_mac_key; spdz_mac_key.unpack(spdz_wires[op].back()); if (!MC) { - MC = new Passing_MAC_Check(spdz_mac_key, N, 0); + MC = new Passing_MAC_Check(spdz_mac_key, N, 0); cout << "MAC key: " << hex << spdz_mac_key << endl; mac_key = spdz_mac_key; } diff --git a/BMR/Party.h b/BMR/Party.h index 312e5daa5..0836a36a4 100644 --- a/BMR/Party.h +++ b/BMR/Party.h @@ -289,7 +289,7 @@ class FakeProgramParty : virtual public BaseParty, virtual public FakeProgramPar void store_garbled_circuit(ReceivedMsg& msg) { ProgramParty::store_garbled_circuit(msg); } - void _check_evaluate() { FakeProgramPartySuper::_check_evaluate(); } + void _check_evaluate(); void receive_keys(Register& reg); void receive_all_keys(Register& reg, bool external); diff --git a/BMR/RealGarbleWire.hpp b/BMR/RealGarbleWire.hpp index 26cb70890..625a5a300 100644 --- a/BMR/RealGarbleWire.hpp +++ b/BMR/RealGarbleWire.hpp @@ -5,7 +5,7 @@ #include "RealGarbleWire.h" #include "RealProgramParty.h" -#include "Processor/MascotPrep.h" +#include "Protocols/MascotPrep.h" template void RealGarbleWire::garble(PRFOutputs& prf_output, diff --git a/BMR/RealProgramParty.hpp b/BMR/RealProgramParty.hpp index 7f493868c..011552d6d 100644 --- a/BMR/RealProgramParty.hpp +++ b/BMR/RealProgramParty.hpp @@ -21,6 +21,7 @@ #include "GC/Secret.hpp" #include "GC/Thread.hpp" #include "GC/ThreadMaster.hpp" +#include "Math/Z2k.hpp" template RealProgramParty* RealProgramParty::singleton = 0; @@ -34,7 +35,7 @@ RealProgramParty::RealProgramParty(int argc, const char** argv) : ez::ezOptionParser opt; opt.add( - T::needs_ot ? "2" : "3", // Default. + T::dishonest_majority ? "2" : "3", // Default. 0, // Required? 1, // Number of args expected. 0, // Delimiter if expecting multiple args. @@ -48,7 +49,11 @@ RealProgramParty::RealProgramParty(int argc, const char** argv) : this->check(nparties); NetworkOptions network_opts(opt, argc, argv); - OnlineOptions online_opts(opt, argc, argv); + OnlineOptions& online_opts = OnlineOptions::singleton; + if (T::needs_ot) + online_opts = {opt, argc, argv, 1000}; + else + online_opts = {opt, argc, argv}; assert(not online_opts.interactive); online_opts.finalize(opt, argc, argv); @@ -66,7 +71,7 @@ RealProgramParty::RealProgramParty(int argc, const char** argv) : this->_id = online_opts.playerno + 1; Server* server = Server::start_networking(N, online_opts.playerno, nparties, network_opts.hostname, network_opts.portnum_base); - if (T::needs_ot) + if (T::dishonest_majority) P = new PlainPlayer(N, 0); else P = new CryptoPlayer(N, 0); @@ -232,5 +237,5 @@ void RealProgramParty::push_spdz_wire(SpdzOp op, const RealGarbleWire& wir for (int i = 0; i < 2; i++) spdz_wire.my_keys[i] = wire.keys[i][this->N.my_num()]; spdz_wire.pack(this->spdz_wires[op].back()); - this->spdz_storage += sizeof(SpdzWire); + this->spdz_storage += sizeof(spdz_wire); } diff --git a/BMR/Register.cpp b/BMR/Register.cpp index 19060b037..67ddc5c10 100644 --- a/BMR/Register.cpp +++ b/BMR/Register.cpp @@ -914,12 +914,6 @@ void GarbleRegister::load(vector > >& TrustedProgramParty::s().load_wire(reg); } -void KeyVector::operator=(const KeyVector& other) -{ - resize(other.size()); - avx_memcpy(data(), other.data(), byte_size()); -} - KeyVector KeyVector::operator^(const KeyVector& other) const { if (size() != other.size()) diff --git a/BMR/Register.h b/BMR/Register.h index fe8711cc1..1c41d8026 100644 --- a/BMR/Register.h +++ b/BMR/Register.h @@ -65,6 +65,7 @@ class KeyVector : public BaseKeyVector { public: KeyVector(int size = 0) : BaseKeyVector(size) {} + KeyVector(const KeyVector& other) : BaseKeyVector() { *this = other; } size_t byte_size() const { return size() * sizeof(Key); } void operator=(const KeyVector& source); KeyVector operator^(const KeyVector& other) const; @@ -390,6 +391,12 @@ inline Register::Register(int n_parties) : { } +inline void KeyVector::operator=(const KeyVector& other) +{ + resize(other.size()); + avx_memcpy(data(), other.data(), byte_size()); +} + inline void KeyVector::unserialize(ReceivedMsg& source, int n_parties) { resize(n_parties); diff --git a/BMR/Register.hpp b/BMR/Register.hpp index 3537a4dde..05e963019 100644 --- a/BMR/Register.hpp +++ b/BMR/Register.hpp @@ -63,7 +63,7 @@ void EvalRegister::store(GC::Memory& mem, check_for_doubles(accesses, "storing"); auto& party = ProgramPartySpec::s(); vector S, S2, S3, S4, S5, SS; - vector exts; + vector exts; int n_registers = 0; for (auto access : accesses) n_registers += access.source.get_regs().size(); @@ -78,11 +78,11 @@ void EvalRegister::store(GC::Memory& mem, party.get_spdz_wire(SPDZ_STORE, spdz_wire); const EvalRegister& reg = sources[i]; U tmp; - gf2n ext = (int)reg.get_external(); + gf2n_long ext = (int)reg.get_external(); //cout << "ext:" << ext << "/" << (int)reg.get_external() << " " << endl; tmp.add(spdz_wire.mask, ext, (int)party.get_id() - 1, party.get_mac_key()); S.push_back(tmp); - tmp *= gf2n(1) << i; + tmp *= gf2n_long(1) << i; dest += tmp; const Key& key = reg.external_key(party.get_id()); Key& expected_key = spdz_wire.my_keys[(int)reg.get_external()]; @@ -193,7 +193,7 @@ void EvalRegister::load(vector >& accesses, party.MC->Check(*party.P); #endif - vector masked; + vector masked; party.MC->POpen_Begin(masked, shares, *party.P); party.MC->POpen_End(masked, shares, *party.P); vector keys(party.get_n_parties()); diff --git a/BMR/SpdzWire.h b/BMR/SpdzWire.h index b54fd063b..9105bbd4d 100644 --- a/BMR/SpdzWire.h +++ b/BMR/SpdzWire.h @@ -6,7 +6,7 @@ #ifndef BMR_SPDZWIRE_H_ #define BMR_SPDZWIRE_H_ -#include "Math/Share.h" +#include "Protocols/Share.h" #include "Key.h" template diff --git a/BMR/TrustedParty.cpp b/BMR/TrustedParty.cpp index 609d37dac..114801d50 100644 --- a/BMR/TrustedParty.cpp +++ b/BMR/TrustedParty.cpp @@ -15,12 +15,12 @@ #include "proto_utils.h" #include "msg_types.h" #include "SpdzWire.h" -#include "Auth/fake-stuff.h" +#include "Protocols/fake-stuff.h" #include "Register_inline.h" #include "CommonParty.hpp" -#include "Auth/fake-stuff.hpp" +#include "Protocols/fake-stuff.hpp" #include "BMR/Register.hpp" #include "GC/Machine.hpp" #include "GC/Processor.hpp" @@ -30,6 +30,7 @@ #include "GC/Program.hpp" #include "GC/Instruction.hpp" #include "Processor/Instruction.hpp" +#include "Protocols/Share.hpp" TrustedProgramParty* TrustedProgramParty::singleton = 0; @@ -421,7 +422,7 @@ void TrustedProgramParty::garble() NoMemory dynamic_memory; second_phase(program, processor, machine, dynamic_memory); - vector< Share > tmp; + vector< Share > tmp; make_share(tmp, 1, get_n_parties(), mac_key, prng); for (int i = 0; i < get_n_parties(); i++) tmp[i].get_mac().pack(spdz_wires[SPDZ_MAC][i]); @@ -444,7 +445,8 @@ void TrustedProgramParty::garble() void TrustedProgramParty::store_spdz_wire(SpdzOp op, const Register& reg) { - make_share(mask_shares, gf2n(reg.get_mask()), get_n_parties(), gf2n(get_mac_key()), prng); + make_share(mask_shares, gf2n_long(reg.get_mask()), get_n_parties(), + gf2n_long(get_mac_key()), prng); for (int i = 0; i < get_n_parties(); i++) { SpdzWire wire; diff --git a/BMR/TrustedParty.h b/BMR/TrustedParty.h index 2db406fa4..65f676052 100644 --- a/BMR/TrustedParty.h +++ b/BMR/TrustedParty.h @@ -121,7 +121,7 @@ class TrustedProgramParty : public BaseTrustedParty { #endif vector spdz_wires[SPDZ_OP_N]; - vector< Share > mask_shares; + vector< Share > mask_shares; Timer random_timer; diff --git a/BMR/network/Node.cpp b/BMR/network/Node.cpp index ef583d76e..3d32b2457 100644 --- a/BMR/network/Node.cpp +++ b/BMR/network/Node.cpp @@ -168,7 +168,7 @@ void Node::Broadcast2(SendBuffer& msg) { void Node::_identify() { char* msg = id_msg; - strncpy(msg, ID_HDR, strlen(ID_HDR)); + memcpy(msg, ID_HDR, strlen(ID_HDR)); memcpy(msg+strlen(ID_HDR), (const char *)&_id, sizeof(_id)); //printf("Node:: identifying myself:\n"); SendBuffer buffer; diff --git a/CHANGELOG.md b/CHANGELOG.md index 904165cc9..d25f087f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ The changelog explains changes pulled through from the private development repository. Bug fixes and small enchancements are committed between releases and not documented here. +## 0.1.0 + +- CowGear protocol (LowGear with covert security) +- Protocols that sacrifice after than before +- More protocols for replicated secret sharing over rings +- Fixed security bug: Some protocols with supposed malicious security wouldn't check players' inputs when generating random bits. + ## 0.0.9 (Apr 30, 2019) - Complete BMR for all GF(2^n) protocols diff --git a/CONFIG b/CONFIG index e386db27a..7007773e4 100644 --- a/CONFIG +++ b/CONFIG @@ -17,13 +17,14 @@ USE_NTL = 0 USE_GF2N_LONG = 1 # set to -march= for optimization +# SSE4.2 is required homomorphic encryption in GF(2^n) when compiling with clang # AES-NI is required for BMR # PCLMUL is required for GF(2^128) computation # AVX2 support (Haswell or later) is used to optimize OT # AVX/AVX2 is required for replicated binary secret sharing # BMI2 is used to optimize multiplication modulo a prime # ADX is used to optimize big integer additions -ARCH = -mtune=native -msse4.1 -maes -mpclmul -mavx -mavx2 -mbmi2 -madx +ARCH = -mtune=native -msse4.1 -msse4.2 -maes -mpclmul -mavx -mavx2 -mbmi2 -madx # allow to set compiler in CONFIG.mine CXX = g++ @@ -35,9 +36,11 @@ ifeq ($(USE_GF2N_LONG),1) GF2N_LONG = -DUSE_GF2N_LONG endif -# MAX_MOD_SZ must be at least ceil(len(p)/len(word)) -# Default is 2, which suffices for 128-bit p -# MOD = -DMAX_MOD_SZ=2 +# MAX_MOD_SZ (for FHE) must be least and GFP_MOD_SZ (for computation) +# must be exactly ceil(len(p)/len(word)) for the relevant prime p +# Default for GFP_MOD_SZ is 2, which is good for 128-bit p +# Default for MAX_MOD_SZ is 10, which suffices for all Overdrive protocols +# MOD = -DMAX_MOD_SZ=10 -DGFP_MOD_SZ=2 LDLIBS = -lmpirxx -lmpir -lsodium $(MY_LDLIBS) LDLIBS += -lboost_system -lssl -lcrypto diff --git a/Check-Offline-Z2k.cpp b/Check-Offline-Z2k.cpp index 1dcbc914a..d3d167cfb 100644 --- a/Check-Offline-Z2k.cpp +++ b/Check-Offline-Z2k.cpp @@ -1,11 +1,12 @@ #include "Math/Z2k.h" -#include "Math/Share.h" +#include "Protocols/Share.h" #include "Math/Setup.h" -#include "Math/Spdz2kShare.h" -#include "Auth/fake-stuff.h" +#include "Protocols/Spdz2kShare.h" +#include "Protocols/fake-stuff.h" -#include "Auth/fake-stuff.hpp" +#include "Protocols/fake-stuff.hpp" +#include "Math/Z2k.hpp" #include #include diff --git a/Check-Offline.cpp b/Check-Offline.cpp index 77b9aa264..271f12292 100644 --- a/Check-Offline.cpp +++ b/Check-Offline.cpp @@ -5,9 +5,9 @@ #include "Math/gf2n.h" #include "Math/gfp.h" -#include "Math/Share.h" -#include "Auth/fake-stuff.h" -#include "Auth/MAC_Check.h" +#include "Protocols/Share.h" +#include "Protocols/fake-stuff.h" +#include "Protocols/MAC_Check.h" #include "Tools/ezOptionParser.h" #include "Exceptions/Exceptions.h" #include "GC/MaliciousRepSecret.h" @@ -15,8 +15,9 @@ #include "Math/Setup.h" #include "Processor/Data_Files.h" -#include "Auth/fake-stuff.hpp" +#include "Protocols/fake-stuff.hpp" #include "Processor/Data_Files.hpp" +#include "Math/Z2k.hpp" #include #include @@ -309,7 +310,7 @@ int main(int argc, const char** argv) cout << "--------------\n"; cout << "Final Keys :\t p: " << keyp << "\n\t\t 2: " << key2 << endl; - check(keyp, N); + check>(keyp, N); check>(key2, N); if (N == 3) diff --git a/Compiler/allocator.py b/Compiler/allocator.py index 7318a87eb..b1fb7bfdb 100644 --- a/Compiler/allocator.py +++ b/Compiler/allocator.py @@ -75,7 +75,7 @@ def process(self, program, alloc_pool): # unused register self.alloc_reg(j, alloc_pool) unused_regs.append(j) - if unused_regs and len(unused_regs) == len(i.get_def()): + if unused_regs and len(unused_regs) == len(list(i.get_def())): # only report if all assigned registers are unused print "Register(s) %s never used, assigned by '%s' in %s" % \ (unused_regs,i,format_trace(i.caller)) @@ -252,7 +252,7 @@ def do_merge(nodes): if len(merge) >= self.max_parallel_open: do_merge(merge) merge[:] = [] - for merge in merges.itervalues(): + for merge in reversed(sorted(merges.itervalues())): if merge: do_merge(merge) self.input_nodes = remaining_input_nodes @@ -481,7 +481,7 @@ def keep_order(instr, n, t, arg_index=None): # find first depth that has the right type and isn't full skipped_depths = set() while (depth in round_type and \ - round_type[depth] != type(instr)) or \ + round_type[depth] != instr.merge_id()) or \ (int(options.max_parallel_open) > 0 and \ parallel_open[depth] >= int(options.max_parallel_open)): skipped_depths.add(depth) @@ -490,7 +490,7 @@ def keep_order(instr, n, t, arg_index=None): for d in skipped_depths: next_available_depth[type(instr), d] = depth - round_type[depth] = type(instr) + round_type[depth] = instr.merge_id() parallel_open[depth] += len(instr.args) * instr.get_size() depths[n] = depth @@ -567,7 +567,7 @@ def eliminate_dead_code(self): open_count = 0 for i,inst in zip(xrange(len(instructions) - 1, -1, -1), reversed(instructions)): # remove if instruction has result that isn't used - unused_result = not G.degree(i) and len(inst.get_def()) \ + unused_result = not G.degree(i) and len(list(inst.get_def())) \ and reduce(operator.and_, (reg.can_eliminate for reg in inst.get_def())) \ and not isinstance(inst, (DoNotEliminateInstruction)) stop_node = G.get_attr(i, 'stop') diff --git a/Compiler/instructions.py b/Compiler/instructions.py index ceb37d111..faf3e1334 100644 --- a/Compiler/instructions.py +++ b/Compiler/instructions.py @@ -1357,6 +1357,10 @@ class muls(base.VarArgsInstruction, base.DataInstruction): def get_repeat(self): return len(self.args) / 3 + def merge_id(self): + # can merge different sizes + return type(self) + # def expand(self): # s = [program.curr_block.new_reg('s') for i in range(9)] # c = [program.curr_block.new_reg('c') for i in range(3)] @@ -1397,6 +1401,7 @@ def get_used(self): for arg in self.args[2::4] + self.args[3::4]), []) @base.gf2n +@base.vectorize class dotprods(base.VarArgsInstruction, base.DataInstruction): """ Secret dot product. """ __slots__ = [] @@ -1429,7 +1434,7 @@ def bases(self): i += self.args[i] def get_repeat(self): - return sum(self.args[i] / 2 for i in self.bases()) + return sum(self.args[i] / 2 for i in self.bases()) * self.get_size() def get_def(self): return [self.args[i + 1] for i in self.bases()] diff --git a/Compiler/instructions_base.py b/Compiler/instructions_base.py index b2a7a85d6..4eb927197 100644 --- a/Compiler/instructions_base.py +++ b/Compiler/instructions_base.py @@ -176,6 +176,7 @@ def int_to_bytes(x): """ 32 bit int to big-endian 4 byte conversion. """ + assert(x < 2**32 and x >= -2**32) return [(x >> 8*i) % 256 for i in (3,2,1,0)] @@ -545,12 +546,12 @@ def check_args(self): def get_used(self): """ Return the set of registers that are read in this instruction. """ - return set(arg for arg,w in zip(self.args, self.arg_format) if \ + return (arg for arg,w in zip(self.args, self.arg_format) if \ format_str_is_reg(w) and not format_str_is_writeable(w)) def get_def(self): """ Return the set of registers that are written to in this instruction. """ - return set(arg for arg,w in zip(self.args, self.arg_format) if \ + return (arg for arg,w in zip(self.args, self.arg_format) if \ format_str_is_writeable(w)) def get_pre_arg(self): @@ -575,6 +576,9 @@ def get_size(self): def add_usage(self, req_node): pass + def merge_id(self): + return type(self), self.get_size() + # String version of instruction attempting to replicate encoded version def __str__(self): diff --git a/Compiler/library.py b/Compiler/library.py index 7853d4b65..d5d354cbd 100644 --- a/Compiler/library.py +++ b/Compiler/library.py @@ -273,7 +273,7 @@ def __init__(self, function, name=None, compile_args=[]): self.function = function self.name = name if name is None: - self.name = self.function.__name__ + '-' + str(id(function)) + self.name = self.function.__name__ self.compile_args = compile_args def __call__(self, *args): args = tuple(arg.read() if isinstance(arg, MemValue) else arg for arg in args) @@ -286,10 +286,10 @@ def __call__(self, *args): def wrapped_function(*compile_args): base = get_arg() bases = dict((t, regint.load_mem(base + i)) \ - for i,t in enumerate(type_args)) + for i,t in enumerate(sorted(type_args))) runtime_args = [None] * len(args) - for t,i_args in type_args.iteritems(): - for i,i_arg in enumerate(i_args): + for t in sorted(type_args): + for i,i_arg in enumerate(type_args[t]): runtime_args[i_arg] = t.load_mem(bases[t] + i) return self.function(*(list(compile_args) + runtime_args)) self.on_first_call(wrapped_function) @@ -298,7 +298,7 @@ def wrapped_function(*compile_args): base = instructions.program.malloc(len(type_args), 'ci') bases = dict((t, get_program().malloc(len(type_args[t]), t)) \ for t in type_args) - for i,reg_type in enumerate(type_args): + for i,reg_type in enumerate(sorted(type_args)): store_in_mem(bases[reg_type], base + i) for j,i_arg in enumerate(type_args[reg_type]): if get_reg_type(args[i_arg]) != reg_type: @@ -393,8 +393,7 @@ def wrapper(self, *args): if self in compiled_functions: return compiled_functions[self](*args) else: - name = '%s-%s-%d' % (type(self).__name__, function.__name__, \ - id(self)) + name = '%s-%s' % (type(self).__name__, function.__name__) block = FunctionBlock(function, name=name, compile_args=(self,)) compiled_functions[self] = block return block(*args) @@ -475,7 +474,7 @@ def round(): a[m], a[m+step] = cond_swap(a[m], a[m+step]) for i in range(len(a)): a[i].store_in_mem(i * a[i].sizeof()) - chunk = MPCThread(round, 'sort-%d-%d-%03x' % (l,k,random.randrange(256**3))) + chunk = MPCThread(round, 'sort-%d-%d' % (l,k)) chunk.start() chunk.join() #round() @@ -511,8 +510,7 @@ def swap_list(list_base): load_secret_mem(base + 1)) store_in_mem(x, base) store_in_mem(y, base + 1) - chunks[size] = FunctionTape(swap_list, 'sort-%d-%03x' % - (size, random.randrange(256**3))) + chunks[size] = FunctionTape(swap_list, 'sort-%d' % size) return chunks[size](base) def run_round(size): @@ -563,9 +561,9 @@ def mem_op(preproc, a_addr, step, tmp_addr): postproc_chunks.append((mem_op, (a_addr, step, tmp_addr))) else: if k not in wrap_chunks: - pre_chunk = FunctionTape(mem_op, 'pre-%d-%03x' % (k,random.randrange(256**3)), + pre_chunk = FunctionTape(mem_op, 'pre-%d' % k, compile_args=[True]) - post_chunk = FunctionTape(mem_op, 'post-%d-%03x' % (k,random.randrange(256**3)), + post_chunk = FunctionTape(mem_op, 'post-%d' % k, compile_args=[False]) wrap_chunks[k] = (pre_chunk, post_chunk) pre_chunk, post_chunk = wrap_chunks[k] @@ -649,8 +647,7 @@ def swap_list(list_base): load_secret_mem(base + 1)) store_in_mem(x, base) store_in_mem(y, base + 1) - chunks[size] = FunctionTape(swap_list, 'sort-%d-%03x' % - (size, random.randrange(256**3))) + chunks[size] = FunctionTape(swap_list, 'sort-%d' % size) return chunks[size](base) def run_round(size): diff --git a/Compiler/permutation.py b/Compiler/permutation.py index 329de376b..24381fd84 100644 --- a/Compiler/permutation.py +++ b/Compiler/permutation.py @@ -134,6 +134,9 @@ def random_perm(n): WARNING: randomness fixed at compile-time, this is NOT secure """ + if not Program.prog.options.insecure: + raise CompilerError('no secure implementation of Waksman permution, ' + 'use --insecure to activate') a = range(n) for i in range(n-1, 0, -1): j = randint(0, i) diff --git a/Compiler/program.py b/Compiler/program.py index 6fdb23af0..84187d259 100644 --- a/Compiler/program.py +++ b/Compiler/program.py @@ -54,7 +54,7 @@ def __init__(self, args, options, param=-1, assemblymode=False): self.galois_length = int(options.galois) print 'Galois length:', self.galois_length self.schedule = [('start', [])] - self.main_ctr = 0 + self.tape_counter = 0 self.tapes = [] self._curr_tape = None self.EMULATE = True # defaults @@ -77,7 +77,7 @@ def __init__(self, args, options, param=-1, assemblymode=False): Compiler.instructions.mulrs_class, \ Compiler.instructions.gmulrs, \ Compiler.instructions.dotprods_class, \ - Compiler.instructions.gdotprods, \ + Compiler.instructions.gdotprods_class, \ Compiler.instructions.asm_input_class, \ Compiler.instructions.gasm_input_class] import Compiler.GC.instructions as gc @@ -131,7 +131,9 @@ def init_names(self, args, assemblymode): if progname.endswith('.mpc'): progname = progname[:-4] - if assemblymode: + if os.path.exists(args[0]): + self.infile = args[0] + elif assemblymode: self.infile = self.programs_dir + '/Source/' + progname + '.asm' else: self.infile = self.programs_dir + '/Source/' + progname + '.mpc' @@ -154,7 +156,6 @@ def new_tape(self, function, args=[], name=None): # make sure there is a current tape self.curr_tape tape_index = len(self.tapes) - name += "-%d" % tape_index self.tape_stack.append(self.curr_tape) self.curr_tape = Tape(name, self) self.curr_tape.prevent_direct_memory_write = True @@ -323,10 +324,8 @@ def restart_main_thread(self): # wait for main thread to finish self.schedule_wait(self._curr_tape) self.main_thread_running = False - name = '%s-%d' % (self.name, self.main_ctr) - self._curr_tape = Tape(name, self) + self._curr_tape = Tape(self.name, self) self.tapes.append(self._curr_tape) - self.main_ctr += 1 # add to schedule self.schedule_start(self._curr_tape) self.main_thread_running = True @@ -405,11 +404,17 @@ def set_security(self, security): def optimize_for_gc(self): pass + def get_tape_counter(self): + res = self.tape_counter + self.tape_counter += 1 + return res + class Tape: """ A tape contains a list of basic blocks, onto which instructions are added. """ def __init__(self, name, program): """ Set prime p and the initial instructions and registers. """ self.program = program + name += '-%d' % program.get_tape_counter() self.init_names(name) self.init_registers() self.req_tree = self.ReqNode(name) @@ -627,7 +632,8 @@ def optimize(self, options): print 'Re-allocating...' allocator = al.StraightlineAllocator(REG_MAX) def alloc_loop(block): - for reg in block.used_from_scope: + for reg in sorted(block.used_from_scope, + key=lambda x: (x.reg_type, x.i)): allocator.alloc_reg(reg, block.alloc_pool) for child in block.children: if child.instructions: @@ -647,7 +653,7 @@ def alloc_loop(block): print 'Compile offline data requirements...' self.req_num = self.req_tree.aggregate() print 'Tape requires', self.req_num - for req,num in self.req_num.items(): + for req,num in sorted(self.req_num.items()): if num == float('inf'): num = -1 if req[1] in data_types: diff --git a/Compiler/types.py b/Compiler/types.py index 4c8db3d81..1147190a0 100644 --- a/Compiler/types.py +++ b/Compiler/types.py @@ -956,8 +956,11 @@ def get_random_input_mask_for(cls, player): @classmethod @set_instruction_type def dot_product(cls, x, y): + x = list(x) + set_global_vector_size(x[0].size) res = cls() dotprods(res, x, y) + reset_global_vector_size() return res @classmethod @@ -2183,7 +2186,8 @@ def n_elements(): @classmethod def dot_product(cls, x, y, res_params=None): - dp = cls.int_type.dot_product([xx.v for xx in x], [yy.v for yy in y]) + dp = cls.int_type.dot_product([xx.pre_mul() for xx in x], + [yy.pre_mul() for yy in y]) return x[0].unreduced(dp, y[0], res_params, len(x)).reduce_after_mul() @classmethod @@ -2337,6 +2341,9 @@ def __init__(self, _v=None, size=None): def load_int(self, v): self.v = self.int_type(v) << self.f + def __getitem__(self, index): + return self._new(self.v[index]) + @vectorize def add(self, other): other = self.coerce(other) @@ -2579,7 +2586,7 @@ def __init__(self, S, Z=0, k=8): self.S = float(S) except: self.S = S - self.Z = Z + self.Z = MemValue.if_necessary(Z) self.k = k self._store = {} if program.options.ring: @@ -2627,6 +2634,7 @@ def reduce(self, unreduced): size = unreduced.v.size n_shift = util.expand(n_shift, size) shifted_Z = util.expand(shifted_Z, size) + int_mult = util.expand(int_mult, size) tmp = unreduced.v * int_mult + shifted_Z shifted = tmp.round(self.max_length, n_shift, squant.kappa, squant.round_nearest) diff --git a/ExternalIO/bankers-bonus-client.cpp b/ExternalIO/bankers-bonus-client.cpp index 391c78c47..07871d5aa 100644 --- a/ExternalIO/bankers-bonus-client.cpp +++ b/ExternalIO/bankers-bonus-client.cpp @@ -36,7 +36,7 @@ #include "Networking/sockets.h" #include "Tools/int.h" #include "Math/Setup.h" -#include "Auth/fake-stuff.h" +#include "Protocols/fake-stuff.h" #include #include diff --git a/ExternalIO/bankers-bonus-commsec-client.cpp b/ExternalIO/bankers-bonus-commsec-client.cpp index 3a2a5a9db..33ab007cd 100644 --- a/ExternalIO/bankers-bonus-commsec-client.cpp +++ b/ExternalIO/bankers-bonus-commsec-client.cpp @@ -40,7 +40,7 @@ #include "Networking/STS.h" #include "Tools/int.h" #include "Math/Setup.h" -#include "Auth/fake-stuff.h" +#include "Protocols/fake-stuff.h" #include #include diff --git a/FHE/Ciphertext.cpp b/FHE/Ciphertext.cpp index 1556f4740..b04e74423 100644 --- a/FHE/Ciphertext.cpp +++ b/FHE/Ciphertext.cpp @@ -1,4 +1,5 @@ #include "Ciphertext.h" +#include "PPData.h" #include "Exceptions/Exceptions.h" Ciphertext::Ciphertext(const FHE_PK& pk) : Ciphertext(pk.get_params()) diff --git a/FHE/Ciphertext.h b/FHE/Ciphertext.h index 66dcf7c82..ee1870c7c 100644 --- a/FHE/Ciphertext.h +++ b/FHE/Ciphertext.h @@ -71,6 +71,11 @@ class Ciphertext template void mul(const Ciphertext& c, const Plaintext_& a) { ::mul(*this, c, a); } + template + Ciphertext operator+(const Plaintext_& other) { Ciphertext res = *this; res += other; return res; } + template + Ciphertext& operator+=(const Plaintext_& other) { cc0 += other.get_poly(); return *this; } + bool operator==(const Ciphertext& c) { return pk_id == c.pk_id && cc0.equals(c.cc0) && cc1.equals(c.cc1); } bool operator!=(const Ciphertext& c) { return !(*this == c); } diff --git a/FHE/FFT_Data.cpp b/FHE/FFT_Data.cpp index 340986230..c38d26e2f 100644 --- a/FHE/FFT_Data.cpp +++ b/FHE/FFT_Data.cpp @@ -168,6 +168,14 @@ istream& operator>>(istream& s,FFT_Data& FFTD) } +void FFT_Data::hash(octetStream& o) const +{ + octetStream tmp; + pack(tmp); + o.concat(tmp.hash()); +} + + void FFT_Data::pack(octetStream& o) const { R.pack(o); diff --git a/FHE/FFT_Data.h b/FHE/FFT_Data.h index c696ea08e..001a9c99d 100644 --- a/FHE/FFT_Data.h +++ b/FHE/FFT_Data.h @@ -41,6 +41,7 @@ class FFT_Data void init_field() const { gfp::init_field(prData.pr); } + void hash(octetStream& o) const; void pack(octetStream& o) const; void unpack(octetStream& o); diff --git a/FHE/FHE_Keys.cpp b/FHE/FHE_Keys.cpp index 43ebb313e..7effaa660 100644 --- a/FHE/FHE_Keys.cpp +++ b/FHE/FHE_Keys.cpp @@ -1,6 +1,9 @@ #include "FHE_Keys.h" #include "Ciphertext.h" +#include "P2Data.h" +#include "PPData.h" +#include "FFT_Data.h" #include "FHEOffline/FullSetup.h" @@ -52,8 +55,10 @@ void FHE_PK::KeyGen(Rq_Element& sk, PRNG& G, int noise_boost) mul(e0,e0,PK.pr); add(PK.b0,PK.b0,e0); +#ifdef CHECK_NOISE // strict check not working for GF(2^n) PK.check_noise(PK.b0 - PK.a0 * sk, false); +#endif if (params->n_mults() > 0) { @@ -88,7 +93,7 @@ void FHE_PK::check_noise(const FHE_SK& SK) void FHE_PK::check_noise(const Rq_Element& x, bool check_modulo) { - + assert(pr != 0); vector noise = x.to_vec_bigint(); bigint m = 0; if (check_modulo) @@ -104,10 +109,11 @@ void FHE_PK::check_noise(const Rq_Element& x, bool check_modulo) noise[i] /= pr; m = m > noise[i] ? m : noise[i]; } - cout << "max noise: " << m << endl; + cerr << "max noise: " << m << endl; } +template<> void FHE_PK::encrypt(Ciphertext& c, const Plaintext& mess,const Random_Coins& rc) const { @@ -123,6 +129,7 @@ void FHE_PK::encrypt(Ciphertext& c, +template<> void FHE_PK::encrypt(Ciphertext& c, const Plaintext& mess,const Random_Coins& rc) const { @@ -137,6 +144,7 @@ void FHE_PK::encrypt(Ciphertext& c, +template<> void FHE_PK::encrypt(Ciphertext& c, const Plaintext& mess,const Random_Coins& rc) const { @@ -205,6 +213,7 @@ Ciphertext FHE_PK::encrypt( } +template<> void FHE_SK::decrypt(Plaintext& mess,const Ciphertext& c) const { if (&c.get_params()!=params) { throw params_mismatch(); } @@ -220,6 +229,7 @@ void FHE_SK::decrypt(Plaintext& mess,const Ciphertext& c) c +template<> void FHE_SK::decrypt(Plaintext& mess,const Ciphertext& c) const { if (&c.get_params()!=params) { throw params_mismatch(); } @@ -234,6 +244,7 @@ void FHE_SK::decrypt(Plaintext& mess,const Ciphertext& c) con +template<> void FHE_SK::decrypt(Plaintext& mess,const Ciphertext& c) const { if (&c.get_params()!=params) { throw params_mismatch(); } @@ -243,7 +254,8 @@ void FHE_SK::decrypt(Plaintext& mess,const Ciphertext& c) mul(ans,c.c1(),sk); sub(ans,c.c0(),ans); - mess.set_poly_mod(ans.to_vec_bigint(),ans.get_modulus()); + ans.change_rep(polynomial); + mess.set_poly_mod(ans.get_iterator(), ans.get_modulus()); } diff --git a/FHE/FHE_Keys.h b/FHE/FHE_Keys.h index 5a833c213..82eb15979 100644 --- a/FHE/FHE_Keys.h +++ b/FHE/FHE_Keys.h @@ -48,9 +48,8 @@ class FHE_SK // Assumes Ring and prime of mess have already been set correctly // Ciphertext c must be at level 0 or an error occurs // c must have same params as SK - void decrypt(Plaintext& mess,const Ciphertext& c) const; - void decrypt(Plaintext& mess,const Ciphertext& c) const; - void decrypt(Plaintext& mess,const Ciphertext& c) const; + template + void decrypt(Plaintext& mess,const Ciphertext& c) const; template Plaintext decrypt(const Ciphertext& c, const FD& FieldD); @@ -121,9 +120,8 @@ class FHE_PK // c must have same params as PK and rc - void encrypt(Ciphertext& c, const Plaintext& mess, const Random_Coins& rc) const; - void encrypt(Ciphertext& c, const Plaintext& mess, const Random_Coins& rc) const; - void encrypt(Ciphertext& c, const Plaintext& mess, const Random_Coins& rc) const; + template + void encrypt(Ciphertext& c, const Plaintext& mess, const Random_Coins& rc) const; template void encrypt(Ciphertext& c, const vector& mess, const Random_Coins& rc) const; @@ -164,4 +162,22 @@ class FHE_PK // PK and SK must have the same params, otherwise an error void KeyGen(FHE_PK& PK,FHE_SK& SK,PRNG& G); + +class FHE_KeyPair +{ +public: + FHE_PK pk; + FHE_SK sk; + + FHE_KeyPair(const FHE_Params& params, const bigint& pr = 0) : + pk(params, pr), sk(params, pr) + { + } + + void generate(PRNG& G) + { + KeyGen(pk, sk, G); + } +}; + #endif diff --git a/FHE/Matrix.cpp b/FHE/Matrix.cpp index dd17d28c8..a61fde4bb 100644 --- a/FHE/Matrix.cpp +++ b/FHE/Matrix.cpp @@ -20,7 +20,7 @@ void ident(matrix& U,int n) void ident(imatrix& U,int n) { - U.resize(n, vector(n) ); + U.resize(n, imatrix::value_type(n)); for (int i=0; i>(istream& s,imatrix& A) { int r,c; s >> r >> c; - A.resize(r, vector(c) ); + A.resize(r, imatrix::value_type(c) ); for (int i=0; i> A[i][j]; } + { + bool b; + s >> b; + A[i][j] = b; + } } return s; } diff --git a/FHE/Matrix.h b/FHE/Matrix.h index 8e9556384..a2e1e30f1 100644 --- a/FHE/Matrix.h +++ b/FHE/Matrix.h @@ -7,15 +7,17 @@ using namespace std; #include "Math/bigint.h" #include "Math/modp.h" +#include "OT/BitVector.h" typedef vector< vector > matrix; typedef vector< vector > modp_matrix; -class imatrix : public vector< vector > +class imatrix : public vector< BitVector > { public: bool operator!=(const imatrix& other) const; + void hash(octetStream& o) const; void pack(octetStream& o) const; void unpack(octetStream& o); }; diff --git a/FHE/NTL-Subs.cpp b/FHE/NTL-Subs.cpp index 88f55d655..cad67c6ab 100644 --- a/FHE/NTL-Subs.cpp +++ b/FHE/NTL-Subs.cpp @@ -112,7 +112,7 @@ int generate_semi_setup(int plaintext_length, int sec, { if (params.n_mults() > 0) throw runtime_error("only implemented for 0-level BGV"); - gf2n::init_field(plaintext_length); + gf2n_short::init_field(plaintext_length); int m; char_2_dimension(m, plaintext_length); SemiHomomorphicNoiseBounds nb(2, phi_N(m), 1, sec, @@ -417,10 +417,10 @@ GF2X Subs_PowX_Mod(const GF2X& a,int pow,int m,const GF2X& c) void init(P2Data& P2D,const Ring& Rg) { GF2X G,F; - SetCoeff(G,gf2n::degree(),1); + SetCoeff(G,gf2n_short::degree(),1); SetCoeff(G,0,1); - for (int i=0; i(Gord*gf2n::degree())); + imatrix A; + A.resize(Rg.phi_m(), imatrix::value_type(Gord*gf2n_short::degree())); + P2D.A.resize(A[0].size(), imatrix::value_type(A.size())); for (int slot=0; slot>(istream& s,P2Data& P2D) string get_filename(const Ring& Rg) { - return (string) PREP_DIR + "P2D-" + to_string(gf2n::degree()) + "x" - + to_string(Rg.phi_m() / gf2n::degree()); + return (string) PREP_DIR + "P2D-" + to_string(gf2n_short::degree()) + "x" + + to_string(Rg.phi_m() / gf2n_short::degree()); } void P2Data::load(const Ring& Rg) @@ -114,8 +134,6 @@ void P2Data::load(const Ring& Rg) ifstream s(filename); octetStream os; os.input(s); - if (s.eof() or s.fail()) - throw runtime_error("cannot load P2Data"); unpack(os); } diff --git a/FHE/P2Data.h b/FHE/P2Data.h index b36f8871e..53d8c73e0 100644 --- a/FHE/P2Data.h +++ b/FHE/P2Data.h @@ -12,7 +12,7 @@ class P2Data { int slots; - // Data for the forward mapping (phi_m by (slots*gf2n:deg)) + // Data for the forward mapping ((slots*gf2n:deg) by phi_m) imatrix A; // Data for the backward mapping (phi_m by phi_m) imatrix Ai; @@ -22,8 +22,8 @@ class P2Data typedef int S; int num_slots() const { return slots; } - int degree() const { return A.size() ? A[0].size() : 0; } - int phi_m() const { return A.size(); } + int degree() const { return A.size() ? A.size() : 0; } + int phi_m() const { return A[0].size(); } void check_dimensions() const; @@ -39,6 +39,7 @@ class P2Data // no op because we require field to be initalized first void init_field() const {} + void hash(octetStream& o) const; void pack(octetStream& o) const; void unpack(octetStream& o); diff --git a/FHE/Plaintext.cpp b/FHE/Plaintext.cpp index 5f26e54e3..ea463358d 100644 --- a/FHE/Plaintext.cpp +++ b/FHE/Plaintext.cpp @@ -1,6 +1,8 @@ #include "FHE/Plaintext.h" #include "FHE/Ring_Element.h" +#include "FHE/PPData.h" +#include "FHE/P2Data.h" template<> @@ -211,6 +213,22 @@ void Plaintext::set_poly_mod(const vector& vv,con } +template<> +void Plaintext::set_poly_mod(const Generator& generator,const bigint& mod) +{ + allocate(Polynomial); + bigint half_mod = mod / 2; + bigint te; + for (unsigned int i=0; i half_mod) + te -= mod; + b[i]=isOdd(te); + } +} + + void rand_poly(vector& b,PRNG& G,const bigint& pr,bool positive=true) { for (unsigned int i=0; i::assign_one(PT_Type t) } } +template +void Plaintext::assign_constant(T constant, PT_Type t) +{ + allocate(Evaluation); + for (auto& x : a) + x = constant; + if (t != Evaluation) + to_poly(); +} template Plaintext& Plaintext::operator+=( @@ -399,10 +426,7 @@ Plaintext& Plaintext::operator+=( if (b.size() != y.b.size()) throw length_error("size mismatch"); - for (unsigned int i = 0; i < b.size(); i++) - b[i] += y.b[i]; - - type = Polynomial; + add(*this, *this, y); return *this; } @@ -487,9 +511,8 @@ void add(Plaintext& z,const Plaintext& z,const Plaintext @@ -148,6 +142,7 @@ class Plaintext void assign_zero(PT_Type t = Evaluation); void assign_one(PT_Type t = Evaluation); + void assign_constant(T constant, PT_Type t = Evaluation); friend void add<>(Plaintext& z,const Plaintext& x,const Plaintext& y); friend void sub<>(Plaintext& z,const Plaintext& x,const Plaintext& y); diff --git a/FHE/Ring_Element.cpp b/FHE/Ring_Element.cpp index 354c247fc..a73bcbe56 100644 --- a/FHE/Ring_Element.cpp +++ b/FHE/Ring_Element.cpp @@ -6,39 +6,22 @@ void reduce_step(vector& aa,int i,const FFT_Data& FFTD) { modp temp=aa[i]; for (int j=0; j 0) + for (int k = 0; k < FFTD.Phi()[j]; k++) + Sub(aa[i-FFTD.phi_m()+j],aa[i-FFTD.phi_m()+j],temp,FFTD.get_prD()); + else + for (int k = 0; k < abs(FFTD.Phi()[j]); k++) + Add(aa[i-FFTD.phi_m()+j],aa[i-FFTD.phi_m()+j],temp,FFTD.get_prD()); } } +void reduce(vector& aa, int top, int bottom, const FFT_Data& FFTD) +{ + for (int i = top - 1; i >= bottom; i--) + reduce_step(aa, i, FFTD); +} + Ring_Element::Ring_Element(const FFT_Data& fftd,RepType r) { @@ -129,10 +112,7 @@ void mul(Ring_Element& ans,const Ring_Element& a,const Ring_Element& b) } } // Now apply reduction, assumes Ring.poly is monic - for (int i=2*(*a.FFTD).phi_m()-1; i>=(*a.FFTD).phi_m(); i--) - { reduce_step(aa,i,*a.FFTD); - assignZero(aa[i],(*a.FFTD).get_prD()); - } + reduce(aa, 2*(*a.FFTD).phi_m(), (*a.FFTD).phi_m(), *a.FFTD); // Now stick into answer for (int i=0; i<(*ans.FFTD).phi_m(); i++) { ans.element[i]=aa[i]; } @@ -296,8 +276,7 @@ void Ring_Element::change_rep(RepType r) { fft[(*FFTD).p(i)]=element[i]; } BFFT(fft,fft,*FFTD,false); // Need to reduce fft mod Phi_m - for (int i=(*FFTD).m()-1; i>=(*FFTD).phi_m(); i--) - { reduce_step(fft,i,*FFTD); } + reduce(fft, (*FFTD).m(), (*FFTD).phi_m(), *FFTD); for (int i=0; i<(*FFTD).phi_m(); i++) { element[i]=fft[i]; } } diff --git a/FHE/Rq_Element.h b/FHE/Rq_Element.h index 6456e4ffb..7479adb00 100644 --- a/FHE/Rq_Element.h +++ b/FHE/Rq_Element.h @@ -69,12 +69,6 @@ class Rq_Element ~Rq_Element() { ; } - // Copy Assignment - Rq_Element& operator=(const Rq_Element& e) - { if (this!=&e) { assign(e); } - return *this; - } - const Ring_Element& get(int i) const { return a[i]; } /* Functional Operators */ @@ -84,6 +78,9 @@ class Rq_Element friend void mul(Rq_Element& ans,const Rq_Element& a,const Rq_Element& b); friend void mul(Rq_Element& ans,const Rq_Element& a,const bigint& b); + template + Rq_Element& operator+=(const vector& other); + Rq_Element& operator+=(const Rq_Element& other) { add(*this, *this, other); return *this; } Rq_Element operator+(const Rq_Element& b) const { Rq_Element res(*this); add(res, *this, b); return res; } @@ -155,5 +152,13 @@ template inline void mul(Rq_Element& ans,const bigint& a,const Rq_Element& b) { mul(ans,b,a); } -#endif +template +Rq_Element& Rq_Element::operator+=(const vector& other) +{ + Rq_Element tmp = *this; + tmp.from_vec(other, lev); + add(*this, *this, tmp); + return *this; +} +#endif diff --git a/FHEOffline/DataSetup.cpp b/FHEOffline/DataSetup.cpp index 3e86e04f2..11a628d5f 100644 --- a/FHEOffline/DataSetup.cpp +++ b/FHEOffline/DataSetup.cpp @@ -5,7 +5,7 @@ #include #include "FHEOffline/DistKeyGen.h" -#include "Auth/fake-stuff.h" +#include "Protocols/fake-stuff.h" #include "FHE/NTL-Subs.h" #include "Tools/benchmarking.h" @@ -69,7 +69,7 @@ void PartSetup::generate_setup(int n_parties, int plaintext_length, int sec, void DataSetup::write_setup(string dir, bool skip_2) { ofstream outf; - write_online_setup(outf, dir, FTD.get_prime(), gf2n::degree()); + write_online_setup(outf, dir, FTD.get_prime(), gf2n_short::degree()); setup_p.output_setup(outf); if (not skip_2) setup_2.output_setup(outf); @@ -83,7 +83,7 @@ void DataSetup::write_setup(bool skip_2) string DataSetup::get_prep_dir(int n_parties) const { return ::get_prep_dir(n_parties, FTD.get_prime().numBits(), - gf2n::degree()); + gf2n_short::degree()); } void DataSetup::write_setup(const Names& N, bool skip_2) diff --git a/FHEOffline/DistDecrypt.cpp b/FHEOffline/DistDecrypt.cpp index 5ab4f42bf..c3a585470 100644 --- a/FHEOffline/DistDecrypt.cpp +++ b/FHEOffline/DistDecrypt.cpp @@ -1,5 +1,6 @@ #include "DistDecrypt.h" +#include "FHE/P2Data.h" template DistDecrypt::DistDecrypt(const Player& P, const FHE_SK& share, diff --git a/FHEOffline/DistKeyGen.cpp b/FHEOffline/DistKeyGen.cpp index 099a00a47..62df83c2d 100644 --- a/FHEOffline/DistKeyGen.cpp +++ b/FHEOffline/DistKeyGen.cpp @@ -4,7 +4,7 @@ */ #include -#include "Auth/Subroutines.h" +#include "Tools/Subroutines.h" /* * This creates the "pseudo-encryption" of the R_q element mess, @@ -189,7 +189,7 @@ void DistKeyGen::finalize(FHE_PK& pk, FHE_SK& sk) sk.assign(secret); } -void DistKeyGen::check_equality(const DistKeyGen other) +void DistKeyGen::check_equality(const DistKeyGen& other) { if (a != other.a) throw runtime_error("no match at a"); diff --git a/FHEOffline/DistKeyGen.h b/FHEOffline/DistKeyGen.h index 0b3b09491..f8081338e 100644 --- a/FHEOffline/DistKeyGen.h +++ b/FHEOffline/DistKeyGen.h @@ -47,7 +47,7 @@ class DistKeyGen void compute_enc(); void sum_enc(const vector& enc); void finalize(FHE_PK& pk, FHE_SK& sk); - void check_equality(const DistKeyGen other); + void check_equality(const DistKeyGen& other); }; #endif /* FHEOFFLINE_DISTKEYGEN_H_ */ diff --git a/FHEOffline/EncCommit.cpp b/FHEOffline/EncCommit.cpp index e685d9d3d..28300ebe4 100644 --- a/FHEOffline/EncCommit.cpp +++ b/FHEOffline/EncCommit.cpp @@ -1,9 +1,10 @@ -#include "Auth/Subroutines.h" +#include "Tools/Subroutines.h" #include "Exceptions/Exceptions.h" #include "Tools/random.h" #include "EncCommit.h" +#include "FHE/P2Data.h" #include @@ -73,7 +74,14 @@ void EncCommit::init(const Player& PP,const FHE_PK& fhepk,condition cc,c template void EncCommit::next_covert(Plaintext& mess, vector& C) const { - const FHE_Params& params=(*pk).get_params(); + covert_generation(mess, C, {size_t(P->num_players()), pk}, P, num_runs, cond); +} + +template +void covert_generation(Plaintext_& mess, vector& C, + const vector& pks, const Player* P, int num_runs, condition cond) +{ + const FHE_Params& params=(*pks[0]).get_params(); /* Commit to the seeds */ vector< vector > seeds(num_runs, vector((*P).num_players())); @@ -84,13 +92,13 @@ void EncCommit::next_covert(Plaintext& mess, vector& Commit_To_Seeds(G,seeds,Comm_seeds,Open_seeds,*P,num_runs); // Generate the messages and ciphertexts - vector< Plaintext > m(num_runs,mess.get_field()); + vector< Plaintext_ > m(num_runs,mess.get_field()); vector c(num_runs,params); Random_Coins rc(params); for (int i=0; imy_num()]).encrypt(c[i],m[i],rc); //cout << "xxxxxxxxxxxxxxxxxxxxx" << endl; //cout << i << "\t" << (*P).socket(P.my_num()) << endl; //cout << i << "\t" << m[i] << endl; @@ -118,7 +126,7 @@ void EncCommit::next_covert(Plaintext& mess, vector& Open(seeds,Comm_seeds,Open_seeds,*P,num_runs,challenge); // Now check all the prior executions - Plaintext mm(mess.get_field()); + Plaintext_ mm(mess.get_field()); Ciphertext cc(params); octetStream occ; for (int i=0; i::next_covert(Plaintext& mess, vector& //cout << "GOT SEED : " << i << " " << j << " " << P.socket(j) << seeds[i][j] << endl; mm.randomize(G,cond); rc.generate(G); - (*pk).encrypt(cc,mm,rc); + (*pks[j]).encrypt(cc,mm,rc); occ.reset_write_head(); cc.pack(occ); if (!occ.equals(ctx[i][j])) diff --git a/FHEOffline/EncCommit.h b/FHEOffline/EncCommit.h index 4707d9a72..abddb0bdb 100644 --- a/FHEOffline/EncCommit.h +++ b/FHEOffline/EncCommit.h @@ -130,6 +130,9 @@ class EncCommit : public EncCommitBase template using EncCommit_ = EncCommit; +template +void covert_generation(Plaintext_& mess, vector& C, + const vector& pks, const Player* P, int num_runs, condition cond); template void generate_mac_key(typename FD::T& key_share, Ciphertext& key, const FD& FieldD, diff --git a/FHEOffline/FHE-Subroutines.cpp b/FHEOffline/FHE-Subroutines.cpp index c6380f5a6..267dd8ac2 100644 --- a/FHEOffline/FHE-Subroutines.cpp +++ b/FHEOffline/FHE-Subroutines.cpp @@ -1,5 +1,5 @@ -#include "Auth/Subroutines.h" +#include "Tools/Subroutines.h" #include "FHE/Rq_Element.h" #include "FHE/Ciphertext.h" #include "Tools/Commit.h" diff --git a/FHEOffline/FullSetup.cpp b/FHEOffline/FullSetup.cpp index 041dcf963..6503e9cef 100644 --- a/FHEOffline/FullSetup.cpp +++ b/FHEOffline/FullSetup.cpp @@ -40,7 +40,7 @@ void get_setup(FHE_Params& params_p,FFT_Data& FTD, if (!skip_2) { // initialize before reading P2D for consistency check - gf2n::init_field(lg2); + gf2n_short::init_field(lg2); inpf >> R2; inpf >> P2D; if (R2.phi_m() != P2D.phi_m()) diff --git a/FHEOffline/Multiplier.cpp b/FHEOffline/Multiplier.cpp index 2efe285a7..04dd9105b 100644 --- a/FHEOffline/Multiplier.cpp +++ b/FHEOffline/Multiplier.cpp @@ -10,9 +10,9 @@ template Multiplier::Multiplier(int offset, PairwiseGenerator& generator) : generator(generator), machine(generator.machine), - P(generator.global_player, offset), - num_players(generator.global_player.num_players()), - my_num(generator.global_player.my_num()), + P(generator.P, offset), + num_players(generator.P.num_players()), + my_num(generator.P.my_num()), other_pk(machine.other_pks[(my_num + num_players - offset) % num_players]), other_enc_alpha(machine.enc_alphas[(my_num + num_players - offset) % num_players]), timers(generator.timers), @@ -34,39 +34,54 @@ void Multiplier::multiply_and_add(Plaintext_& res, template void Multiplier::multiply_and_add(Plaintext_& res, - const Ciphertext& enc_a, const Rq_Element& b) + const Ciphertext& enc_a, const Rq_Element& b, OT_ROLE role) { - PRNG G; - G.ReSeed(); - timers["Ciphertext multiplication"].start(); - C.mul(enc_a, b); - timers["Ciphertext multiplication"].stop(); - timers["Mask randomization"].start(); - product_share.randomize(G); - bigint B = 6 * machine.setup().params.get_R(); - B *= machine.setup().FieldD.get_prime(); - B <<= machine.sec; - // slack - B *= NonInteractiveProof::slack(machine.sec, - machine.setup().params.phi_m()); - B <<= machine.extra_slack; - rc.generateUniform(G, 0, B, B); - timers["Mask randomization"].stop(); - timers["Encryption"].start(); - other_pk.encrypt(mask, product_share, rc); - timers["Encryption"].stop(); - timers["Multiplied ciphertext sending"].start(); octetStream o; - mask += C; - mask.pack(o); - P.reverse_exchange(o); - C.unpack(o); + + if (role & SENDER) + { + PRNG G; + G.ReSeed(); + timers["Ciphertext multiplication"].start(); + C.mul(enc_a, b); + timers["Ciphertext multiplication"].stop(); + timers["Mask randomization"].start(); + product_share.randomize(G); + bigint B = 6 * machine.setup().params.get_R(); + B *= machine.setup().FieldD.get_prime(); + B <<= machine.drown_sec; + // slack + B *= NonInteractiveProof::slack(machine.sec, + machine.setup().params.phi_m()); + B <<= machine.extra_slack; + rc.generateUniform(G, 0, B, B); + timers["Mask randomization"].stop(); + timers["Encryption"].start(); + other_pk.encrypt(mask, product_share, rc); + timers["Encryption"].stop(); + mask += C; + mask.pack(o); + res -= product_share; + } + + timers["Multiplied ciphertext sending"].start(); + if (role == BOTH) + P.reverse_exchange(o); + else if (role == SENDER) + P.reverse_send(o); + else if (role == RECEIVER) + P.receive(o); timers["Multiplied ciphertext sending"].stop(); - timers["Decryption"].start(); - res -= product_share; - machine.sk.decrypt_any(product_share, C); - res += product_share; - timers["Decryption"].stop(); + + if (role & RECEIVER) + { + timers["Decryption"].start(); + C.unpack(o); + machine.sk.decrypt_any(product_share, C); + res += product_share; + timers["Decryption"].stop(); + } + memory_usage.update("multiplied ciphertext", C.report_size(CAPACITY)); memory_usage.update("mask ciphertext", mask.report_size(CAPACITY)); memory_usage.update("product shares", product_share.report_size(CAPACITY)); @@ -75,9 +90,9 @@ void Multiplier::multiply_and_add(Plaintext_& res, template void Multiplier::multiply_alpha_and_add(Plaintext_& res, - const Rq_Element& b) + const Rq_Element& b, OT_ROLE role) { - multiply_and_add(res, other_enc_alpha, b); + multiply_and_add(res, other_enc_alpha, b, role); } template diff --git a/FHEOffline/Multiplier.h b/FHEOffline/Multiplier.h index 1733cd3cc..4a9ba4a5f 100644 --- a/FHEOffline/Multiplier.h +++ b/FHEOffline/Multiplier.h @@ -9,6 +9,7 @@ #include "FHEOffline/SimpleEncCommit.h" #include "FHE/AddableVector.h" #include "Tools/MemoryUsage.h" +#include "OT/BaseOT.h" template using PlaintextVector = AddableVector< Plaintext_ >; @@ -41,8 +42,9 @@ class Multiplier void multiply_and_add(Plaintext_& res, const Ciphertext& C, const Plaintext_& b); void multiply_and_add(Plaintext_& res, const Ciphertext& C, - const Rq_Element& b); - void multiply_alpha_and_add(Plaintext_& res, const Rq_Element& b); + const Rq_Element& b, OT_ROLE role = BOTH); + void multiply_alpha_and_add(Plaintext_& res, const Rq_Element& b, + OT_ROLE role = BOTH); int get_offset() { return P.get_offset(); } size_t report_size(ReportType type); void report_size(ReportType type, MemoryUsage& res); diff --git a/FHEOffline/PairwiseGenerator.cpp b/FHEOffline/PairwiseGenerator.cpp index 516248a60..84118e39a 100644 --- a/FHEOffline/PairwiseGenerator.cpp +++ b/FHEOffline/PairwiseGenerator.cpp @@ -6,20 +6,25 @@ #include "FHEOffline/PairwiseGenerator.h" #include "FHEOffline/PairwiseMachine.h" #include "FHEOffline/Producer.h" +#include "Protocols/SemiShare.h" -#include "Auth/MAC_Check.hpp" +#include "Protocols/MAC_Check.hpp" +#include "Protocols/SemiInput.hpp" +#include "Protocols/ReplicatedInput.hpp" +#include "Processor/Input.hpp" template PairwiseGenerator::PairwiseGenerator(int thread_num, - PairwiseMachine& machine) : - GeneratorBase(thread_num, machine.N), - producer(machine.setup().FieldD, machine.N.my_num(), + PairwiseMachine& machine, Player* player) : + GeneratorBase(thread_num, machine.N, player), + producer(machine.setup().FieldD, P.my_num(), thread_num, machine.output), EC(P, machine.other_pks, machine.setup().FieldD, timers, machine, *this), + MC(machine.setup().alphai), C(machine.sec, machine.setup().params), volatile_memory(0), - machine(machine), global_player(machine.N, (1LL << 28) + (thread_num << 16)) + machine(machine) { - for (int i = 1; i < machine.N.num_players(); i++) + for (int i = 1; i < P.num_players(); i++) multipliers.push_back(new Multiplier(i, *this)); const FD& FieldD = machine.setup().FieldD; a.resize(machine.sec, FieldD); @@ -45,7 +50,6 @@ void PairwiseGenerator::run() { PRNG G; G.ReSeed(); - MAC_Check MC(machine.setup().alphai); while (total < machine.nTriplesPerThread) { @@ -100,12 +104,53 @@ void PairwiseGenerator::run() timers["Checking"].stop(); } - cout << "Could save " << 1e-9 * a.report_size(CAPACITY) << " GB" << endl; +#ifdef FHE_MEMORY + cerr << "Could save " << 1e-9 * a.report_size(CAPACITY) << " GB" << endl; +#endif timers.insert(EC.timers.begin(), EC.timers.end()); timers.insert(producer.timers.begin(), producer.timers.end()); timers["Networking"] = P.timer; } +template +void PairwiseGenerator::generate_inputs(int player) +{ + bool mine = player == P.my_num(); + if (mine) + { + SeededPRNG G; + b[0].randomize(G); + b_mod_q.at(0).from_vec(b.at(0).get_poly()); + producer.macs[0].mul(machine.setup().alpha, b[0]); + } + else + producer.macs[0].assign_zero(); + + for (auto m : multipliers) + if (mine or P.get_player(m->get_offset()) == player) + m->multiply_alpha_and_add(producer.macs[0], b_mod_q[0], mine ? SENDER : RECEIVER); + + inputs.clear(); + Share check_value; + GlobalPRNG G(P); + SemiInput> input(0, P); + input.reset_all(P); + for (size_t i = 0; i < b[0].num_slots(); i++) + { + input.add_mine(b[0].element(i)); + } + input.exchange(); + for (size_t i = 0; i < b[0].num_slots(); i++) + { + Share share(input.finalize(player), producer.macs[0].element(i)); + inputs.push_back({share, b[0].element(i)}); + check_value += G.get() * share; + } + inputs.pop_back(); + MC.POpen(check_value, P); + MC.Check(P); +} + template size_t PairwiseGenerator::report_size(ReportType type) { @@ -124,7 +169,7 @@ size_t PairwiseGenerator::report_size(ReportType type) template size_t PairwiseGenerator::report_sent() { - return P.sent + global_player.sent; + return P.sent; } template diff --git a/FHEOffline/PairwiseGenerator.h b/FHEOffline/PairwiseGenerator.h index 58fea7d3d..51e4fa923 100644 --- a/FHEOffline/PairwiseGenerator.h +++ b/FHEOffline/PairwiseGenerator.h @@ -17,13 +17,17 @@ class PairwiseMachine; template class PairwiseGenerator : public GeneratorBase { + typedef typename FD::T T; + friend MultiEncCommit; + template friend class CowGearPrep; PlaintextVector a, b, c; AddableVector b_mod_q; vector*> multipliers; TripleProducer_ producer; MultiEncCommit EC; + MAC_Check MC; // temporary data AddableVector C; @@ -33,12 +37,15 @@ class PairwiseGenerator : public GeneratorBase public: PairwiseMachine& machine; - PlainPlayer global_player; - PairwiseGenerator(int thread_num, PairwiseMachine& machine); + vector>> inputs; + + PairwiseGenerator(int thread_num, PairwiseMachine& machine, Player* player = 0); ~PairwiseGenerator(); void run(); + void generate_inputs(int player); + size_t report_size(ReportType type); void report_size(ReportType type, MemoryUsage& res); size_t report_sent(); diff --git a/FHEOffline/PairwiseMachine.cpp b/FHEOffline/PairwiseMachine.cpp index ebf31c36d..5d0088c8b 100644 --- a/FHEOffline/PairwiseMachine.cpp +++ b/FHEOffline/PairwiseMachine.cpp @@ -5,19 +5,31 @@ #include "FHEOffline/PairwiseMachine.h" #include "Tools/benchmarking.h" -#include "Auth/fake-stuff.h" +#include "Protocols/fake-stuff.h" -#include "Auth/fake-stuff.hpp" +#include "Protocols/fake-stuff.hpp" + +PairwiseMachine::PairwiseMachine(Player& P) : + P(P), + other_pks(P.num_players(), {setup_p.params, 0}), + pk(other_pks[P.my_num()]), sk(pk) +{ +} PairwiseMachine::PairwiseMachine(int argc, const char** argv) : - MachineBase(argc, argv), P(N, 0xffff << 16), + MachineBase(argc, argv), P(*new PlainPlayer(N, 0xffff << 16)), other_pks(N.num_players(), {setup_p.params, 0}), pk(other_pks[N.my_num()]), sk(pk) +{ + init(); +} + +void PairwiseMachine::init() { if (use_gf2n) { field_size = 40; - gf2n::init_field(field_size); + gf2n_short::init_field(field_size); setup_keys(); } else @@ -52,8 +64,9 @@ PairwiseSetup& PairwiseMachine::setup() template void PairwiseMachine::setup_keys() { + auto& N = P; PairwiseSetup& s = setup(); - s.init(P, sec, field_size, extra_slack); + s.init(P, drown_sec, field_size, extra_slack); if (output) write_mac_keys(PREP_DIR, P.my_num(), P.num_players(), setup_p.alphai, setup_2.alphai); @@ -70,9 +83,21 @@ void PairwiseMachine::setup_keys() for (int i = 0; i < N.num_players(); i++) if (i != N.my_num()) other_pks[i].unpack(os[i]); + set_mac_key(s.alphai); +} +template +void PairwiseMachine::set_mac_key(T alphai) +{ + typedef typename T::FD FD; + auto& N = P; + PairwiseSetup& s = setup(); + s.alphai = alphai; + for (size_t i = 0; i < s.alpha.num_slots(); i++) + s.alpha.set_element(i, alphai); insecure("MAC key generation"); Ciphertext enc_alpha = pk.encrypt(s.alpha); + vector os; os.clear(); os.resize(N.num_players()); enc_alphas.resize(N.num_players(), pk); diff --git a/FHEOffline/PairwiseMachine.h b/FHEOffline/PairwiseMachine.h index f435e48d5..0a3fe8abf 100644 --- a/FHEOffline/PairwiseMachine.h +++ b/FHEOffline/PairwiseMachine.h @@ -15,18 +15,24 @@ class PairwiseMachine : public MachineBase public: PairwiseSetup setup_p; PairwiseSetup setup_2; - PlainPlayer P; + Player& P; vector other_pks; FHE_PK& pk; FHE_SK sk; vector enc_alphas; + PairwiseMachine(Player& P); PairwiseMachine(int argc, const char** argv); + void init(); + template void setup_keys(); + template + void set_mac_key(T alphai); + template PairwiseSetup& setup(); }; diff --git a/FHEOffline/PairwiseSetup.cpp b/FHEOffline/PairwiseSetup.cpp index a9bc6b662..e9e9f3049 100644 --- a/FHEOffline/PairwiseSetup.cpp +++ b/FHEOffline/PairwiseSetup.cpp @@ -8,12 +8,14 @@ #include "FHE/NTL-Subs.h" #include "Math/Setup.h" #include "FHEOffline/Proof.h" +#include "FHEOffline/PairwiseMachine.h" +#include "Tools/Commit.h" +#include "Tools/Bundle.h" template void PairwiseSetup::init(const Player& P, int sec, int plaintext_length, int& extra_slack) { - sec = max(sec, 40); cout << "Finding parameters for security " << sec << " and field size ~2^" << plaintext_length << endl; PRNG G; @@ -44,5 +46,118 @@ void PairwiseSetup::init(const Player& P, int sec, int plaintext_length, alphai = alpha.element(0); } +template +void PairwiseSetup::secure_init(Player& P, PairwiseMachine& machine, int plaintext_length, int sec) +{ + machine.sec = sec; + sec = max(sec, 40); + machine.drown_sec = sec; + string filename = PREP_DIR "Params-" + FD::T::type_string() + "-" + + to_string(plaintext_length) + "-" + to_string(sec) + "-P" + + to_string(P.my_num()); + try + { + ifstream file(filename); + octetStream os; + os.input(file); + os.get(machine.extra_slack); + params.unpack(os); + FieldD.unpack(os); + FieldD.init_field(); + check(P, machine); + } + catch (...) + { + cout << "Finding parameters for security " << sec << " and field size ~2^" + << plaintext_length << endl; + machine.extra_slack = generate_semi_setup(plaintext_length, sec, params, FieldD, true); + check(P, machine); + octetStream os; + os.store(machine.extra_slack); + params.pack(os); + FieldD.pack(os); + ofstream file(filename); + os.output(file); + } + alpha = FieldD; +} + +template +void PairwiseSetup::check(Player& P, PairwiseMachine& machine) +{ + Bundle bundle(P); + bundle.mine.store(machine.extra_slack); + params.pack(bundle.mine); + FieldD.hash(bundle.mine); + P.Broadcast_Receive(bundle, true); + for (auto& os : bundle) + if (os != bundle.mine) + throw runtime_error("mismatch of parameters among parties"); +} + +template +void PairwiseSetup::covert_key_generation(Player& P, + PairwiseMachine& machine, int num_runs) +{ + vector G(num_runs); + vector commits(num_runs, P); + vector my_keys(num_runs, {params, FieldD.get_prime()}); + Bundle pks(P); + + for (int i = 0; i < num_runs; i++) + { + my_keys[i].generate(G[i]); + my_keys[i].pk.pack(pks.mine); + commits[i].commit({SEED_SIZE, G[i].get_seed()}); + } + + P.Broadcast_Receive(pks); + int challenge = GlobalPRNG(P).get_uint(num_runs); + machine.sk = my_keys[challenge].sk; + machine.pk = my_keys[challenge].pk; + + for (int i = 0; i < num_runs; i++) + if (i != challenge) + commits[i].open({SEED_SIZE, G[i].get_seed()}); + + for (int i = 0; i < num_runs; i++) + { + for (int j = 0; j < P.num_players(); j++) + if (j != P.my_num()) + { + FHE_PK pk(params); + pk.unpack(pks[j]); + if (i == challenge) + machine.other_pks[j] = pk; + else + { + FHE_KeyPair pair(params, FieldD.get_prime()); + PRNG prng(commits[i].messages[j]); + pair.generate(prng); + if (pair.pk != pk) + throw bad_keygen("covert pairwise key generation"); + } + } + } +} + +template +void PairwiseSetup::covert_mac_generation(Player& P, + PairwiseMachine& machine, int num_runs) +{ + vector pks; + for (auto& pk : machine.other_pks) + pks.push_back(&pk); + covert_generation(alpha, machine.enc_alphas, pks, &P, num_runs, Diagonal); + alphai = alpha.element(0); +} + +template +void PairwiseSetup::set_alphai(T alphai) +{ + this->alphai = alphai; + alpha.assign_constant(alphai); +} + template class PairwiseSetup; template class PairwiseSetup; diff --git a/FHEOffline/PairwiseSetup.h b/FHEOffline/PairwiseSetup.h index c4ab1e423..3e5fa0e59 100644 --- a/FHEOffline/PairwiseSetup.h +++ b/FHEOffline/PairwiseSetup.h @@ -10,9 +10,13 @@ #include "FHE/Plaintext.h" #include "Networking/Player.h" +class PairwiseMachine; + template class PairwiseSetup { + typedef typename FD::T T; + public: FHE_Params params; FD FieldD; @@ -23,6 +27,13 @@ class PairwiseSetup PairwiseSetup() : params(0), alpha(FieldD) {} void init(const Player& P, int sec, int plaintext_length, int& extra_slack); + + void secure_init(Player& P, PairwiseMachine& machine, int plaintext_length, int sec); + void check(Player& P, PairwiseMachine& machine); + void covert_key_generation(Player& P, PairwiseMachine& machine, int num_runs); + void covert_mac_generation(Player& P, PairwiseMachine& machine, int num_runs); + + void set_alphai(T alphai); }; #endif /* FHEOFFLINE_PAIRWISESETUP_H_ */ diff --git a/FHEOffline/Producer.cpp b/FHEOffline/Producer.cpp index 2831607fb..ed44122be 100644 --- a/FHEOffline/Producer.cpp +++ b/FHEOffline/Producer.cpp @@ -3,6 +3,8 @@ * */ +#include "FHE/P2Data.h" +#include "FHE/FFT_Data.h" #include "Producer.h" #include "Sacrificing.h" #include "Reshare.h" diff --git a/FHEOffline/Producer.h b/FHEOffline/Producer.h index 45fff2a34..20cf3f27e 100644 --- a/FHEOffline/Producer.h +++ b/FHEOffline/Producer.h @@ -11,7 +11,7 @@ #include "FHEOffline/EncCommit.h" #include "FHEOffline/DistDecrypt.h" #include "FHEOffline/Sacrificing.h" -#include "Math/Share.h" +#include "Protocols/Share.h" #include "Math/Setup.h" template diff --git a/FHEOffline/Proof.cpp b/FHEOffline/Proof.cpp index 6146751bb..2836283b8 100644 --- a/FHEOffline/Proof.cpp +++ b/FHEOffline/Proof.cpp @@ -4,9 +4,9 @@ */ #include "Proof.h" +#include "FHE/P2Data.h" #include "FHEOffline/EncCommit.h" - double Proof::dist = 0; bigint Proof::slack(int slack, int sec, int phim) diff --git a/FHEOffline/Prover.cpp b/FHEOffline/Prover.cpp index d9da5e8ed..6425896a1 100644 --- a/FHEOffline/Prover.cpp +++ b/FHEOffline/Prover.cpp @@ -1,6 +1,7 @@ #include "Prover.h" +#include "FHE/P2Data.h" #include "Tools/random.h" diff --git a/FHEOffline/Reshare.cpp b/FHEOffline/Reshare.cpp index d399f6b25..11777a9a5 100644 --- a/FHEOffline/Reshare.cpp +++ b/FHEOffline/Reshare.cpp @@ -1,6 +1,7 @@ #include "FHEOffline/Reshare.h" #include "FHEOffline/DistDecrypt.h" +#include "FHE/P2Data.h" #include "Tools/random.h" template diff --git a/FHEOffline/Sacrificing.cpp b/FHEOffline/Sacrificing.cpp index 9599db91d..94f2eb269 100644 --- a/FHEOffline/Sacrificing.cpp +++ b/FHEOffline/Sacrificing.cpp @@ -3,10 +3,12 @@ * */ +#include "FHE/P2Data.h" + #include "Sacrificing.h" #include "Producer.h" -#include "Auth/Subroutines.h" +#include "Tools/Subroutines.h" // The number of sacrifices to amortize at one time #define amortize 512 @@ -126,6 +128,8 @@ void Triple_Checking(const Player& P, MAC_Check& MC, int nm, b1[i].output(outf,false); c1[i].output(outf,false); } + else + factory.triples.push_back({{a1[i], b1[i], c1[i]}}); } left_todo-=this_loop; diff --git a/FHEOffline/Sacrificing.h b/FHEOffline/Sacrificing.h index 71652f06a..b0593b29c 100644 --- a/FHEOffline/Sacrificing.h +++ b/FHEOffline/Sacrificing.h @@ -7,13 +7,16 @@ #define FHEOFFLINE_CHECKING_H_ #include "Networking/Player.h" -#include "Auth/MAC_Check.h" +#include "Protocols/MAC_Check.h" #include "Math/Setup.h" +#include "Math/gfp.h" template class TripleSacriFactory { public: + vector> triples; + virtual ~TripleSacriFactory() {} virtual void get(T& a, T& b, T& c) = 0; }; diff --git a/FHEOffline/SimpleEncCommit.cpp b/FHEOffline/SimpleEncCommit.cpp index c4c2cd13a..4df59a73a 100644 --- a/FHEOffline/SimpleEncCommit.cpp +++ b/FHEOffline/SimpleEncCommit.cpp @@ -7,8 +7,8 @@ #include "FHEOffline/SimpleMachine.h" #include "FHEOffline/Multiplier.h" #include "FHEOffline/PairwiseGenerator.h" -#include "Auth/Subroutines.h" -#include "Auth/MAC_Check.h" +#include "Tools/Subroutines.h" +#include "Protocols/MAC_Check.h" template SimpleEncCommitBase::SimpleEncCommitBase(const MachineBase& machine) : @@ -151,8 +151,10 @@ size_t NonInteractiveProofSimpleEncCommit::create_more(octetStream& cipherte others_ciphertexts.resize(this->sec, pk.get_params()); for (int i = 1; i < P.num_players(); i++) { - cout << "Sending proof with " << 1e-9 * ciphertexts.get_length() << "+" +#ifdef VERBOSE + cerr << "Sending proof with " << 1e-9 * ciphertexts.get_length() << "+" << 1e-9 * cleartexts.get_length() << " GB" << endl; +#endif timers["Sending"].start(); P.pass_around(ciphertexts); P.pass_around(cleartexts); @@ -160,7 +162,9 @@ size_t NonInteractiveProofSimpleEncCommit::create_more(octetStream& cipherte #ifndef LESS_ALLOC_MORE_MEM Verifier verifier(proof); #endif - cout << "Checking proof of player " << i << endl; +#ifdef VERBOSE + cerr << "Checking proof of player " << i << endl; +#endif timers["Verifying"].start(); verifier.NIZKPoK(others_ciphertexts, ciphertexts, cleartexts, get_pk_for_verification(i), false, false); diff --git a/FHEOffline/SimpleGenerator.cpp b/FHEOffline/SimpleGenerator.cpp index 4072cfda9..5fb970373 100644 --- a/FHEOffline/SimpleGenerator.cpp +++ b/FHEOffline/SimpleGenerator.cpp @@ -6,9 +6,9 @@ #include #include "FHEOffline/SimpleMachine.h" #include "FHEOffline/Sacrificing.h" -#include "Auth/MAC_Check.h" +#include "Protocols/MAC_Check.h" -#include "Auth/MAC_Check.hpp" +#include "Protocols/MAC_Check.hpp" template