AtHeartEngineer/ole-protocols
1
0
Fork 0
mirror of https://github.com/tlsnotary/ole-protocols.git synced 2026-01-09 22:47:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bug in implementation. 2PC Ghash working

Browse Source
This commit is contained in:
th4s
2023-12-14 15:33:05 +01:00
parent a2409a0679
commit a0258343bb
3 changed files with 44 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/ghash/mod.rs
View File

@@ -22,8 +22,8 @@ pub fn ghash(blocks: &[Gf2_128], prover: &mut Prover, verifier: &mut Verifier) -
let d2 = verifier.handshake_a_open_d(); let d2 = verifier.handshake_a_open_d();
let d = d1 + d2; let d = d1 + d2;
prover.handshake_a_set_d(d); prover.handshake_a_set_di(d);
verifier.handshake_a_set_d(d); verifier.handshake_a_set_di(d);
prover.handshake_a_set_hi(); prover.handshake_a_set_hi();
verifier.handshake_a_set_hi(); verifier.handshake_a_set_hi();
@@ -56,7 +56,7 @@ fn pascal_tri<T: Field>(n: usize) -> Vec<Vec<T>> {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*; use super::*;
use mpz_share_conversion_core::fields::{compute_product_repeated, p256::P256, UniformRand}; use mpz_share_conversion_core::fields::{compute_product_repeated, UniformRand};
use rand::thread_rng; use rand::thread_rng;
#[test] #[test]
@@ -89,7 +89,7 @@ mod tests {
#[test] #[test]
fn test_ghash_invariants() { fn test_ghash_invariants() {
let mut rng = thread_rng(); let mut rng = thread_rng();
let blocks: Vec<Gf2_128> = (0..10).map(|_| Gf2_128::rand(&mut rng)).collect(); let blocks: Vec<Gf2_128> = (0..1).map(|_| Gf2_128::rand(&mut rng)).collect();
let h1: Gf2_128 = Gf2_128::rand(&mut rng); let h1: Gf2_128 = Gf2_128::rand(&mut rng);
let h2: Gf2_128 = Gf2_128::rand(&mut rng); let h2: Gf2_128 = Gf2_128::rand(&mut rng);
@@ -99,29 +99,35 @@ mod tests {
let _ = ghash(&blocks, &mut prover, &mut verifier); let _ = ghash(&blocks, &mut prover, &mut verifier);
assert_eq!(prover.h1, prover.hi[1]); assert_eq!(prover.d_powers[0], Gf2_128::one());
assert_eq!(verifier.h2, verifier.hi[1]); assert_eq!(verifier.d_powers[0], Gf2_128::one());
assert_eq!(prover.d_powers[1], verifier.d_powers[1]);
assert_eq!(prover.ai[1] + verifier.bi[1], prover.r1 * verifier.r2);
assert_eq!(prover.h1 + verifier.h2, prover.hi[0] + verifier.hi[0]);
assert_eq!(prover.d_powers[1] + prover.ai[1] + verifier.bi[1], h1 + h2);
} }
#[test] #[test]
fn test_pascal_tri() { fn test_pascal_tri() {
let pascal = pascal_tri::<P256>(4); // This is an extension field so no naive arithmetic!
let pascal = pascal_tri::<Gf2_128>(4);
let expected0 = vec![P256::one()]; let expected0 = vec![Gf2_128::one()];
let expected1 = vec![P256::one(), P256::one()]; let expected1 = vec![Gf2_128::one(), Gf2_128::one()];
let expected2 = vec![P256::one(), P256::new(2).unwrap(), P256::one()]; let expected2 = vec![Gf2_128::one(), Gf2_128::zero(), Gf2_128::one()];
let expected3 = vec![ let expected3 = vec![
P256::one(), Gf2_128::one(),
P256::new(3).unwrap(), Gf2_128::one(),
P256::new(3).unwrap(), Gf2_128::one(),
P256::one(), Gf2_128::one(),
]; ];
let expected4 = vec![ let expected4 = vec![
P256::one(), Gf2_128::one(),
P256::new(4).unwrap(), Gf2_128::zero(),
P256::new(6).unwrap(), Gf2_128::zero(),
P256::new(4).unwrap(), Gf2_128::zero(),
P256::one(), Gf2_128::one(),
]; ];
assert_eq!(pascal[0], expected0); assert_eq!(pascal[0], expected0);

20
src/ghash/prover.rs
View File

@@ -12,7 +12,7 @@ pub struct Prover {
pub(crate) h1: Gf2_128, pub(crate) h1: Gf2_128,
pub(crate) r1: Gf2_128, pub(crate) r1: Gf2_128,
pub(crate) ai: Vec<Gf2_128>, pub(crate) ai: Vec<Gf2_128>,
pub(crate) d: Option<Gf2_128>, pub(crate) d_powers: Vec<Gf2_128>,
pub(crate) hi: Vec<Gf2_128>, pub(crate) hi: Vec<Gf2_128>,
} }
@@ -26,13 +26,13 @@ impl Prover {
h1, h1,
r1, r1,
ai: vec![], ai: vec![],
d: None, d_powers: vec![],
hi: vec![], hi: vec![],
} }
} }
pub fn preprocess_ole_input(&self, ole: &mut Ole<Gf2_128>) { pub fn preprocess_ole_input(&self, ole: &mut Ole<Gf2_128>) {
let mut r1_powers = vec![Gf2_128::new(1)]; let mut r1_powers = vec![Gf2_128::one()];
compute_product_repeated(&mut r1_powers, self.r1, self.block_num); compute_product_repeated(&mut r1_powers, self.r1, self.block_num);
ole.input(Role::Sender, r1_powers) ole.input(Role::Sender, r1_powers)
@@ -43,25 +43,23 @@ impl Prover {
} }
pub fn handshake_a_open_d(&self) -> Gf2_128 { pub fn handshake_a_open_d(&self) -> Gf2_128 {
self.h1 + -self.r1 self.h1 + -self.ai[1]
} }
pub fn handshake_a_set_d(&mut self, d: Gf2_128) { pub fn handshake_a_set_di(&mut self, d: Gf2_128) {
self.d = Some(d); self.d_powers = vec![Gf2_128::one(), d];
compute_product_repeated(&mut self.d_powers, d, self.block_num);
} }
pub fn handshake_a_set_hi(&mut self) { pub fn handshake_a_set_hi(&mut self) {
let mut di = vec![Gf2_128::one(), self.d.unwrap()];
compute_product_repeated(&mut di, self.d.unwrap(), self.block_num);
let pascal_tri = pascal_tri::<Gf2_128>(self.block_num); let pascal_tri = pascal_tri::<Gf2_128>(self.block_num);
for pascal_row in pascal_tri.iter() { for pascal_row in pascal_tri.iter().skip(1) {
let h_pow_share = pascal_row let h_pow_share = pascal_row
.iter() .iter()
.enumerate() .enumerate()
.fold(Gf2_128::new(0), |acc, (i, &el)| { .fold(Gf2_128::new(0), |acc, (i, &el)| {
acc + el * di[i] * self.ai[pascal_row.len() - 1 - i] acc + el * self.d_powers[pascal_row.len() - 1 - i] * self.ai[i]
}); });
self.hi.push(h_pow_share); self.hi.push(h_pow_share);
} }

22
src/ghash/verifier.rs
View File

@@ -12,7 +12,7 @@ pub struct Verifier {
pub(crate) h2: Gf2_128, pub(crate) h2: Gf2_128,
pub(crate) r2: Gf2_128, pub(crate) r2: Gf2_128,
pub(crate) bi: Vec<Gf2_128>, pub(crate) bi: Vec<Gf2_128>,
pub(crate) d: Option<Gf2_128>, pub(crate) d_powers: Vec<Gf2_128>,
pub(crate) hi: Vec<Gf2_128>, pub(crate) hi: Vec<Gf2_128>,
} }
@@ -26,13 +26,13 @@ impl Verifier {
h2, h2,
r2, r2,
bi: vec![], bi: vec![],
d: None, d_powers: vec![],
hi: vec![], hi: vec![],
} }
} }
pub fn preprocess_ole_input(&self, ole: &mut Ole<Gf2_128>) { pub fn preprocess_ole_input(&self, ole: &mut Ole<Gf2_128>) {
let mut r2_powers = vec![Gf2_128::new(1)]; let mut r2_powers = vec![Gf2_128::one()];
compute_product_repeated(&mut r2_powers, self.r2, self.block_num); compute_product_repeated(&mut r2_powers, self.r2, self.block_num);
ole.input(Role::Receiver, r2_powers) ole.input(Role::Receiver, r2_powers)
@@ -43,32 +43,30 @@ impl Verifier {
} }
pub fn handshake_a_open_d(&self) -> Gf2_128 { pub fn handshake_a_open_d(&self) -> Gf2_128 {
self.h2 + -self.r2 self.h2 + -self.bi[1]
} }
pub fn handshake_a_set_d(&mut self, d: Gf2_128) { pub fn handshake_a_set_di(&mut self, d: Gf2_128) {
self.d = Some(d); self.d_powers = vec![Gf2_128::one(), d];
compute_product_repeated(&mut self.d_powers, d, self.block_num);
} }
pub fn handshake_a_set_hi(&mut self) { pub fn handshake_a_set_hi(&mut self) {
let mut di = vec![Gf2_128::one(), self.d.unwrap()];
compute_product_repeated(&mut di, self.d.unwrap(), self.block_num);
let pascal_tri = pascal_tri::<Gf2_128>(self.block_num); let pascal_tri = pascal_tri::<Gf2_128>(self.block_num);
for pascal_row in pascal_tri.iter() { for pascal_row in pascal_tri.iter().skip(1) {
let h_pow_share = pascal_row let h_pow_share = pascal_row
.iter() .iter()
.enumerate() .enumerate()
.fold(Gf2_128::new(0), |acc, (i, &el)| { .fold(Gf2_128::new(0), |acc, (i, &el)| {
acc + el * di[i] * self.bi[pascal_row.len() - 1 - i] acc + el * self.d_powers[pascal_row.len() - 1 - i] * self.bi[i]
}); });
self.hi.push(h_pow_share); self.hi.push(h_pow_share);
} }
} }
pub fn handshake_output_ghash(&self, blocks: &[Gf2_128]) -> Gf2_128 { pub fn handshake_output_ghash(&self, blocks: &[Gf2_128]) -> Gf2_128 {
let mut res = Gf2_128::new(0); let mut res = Gf2_128::zero();
for (i, block) in blocks.iter().enumerate() { for (i, block) in blocks.iter().enumerate() {
res = res + *block * self.hi[i]; res = res + *block * self.hi[i];