Clear to secret bit conversion with Yao's garbled circuits.

BMR/Register.h

@@ -23,6 +23,7 @@ using namespace std;
 #include "Tools/PointerVector.h"
 #include "Tools/Bundle.h"
 #include "Tools/SwitchableOutput.h"
+#include "Processor/Instruction.h"
 
 //#define PAD_TO_8(n) (n+8-n%8)
 #define PAD_TO_8(n) (n)
@@ -289,6 +290,10 @@ public:
 	static void inputbvec(T& processor, ProcessorBase& input_processor,
 			const vector<int>& args);
 
+    template<class U>
+    static void convcbit2s(GC::Processor<U>&, const BaseInstruction&)
+    { throw runtime_error("convcbit2s not implemented"); }
+
 	// most BMR phases don't need actual input
 	template<class T>
 	static T get_input(GC::Processor<T>& processor, const InputArgs& args)

GC/FakeSecret.h

@@ -105,6 +105,10 @@ public:
     template <class T>
     static void convcbit(Integer& dest, const Clear& source, T&) { dest = source; }
 
+    template<class U>
+    static void convcbit2s(GC::Processor<U>&, const BaseInstruction&)
+    { throw runtime_error("convcbit2s not implemented"); }
+
     static FakeSecret input(GC::Processor<FakeSecret>& processor, const InputArgs& args);
     static FakeSecret input(int from, word input, int n_bits);
 

GC/Processor.h

@@ -100,6 +100,9 @@ public:
 
     void reveal(const vector<int>& args);
 
+    template<int = 0>
+    void convcbit2s(const BaseInstruction& instruction);
+
     void print_reg(int reg, int n, int size);
     void print_reg_plain(Clear& value);
     void print_reg_signed(unsigned n_bits, Integer value);

GC/Processor.hpp

@@ -331,6 +331,18 @@ void Processor<T>::reveal(const vector<int>& args)
     }
 }
 
+template <class T>
+template <int>
+void Processor<T>::convcbit2s(const BaseInstruction& instruction)
+{
+    int unit = GC::Clear::N_BITS;
+    auto& share_thread = ShareThread<T>::s();
+    for (int i = 0; i < DIV_CEIL(instruction.get_n(), unit); i++)
+        S[instruction.get_r(0) + i] = T::constant(C[instruction.get_r(1) + i],
+                share_thread.P->my_num(), share_thread.MC->get_alphai(),
+                min(unsigned(unit), instruction.get_n() - i * unit));
+}
+
 template <class T>
 void Processor<T>::print_reg(int reg, int n, int size)
 {

GC/Secret.h

@@ -18,6 +18,7 @@
 #include "Math/gf2nlong.h"
 
 #include "Processor/DummyProtocol.h"
+#include "Processor/Instruction.h"
 
 #include "Tools/FixedVector.h"
 
@@ -122,6 +123,10 @@ public:
             Processor<U>& proc)
     { T::convcbit(dest, source, proc); }
 
+    template<class U>
+    static void convcbit2s(Processor<U>& processor, const BaseInstruction& instruction)
+    { T::convcbit2s(processor, instruction); }
+
     Secret();
     Secret(const Integer& x) { *this = x; }
 

GC/ShareSecret.h

@@ -21,6 +21,7 @@ using namespace std;
 #include "Protocols/ReplicatedMC.h"
 #include "Processor/DummyProtocol.h"
 #include "Processor/ProcessorBase.h"
+#include "Processor/Instruction.h"
 
 namespace GC
 {
@@ -74,6 +75,10 @@ public:
     template<class T>
     static void convcbit(Integer& dest, const Clear& source, T&) { dest = source; }
 
+    template<class T>
+    static void convcbit2s(Processor<T>& processor, const BaseInstruction& instruction)
+    { processor.convcbit2s(instruction); }
+
     static BitVec get_mask(int n) { return n >= 64 ? -1 : ((1L << n) - 1); }
 
     void check_length(int n, const Integer& x);

GC/instructions.h

@@ -82,7 +82,7 @@
     X(CONVCBIT, Proc.write_Ci(R0, PC1.get())) \
     X(CONVCINTVEC, Proc.convcintvec(instruction)) \
     X(CONVCBITVEC, Proc.convcbitvec(instruction)) \
-    X(CONVCBIT2S, Proc.convcbit2s(instruction)) \
+    X(CONVCBIT2S, PROC.convcbit2s(instruction)) \
     X(DABIT, Proc.dabit(INST)) \
     X(EDABIT, Proc.edabit(INST)) \
     X(SEDABIT, Proc.edabit(INST, true)) \
@@ -99,6 +99,7 @@
     X(CONVSINT, S0.load_clear(IMM, PI1)) \
     X(CONVCINT, C0 = PI1) \
     X(CONVCBIT, T::convcbit(I0, PC1, PROC)) \
+    X(CONVCBIT2S, T::convcbit2s(PROC, instruction)) \
     X(PRINTCHR, PROC.print_chr(IMM)) \
     X(PRINTSTR, PROC.print_str(IMM)) \
     X(PRINTFLOATPREC, PROC.print_float_prec(IMM)) \

Processor/Processor.hpp

@@ -219,17 +219,6 @@ void Processor<sint, sgf2n>::convcintvec(const Instruction& instruction)
     }
 }
 
-template<class sint, class sgf2n>
-void Processor<sint, sgf2n>::convcbit2s(const Instruction& instruction)
-{
-  int unit = GC::Clear::N_BITS;
-  for (int i = 0; i < DIV_CEIL(instruction.get_n(), unit); i++)
-    Procb.S[instruction.get_r(0) + i] = sint::bit_type::constant(
-        Procb.C[instruction.get_r(1) + i], P.my_num(),
-        share_thread.MC->get_alphai(),
-        min(unsigned(unit), instruction.get_n() - i * unit));
-}
-
 template<class sint, class sgf2n>
 void Processor<sint, sgf2n>::split(const Instruction& instruction)
 {

Yao/YaoEvalWire.cpp

@@ -243,6 +243,19 @@ void YaoEvalWire::reveal_inst(Processor& processor, const vector<int>& args)
 	}
 }
 
+void YaoEvalWire::convcbit2s(GC::Processor<whole_type>& processor,
+		const BaseInstruction& instruction)
+{
+	int unit = GC::Clear::N_BITS;
+	for (int i = 0; i < DIV_CEIL(instruction.get_n(), unit); i++)
+	{
+		auto& dest = processor.S[instruction.get_r(0) + i];
+		dest.resize_regs(min(unsigned(unit), instruction.get_n() - i * unit));
+		for (auto& reg : dest.get_regs())
+			reg.set(0);
+	}
+}
+
 template void YaoEvalWire::and_<false>(
         GC::Processor<GC::Secret<YaoEvalWire> >& processor,
         const vector<int>& args);

Yao/YaoEvalWire.h

@@ -10,6 +10,7 @@
 #include "BMR/Gate.h"
 #include "BMR/Register.h"
 #include "Processor/DummyProtocol.h"
+#include "Processor/Instruction.h"
 #include "config.h"
 #include "YaoWire.h"
 
@@ -19,6 +20,8 @@ class ProcessorBase;
 
 class YaoEvalWire : public YaoWire
 {
+	typedef GC::Secret<YaoEvalWire> whole_type;
+
 public:
 	typedef YaoEvaluator Party;
 	typedef YaoEvalInput Input;
@@ -61,6 +64,9 @@ public:
 			GC::Processor<GC::Secret<YaoEvalWire>>&);
 	static void reveal_inst(Processor& processor, const vector<int>& args);
 
+	static void convcbit2s(GC::Processor<whole_type>& processor,
+			const BaseInstruction& instruction);
+
 	void set(const Key& key);
 	void set(Key key, bool external);
 

Yao/YaoGarbleWire.cpp

@@ -230,3 +230,18 @@ void YaoGarbleWire::reveal_inst(Processor& processor, const vector<int>& args)
 	else
 		processor.reveal(args);
 }
+
+void YaoGarbleWire::convcbit2s(GC::Processor<whole_type>& processor,
+		const BaseInstruction& instruction)
+{
+	int unit = GC::Clear::N_BITS;
+	for (int i = 0; i < DIV_CEIL(instruction.get_n(), unit); i++)
+	{
+		auto& dest = processor.S[instruction.get_r(0) + i];
+		int n = min(unsigned(unit), instruction.get_n() - i * unit);
+		dest.resize_regs(n);
+		for (int j = 0; j < n; j++)
+			dest.get_reg(i).public_input(
+					processor.C[instruction.get_r(1) + i].get_bit(j));
+	}
+}

Yao/YaoGarbleWire.h

@@ -10,6 +10,7 @@
 #include "BMR/Register.h"
 #include "config.h"
 #include "YaoWire.h"
+#include "Processor/Instruction.h"
 
 #include <map>
 
@@ -19,6 +20,8 @@ class ProcessorBase;
 
 class YaoGarbleWire : public YaoWire
 {
+	typedef GC::Secret<YaoGarbleWire> whole_type;
+
 public:
 	typedef YaoGarbler Party;
 	typedef YaoGarbleInput Input;
@@ -62,6 +65,9 @@ public:
 			GC::Processor<GC::Secret<YaoGarbleWire>>&);
 	static void reveal_inst(Processor& processor, const vector<int>& args);
 
+	static void convcbit2s(GC::Processor<whole_type>& processor,
+			const BaseInstruction& instruction);
+
 	void randomize(PRNG& prng);
 	void set(Key key, bool mask);