More protocols for threshold ECDSA.

ECDSA/README.md

@@ -12,7 +12,8 @@ in `preprocessing.hpp` and `sign.hpp`, respectively.
 
 #### Running
 
-The following binaries have been used for the paper:
+The following binaries are available, of which the first few have been
+used for the paper:
 
 | Protocol | Binary |
 | --- | --- |
@@ -22,6 +23,10 @@ The following binaries have been used for the paper:
 | Semi-honest Shamir | `shamir-ecdsa-party.x` |
 | Malicious replicated | `mal-rep-ecdsa-party.x` |
 | Semi-honest replicated | `rep-ecdsa-party.x` |
+| --- | --- |
+| ATLAS | `atlas-ecdsa-party.x` |
+| SPDZ-wise replicated | `sy-rep-ecdsa-party.x` |
+| Rep4 | `rep4-ecdsa-party.x` |
 
 All binaries offer the same interface. With MASCOT for example, run
 the following:

ECDSA/atlas-ecdsa-party.cpp

@@ -0,0 +1,17 @@
+/*
+ * atlas-ecdsa-party.cpp
+ *
+ */
+
+#define NO_MIXED_CIRCUITS
+
+#include "Machines/Atlas.hpp"
+
+#include "hm-ecdsa-party.hpp"
+
+int main(int argc, const char** argv)
+{
+    ez::ezOptionParser opt;
+    ShamirOptions(opt, argc, argv);
+    run<AtlasShare>(argc, argv);
+}

ECDSA/hm-ecdsa-party.hpp

@@ -8,6 +8,9 @@
 #include "Protocols/Replicated.h"
 #include "Protocols/MaliciousRep3Share.h"
 #include "Protocols/ReplicatedInput.h"
+#include "Protocols/AtlasShare.h"
+#include "Protocols/Rep4Share.h"
+#include "Protocols/ProtocolSet.h"
 #include "Math/gfp.h"
 #include "ECDSA/P256Element.h"
 #include "Tools/Bundle.h"
@@ -41,7 +44,9 @@ void run(int argc, const char** argv)
     bigint::init_thread();
     ez::ezOptionParser opt;
     EcdsaOptions opts(opt, argc, argv);
-    Names N(opt, argc, argv, 3);
+    opts.R_after_msg |= is_same<T<P256Element>, AtlasShare<P256Element>>::value;
+    Names N(opt, argc, argv,
+            3 + is_same<T<P256Element>, Rep4Share<P256Element>>::value);
     int n_tuples = 1000;
     if (not opt.lastArgs.empty())
         n_tuples = atoi(opt.lastArgs[0]->c_str());
@@ -52,24 +57,29 @@ void run(int argc, const char** argv)
     // synchronize
     Bundle<octetStream> bundle(P);
     P.unchecked_broadcast(bundle);
+
+    typename pShare::mac_key_type mac_key;
+    pShare::read_or_generate_mac_key("", P, mac_key);
+
     Timer timer;
     timer.start();
     auto stats = P.total_comm();
-    pShare sk = typename T<P256Element::Scalar>::Honest::Protocol(P).get_random();
+    ProtocolSet<typename T<P256Element::Scalar>::Honest> set(P, mac_key);
+    pShare sk = set.protocol.get_random();
     cout << "Secret key generation took " << timer.elapsed() * 1e3 << " ms" << endl;
     (P.total_comm() - stats).print(true);
 
     OnlineOptions::singleton.batch_size = (1 + pShare::Protocol::uses_triples) * n_tuples;
     DataPositions usage;
     typename pShare::TriplePrep prep(0, usage);
-    typename pShare::MAC_Check MCp;
+    typename pShare::MAC_Check MCp(mac_key);
     ArithmeticProcessor _({}, 0);
     SubProcessor<pShare> proc(_, MCp, prep, P);
 
     bool prep_mul = not opt.isSet("-D");
     vector<EcTuple<T>> tuples;
-    preprocessing(tuples, n_tuples, sk, proc, opts);
+    preprocessing<T>(tuples, n_tuples, sk, proc, opts);
 //    check(tuples, sk, {}, P);
-    sign_benchmark(tuples, sk, MCp, P, opts, prep_mul ? 0 : &proc);
+    sign_benchmark<T>(tuples, sk, MCp, P, opts, prep_mul ? 0 : &proc);
     P256Element::finish();
 }

ECDSA/rep4-ecdsa-party.cpp

@@ -0,0 +1,13 @@
+/*
+ * rep4-ecsda-party.cpp
+ *
+ */
+
+#include "Machines/Rep4.hpp"
+
+#include "hm-ecdsa-party.hpp"
+
+int main(int argc, const char** argv)
+{
+    run<Rep4Share>(argc, argv);
+}

ECDSA/sign.hpp

@@ -146,7 +146,7 @@ void sign_benchmark(vector<EcTuple<T>>& tuples, T<P256Element::Scalar> sk,
 
     for (size_t i = 0; i < min(10lu, tuples.size()); i++)
     {
-        check(sign(message, 1 << i, tuples[i], MCp, MCc, P, opts, pk, sk, proc), message,
+        check(sign<T>(message, 1 << i, tuples[i], MCp, MCc, P, opts, pk, sk, proc), message,
                 1 << i, pk);
         if (not opts.check_open)
             continue;

ECDSA/sy-rep-ecdsa-party.cpp

@@ -0,0 +1,43 @@
+/*
+ * sy-ecdsa-party.cpp
+ *
+ */
+
+#include "Protocols/SpdzWiseShare.h"
+#include "Protocols/MaliciousRep3Share.h"
+#include "Protocols/MAC_Check.h"
+#include "Protocols/SpdzWiseMC.h"
+#include "Protocols/SpdzWisePrep.h"
+#include "Protocols/SpdzWiseInput.h"
+#include "Math/gfp.h"
+#include "Math/gf2n.h"
+#include "Tools/ezOptionParser.h"
+#include "GC/MaliciousCcdSecret.h"
+#include "GC/SemiHonestRepPrep.h"
+
+#include "Processor/FieldMachine.hpp"
+#include "Protocols/Replicated.hpp"
+#include "Protocols/Share.hpp"
+#include "Protocols/fake-stuff.hpp"
+#include "Protocols/SpdzWise.hpp"
+#include "Protocols/SpdzWisePrep.hpp"
+#include "Protocols/SpdzWiseInput.hpp"
+#include "Protocols/SpdzWiseShare.hpp"
+#include "Processor/Data_Files.hpp"
+#include "Processor/Instruction.hpp"
+#include "Processor/Machine.hpp"
+#include "GC/ShareSecret.hpp"
+#include "GC/RepPrep.hpp"
+#include "GC/ThreadMaster.hpp"
+#include "Math/gfp.hpp"
+#include "Machines/MalRep.hpp"
+
+#include "hm-ecdsa-party.hpp"
+
+template<class T>
+using SpdzWiseRep3Share = SpdzWiseShare<MaliciousRep3Share<T>>;
+
+int main(int argc, const char** argv)
+{
+    run<SpdzWiseRep3Share>(argc, argv);
+}

Machines/ShamirMachine.hpp

@@ -3,6 +3,9 @@
  *
  */
 
+#ifndef MACHINE_SHAMIR_MACHINE_HPP_
+#define MACHINE_SHAMIR_MACHINE_HPP_
+
 #include <Machines/ShamirMachine.h>
 #include "Protocols/ShamirShare.h"
 #include "Protocols/MaliciousShamirShare.h"
@@ -99,3 +102,5 @@ ShamirMachineSpec<T>::ShamirMachineSpec(int argc, const char** argv)
     opts = {opt, argc, argv};
     HonestMajorityFieldMachine<T>(argc, argv, opt, opts.nparties);
 }
+
+#endif

Protocols/Atlas.h

@@ -33,6 +33,8 @@ class Atlas : public ProtocolBase<T>
     array<T, 2> get_double_sharing();
 
 public:
+    static const bool uses_triples = false;
+
     Player& P;
 
     Atlas(Player& P) :

Protocols/AtlasShare.h

@@ -29,8 +29,11 @@ public:
     typedef ShamirMC<This> Direct_MC;
     typedef ::PrivateOutput<This> PrivateOutput;
     typedef AtlasPrep<This> LivePrep;
+    typedef LivePrep TriplePrep;
 
+#ifndef NO_MIXED_CIRCUITS
     typedef GC::AtlasSecret bit_type;
+#endif
 
     AtlasShare()
     {

Protocols/MaliciousShamirMC.hpp

@@ -3,6 +3,9 @@
  *
  */
 
+#ifndef PROTOCOLS_MALICIOUS_SHAMIR_M_C_HPP_
+#define PROTOCOLS_MALICIOUS_SHAMIR_M_C_HPP_
+
 #include "MaliciousShamirMC.h"
 #include "Machines/ShamirMachine.h"
 
@@ -56,3 +59,5 @@ typename T::open_type MaliciousShamirMC<T>::reconstruct(
     }
     return value;
 }
+
+#endif

Protocols/MaliciousShamirPO.hpp

@@ -3,6 +3,9 @@
  *
  */
 
+#ifndef PROTOCOLS_MALICIOUS_SHAMIR_PO_HPP_
+#define PROTOCOLS_MALICIOUS_SHAMIR_PO_HPP_
+
 #include "MaliciousShamirPO.h"
 
 template<class T>
@@ -46,3 +49,5 @@ typename T::clear MaliciousShamirPO<T>::finalize(const T& secret)
 
     return MC.reconstruct(shares);
 }
+
+#endif

Protocols/Rep4.h

@@ -66,6 +66,8 @@ class Rep4 : public ProtocolBase<T>
     T finalize_mul(int n_bits, false_type);
 
 public:
+    static const bool uses_triples = false;
+
     prngs_type rep_prngs;
     Player& P;
 

Protocols/Rep4Share.h

@@ -34,6 +34,9 @@ public:
     typedef ::PrivateOutput<This> PrivateOutput;
     typedef Rep4RingPrep<This> LivePrep;
     typedef LivePrep SquarePrep;
+    typedef LivePrep TriplePrep;
+
+    typedef This Honest;
 
     typedef GC::Rep4Secret bit_type;
 
@@ -55,7 +58,9 @@ public:
     Rep4Share()
     {
     }
-    Rep4Share(const FixedVec<T, 3>& other) : super(other)
+
+    template<class U>
+    Rep4Share(const FixedVec<U, 3>& other) : super(other)
     {
     }
 

Protocols/SpdzWise.h

@@ -33,6 +33,8 @@ class SpdzWise : public ProtocolBase<T>
     virtual void zero_check(check_type t);
 
 public:
+    static const bool uses_triples = false;
+
     Player& P;
 
     SpdzWise(Player& P);

Protocols/SpdzWiseShare.h

@@ -40,6 +40,9 @@ public:
     typedef SpdzWiseInput<SpdzWiseShare> Input;
     typedef ::PrivateOutput<SpdzWiseShare> PrivateOutput;
 
+    typedef SpdzWiseShare Honest;
+    typedef LivePrep TriplePrep;
+
     typedef typename T::bit_type bit_type;
 
     static const bool expensive = true;
@@ -70,7 +73,8 @@ public:
     {
     }
 
-    SpdzWiseShare(const super& other) :
+    template<class U>
+    SpdzWiseShare(const Share_<U, U>& other) :
             super(other)
     {
     }

Scripts/test_ecdsa.sh

@@ -7,6 +7,7 @@ make -j4 ecdsa Fake-ECDSA.x
 
 run()
 {
+    echo $1
     port=$[RANDOM+1024]
     if ! {
 	    for j in $(seq 0 $2); do
@@ -18,14 +19,15 @@ run()
     fi
 }
 
-for i in rep mal-rep shamir mal-shamir; do
+for i in rep mal-rep shamir mal-shamir atlas sy-rep; do
     run $i 2
 done
 
+run rep4 3
+
 for i in semi mascot; do
     run $i 1
 done
 
-
 ./Fake-ECDSA.x
 run fake-spdz 1