Implemented preprocessing for ghash

- made OLE generic
2026-01-08 22:18:07 -05:00 · 2023-12-12 14:46:13 +01:00
parent 8ffb51d173
commit 7ed549569e
5 changed files with 100 additions and 14 deletions
--- a/src/e2f/prover.rs
+++ b/src/e2f/prover.rs
@@ -47,7 +47,7 @@ impl Prover {
        self.r1 = Some(P256::rand(&mut rng));
    }

-    pub fn preprocess2_ole_input(&mut self, ole: &mut Ole) {
+    pub fn preprocess2_ole_input(&mut self, ole: &mut Ole<P256>) {
        let a1 = self.a1.unwrap();
        let b1 = self.b1.unwrap();
        let b1_prime = self.b1_prime.unwrap();
@@ -56,7 +56,7 @@ impl Prover {
        ole.input(Role::Sender, vec![a1, b1, a1, b1_prime, r1]);
    }

-    pub fn preprocess2_ole_output(&mut self, ole: &mut Ole) {
+    pub fn preprocess2_ole_output(&mut self, ole: &mut Ole<P256>) {
        let output = ole.output(Role::Sender);

        self.a1_b2_share = Some(output[0]);
--- a/src/e2f/verifier.rs
+++ b/src/e2f/verifier.rs
@@ -47,7 +47,7 @@ impl Verifier {
        self.r2 = Some(P256::rand(&mut rng));
    }

-    pub fn preprocess2_ole_input(&mut self, ole: &mut Ole) {
+    pub fn preprocess2_ole_input(&mut self, ole: &mut Ole<P256>) {
        let a2 = self.a2.unwrap();
        let b2 = self.b2.unwrap();
        let b2_prime = self.b2_prime.unwrap();
@@ -56,7 +56,7 @@ impl Verifier {
        ole.input(Role::Receiver, vec![b2, a2, b2_prime, a2, r2]);
    }

-    pub fn preprocess2_ole_output(&mut self, ole: &mut Ole) {
+    pub fn preprocess2_ole_output(&mut self, ole: &mut Ole<P256>) {
        let output = ole.output(Role::Receiver);

        self.a1_b2_share = Some(output[0]);
--- a/src/ghash/mod.rs
+++ b/src/ghash/mod.rs
@@ -0,0 +1,73 @@
+//! This module is a testing ground for the GHASH protocol (page 36) from <https://eprint.iacr.org/2023/964>
+
+use mpz_share_conversion_core::fields::{gf2_128::Gf2_128, UniformRand};
+use rand::thread_rng;
+
+use crate::ole::{Ole, Role};
+
+#[derive(Debug)]
+pub struct Prover {
+    block_num: usize,
+    h1: Gf2_128,
+    r1: Gf2_128,
+    ai: Vec<Gf2_128>,
+}
+
+impl Prover {
+    pub fn new(block_num: usize, h1: Gf2_128) -> Self {
+        let mut rng = thread_rng();
+        let r1 = Gf2_128::rand(&mut rng);
+        Self {
+            block_num,
+            h1,
+            r1,
+            ai: vec![],
+        }
+    }
+
+    pub fn preprocess_ole_input(&self, ole: &mut Ole<Gf2_128>) {
+        let mut r1_powers = vec![Gf2_128::new(1)];
+
+        for k in 0..self.block_num {
+            r1_powers.push(self.r1 * r1_powers[k]);
+        }
+        ole.input(Role::Sender, r1_powers)
+    }
+
+    pub fn preprocess_ole_output(&mut self, ole: &mut Ole<Gf2_128>) {
+        self.ai = ole.output(Role::Sender);
+    }
+}
+
+pub struct Verifier {
+    block_num: usize,
+    h2: Gf2_128,
+    r2: Gf2_128,
+    bi: Vec<Gf2_128>,
+}
+
+impl Verifier {
+    pub fn new(block_num: usize, h2: Gf2_128) -> Self {
+        let mut rng = thread_rng();
+        let r2 = Gf2_128::rand(&mut rng);
+        Self {
+            block_num,
+            h2,
+            r2,
+            bi: vec![],
+        }
+    }
+
+    pub fn preprocess_ole_input(&self, ole: &mut Ole<Gf2_128>) {
+        let mut r2_powers = vec![Gf2_128::new(1)];
+
+        for k in 0..self.block_num {
+            r2_powers.push(self.r2 * r2_powers[k]);
+        }
+        ole.input(Role::Receiver, r2_powers)
+    }
+
+    pub fn preprocess_ole_output(&mut self, ole: &mut Ole<Gf2_128>) {
+        self.bi = ole.output(Role::Receiver);
+    }
+}
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,4 +1,5 @@
 //! This crate is for testing TLSNotary sub protocols based on OLE, and check their security properties.

 pub mod e2f;
+pub mod ghash;
 mod ole;
--- a/src/ole.rs
+++ b/src/ole.rs
@@ -1,17 +1,27 @@
 //! This module implements an OLE functionality.

-use mpz_share_conversion_core::fields::{p256::P256, UniformRand};
+use mpz_share_conversion_core::Field;
 use rand::thread_rng;

-#[derive(Debug, Default)]
-pub struct Ole {
-    input_sender: Vec<P256>,
-    input_receiver: Vec<P256>,
-    output: Vec<P256>,
+#[derive(Debug)]
+pub struct Ole<T: Field> {
+    input_sender: Vec<T>,
+    input_receiver: Vec<T>,
+    output: Vec<T>,
 }

-impl Ole {
-    pub fn input(&mut self, role: Role, input: Vec<P256>) {
+impl<T: Field> Default for Ole<T> {
+    fn default() -> Self {
+        Self {
+            input_sender: vec![],
+            input_receiver: vec![],
+            output: vec![],
+        }
+    }
+}
+
+impl<T: Field> Ole<T> {
+    pub fn input(&mut self, role: Role, input: Vec<T>) {
        if role == Role::Sender {
            self.input_sender = input;
        } else {
@@ -19,7 +29,7 @@ impl Ole {
        }
    }

-    pub fn output(&mut self, role: Role) -> Vec<P256> {
+    pub fn output(&mut self, role: Role) -> Vec<T> {
        assert!(self.input_sender.len() == self.input_receiver.len());

        if !self.output.is_empty() {
@@ -31,7 +41,7 @@ impl Ole {
        let mut output_cached = vec![];

        for (s, r) in self.input_sender.iter().zip(self.input_receiver.iter()) {
-            let s_out = P256::rand(&mut rng);
+            let s_out = T::rand(&mut rng);
            let r_out = *s * *r + -s_out;

            if role == Role::Sender {
@@ -58,6 +68,8 @@ pub enum Role {

 #[cfg(test)]
 mod tests {
+    use mpz_share_conversion_core::fields::{p256::P256, UniformRand};
+
    use super::*;

    #[test]