github/emp-ag2pc
1
1
Fork 0
mirror of https://github.com/emp-toolkit/emp-ag2pc.git synced 2026-01-06 22:13:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

init release-2

Browse Source
This commit is contained in:
Xiao Wang
2020-05-13 23:06:27 -05:00
parent 163985c8a1
commit 7926c8fa72
21 changed files with 828 additions and 898 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
.travis.yml
View File

@@ -3,39 +3,51 @@ language: cpp
matrix:
include:
- os: linux
dist: xenial
dist: bionic
sudo: required
env: TYPE=Debug
addons:
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- g++-8
env:
- MATRIX_EVAL="CC=gcc-8 && CXX=g++-8"
- TYPE=Debug
- os: linux
dist: xenial
dist: bionic
sudo: required
env: TYPE=Release
addons:
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- g++-8
env:
- MATRIX_EVAL="CC=gcc-8 && CXX=g++-8"
- TYPE=Release
- os: osx
sudo: required
env:
- TYPE=Release
- OPENSSL_ROOT_DIR=/usr/local/opt/openssl/
- os: osx
sudo: required
env:
- TYPE=Debug
- OPENSSL_ROOT_DIR=/usr/local/opt/openssl/
before_install:
- eval "${MATRIX_EVAL}"
- git clone https://github.com/emp-toolkit/emp-readme.git
- git clone -brelease-2 https://github.com/emp-toolkit/emp-readme.git
- bash ./emp-readme/scripts/install_packages.sh
- bash ./emp-readme/scripts/install_relic.sh
- bash ./emp-readme/scripts/install_emp-tool.sh
- bash ./emp-readme/scripts/install_emp-ot.sh
script:
- cat /proc/cpuinfo || true
- cmake -DCMAKE_BUILD_TYPE=$TYPE . && make
- ./run ./bin/simple_circuit 12345
- ./run ./bin/aes 12345
- ./run ./bin/sha1 12345
- ./run ./bin/sha256 12345
- ./run ./bin/triple
- ./run ./bin/aes
- ./run ./bin/sha1
- ./run ./bin/sha256

9
CMakeLists.txt
View File

@@ -5,8 +5,8 @@ set(NAME "emp-ag2pc")
find_path(CMAKE_FOLDER NAMES cmake/emp-tool-config.cmake)
include(${CMAKE_FOLDER}/cmake/common.cmake)
include(${CMAKE_FOLDER}/cmake/source_of_randomness.cmake)
include(${CMAKE_FOLDER}/cmake/threading.cmake)
include(${CMAKE_FOLDER}/cmake/enable_rdseed.cmake)
include(${CMAKE_FOLDER}/cmake/enable_float.cmake)
FIND_PACKAGE(emp-ot REQUIRED)
INCLUDE_DIRECTORIES(${EMP-OT_INCLUDE_DIRS})
@@ -23,6 +23,7 @@ add_test(aes)
add_test(sha1)
add_test(sha256)
add_test (simple_circuit)
#add_test (abit)
#add_test (amortized_2pc)
add_test (abit)
add_test (triple)
add_test (amortized_2pc)

12
cmake/emp-ag2pc-config.cmake
View File

@@ -1,12 +0,0 @@
find_package(emp-ot)
find_path(EMP-AG2PC_INCLUDE_DIR emp-ag2pc/emp-ag2pc.h)
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(EMP-AG2PC DEFAULT_MSG EMP-AG2PC_INCLUDE_DIR)
if(EMP-AG2PC_FOUND)
set(EMP-AG2PC_INCLUDE_DIRS ${EMP-AG2PC_INCLUDE_DIR} ${EMP-OT_INCLUDE_DIRS})
set(EMP-AG2PC_LIBRARIES ${EMP-OT_LIBRARIES})
endif()

288
emp-ag2pc/2pc.h
View File

@@ -1,36 +1,31 @@
#ifndef C2PC_H__
#define C2PC_H__
#include "fpre.h"
#ifndef EMP_AG2PC_2PC_H__
#define EMP_AG2PC_2PC_H__
#include <emp-tool/emp-tool.h>
using std::flush;
using std::cout;
using std::endl;
//#define __debug
#include "emp-ag2pc/fpre.h"
namespace emp {
template<typename T>
class C2PC { public:
const static int SSP = 5;//5*8 in fact...
const block MASK = makeBlock(0x0ULL, 0xFFFFFULL);
Fpre* fpre = nullptr;
Fpre<T>* fpre = nullptr;
block * mac = nullptr;
block * key = nullptr;
bool * value = nullptr;
block * preprocess_mac = nullptr;
block * preprocess_key = nullptr;
bool* preprocess_value = nullptr;
block * sigma_mac = nullptr;
block * sigma_key = nullptr;
bool * sigma_value = nullptr;
block * labels = nullptr;
bool * mask = nullptr;
CircuitFile * cf;
NetIO * io;
T * io;
int num_ands = 0;
int party, total_pre;
C2PC(NetIO * io, int party, CircuitFile * cf) {
C2PC(T * io, int party, CircuitFile * cf) {
this->party = party;
this->io = io;
this->cf = cf;
@@ -38,22 +33,19 @@ class C2PC { public:
if (cf->gates[4*i+3] == AND_GATE)
++num_ands;
}
cout << cf->n1<<" "<<cf->n2<<" "<<cf->n3<<" "<<num_ands<<endl<<flush;
cout << cf->n1<<" "<<cf->n2<<" "<<cf->n3<<" "<<num_ands<<"\n";
total_pre = cf->n1 + cf->n2 + num_ands;
fpre = new Fpre(io, party, num_ands);
fpre = new Fpre<T>(io, party, num_ands);
key = new block[cf->num_wire];
mac = new block[cf->num_wire];
value = new bool[cf->num_wire];
preprocess_mac = new block[total_pre];
preprocess_key = new block[total_pre];
preprocess_value = new bool[total_pre];
//sigma values in the paper
sigma_mac = new block[num_ands];
sigma_key = new block[num_ands];
sigma_value = new bool[num_ands];
labels = new block[cf->num_wire];
@@ -62,20 +54,16 @@ class C2PC { public:
~C2PC(){
delete[] key;
delete[] mac;
delete[] value;
delete[] mask;
delete[] GT;
delete[] GTK;
delete[] GTM;
delete[] GTv;
delete[] preprocess_mac;
delete[] preprocess_key;
delete[] preprocess_value;
delete[] sigma_mac;
delete[] sigma_key;
delete[] sigma_value;
delete[] labels;
delete fpre;
@@ -85,36 +73,27 @@ class C2PC { public:
block (* GT)[4][2] = nullptr;
block (* GTK)[4] = nullptr;
block (* GTM)[4] = nullptr;
bool (* GTv)[4] = nullptr;
//not allocation
block * ANDS_mac = nullptr;
block * ANDS_key = nullptr;
bool * ANDS_value = nullptr;
void function_independent() {
if(party == ALICE)
prg.random_block(labels, cf->num_wire);
fpre->refill();
ANDS_mac = fpre->MAC;
ANDS_key = fpre->KEY;
ANDS_value = fpre->r;
ANDS_mac = fpre->MAC_res;
ANDS_key = fpre->KEY_res;
prg.random_bool(preprocess_value, total_pre);
if(fpre->party == ALICE) {
fpre->abit1[0]->send(preprocess_key, total_pre);
fpre->io[0]->flush();
fpre->abit2[0]->recv(preprocess_mac, preprocess_value, total_pre);
fpre->io2[0]->flush();
fpre->abit1[0]->send_dot(preprocess_key, total_pre);
fpre->abit2[0]->recv_dot(preprocess_mac, total_pre);
} else {
fpre->abit1[0]->recv(preprocess_mac, preprocess_value, total_pre);
fpre->io[0]->flush();
fpre->abit2[0]->send(preprocess_key, total_pre);
fpre->io2[0]->flush();
fpre->abit1[0]->recv_dot(preprocess_mac, total_pre);
fpre->abit2[0]->send_dot(preprocess_key, total_pre);
}
memcpy(key, preprocess_key, (cf->n1+cf->n2)*sizeof(block));
memcpy(mac, preprocess_mac, (cf->n1+cf->n2)*sizeof(block));
memcpy(value, preprocess_value, (cf->n1+cf->n2)*sizeof(bool));
}
void function_dependent() {
@@ -128,45 +107,44 @@ class C2PC { public:
if (cf->gates[4*i+3] == AND_GATE) {
key[cf->gates[4*i+2]] = preprocess_key[ands];
mac[cf->gates[4*i+2]] = preprocess_mac[ands];
value[cf->gates[4*i+2]] = preprocess_value[ands];
++ands;
}
}
for(int i = 0; i < cf->num_gate; ++i) {
if (cf->gates[4*i+3] == XOR_GATE) {
key[cf->gates[4*i+2]] = xorBlocks(key[cf->gates[4*i]], key[cf->gates[4*i+1]]);
mac[cf->gates[4*i+2]] = xorBlocks(mac[cf->gates[4*i]], mac[cf->gates[4*i+1]]);
value[cf->gates[4*i+2]] = logic_xor(value[cf->gates[4*i]], value[cf->gates[4*i+1]]);
key[cf->gates[4*i+2]] = key[cf->gates[4*i]] ^ key[cf->gates[4*i+1]];
mac[cf->gates[4*i+2]] = mac[cf->gates[4*i]] ^ mac[cf->gates[4*i+1]];
if(party == ALICE)
labels[cf->gates[4*i+2]] = xorBlocks(labels[cf->gates[4*i]], labels[cf->gates[4*i+1]]);
labels[cf->gates[4*i+2]] = labels[cf->gates[4*i]] ^ labels[cf->gates[4*i+1]];
} else if (cf->gates[4*i+3] == NOT_GATE) {
if(party == ALICE)
labels[cf->gates[4*i+2]] = xorBlocks(labels[cf->gates[4*i]], fpre->Delta);
value[cf->gates[4*i+2]] = value[cf->gates[4*i]];
labels[cf->gates[4*i+2]] = labels[cf->gates[4*i]] ^ fpre->Delta;
key[cf->gates[4*i+2]] = key[cf->gates[4*i]];
mac[cf->gates[4*i+2]] = mac[cf->gates[4*i]];
}
}
ands = 0;
for(int i = 0; i < cf->num_gate; ++i) {
if (cf->gates[4*i+3] == AND_GATE) {
x1[ands] = logic_xor(value[cf->gates[4*i]], ANDS_value[3*ands]);
y1[ands] = logic_xor(value[cf->gates[4*i+1]], ANDS_value[3*ands+1]);
x1[ands] = getLSB(mac[cf->gates[4*i]] ^ANDS_mac[3*ands]);
y1[ands] = getLSB(mac[cf->gates[4*i+1]]^ANDS_mac[3*ands+1]);
ands++;
}
}
if(party == ALICE) {
send_bool(io, x1, num_ands);
send_bool(io, y1, num_ands);
recv_bool(io, x2, num_ands);
recv_bool(io, y2, num_ands);
io->send_bool(x1, num_ands);
io->send_bool(y1, num_ands);
io->recv_bool(x2, num_ands);
io->recv_bool(y2, num_ands);
} else {
recv_bool(io, x2, num_ands);
recv_bool(io, y2, num_ands);
send_bool(io, x1, num_ands);
send_bool(io, y1, num_ands);
io->recv_bool(x2, num_ands);
io->recv_bool(y2, num_ands);
io->send_bool(x1, num_ands);
io->send_bool(y1, num_ands);
}
io->flush();
for(int i = 0; i < num_ands; ++i) {
x1[i] = logic_xor(x1[i], x2[i]);
y1[i] = logic_xor(y1[i], y2[i]);
@@ -176,94 +154,77 @@ class C2PC { public:
if (cf->gates[4*i+3] == AND_GATE) {
sigma_mac[ands] = ANDS_mac[3*ands+2];
sigma_key[ands] = ANDS_key[3*ands+2];
sigma_value[ands] = ANDS_value[3*ands+2];
if(x1[ands]) {
sigma_mac[ands] = xorBlocks(sigma_mac[ands], ANDS_mac[3*ands+1]);
sigma_key[ands] = xorBlocks(sigma_key[ands], ANDS_key[3*ands+1]);
sigma_value[ands] = logic_xor(sigma_value[ands], ANDS_value[3*ands+1]);
sigma_mac[ands] = sigma_mac[ands] ^ ANDS_mac[3*ands+1];
sigma_key[ands] = sigma_key[ands] ^ ANDS_key[3*ands+1];
}
if(y1[ands]) {
sigma_mac[ands] = xorBlocks(sigma_mac[ands], ANDS_mac[3*ands]);
sigma_key[ands] = xorBlocks(sigma_key[ands], ANDS_key[3*ands]);
sigma_value[ands] = logic_xor(sigma_value[ands], ANDS_value[3*ands]);
sigma_mac[ands] = sigma_mac[ands] ^ ANDS_mac[3*ands];
sigma_key[ands] = sigma_key[ands] ^ ANDS_key[3*ands];
}
if(x1[ands] and y1[ands]) {
if(party == ALICE)
sigma_key[ands] = xorBlocks(sigma_key[ands], fpre->Delta);
else
sigma_value[ands] = not sigma_value[ands];
if(party == ALICE)
sigma_key[ands] = sigma_key[ands] ^ fpre->ZDelta;
else
sigma_mac[ands] = sigma_mac[ands] ^ fpre->one;
}
#ifdef __debug
block MM[] = {mac[cf->gates[4*i]], mac[cf->gates[4*i+1]], sigma_mac[ands]};
block KK[] = {key[cf->gates[4*i]], key[cf->gates[4*i+1]], sigma_key[ands]};
bool VV[] = {value[cf->gates[4*i]], value[cf->gates[4*i+1]], sigma_value[ands]};
check(MM, KK, VV);
#endif
ands++;
}
}//sigma_[] stores the and of input wires to each AND gates
delete[] fpre->MAC;
delete[] fpre->KEY;
delete[] fpre->r;
fpre->MAC = nullptr;
fpre->KEY = nullptr;
fpre->r = nullptr;
GT = new block[num_ands][4][2];
GTK = new block[num_ands][4];
GTM = new block[num_ands][4];
GTv = new bool[num_ands][4];
ands = 0;
block H[4][2];
block K[4], M[4];
bool r[4];
for(int i = 0; i < cf->num_gate; ++i) {
if(cf->gates[4*i+3] == AND_GATE) {
r[0] = logic_xor(sigma_value[ands] , value[cf->gates[4*i+2]]);
r[1] = logic_xor(r[0] , value[cf->gates[4*i]]);
r[2] = logic_xor(r[0] , value[cf->gates[4*i+1]]);
r[3] = logic_xor(r[1] , value[cf->gates[4*i+1]]);
if(party == BOB) r[3] = not r[3];
M[0] = sigma_mac[ands] ^ mac[cf->gates[4*i+2]];
M[1] = M[0] ^ mac[cf->gates[4*i]];
M[2] = M[0] ^ mac[cf->gates[4*i+1]];
M[3] = M[1] ^ mac[cf->gates[4*i+1]];
if(party == BOB)
M[3] = M[3] ^ fpre->one;
M[0] = xorBlocks(sigma_mac[ands], mac[cf->gates[4*i+2]]);
M[1] = xorBlocks(M[0], mac[cf->gates[4*i]]);
M[2] = xorBlocks(M[0], mac[cf->gates[4*i+1]]);
M[3] = xorBlocks(M[1], mac[cf->gates[4*i+1]]);
K[0] = xorBlocks(sigma_key[ands], key[cf->gates[4*i+2]]);
K[1] = xorBlocks(K[0], key[cf->gates[4*i]]);
K[2] = xorBlocks(K[0], key[cf->gates[4*i+1]]);
K[3] = xorBlocks(K[1], key[cf->gates[4*i+1]]);
if(party == ALICE) K[3] = xorBlocks(K[3], fpre->Delta);
K[0] = sigma_key[ands] ^ key[cf->gates[4*i+2]];
K[1] = K[0] ^ key[cf->gates[4*i]];
K[2] = K[0] ^ key[cf->gates[4*i+1]];
K[3] = K[1] ^ key[cf->gates[4*i+1]];
if(party == ALICE)
K[3] = K[3] ^ fpre->ZDelta;
if(party == ALICE) {
Hash(H, labels[cf->gates[4*i]], labels[cf->gates[4*i+1]], i);
for(int j = 0; j < 4; ++j) {
H[j][0] = xorBlocks(H[j][0], M[j]);
H[j][1] = xorBlocks(H[j][1], xorBlocks(K[j], labels[cf->gates[4*i+2]]));
if(r[j])
H[j][1] = xorBlocks(H[j][1], fpre->Delta);
H[j][0] = H[j][0] ^ M[j];
H[j][1] = H[j][1] ^ K[j] ^ labels[cf->gates[4*i+2]];
if(getLSB(M[j]))
H[j][1] = H[j][1] ^fpre->Delta;
#ifdef __debug
check2(M[j], K[j], r[j]);
check2(M[j], K[j]);
#endif
}
for(int j = 0; j < 4; ++j ) {
send_partial_block<SSP>(io, &H[j][0], 1);
send_partial_block<T, SSP>(io, &H[j][0], 1);
io->send_block(&H[j][1], 1);
}
} else {
memcpy(GTK[ands], K, sizeof(block)*4);
memcpy(GTM[ands], M, sizeof(block)*4);
memcpy(GTv[ands], r, sizeof(bool)*4);
#ifdef __debug
for(int j = 0; j < 4; ++j)
check2(M[j], K[j], r[j]);
check2(M[j], K[j]);
#endif
for(int j = 0; j < 4; ++j ) {
recv_partial_block<SSP>(io, &GT[ands][j][0], 1);
recv_partial_block<T, SSP>(io, &GT[ands][j][0], 1);
io->recv_block(&GT[ands][j][1], 1);
}
}
@@ -277,36 +238,37 @@ class C2PC { public:
block tmp;
if(party == ALICE) {
send_partial_block<SSP>(io, mac, cf->n1);
send_partial_block<T, SSP>(io, mac, cf->n1);
for(int i = cf->n1; i < cf->n1+cf->n2; ++i) {
recv_partial_block<SSP>(io, &tmp, 1);
block ttt = xorBlocks(key[i], fpre->Delta);
recv_partial_block<T, SSP>(io, &tmp, 1);
block ttt = key[i] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
block mask_key = _mm_and_si128(key[i], MASK);
tmp = _mm_and_si128(tmp, MASK);
if(block_cmp(&tmp, &mask_key, 1))
if(cmpBlock(&tmp, &mask_key, 1))
mask[i] = false;
else if(block_cmp(&tmp, &ttt, 1))
else if(cmpBlock(&tmp, &ttt, 1))
mask[i] = true;
else cout <<"no match! ALICE\t"<<i<<endl;
}
} else {
for(int i = 0; i < cf->n1; ++i) {
recv_partial_block<SSP>(io, &tmp, 1);
block ttt = xorBlocks(key[i], fpre->Delta);
recv_partial_block<T, SSP>(io, &tmp, 1);
block ttt = key[i] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
tmp = _mm_and_si128(tmp, MASK);
block mask_key = _mm_and_si128(key[i], MASK);
if(block_cmp(&tmp, &mask_key, 1)) {
if(cmpBlock(&tmp, &mask_key, 1)) {
mask[i] = false;
} else if(block_cmp(&tmp, &ttt, 1)) {
} else if(cmpBlock(&tmp, &ttt, 1)) {
mask[i] = true;
}
else cout <<"no match! BOB\t"<<i<<endl;
}
send_partial_block<SSP>(io, mac+cf->n1, cf->n2);
send_partial_block<T, SSP>(io, mac+cf->n1, cf->n2);
}
io->flush();
}
void online (bool * input, bool * output) {
@@ -315,25 +277,25 @@ class C2PC { public:
block tmp;
#ifdef __debug
for(int i = 0; i < cf->n1+cf->n2; ++i)
check2(mac[i], key[i], value[i]);
check2(mac[i], key[i]);
#endif
if(party == ALICE) {
for(int i = cf->n1; i < cf->n1+cf->n2; ++i) {
mask_input[i] = logic_xor(input[i - cf->n1], value[i]);
mask_input[i] = logic_xor(input[i - cf->n1], getLSB(mac[i]));
mask_input[i] = logic_xor(mask_input[i], mask[i]);
}
io->recv_data(mask_input, cf->n1);
io->send_data(mask_input+cf->n1, cf->n2);
for(int i = 0; i < cf->n1 + cf->n2; ++i) {
tmp = labels[i];
if(mask_input[i]) tmp = xorBlocks(tmp, fpre->Delta);
if(mask_input[i]) tmp = tmp ^ fpre->Delta;
io->send_block(&tmp, 1);
}
//send output mask data
send_partial_block<SSP>(io, mac+cf->num_wire - cf->n3, cf->n3);
send_partial_block<T, SSP>(io, mac+cf->num_wire - cf->n3, cf->n3);
} else {
for(int i = 0; i < cf->n1; ++i) {
mask_input[i] = logic_xor(input[i], value[i]);
mask_input[i] = logic_xor(input[i], getLSB(mac[i]));
mask_input[i] = logic_xor(mask_input[i], mask[i]);
}
io->send_data(mask_input, cf->n1);
@@ -344,28 +306,28 @@ class C2PC { public:
if(party == BOB) {
for(int i = 0; i < cf->num_gate; ++i) {
if (cf->gates[4*i+3] == XOR_GATE) {
labels[cf->gates[4*i+2]] = xorBlocks(labels[cf->gates[4*i]], labels[cf->gates[4*i+1]]);
labels[cf->gates[4*i+2]] = labels[cf->gates[4*i]] ^ labels[cf->gates[4*i+1]];
mask_input[cf->gates[4*i+2]] = logic_xor(mask_input[cf->gates[4*i]], mask_input[cf->gates[4*i+1]]);
} else if (cf->gates[4*i+3] == AND_GATE) {
int index = 2*mask_input[cf->gates[4*i]] + mask_input[cf->gates[4*i+1]];
block H[2];
Hash(H, labels[cf->gates[4*i]], labels[cf->gates[4*i+1]], i, index);
GT[ands][index][0] = xorBlocks(GT[ands][index][0], H[0]);
GT[ands][index][1] = xorBlocks(GT[ands][index][1], H[1]);
GT[ands][index][0] = GT[ands][index][0] ^ H[0];
GT[ands][index][1] = GT[ands][index][1] ^ H[1];
block ttt = xorBlocks(GTK[ands][index], fpre->Delta);
block ttt = GTK[ands][index] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
GTK[ands][index] = _mm_and_si128(GTK[ands][index], MASK);
GT[ands][index][0] = _mm_and_si128(GT[ands][index][0], MASK);
if(block_cmp(&GT[ands][index][0], &GTK[ands][index], 1))
if(cmpBlock(&GT[ands][index][0], &GTK[ands][index], 1))
mask_input[cf->gates[4*i+2]] = false;
else if(block_cmp(&GT[ands][index][0], &ttt, 1))
else if(cmpBlock(&GT[ands][index][0], &ttt, 1))
mask_input[cf->gates[4*i+2]] = true;
else cout <<ands <<"no match GT!"<<endl;
mask_input[cf->gates[4*i+2]] = logic_xor(mask_input[cf->gates[4*i+2]], GTv[ands][index]);
mask_input[cf->gates[4*i+2]] = logic_xor(mask_input[cf->gates[4*i+2]], getLSB(GTM[ands][index]));
labels[cf->gates[4*i+2]] = xorBlocks(GT[ands][index][1], GTM[ands][index]);
labels[cf->gates[4*i+2]] = GT[ands][index][1] ^ GTM[ands][index];
ands++;
} else {
mask_input[cf->gates[4*i+2]] = not mask_input[cf->gates[4*i]];
@@ -377,22 +339,22 @@ class C2PC { public:
bool * o = new bool[cf->n3];
for(int i = 0; i < cf->n3; ++i) {
block tmp;
recv_partial_block<SSP>(io, &tmp, 1);
tmp = _mm_and_si128(tmp, MASK);
recv_partial_block<T, SSP>(io, &tmp, 1);
tmp = tmp & MASK;
block ttt = xorBlocks(key[cf->num_wire - cf-> n3 + i], fpre->Delta);
ttt = _mm_and_si128(ttt, MASK);
key[cf->num_wire - cf-> n3 + i] = _mm_and_si128(key[cf->num_wire - cf-> n3 + i], MASK);
block ttt = key[cf->num_wire - cf-> n3 + i] ^ fpre->Delta;
ttt = ttt & MASK;
key[cf->num_wire - cf-> n3 + i] = key[cf->num_wire - cf-> n3 + i] & MASK;
if(block_cmp(&tmp, &key[cf->num_wire - cf-> n3 + i], 1))
if(cmpBlock(&tmp, &key[cf->num_wire - cf-> n3 + i], 1))
o[i] = false;
else if(block_cmp(&tmp, &ttt, 1))
else if(cmpBlock(&tmp, &ttt, 1))
o[i] = true;
else cout <<"no match output label!"<<endl;
}
for(int i = 0; i < cf->n3; ++i) {
output[i] = logic_xor(o[i], mask_input[cf->num_wire - cf->n3 + i]);
output[i] = logic_xor(output[i], value[cf->num_wire - cf->n3 + i]);
output[i] = logic_xor(output[i], getLSB(mac[cf->num_wire - cf->n3 + i]));
}
delete[] o;
}
@@ -408,9 +370,9 @@ class C2PC { public:
for(int i = 0; i < length*3; ++i) {
block tmp;io->recv_block(&tmp, 1);
if(r[i]) tmp = xorBlocks(tmp, DD);
if (!block_cmp(&tmp, &MAC[i], 1))
cout <<i<<"\tWRONG ABIT!"<<endl<<flush;
if(r[i]) tmp = tmp ^ DD;
if (!cmpBlock(&tmp, &MAC[i], 1))
cout <<i<<"\tWRONG ABIT!\n";
}
} else {
@@ -419,16 +381,16 @@ class C2PC { public:
io->recv_data(tmp, 3);
bool res = (logic_xor(tmp[0], r[3*i] )) and (logic_xor(tmp[1], r[3*i+1]));
if(res != logic_xor(tmp[2], r[3*i+2]) ) {
cout <<i<<"\tWRONG!"<<endl<<flush;
cout <<i<<"\tWRONG!\n";
}
}
block DD;io->recv_block(&DD, 1);
for(int i = 0; i < length*3; ++i) {
block tmp;io->recv_block(&tmp, 1);
if(r[i]) tmp = xorBlocks(tmp, DD);
if (!block_cmp(&tmp, &MAC[i], 1))
cout <<i<<"\tWRONG ABIT!"<<endl<<flush;
if(r[i]) tmp = tmp ^ DD;
if (!cmpBlock(&tmp, &MAC[i], 1))
cout <<i<<"\tWRONG ABIT!\n";
}
io->send_block(&fpre->Delta, 1);
io->send_block(KEY, length*3);
@@ -436,24 +398,24 @@ class C2PC { public:
io->flush();
}
void check2(block & MAC, block & KEY, bool &r) {
void check2(block & MAC, block & KEY) {
if (party == ALICE) {
io->send_block(&fpre->Delta, 1);
io->send_block(&KEY, 1);
block DD;io->recv_block(&DD, 1);
for(int i = 0; i < 1; ++i) {
block tmp;io->recv_block(&tmp, 1);
if(r) tmp = xorBlocks(tmp, DD);
if (!block_cmp(&tmp, &MAC, 1))
cout <<i<<"\tWRONG ABIT!2"<<endl<<flush;
if(getLSB(MAC)) tmp = tmp ^ DD;
if (!cmpBlock(&tmp, &MAC, 1))
cout <<i<<"\tWRONG ABIT!2\n";
}
} else {
block DD;io->recv_block(&DD, 1);
for(int i = 0; i < 1; ++i) {
block tmp;io->recv_block(&tmp, 1);
if(r) tmp = xorBlocks(tmp, DD);
if (!block_cmp(&tmp, &MAC, 1))
cout <<i<<"\tWRONG ABIT!2"<<endl<<flush;
if(getLSB(MAC)) tmp = tmp ^ DD;
if (!cmpBlock(&tmp, &MAC, 1))
cout <<i<<"\tWRONG ABIT!2\n";
}
io->send_block(&fpre->Delta, 1);
io->send_block(&KEY, 1);
@@ -463,40 +425,36 @@ class C2PC { public:
void Hash(block H[4][2], const block & a, const block & b, uint64_t i) {
block A[2], B[2];
A[0] = a; A[1] = xorBlocks(a, fpre->Delta);
B[0] = b; B[1] = xorBlocks(b, fpre->Delta);
A[0] = double_block(A[0]);
A[1] = double_block(A[1]);
B[0] = double_block(double_block(B[0]));
B[1] = double_block(double_block(B[1]));
A[0] = a; A[1] = a ^ fpre->Delta;
B[0] = b; B[1] = b ^ fpre->Delta;
A[0] = sigma(A[0]);
A[1] = sigma(A[1]);
B[0] = sigma(sigma(B[0]));
B[1] = sigma(sigma(B[1]));
H[0][1] = H[0][0] = xorBlocks(A[0], B[0]);
H[1][1] = H[1][0] = xorBlocks(A[0], B[1]);
H[2][1] = H[2][0] = xorBlocks(A[1], B[0]);
H[3][1] = H[3][0] = xorBlocks(A[1], B[1]);
H[0][1] = H[0][0] = A[0] ^ B[0];
H[1][1] = H[1][0] = A[0] ^ B[1];
H[2][1] = H[2][0] = A[1] ^ B[0];
H[3][1] = H[3][0] = A[1] ^ B[1];
for(uint64_t j = 0; j < 4; ++j) {
H[j][0] = xorBlocks(H[j][0], _mm_set_epi64x(4*i+j, 0ULL));
H[j][1] = xorBlocks(H[j][1], _mm_set_epi64x(4*i+j, 1ULL));
H[j][0] = H[j][0] ^ makeBlock(4*i+j, 0);
H[j][1] = H[j][1] ^ makeBlock(4*i+j, 1);
}
prp.permute_block((block *)H, 8);
}
void Hash(block H[2], block a, block b, uint64_t i, uint64_t row) {
a = double_block(a);
b = double_block(double_block(b));
H[0] = H[1] = xorBlocks(a, b);
H[0] = xorBlocks(H[0], _mm_set_epi64x(4*i+row, 0ULL));
H[1] = xorBlocks(H[1], _mm_set_epi64x(4*i+row, 1ULL));
a = sigma(a);
b = sigma(sigma(b));
H[0] = H[1] = a ^ b;
H[0] = H[0] ^ makeBlock(4*i+row, 0);
H[1] = H[1] ^ makeBlock(4*i+row, 1);
prp.permute_block((block *)H, 2);
}
bool logic_xor(bool a, bool b) {
return a!= b;
}
string tostring(bool a) {
if(a) return "T";
else return "F";
}
};
}
#endif// C2PC_H__

338
emp-ag2pc/amortized_2pc.h
View File

@@ -1,33 +1,30 @@
#ifndef AMORTIZED_C2PC_H__
#define AMORTIZED_C2PC_H__
#include "fpre.h"
#ifndef EMP_AG2PC_AMORTIZED_C2PC_H__
#define EMP_AG2PC_AMORTIZED_C2PC_H__
#include <emp-tool/emp-tool.h>
#include <emp-ot/emp-ot.h>
#include "emp-ag2pc/fpre.h"
//#define __debug
namespace emp {
template<int exec>
template<typename T, int exec>
class AmortizedC2PC { public:
const static int SSP = 5;//5*8 in fact...
const block MASK = makeBlock(0x0ULL, 0xFFFFFULL);
Fpre* fpre = nullptr;
Fpre<T>* fpre = nullptr;
block * mac[exec];
block * key[exec];
bool * value[exec];
block * preprocess_mac;
block * preprocess_key;
bool* preprocess_value;
block * sigma_mac[exec];
block * sigma_key[exec];
bool * sigma_value[exec];
block * labels[exec];
bool * mask[exec];
CircuitFile * cf;
NetIO * io;
T * io;
int num_ands = 0;
int party, total_pre;
int exec_times = 0;
@@ -36,7 +33,7 @@ class AmortizedC2PC { public:
bool * x2[exec];
bool * y2[exec];
AmortizedC2PC(NetIO * io, int party, CircuitFile * cf) {
AmortizedC2PC(T * io, int party, CircuitFile * cf) {
this->party = party;
this->io = io;
this->cf = cf;
@@ -45,11 +42,10 @@ class AmortizedC2PC { public:
++num_ands;
}
total_pre = cf->n1 + cf->n2 + num_ands;
fpre = new Fpre(io, party, num_ands*exec);
fpre = new Fpre<T>(io, party);
preprocess_mac = new block[total_pre*exec];
preprocess_key = new block[total_pre*exec];
preprocess_value = new bool[total_pre*exec];
for(int i = 0; i < exec; ++i) {
x1[i] = new bool[num_ands];
@@ -59,18 +55,15 @@ class AmortizedC2PC { public:
key[i] = new block[cf->num_wire];
mac[i] = new block[cf->num_wire];
value[i] = new bool[cf->num_wire];
//sigma values in the paper
sigma_mac[i] = new block[num_ands];
sigma_key[i] = new block[num_ands];
sigma_value[i] = new bool[num_ands];
labels[i] = new block[cf->num_wire];
GT[i] = new block[num_ands][4][2];
GTK[i] = new block[num_ands][4];
GTM[i] = new block[num_ands][4];
GTv[i] = new bool[num_ands][4];
mask[i] = new bool[cf->n1 + cf->n2];
}
}
@@ -78,15 +71,12 @@ class AmortizedC2PC { public:
for(int i = 0; i < exec; ++i) {
delete[] key[i];
delete[] mac[i];
delete[] value[i];
delete[] GT[i];
delete[] GTK[i];
delete[] GTM[i];
delete[] GTv[i];
delete[] sigma_mac[i];
delete[] sigma_key[i];
delete[] sigma_value[i];
delete[] labels[i];
delete[] mask[i];
@@ -98,7 +88,6 @@ class AmortizedC2PC { public:
}
delete[] preprocess_mac;
delete[] preprocess_key;
delete[] preprocess_value;
delete fpre;
}
@@ -107,12 +96,10 @@ class AmortizedC2PC { public:
block (* GT[exec])[4][2];
block (* GTK[exec])[4];
block (* GTM[exec])[4];
bool (* GTv[exec])[4];
//not allocation
block * ANDS_mac[exec];
block * ANDS_key[exec];
bool * ANDS_value[exec];
void function_independent() {
if(party == ALICE) {
for(int e = 0; e < exec; ++e)
@@ -123,25 +110,22 @@ class AmortizedC2PC { public:
for(int e = 0; e < exec; ++e) {
ANDS_mac[e] = fpre->MAC + 3 * e * num_ands;
ANDS_key[e] = fpre->KEY + 3 * e * num_ands;
ANDS_value[e] = fpre->r + 3 * e * num_ands;
}
prg.random_bool(preprocess_value, exec*total_pre);
if(fpre->party == ALICE) {
fpre->abit1[0]->send(preprocess_key, exec*total_pre);
fpre->abit1[0]->send_dot(preprocess_key, exec*total_pre);
fpre->io[0]->flush();
fpre->abit2[0]->recv(preprocess_mac, preprocess_value, exec*total_pre);
fpre->abit2[0]->recv_dot(preprocess_mac, exec*total_pre);
fpre->io2[0]->flush();
} else {
fpre->abit1[0]->recv(preprocess_mac, preprocess_value, exec*total_pre);
fpre->abit1[0]->recv_dot(preprocess_mac, exec*total_pre);
fpre->io[0]->flush();
fpre->abit2[0]->send(preprocess_key, exec*total_pre);
fpre->abit2[0]->send_dot(preprocess_key, exec*total_pre);
fpre->io2[0]->flush();
}
for(int i = 0; i < exec; ++i) {
memcpy(key[i], preprocess_key + total_pre * i, (cf->n1+cf->n2)*sizeof(block));
memcpy(mac[i], preprocess_mac + total_pre * i, (cf->n1+cf->n2)*sizeof(block));
memcpy(value[i], preprocess_value + total_pre * i, (cf->n1+cf->n2)*sizeof(bool));
}
}
void function_dependent_st() {
@@ -152,7 +136,6 @@ class AmortizedC2PC { public:
for(int e = 0; e < exec; ++e) {
key[e][cf->gates[4*i+2]] = preprocess_key[e*total_pre + ands];
mac[e][cf->gates[4*i+2]] = preprocess_mac[e*total_pre +ands];
value[e][cf->gates[4*i+2]] = preprocess_value[e*total_pre +ands];
}
++ands;
}
@@ -161,15 +144,14 @@ class AmortizedC2PC { public:
for(int e = 0; e < exec; ++e)
for(int i = 0; i < cf->num_gate; ++i) {
if (cf->gates[4*i+3] == XOR_GATE) {
key[e][cf->gates[4*i+2]] = xorBlocks(key[e][cf->gates[4*i]], key[e][cf->gates[4*i+1]]);
mac[e][cf->gates[4*i+2]] = xorBlocks(mac[e][cf->gates[4*i]], mac[e][cf->gates[4*i+1]]);
value[e][cf->gates[4*i+2]] = logic_xor(value[e][cf->gates[4*i]], value[e][cf->gates[4*i+1]]);
key[e][cf->gates[4*i+2]] = key[e][cf->gates[4*i]] ^ key[e][cf->gates[4*i+1]];
mac[e][cf->gates[4*i+2]] = mac[e][cf->gates[4*i]] ^ mac[e][cf->gates[4*i+1]];
if(party == ALICE)
labels[e][cf->gates[4*i+2]] = xorBlocks(labels[e][cf->gates[4*i]], labels[e][cf->gates[4*i+1]]);
labels[e][cf->gates[4*i+2]] = labels[e][cf->gates[4*i]] ^ labels[e][cf->gates[4*i+1]];
} else if (cf->gates[4*i+3] == NOT_GATE) {
if(party == ALICE)
labels[e][cf->gates[4*i+2]] = xorBlocks(labels[e][cf->gates[4*i]], fpre->Delta);
value[e][cf->gates[4*i+2]] = value[e][cf->gates[4*i]];
if(party == ALICE)
labels[e][cf->gates[4*i+2]] = labels[e][cf->gates[4*i]] ^ fpre->Delta;
key[e][cf->gates[4*i+2]] = key[e][cf->gates[4*i]];
mac[e][cf->gates[4*i+2]] = mac[e][cf->gates[4*i]];
}
@@ -178,8 +160,8 @@ class AmortizedC2PC { public:
ands = 0;
for(int i = 0; i < cf->num_gate; ++i) {
if (cf->gates[4*i+3] == AND_GATE) {
x1[e][ands] = logic_xor(value[e][cf->gates[4*i]], ANDS_value[e][3*ands]);
y1[e][ands] = logic_xor(value[e][cf->gates[4*i+1]], ANDS_value[e][3*ands+1]);
x1[e][ands] = getLSB(mac[e][cf->gates[4*i]] ^ ANDS_mac[e][3*ands]);
y1[e][ands] = getLSB(mac[e][cf->gates[4*i+1]] ^ ANDS_mac[e][3*ands+1]);
ands++;
}
}
@@ -187,21 +169,21 @@ class AmortizedC2PC { public:
if(party == ALICE) {
for(int e = 0; e < exec; ++e) {
send_bool(io, x1[e], num_ands);
send_bool(io, y1[e], num_ands);
io->send_bool(x1[e], num_ands);
io->send_bool(y1[e], num_ands);
}
for(int e = 0; e < exec; ++e) {
recv_bool(io, x2[e], num_ands);
recv_bool(io, y2[e], num_ands);
io->recv_bool(x2[e], num_ands);
io->recv_bool(y2[e], num_ands);
}
} else {
for(int e = 0; e < exec; ++e) {
recv_bool(io, x2[e], num_ands);
recv_bool(io, y2[e], num_ands);
io->recv_bool(x2[e], num_ands);
io->recv_bool(y2[e], num_ands);
}
for(int e = 0; e < exec; ++e) {
send_bool(io, x1[e], num_ands);
send_bool(io, y1[e], num_ands);
io->send_bool(x1[e], num_ands);
io->send_bool(y1[e], num_ands);
}
}
@@ -216,22 +198,21 @@ class AmortizedC2PC { public:
if (cf->gates[4*i+3] == AND_GATE) {
sigma_mac[e][ands] = ANDS_mac[e][3*ands+2];
sigma_key[e][ands] = ANDS_key[e][3*ands+2];
sigma_value[e][ands] = ANDS_value[e][3*ands+2];
if(x1[e][ands]) {
sigma_mac[e][ands] = xorBlocks(sigma_mac[e][ands], ANDS_mac[e][3*ands+1]);
sigma_key[e][ands] = xorBlocks(sigma_key[e][ands], ANDS_key[e][3*ands+1]);
sigma_value[e][ands] = logic_xor(sigma_value[e][ands], ANDS_value[e][3*ands+1]);
sigma_mac[e][ands] = sigma_mac[e][ands] ^ ANDS_mac[e][3*ands+1];
sigma_key[e][ands] = sigma_key[e][ands] ^ ANDS_key[e][3*ands+1];
}
if(y1[e][ands]) {
sigma_mac[e][ands] = xorBlocks(sigma_mac[e][ands], ANDS_mac[e][3*ands]);
sigma_key[e][ands] = xorBlocks(sigma_key[e][ands], ANDS_key[e][3*ands]);
sigma_value[e][ands] = logic_xor(sigma_value[e][ands], ANDS_value[e][3*ands]);
sigma_mac[e][ands] = sigma_mac[e][ands] ^ ANDS_mac[e][3*ands];
sigma_key[e][ands] = sigma_key[e][ands] ^ ANDS_key[e][3*ands];
}
if(x1[e][ands] and y1[e][ands]) {
if(party == ALICE)
sigma_key[e][ands] = xorBlocks(sigma_key[e][ands], fpre->Delta);
if(party == ALICE) {
sigma_key[e][ands] = sigma_key[e][ands] ^ fpre->Delta;
sigma_key[e][ands] = sigma_key[e][ands] ^ makeBlock(0,1);
}
else
sigma_value[e][ands] = not sigma_value[e][ands];
sigma_mac[e][ands] = sigma_mac[e][ands] ^ makeBlock(0,1);
}
#ifdef __debug
block MM[] = {mac[e][cf->gates[4*i]], mac[e][cf->gates[4*i+1]], sigma_mac[e][ands]};
@@ -247,54 +228,51 @@ class AmortizedC2PC { public:
block H[4][2];
block K[4], M[4];
bool r[4];
for(int e = 0; e < exec; ++e) {
ands = 0;
for(int i = 0; i < cf->num_gate; ++i) {
if(cf->gates[4*i+3] == AND_GATE) {
r[0] = logic_xor(sigma_value[e][ands] , value[e][cf->gates[4*i+2]]);
r[1] = logic_xor(r[0] , value[e][cf->gates[4*i]]);
r[2] = logic_xor(r[0] , value[e][cf->gates[4*i+1]]);
r[3] = logic_xor(r[1] , value[e][cf->gates[4*i+1]]);
if(party == BOB) r[3] = not r[3];
M[0] = sigma_mac[e][ands] ^ mac[e][cf->gates[4*i+2]];
M[1] = M[0] ^ mac[e][cf->gates[4*i]];
M[2] = M[0] ^ mac[e][cf->gates[4*i+1]];
M[3] = M[1] ^ mac[e][cf->gates[4*i+1]];
if(party == BOB)
M[3] = M[3] ^ makeBlock(0,1);
M[0] = xorBlocks(sigma_mac[e][ands], mac[e][cf->gates[4*i+2]]);
M[1] = xorBlocks(M[0], mac[e][cf->gates[4*i]]);
M[2] = xorBlocks(M[0], mac[e][cf->gates[4*i+1]]);
M[3] = xorBlocks(M[1], mac[e][cf->gates[4*i+1]]);
K[0] = xorBlocks(sigma_key[e][ands], key[e][cf->gates[4*i+2]]);
K[1] = xorBlocks(K[0], key[e][cf->gates[4*i]]);
K[2] = xorBlocks(K[0], key[e][cf->gates[4*i+1]]);
K[3] = xorBlocks(K[1], key[e][cf->gates[4*i+1]]);
if(party == ALICE) K[3] = xorBlocks(K[3], fpre->Delta);
K[0] = sigma_key[e][ands] ^ key[e][cf->gates[4*i+2]];
K[1] = K[0] ^ key[e][cf->gates[4*i]];
K[2] = K[0] ^ key[e][cf->gates[4*i+1]];
K[3] = K[1] ^ key[e][cf->gates[4*i+1]];
if(party == ALICE) {
K[3] = K[3] ^ fpre->Delta;
K[3] = K[3] ^ makeBlock(0,1);
}
if(party == ALICE) {
Hash(H, labels[e][cf->gates[4*i]], labels[e][cf->gates[4*i+1]], i);
for(int j = 0; j < 4; ++j) {
H[j][0] = xorBlocks(H[j][0], M[j]);
H[j][1] = xorBlocks(H[j][1], xorBlocks(K[j], labels[e][cf->gates[4*i+2]]));
if(r[j])
H[j][1] = xorBlocks(H[j][1], fpre->Delta);
H[j][0] = H[j][0] ^ M[j];
H[j][1] = H[j][1] ^ K[j] ^ labels[e][cf->gates[4*i+2]];
if(getLSB(M[j]))
H[j][1] = H[j][1] ^ fpre->Delta;;
#ifdef __debug
check2(M[j], K[j], r[j]);
#endif
}
for(int j = 0; j < 4; ++j ) {
send_partial_block<SSP>(io, &H[j][0], 1);
send_partial_block<T, SSP>(io, &H[j][0], 1);
io->send_block(&H[j][1], 1);
}
} else {
memcpy(GTK[e][ands], K, sizeof(block)*4);
memcpy(GTM[e][ands], M, sizeof(block)*4);
memcpy(GTv[e][ands], r, sizeof(bool)*4);
#ifdef __debug
for(int j = 0; j < 4; ++j)
check2(M[j], K[j], r[j]);
#endif
for(int j = 0; j < 4; ++j ) {
recv_partial_block<SSP>(io, &GT[e][ands][j][0], 1);
recv_partial_block<T, SSP>(io, &GT[e][ands][j][0], 1);
io->recv_block(&GT[e][ands][j][1], 1);
}
@@ -307,40 +285,40 @@ class AmortizedC2PC { public:
block tmp;
if(party == ALICE) {
for(int e = 0; e < exec; ++e)
send_partial_block<SSP>(io, mac[e], cf->n1);
send_partial_block<T, SSP>(io, mac[e], cf->n1);
for(int e = 0; e < exec; ++e)
for(int i = cf->n1; i < cf->n1+cf->n2; ++i) {
recv_partial_block<SSP>(io, &tmp, 1);
block ttt = xorBlocks(key[e][i], fpre->Delta);
recv_partial_block<T, SSP>(io, &tmp, 1);
block ttt = key[e][i] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
block mask_key = _mm_and_si128(key[e][i], MASK);
tmp = _mm_and_si128(tmp, MASK);
if(block_cmp(&tmp, &mask_key, 1))
if(cmpBlock(&tmp, &mask_key, 1))
mask[e][i] = false;
else if(block_cmp(&tmp, &ttt, 1))
else if(cmpBlock(&tmp, &ttt, 1))
mask[e][i] = true;
else cout <<"no match! ALICE\t"<<i<<endl;
}
} else {
for(int e = 0; e < exec; ++e)
for(int i = 0; i < cf->n1; ++i) {
recv_partial_block<SSP>(io, &tmp, 1);
block ttt = xorBlocks(key[e][i], fpre->Delta);
recv_partial_block<T, SSP>(io, &tmp, 1);
block ttt = key[e][i] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
tmp = _mm_and_si128(tmp, MASK);
block mask_key = _mm_and_si128(key[e][i], MASK);
if(block_cmp(&tmp, &mask_key, 1)) {
if(cmpBlock(&tmp, &mask_key, 1)) {
mask[e][i] = false;
} else if(block_cmp(&tmp, &ttt, 1)) {
} else if(cmpBlock(&tmp, &ttt, 1)) {
mask[e][i] = true;
}
else cout <<"no match! BOB\t"<<i<<endl;
}
for(int e = 0; e < exec; ++e)
send_partial_block<SSP>(io, mac[e]+cf->n1, cf->n2);
send_partial_block<T, SSP>(io, mac[e]+cf->n1, cf->n2);
}
}
@@ -369,22 +347,19 @@ class AmortizedC2PC { public:
if (cf->gates[4*i+3] == AND_GATE) {
key[e][cf->gates[4*i+2]] = preprocess_key[e*total_pre + ands];
mac[e][cf->gates[4*i+2]] = preprocess_mac[e*total_pre +ands];
value[e][cf->gates[4*i+2]] = preprocess_value[e*total_pre +ands];
++ands;
}
}
for(int i = 0; i < cf->num_gate; ++i) {
if (cf->gates[4*i+3] == XOR_GATE) {
key[e][cf->gates[4*i+2]] = xorBlocks(key[e][cf->gates[4*i]], key[e][cf->gates[4*i+1]]);
mac[e][cf->gates[4*i+2]] = xorBlocks(mac[e][cf->gates[4*i]], mac[e][cf->gates[4*i+1]]);
value[e][cf->gates[4*i+2]] = logic_xor(value[e][cf->gates[4*i]], value[e][cf->gates[4*i+1]]);
key[e][cf->gates[4*i+2]] = key[e][cf->gates[4*i]] ^ key[e][cf->gates[4*i+1]];
mac[e][cf->gates[4*i+2]] = mac[e][cf->gates[4*i]] ^ mac[e][cf->gates[4*i+1]];
if(party == ALICE)
labels[e][cf->gates[4*i+2]] = xorBlocks(labels[e][cf->gates[4*i]], labels[e][cf->gates[4*i+1]]);
labels[e][cf->gates[4*i+2]] = labels[e][cf->gates[4*i]] ^ labels[e][cf->gates[4*i+1]];;
} else if (cf->gates[4*i+3] == NOT_GATE) {
if(party == ALICE)
labels[e][cf->gates[4*i+2]] = xorBlocks(labels[e][cf->gates[4*i]], fpre->Delta);
value[e][cf->gates[4*i+2]] = value[e][cf->gates[4*i]];
labels[e][cf->gates[4*i+2]] = labels[e][cf->gates[4*i]] ^ fpre->Delta;
key[e][cf->gates[4*i+2]] = key[e][cf->gates[4*i]];
mac[e][cf->gates[4*i+2]] = mac[e][cf->gates[4*i]];
}
@@ -392,22 +367,22 @@ class AmortizedC2PC { public:
ands = 0;
for(int i = 0; i < cf->num_gate; ++i) {
if (cf->gates[4*i+3] == AND_GATE) {
x1[e][ands] = logic_xor(value[e][cf->gates[4*i]], ANDS_value[e][3*ands]);
y1[e][ands] = logic_xor(value[e][cf->gates[4*i+1]], ANDS_value[e][3*ands+1]);
x1[e][ands] = getLSB(mac[e][cf->gates[4*i]] ^ ANDS_mac[e][3*ands]);
y1[e][ands] = getLSB(mac[e][cf->gates[4*i+1]] ^ ANDS_mac[e][3*ands+1]);
ands++;
}
}
if(party == ALICE) {
send_bool(fpre->io2[I], x1[e], num_ands);
send_bool(fpre->io2[I], y1[e], num_ands);
recv_bool(fpre->io2[I], x2[e], num_ands);
recv_bool(fpre->io2[I], y2[e], num_ands);
fpre->io2[I]->send_bool(x1[e], num_ands);
fpre->io2[I]->send_bool(y1[e], num_ands);
fpre->io2[I]->recv_bool(x2[e], num_ands);
fpre->io2[I]->recv_bool(y2[e], num_ands);
} else {
recv_bool(fpre->io2[I], x2[e], num_ands);
recv_bool(fpre->io2[I], y2[e], num_ands);
send_bool(fpre->io2[I], x1[e], num_ands);
send_bool(fpre->io2[I], y1[e], num_ands);
fpre->io2[I]->recv_bool(x2[e], num_ands);
fpre->io2[I]->recv_bool(y2[e], num_ands);
fpre->io2[I]->send_bool(x1[e], num_ands);
fpre->io2[I]->send_bool(y1[e], num_ands);
}
for(int i = 0; i < num_ands; ++i) {
@@ -419,22 +394,22 @@ class AmortizedC2PC { public:
if (cf->gates[4*i+3] == AND_GATE) {
sigma_mac[e][ands] = ANDS_mac[e][3*ands+2];
sigma_key[e][ands] = ANDS_key[e][3*ands+2];
sigma_value[e][ands] = ANDS_value[e][3*ands+2];
if(x1[e][ands]) {
sigma_mac[e][ands] = xorBlocks(sigma_mac[e][ands], ANDS_mac[e][3*ands+1]);
sigma_key[e][ands] = xorBlocks(sigma_key[e][ands], ANDS_key[e][3*ands+1]);
sigma_value[e][ands] = logic_xor(sigma_value[e][ands], ANDS_value[e][3*ands+1]);
sigma_mac[e][ands] = sigma_mac[e][ands] ^ ANDS_mac[e][3*ands+1];
sigma_key[e][ands] = sigma_key[e][ands] ^ ANDS_key[e][3*ands+1];
}
if(y1[e][ands]) {
sigma_mac[e][ands] = xorBlocks(sigma_mac[e][ands], ANDS_mac[e][3*ands]);
sigma_key[e][ands] = xorBlocks(sigma_key[e][ands], ANDS_key[e][3*ands]);
sigma_value[e][ands] = logic_xor(sigma_value[e][ands], ANDS_value[e][3*ands]);
sigma_mac[e][ands] = sigma_mac[e][ands] ^ ANDS_mac[e][3*ands];
sigma_key[e][ands] = sigma_key[e][ands] ^ ANDS_key[e][3*ands];
}
if(x1[e][ands] and y1[e][ands]) {
if(party == ALICE)
sigma_key[e][ands] = xorBlocks(sigma_key[e][ands], fpre->Delta);
if(party == ALICE) {
sigma_key[e][ands] = sigma_key[e][ands] ^ fpre->Delta;
sigma_key[e][ands] = sigma_key[e][ands] ^ makeBlock(0,1);
}
else
sigma_value[e][ands] = not sigma_value[e][ands];
sigma_mac[e][ands] = sigma_mac[e][ands] ^ makeBlock(0,1);
}
#ifdef __debug
block MM[] = {mac[e][cf->gates[4*i]], mac[e][cf->gates[4*i+1]], sigma_mac[e][ands]};
@@ -449,52 +424,49 @@ class AmortizedC2PC { public:
block H[4][2];
block K[4], M[4];
bool r[4];
ands = 0;
for(int i = 0; i < cf->num_gate; ++i) {
if(cf->gates[4*i+3] == AND_GATE) {
r[0] = logic_xor(sigma_value[e][ands] , value[e][cf->gates[4*i+2]]);
r[1] = logic_xor(r[0] , value[e][cf->gates[4*i]]);
r[2] = logic_xor(r[0] , value[e][cf->gates[4*i+1]]);
r[3] = logic_xor(r[1] , value[e][cf->gates[4*i+1]]);
if(party == BOB) r[3] = not r[3];
M[0] = sigma_mac[e][ands] ^ mac[e][cf->gates[4*i+2]];
M[1] = M[0] ^ mac[e][cf->gates[4*i]];
M[2] = M[0] ^ mac[e][cf->gates[4*i+1]];
M[3] = M[1] ^ mac[e][cf->gates[4*i+1]];
if(party == BOB)
M[3] = M[3] ^ makeBlock(0,1);
M[0] = xorBlocks(sigma_mac[e][ands], mac[e][cf->gates[4*i+2]]);
M[1] = xorBlocks(M[0], mac[e][cf->gates[4*i]]);
M[2] = xorBlocks(M[0], mac[e][cf->gates[4*i+1]]);
M[3] = xorBlocks(M[1], mac[e][cf->gates[4*i+1]]);
K[0] = xorBlocks(sigma_key[e][ands], key[e][cf->gates[4*i+2]]);
K[1] = xorBlocks(K[0], key[e][cf->gates[4*i]]);
K[2] = xorBlocks(K[0], key[e][cf->gates[4*i+1]]);
K[3] = xorBlocks(K[1], key[e][cf->gates[4*i+1]]);
if(party == ALICE) K[3] = xorBlocks(K[3], fpre->Delta);
K[0] = sigma_key[e][ands] ^ key[e][cf->gates[4*i+2]];
K[1] = K[0] ^ key[e][cf->gates[4*i]];
K[2] = K[0] ^ key[e][cf->gates[4*i+1]];
K[3] = K[1] ^ key[e][cf->gates[4*i+1]];
if(party == ALICE) {
K[3] = K[3] ^ fpre->Delta;
K[3] = K[3] ^ makeBlock(0,1);
}
if(party == ALICE) {
Hash(H, labels[e][cf->gates[4*i]], labels[e][cf->gates[4*i+1]], i);
for(int j = 0; j < 4; ++j) {
H[j][0] = xorBlocks(H[j][0], M[j]);
H[j][1] = xorBlocks(H[j][1], xorBlocks(K[j], labels[e][cf->gates[4*i+2]]));
if(r[j])
H[j][1] = xorBlocks(H[j][1], fpre->Delta);
H[j][0] = H[j][0] ^ M[j];
H[j][1] = H[j][1] ^ K[j] ^ labels[e][cf->gates[4*i+2]];
if(getLSB(M[j]))
H[j][1] = H[j][1] ^ fpre->Delta;
#ifdef __debug
check2(M[j], K[j], r[j]);
#endif
}
for(int j = 0; j < 4; ++j ) {
send_partial_block<SSP>(fpre->io2[I], &H[j][0], 1);
send_partial_block<T, SSP>(fpre->io2[I], &H[j][0], 1);
fpre->io2[I]->send_block(&H[j][1], 1);
}
} else {
memcpy(GTK[e][ands], K, sizeof(block)*4);
memcpy(GTM[e][ands], M, sizeof(block)*4);
memcpy(GTv[e][ands], r, sizeof(bool)*4);
#ifdef __debug
for(int j = 0; j < 4; ++j)
check2(M[j], K[j], r[j]);
#endif
for(int j = 0; j < 4; ++j ) {
recv_partial_block<SSP>(fpre->io2[I], &GT[e][ands][j][0], 1);
recv_partial_block<T, SSP>(fpre->io2[I], &GT[e][ands][j][0], 1);
fpre->io2[I]->recv_block(&GT[e][ands][j][1], 1);
}
}
@@ -504,34 +476,34 @@ class AmortizedC2PC { public:
block tmp;
if(party == ALICE) {
send_partial_block<SSP>(fpre->io2[I], mac[e], cf->n1);
send_partial_block<T, SSP>(fpre->io2[I], mac[e], cf->n1);
for(int i = cf->n1; i < cf->n1+cf->n2; ++i) {
recv_partial_block<SSP>(fpre->io2[I], &tmp, 1);
block ttt = xorBlocks(key[e][i], fpre->Delta);
recv_partial_block<T, SSP>(fpre->io2[I], &tmp, 1);
block ttt = key[e][i] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
block mask_key = _mm_and_si128(key[e][i], MASK);
tmp = _mm_and_si128(tmp, MASK);
if(block_cmp(&tmp, &mask_key, 1))
if(cmpBlock(&tmp, &mask_key, 1))
mask[e][i] = false;
else if(block_cmp(&tmp, &ttt, 1))
else if(cmpBlock(&tmp, &ttt, 1))
mask[e][i] = true;
else cout <<"no match! ALICE\t"<<i<<endl;
}
} else {
for(int i = 0; i < cf->n1; ++i) {
recv_partial_block<SSP>(fpre->io2[I], &tmp, 1);
block ttt = xorBlocks(key[e][i], fpre->Delta);
recv_partial_block<T, SSP>(fpre->io2[I], &tmp, 1);
block ttt = key[e][i] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
tmp = _mm_and_si128(tmp, MASK);
block mask_key = _mm_and_si128(key[e][i], MASK);
if(block_cmp(&tmp, &mask_key, 1)) {
if(cmpBlock(&tmp, &mask_key, 1)) {
mask[e][i] = false;
} else if(block_cmp(&tmp, &ttt, 1)) {
} else if(cmpBlock(&tmp, &ttt, 1)) {
mask[e][i] = true;
}
else cout <<"no match! BOB\t"<<i<<endl;
}
send_partial_block<SSP>(fpre->io2[I], mac[e]+cf->n1, cf->n2);
send_partial_block<T, SSP>(fpre->io2[I], mac[e]+cf->n1, cf->n2);
}
fpre->io2[I]->flush();
}
@@ -548,21 +520,21 @@ class AmortizedC2PC { public:
#endif
if(party == ALICE) {
for(int i = cf->n1; i < cf->n1+cf->n2; ++i) {
mask_input[i] = logic_xor(input[i - cf->n1], value[exec_times][i]);
mask_input[i] = logic_xor(input[i - cf->n1], getLSB(mac[exec_times][i]));
mask_input[i] = logic_xor(mask_input[i], mask[exec_times][i]);
}
io->recv_data(mask_input, cf->n1);
io->send_data(mask_input+cf->n1, cf->n2);
for(int i = 0; i < cf->n1 + cf->n2; ++i) {
tmp = labels[exec_times][i];
if(mask_input[i]) tmp = xorBlocks(tmp, fpre->Delta);
if(mask_input[i]) tmp = tmp ^ fpre->Delta;
io->send_block(&tmp, 1);
}
//send output mask data
send_partial_block<SSP>(io, mac[exec_times]+cf->num_wire - cf->n3, cf->n3);
send_partial_block<T, SSP>(io, mac[exec_times]+cf->num_wire - cf->n3, cf->n3);
} else {
for(int i = 0; i < cf->n1; ++i) {
mask_input[i] = logic_xor(input[i], value[exec_times][i]);
mask_input[i] = logic_xor(input[i], getLSB(mac[exec_times][i]));
mask_input[i] = logic_xor(mask_input[i], mask[exec_times][i]);
}
io->send_data(mask_input, cf->n1);
@@ -573,28 +545,28 @@ class AmortizedC2PC { public:
if(party == BOB) {
for(int i = 0; i < cf->num_gate; ++i) {
if (cf->gates[4*i+3] == XOR_GATE) {
labels[exec_times][cf->gates[4*i+2]] = xorBlocks(labels[exec_times][cf->gates[4*i]], labels[exec_times][cf->gates[4*i+1]]);
labels[exec_times][cf->gates[4*i+2]] = labels[exec_times][cf->gates[4*i]] ^ labels[exec_times][cf->gates[4*i+1]];
mask_input[cf->gates[4*i+2]] = logic_xor(mask_input[cf->gates[4*i]], mask_input[cf->gates[4*i+1]]);
} else if (cf->gates[4*i+3] == AND_GATE) {
int index = 2*mask_input[cf->gates[4*i]] + mask_input[cf->gates[4*i+1]];
block H[2];
Hash(H, labels[exec_times][cf->gates[4*i]], labels[exec_times][cf->gates[4*i+1]], i, index);
GT[exec_times][ands][index][0] = xorBlocks(GT[exec_times][ands][index][0], H[0]);
GT[exec_times][ands][index][1] = xorBlocks(GT[exec_times][ands][index][1], H[1]);
GT[exec_times][ands][index][0] = GT[exec_times][ands][index][0] ^ H[0];
GT[exec_times][ands][index][1] = GT[exec_times][ands][index][1] ^ H[1];
block ttt = xorBlocks(GTK[exec_times][ands][index], fpre->Delta);
block ttt = GTK[exec_times][ands][index] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
GTK[exec_times][ands][index] = _mm_and_si128(GTK[exec_times][ands][index], MASK);
GT[exec_times][ands][index][0] = _mm_and_si128(GT[exec_times][ands][index][0], MASK);
if(block_cmp(&GT[exec_times][ands][index][0], &GTK[exec_times][ands][index], 1))
if(cmpBlock(&GT[exec_times][ands][index][0], &GTK[exec_times][ands][index], 1))
mask_input[cf->gates[4*i+2]] = false;
else if(block_cmp(&GT[exec_times][ands][index][0], &ttt, 1))
else if(cmpBlock(&GT[exec_times][ands][index][0], &ttt, 1))
mask_input[cf->gates[4*i+2]] = true;
else cout <<ands <<"no match GT!"<<endl;
mask_input[cf->gates[4*i+2]] = logic_xor(mask_input[cf->gates[4*i+2]], GTv[exec_times][ands][index]);
mask_input[cf->gates[4*i+2]] = logic_xor(mask_input[cf->gates[4*i+2]], getLSB(GTM[exec_times][ands][index]));
labels[exec_times][cf->gates[4*i+2]] = xorBlocks(GT[exec_times][ands][index][1], GTM[exec_times][ands][index]);
labels[exec_times][cf->gates[4*i+2]] = GT[exec_times][ands][index][1] ^ GTM[exec_times][ands][index];
ands++;
} else {
mask_input[cf->gates[4*i+2]] = not mask_input[cf->gates[4*i]];
@@ -606,22 +578,22 @@ class AmortizedC2PC { public:
bool * o = new bool[cf->n3];
for(int i = 0; i < cf->n3; ++i) {
block tmp;
recv_partial_block<SSP>(io, &tmp, 1);
recv_partial_block<T, SSP>(io, &tmp, 1);
tmp = _mm_and_si128(tmp, MASK);
block ttt = xorBlocks(key[exec_times][cf->num_wire - cf-> n3 + i], fpre->Delta);
block ttt = key[exec_times][cf->num_wire - cf-> n3 + i] ^ fpre->Delta;
ttt = _mm_and_si128(ttt, MASK);
key[exec_times][cf->num_wire - cf-> n3 + i] = _mm_and_si128(key[exec_times][cf->num_wire - cf-> n3 + i], MASK);
if(block_cmp(&tmp, &key[exec_times][cf->num_wire - cf-> n3 + i], 1))
if(cmpBlock(&tmp, &key[exec_times][cf->num_wire - cf-> n3 + i], 1))
o[i] = false;
else if(block_cmp(&tmp, &ttt, 1))
else if(cmpBlock(&tmp, &ttt, 1))
o[i] = true;
else cout <<"no match output label!"<<endl;
}
for(int i = 0; i < cf->n3; ++i) {
output[i] = logic_xor(o[i], mask_input[cf->num_wire - cf->n3 + i]);
output[i] = logic_xor(output[i], value[exec_times][cf->num_wire - cf->n3 + i]);
output[i] = logic_xor(output[i], getLSB(mac[exec_times][cf->num_wire - cf->n3 + i]));
}
delete[] o;
}
@@ -631,30 +603,30 @@ class AmortizedC2PC { public:
void Hash(block H[4][2], const block & a, const block & b, uint64_t i) {
block A[2], B[2];
A[0] = a; A[1] = xorBlocks(a, fpre->Delta);
B[0] = b; B[1] = xorBlocks(b, fpre->Delta);
A[0] = double_block(A[0]);
A[1] = double_block(A[1]);
B[0] = double_block(double_block(B[0]));
B[1] = double_block(double_block(B[1]));
A[0] = a; A[1] = a ^ fpre->Delta;
B[0] = b; B[1] = b ^ fpre->Delta;
A[0] = sigma(A[0]);
A[1] = sigma(A[1]);
B[0] = sigma(sigma(B[0]));
B[1] = sigma(sigma(B[1]));
H[0][1] = H[0][0] = xorBlocks(A[0], B[0]);
H[1][1] = H[1][0] = xorBlocks(A[0], B[1]);
H[2][1] = H[2][0] = xorBlocks(A[1], B[0]);
H[3][1] = H[3][0] = xorBlocks(A[1], B[1]);
H[0][1] = H[0][0] = A[0] ^ B[0];
H[1][1] = H[1][0] = A[0] ^ B[1];
H[2][1] = H[2][0] = A[1] ^ B[0];
H[3][1] = H[3][0] = A[1] ^ B[1];
for(uint64_t j = 0; j < 4; ++j) {
H[j][0] = xorBlocks(H[j][0], _mm_set_epi64x(4*i+j, 0ULL));
H[j][1] = xorBlocks(H[j][1], _mm_set_epi64x(4*i+j, 1ULL));
H[j][0] = H[j][0] ^ _mm_set_epi64x(4*i+j, 0ULL);
H[j][1] = H[j][1] ^ _mm_set_epi64x(4*i+j, 1ULL);
}
prp.permute_block((block *)H, 8);
}
void Hash(block H[2], block a, block b, uint64_t i, uint64_t row) {
a = double_block(a);
b = double_block(double_block(b));
H[0] = H[1] = xorBlocks(a, b);
H[0] = xorBlocks(H[0], _mm_set_epi64x(4*i+row, 0ULL));
H[1] = xorBlocks(H[1], _mm_set_epi64x(4*i+row, 1ULL));
a = sigma(a);
b = sigma(sigma(b));
H[0] = H[1] = a ^ b;
H[0] = H[0] ^ _mm_set_epi64x(4*i+row, 0ULL);
H[1] = H[1] ^ _mm_set_epi64x(4*i+row, 1ULL);;
prp.permute_block((block *)H, 2);
}

5
emp-ag2pc/c2pc_config.h
View File

@@ -1,5 +0,0 @@
#ifndef __C2PC_CONFIG
#define __C2PC_CONFIG
const static int fpre_threads = 8;
const static char * IP = "127.0.0.1";
#endif// __C2PC_CONFIG

8
emp-ag2pc/config.h Normal file
View File

@@ -0,0 +1,8 @@
#ifndef EMP_AG2PC_CONFIG_H__
#define EMP_AG2PC_CONFIG_H__
namespace emp {
const static int fpre_threads = 1;
const static char * IP = "127.0.0.1";
//const static char * IP = "172.31.10.128";
}
#endif// __C2PC_CONFIG

3
emp-ag2pc/emp-ag2pc.h
View File

@@ -1,7 +1,6 @@
#include "emp-ag2pc/2pc.h"
#include "emp-ag2pc/helper.h"
#include "emp-ag2pc/amortized_2pc.h"
#include "emp-ag2pc/feq.h"
#include "emp-ag2pc/c2pc_config.h"
#include "emp-ag2pc/config.h"
#include "emp-ag2pc/fpre.h"

58
emp-ag2pc/feq.h
View File

@@ -1,40 +1,48 @@
#ifndef FEQ_H__
#define FEQ_H__
#ifndef EMP_AG2PC_FEQ_H__
#define EMP_AG2PC_FEQ_H__
#include <emp-tool/emp-tool.h>
namespace emp {
class Feq {
public:
template<typename T>
class Feq { public:
Hash h;
NetIO* io = nullptr;
T* io = nullptr;
int party;
Feq(NetIO* io, int party) {
Feq(T* io, int party) {
this->io = io;
this->party = party;
}
void add(void * data, int length) {
h.put(data, length);
void add_block(const block & in) {
h.put(&in, sizeof(block));
}
void add_data(const void * data, int len) {
h.put(data, len);
}
void dgst(char * dgst) {
h.digest(dgst);
}
bool compare() {
char dgst[Hash::DIGEST_SIZE + 1];
char dgst2[Hash::DIGEST_SIZE];
char dgst3[Hash::DIGEST_SIZE];
char dgst4[Hash::DIGEST_SIZE];
dgst[Hash::DIGEST_SIZE] = 0x0;
h.digest(dgst);
dgst[Hash::DIGEST_SIZE] = party & 0xF;
Hash::hash_once(dgst2, dgst, sizeof(dgst));
dgst[Hash::DIGEST_SIZE] = (ALICE + BOB - party) & 0xF;
Hash::hash_once(dgst3, dgst, sizeof(dgst));
if (party == ALICE) {
io->send_data(dgst2, Hash::DIGEST_SIZE);
io->recv_data(dgst4, Hash::DIGEST_SIZE);
char AR[Hash::DIGEST_SIZE+16];
char dgst[Hash::DIGEST_SIZE];
h.digest(AR);
if(party == ALICE) {
PRG prg;
prg.random_data(AR+Hash::DIGEST_SIZE, 16);
Hash::hash_once(dgst, AR, Hash::DIGEST_SIZE+16);
io->send_data(dgst, Hash::DIGEST_SIZE);
io->recv_data(dgst, Hash::DIGEST_SIZE);
io->send_data(AR+Hash::DIGEST_SIZE, 16);
} else {
io->recv_data(dgst4, Hash::DIGEST_SIZE);
io->send_data(dgst2, Hash::DIGEST_SIZE);
io->flush();
io->recv_data(dgst, Hash::DIGEST_SIZE);
io->send_data(AR, Hash::DIGEST_SIZE);
io->recv_data(AR+Hash::DIGEST_SIZE, 16);
Hash::hash_once(AR, AR, Hash::DIGEST_SIZE+16);
}
return strncmp(dgst3, dgst4, Hash::DIGEST_SIZE) == 0;
io->flush();
return memcmp(dgst, AR, Hash::DIGEST_SIZE)==0;
}
};

627
emp-ag2pc/fpre.h
View File

@@ -1,27 +1,17 @@
#ifndef FPRE_H__
#define FPRE_H__
#ifndef EMP_AG2PC_FPRE_H__
#define EMP_AG2PC_FPRE_H__
#include <emp-tool/emp-tool.h>
#include <emp-ot/emp-ot.h>
#include <thread>
#include "feq.h"
#include "emp-ag2pc/feq.h"
#include "emp-ag2pc/helper.h"
#include "c2pc_config.h"
#include "emp-ag2pc/leaky_deltaot.h"
#include "emp-ag2pc/config.h"
namespace emp {
//#define __debug
void abit_run(DeltaOT * abit, NetIO * io, bool send, block * blocks, bool * bools, int length) {
io->flush();
if(send) {
abit->send(blocks, length);
} else {
abit->recv(blocks, bools, length);
}
io->flush();
}
class Fpre;
void combine_merge(Fpre * fpre, int start, int length, int I, bool * data, bool* data2, block * MAC2, block * KEY2, bool *r2, int * location);
template<typename T>
class Fpre {
public:
ThreadPool *pool;
@@ -33,85 +23,98 @@ class Fpre {
PRG prg;
PRP prp;
PRP *prps;
NetIO *io[THDS];
NetIO *io2[THDS];
DeltaOT *abit1[THDS], *abit2[THDS];
T *io[THDS];
T *io2[THDS];
int bandwidth() {
int sum = 0;
for(int i = 0; i < THDS; ++i) {
sum+=io[i]->counter;
sum+=io2[i]->counter;
}
return sum;
}
LeakyDeltaOT<T> *abit1[THDS], *abit2[THDS];
block Delta;
Feq *eq[THDS];
block ZDelta;
block one;
Feq<T> *eq[THDS*2];
block * MAC = nullptr, *KEY = nullptr;
bool * r = nullptr;
block * MAC_res = nullptr, *KEY_res = nullptr;
block * pretable = nullptr;
Fpre(NetIO * in_io, int in_party, int bsize = 1000) {
pretable = DeltaOT::preTable(40);
Fpre(T * in_io, int in_party, int bsize = 1000) {
pool = new ThreadPool(THDS*2);
prps = new PRP[THDS];
prps = new PRP[THDS*2];
this->party = in_party;
for(int i = 0; i < THDS; ++i) {
io[i] = new NetIO(in_io->is_server?nullptr:in_io->addr.c_str(), in_io->port+2*i+1, true);
io2[i] = new NetIO(in_io->is_server?nullptr:in_io->addr.c_str(), in_io->port+2*i+2, true);
eq[i] = new Feq(io[i], party);
io[i] = new T(in_io->is_server?nullptr:in_io->addr.c_str(), in_io->port, true);
io2[i] = new T(in_io->is_server?nullptr:in_io->addr.c_str(), in_io->port, true);
eq[i] = new Feq<T>(io[i], party);
eq[THDS+i] = new Feq<T>(io2[i], party);
}
abit1[0] = new DeltaOT(io[0], pretable, 40);
abit2[0] = new DeltaOT(io2[0], pretable, 40);
MOTExtension<NetIO> ote(io[0]);
block tmp_k0[128*2], tmp_k1[128*2];
bool tmp_s[128*2];
int l = 128+40;
abit1[0] = new LeakyDeltaOT<T>(io[0]);
abit2[0] = new LeakyDeltaOT<T>(io2[0]);
bool tmp_s[128];
prg.random_bool(tmp_s, 128);
tmp_s[0] = true;
if(party == ALICE) {
prg.random_bool(tmp_s, l);
ote.recv_rot(tmp_k0, tmp_s, l);
abit1[0]->setup_send(tmp_s, tmp_k0);
abit1[0]->send(tmp_k0, l);
for(int i = 0; i < l; ++i)
tmp_k1[i] = xorBlocks(abit1[0]->Delta, tmp_k0[i]);
abit2[0]->setup_recv(tmp_k0, tmp_k1);
tmp_s[1] = true;
abit1[0]->setup_send(tmp_s);
io[0]->flush();
abit2[0]->setup_recv();
} else {
tmp_s[1] = false;
abit1[0]->setup_recv();
io[0]->flush();
abit2[0]->setup_send(tmp_s);
}
else {
ote.send_rot(tmp_k0, tmp_k1, l);
abit1[0]->setup_recv(tmp_k0, tmp_k1);
prg.random_bool(tmp_s, l);
abit1[0]->recv(tmp_k0, tmp_s, l);
abit2[0]->setup_send(tmp_s, tmp_k0);
}
io2[0]->flush();
for(int i = 1; i < THDS; ++i) {
abit1[i] = new DeltaOT(io[i], pretable, 40);
abit2[i] = new DeltaOT(io2[i], pretable, 40);
if (party == ALICE) {
abit1[i]->setup_send(abit1[0]->s, abit1[0]->k0);
abit1[i] = new LeakyDeltaOT<T>(io[i]);
abit2[i] = new LeakyDeltaOT<T>(io2[i]);
if(party == ALICE) {
abit1[i]->setup_send(tmp_s, abit1[0]->k0);
abit2[i]->setup_recv(abit2[0]->k0, abit2[0]->k1);
} else {
abit2[i]->setup_send(tmp_s, abit2[0]->k0);
abit1[i]->setup_recv(abit1[0]->k0, abit1[0]->k1);
abit2[i]->setup_send(abit2[0]->s, abit2[0]->k0);
}
}
if(party == ALICE) Delta = abit1[0]->Delta;
else Delta = abit2[0]->Delta;
one = makeBlock(0, 1);
ZDelta = Delta & makeBlock(0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFE);
set_batch_size(bsize);
}
int permute_batch_size;
void set_batch_size(int size) {
size = std::max(size, 320);
batch_size = ((size+THDS-1)/THDS)*THDS;
if(batch_size >= 280*1000)
batch_size = ((size+THDS*2-1)/(2*THDS))*THDS*2;
if(batch_size >= 280*1000) {
bucket_size = 3;
else if(batch_size >= 3100)
permute_batch_size = 280000;
}
else if(batch_size >= 3100) {
bucket_size = 4;
permute_batch_size = 3100;
}
else bucket_size = 5;
if (MAC != nullptr) {
delete[] MAC;
delete[] KEY;
delete[] r;
}
MAC = aalloc<block>(batch_size * bucket_size * 3);
KEY = aalloc<block>(batch_size * bucket_size * 3);
r = new bool[batch_size * bucket_size * 3];
MAC = new block[batch_size * bucket_size * 3];
KEY = new block[batch_size * bucket_size * 3];
MAC_res = new block[batch_size * 3];
KEY_res = new block[batch_size * 3];
// cout << size<<"\t"<<batch_size<<"\n";
}
~Fpre() {
if(MAC != nullptr) {
free(MAC);
free(KEY);
delete[]r;
delete[] MAC;
delete[] KEY;
}
delete[] prps;
delete pool;
@@ -124,244 +127,173 @@ class Fpre {
}
}
void refill() {
prg.random_bool(r, batch_size * 3 * bucket_size);
#ifdef __debug
double t1 = timeStamp();
#endif
auto start_time = clock_start();
vector<future<void>> res;
for(int i = 0; i < THDS; ++i) {
int start = i*batch_size/THDS;
int start = i*(batch_size/THDS);
int length = batch_size/THDS;
res.push_back(pool->enqueue([this, start, length, i](){
io[i]->flush();
io2[i]->flush();
generate(MAC + start * bucket_size*3, KEY + start * bucket_size*3, r + start * bucket_size*3, length * bucket_size, i);
io[i]->flush();
io2[i]->flush();
check( MAC + start * bucket_size*3, KEY + start * bucket_size*3, r + start * bucket_size*3, party == ALICE, length * bucket_size, io[i], i);
io[i]->flush();
check( MAC + start * bucket_size*3, KEY + start * bucket_size*3, r + start * bucket_size*3, party == BOB, length * bucket_size, io2[i], i);
io2[i]->flush();
}));
generate(MAC + start * bucket_size*3, KEY + start * bucket_size*3, length * bucket_size, i);
}));
}
for(int i = 0; i < THDS; ++i)
res[i].get();
joinNclean(res);
if(party == 1) {
cout <<"ABIT\t"<<time_from(start_time)<<"\n";
start_time = clock_start();
}
int T2U = THDS*2;
for(int i = 0; i < T2U; ++i) {
int start = i*(batch_size/T2U);
int length = batch_size/T2U;
res.push_back(pool->enqueue([this, start, length, i](){
check(MAC + start * bucket_size*3, KEY + start * bucket_size*3, length * bucket_size, i);
}));
}
joinNclean(res);
if(party == 1) {
cout <<"check\t"<<time_from(start_time)<<"\n";
start_time = clock_start();
}
#ifdef __debug
double t2 = timeStamp();
cout << "\t Fpre: Generate N Check:\t"<< t2-t1<<endl;
check_correctness(MAC, KEY, r, batch_size*bucket_size);
t1 = timeStamp();
check_correctness(MAC, KEY, batch_size);
#endif
combine(MAC, KEY, r, batch_size, bucket_size);
#ifdef __debug
t2 = timeStamp();
cout << "\t Fpre: Permute N Combine:\t"<< t2-t1<<endl;
check_correctness(MAC, KEY, r, batch_size);
#endif
for(int i = 0; i < THDS; ++i)
if(!eq[i]->compare()) {
error("FEQ error\n");
block S = coin_tossing(prg, io[0], party);
if(bucket_size > 4) {
combine(S, 0, MAC, KEY, batch_size, bucket_size, MAC_res, KEY_res);
} else {
int width = min((batch_size+THDS-1)/THDS, permute_batch_size);
for(int i = 0; i < THDS; ++i) {
int start = i*width;
int length = min( (i+1)*width, batch_size) - i*width;
res.push_back(pool->enqueue([this, start, length, i, S](){
combine(S, i, MAC+start*bucket_size*3, KEY+start*bucket_size*3, length, bucket_size, MAC_res+start*3, KEY_res+start*3);
}));
}
joinNclean(res);
}
if(party == 1) {
cout <<"permute\t"<<time_from(start_time)<<"\n";
start_time = clock_start();
}
#ifdef __debug
check_correctness(MAC, KEY, batch_size);
#endif
char dgst[Hash::DIGEST_SIZE];
for(int i = 1; i < 2*THDS; ++i) {
eq[i]->dgst(dgst);
eq[0]->add_data(dgst, Hash::DIGEST_SIZE);
}
if(!eq[0]->compare()) {
error("FEQ error\n");
}
}
void generate(block * MAC, block * KEY, bool * r, int length, int I) {
void generate(block * MAC, block * KEY, int length, int I) {
if (party == ALICE) {
if(I%2 == 1) {
future<void> res = pool->enqueue(abit_run, abit1[I], io[I], true, KEY, nullptr, length*3);
abit_run(abit2[I], io2[I], false, MAC, r, length*3);
res.get();
} else {
future<void> res = pool->enqueue(abit_run, abit1[I], io[I], true, KEY, nullptr, length*3);
abit_run(abit2[I], io2[I], false, MAC, r, length*3);
res.get();
}
uint8_t * data = new uint8_t[length];
for(int i = 0; i < length; ++i) {
block tmp[4], tmp2[4];
tmp[0] = KEY[3*i];
tmp[1] = xorBlocks(tmp[0], Delta);
tmp[2] = KEY[3*i+1];
tmp[3] = xorBlocks(tmp[2], Delta);
prps[I].H<4>(tmp, tmp, 4*i);
tmp2[0] = xorBlocks(tmp[0], tmp[2]);
tmp2[1] = xorBlocks(tmp[1], tmp[2]);
tmp2[2] = xorBlocks(tmp[0], tmp[3]);
tmp2[3] = xorBlocks(tmp[1], tmp[3]);
data[i] = getLSB(tmp2[0]);
data[i] |= (getLSB(tmp2[1])<<1);
data[i] |= (getLSB(tmp2[2])<<2);
data[i] |= (getLSB(tmp2[3])<<3);
if ( ((false != r[3*i] ) && (false != r[3*i+1])) != r[3*i+2] )
data[i] = data[i] ^ 0x1;
if ( ((true != r[3*i] ) && (false != r[3*i+1])) != r[3*i+2] )
data[i] = data[i] ^ 0x2;
if ( ((false != r[3*i] ) && (true != r[3*i+1])) != r[3*i+2] )
data[i] = data[i] ^ 0x4;
if ( ((true != r[3*i] ) && (true != r[3*i+1])) != r[3*i+2] )
data[i] = data[i] ^ 0x8;
io[I]->send_data(&data[i], 1);
}
bool *bb = new bool[length];
recv_bool(io[I], bb, length);
for(int i = 0; i < length; ++i) {
if(bb[i]) KEY[3*i+2] = xorBlocks(KEY[3*i+2], Delta);
}
delete[] bb;
delete[] data;
future<void> fut = pool->enqueue([this, length, KEY, I](){
abit1[I]->send_dot(KEY, length*3);
});
abit2[I]->recv_dot(MAC, length*3);
fut.get();
} else {
if(I%2 == 1) {
future<void> res = pool->enqueue(abit_run, abit1[I], io2[I], false, MAC, r, length*3);
abit_run(abit2[I], io[I], true, KEY, nullptr, length*3);
res.get();
} else {
future<void> res = pool->enqueue(abit_run, abit1[I], io2[I], false, MAC, r, length*3);
abit_run( abit2[I], io[I], true, KEY, nullptr, length*3);
res.get();
}
uint8_t tmp;
bool *d = new bool[length];
for(int i = 0; i < length; ++i) {
io[I]->recv_data(&tmp, 1);
block H = xorBlocks(prps[I].H(MAC[3*i], 4*i + r[3*i]), prps[I].H(MAC[3*i+1], 4*i + 2 + r[3*i+1]));
uint8_t res = getLSB(H);
tmp >>= (r[3*i+1]*2+r[3*i]);
d[i] = r[3*i+2] != ((tmp&0x1) != (res&0x1));
r[3*i+2] = (!(tmp&0x1) != !(res&0x1));
}
send_bool(io[I], d, length);
delete[] d;
future<void> fut = pool->enqueue([this, length, KEY, I](){
abit2[I]->send_dot(KEY, length*3);
});
abit1[I]->recv_dot(MAC, length*3);
fut.get();
}
}
void check(const block * MAC, const block * KEY, const bool * r, bool checker, int length, NetIO * local_io, int I) {
local_io->flush();
block * T = new block[length];
if(checker) {
for(int i = 0; i < length; ++i) {
block tmp[2], tmp2[2], tmp3[2];
tmp[0] = double_block(KEY[3*i]);
tmp[1] = double_block(xorBlocks(KEY[3*i], Delta));
void check(block * MAC, block * KEY, int length, int I) {
T * local_io = (I%2==0) ? io[I/2]: io2[I/2];
tmp2[0] = KEY[3*i+2];
if(r[3*i+2]) tmp2[0] = xorBlocks(tmp2[0], Delta);
tmp2[1] = xorBlocks(KEY[3*i+1], KEY[3*i+2]);
if(r[3*i+2] != r[3*i+1]) tmp2[1] = xorBlocks(tmp2[1], Delta);
tmp2[0] = double_block( double_block (tmp2[0]));
tmp2[1] = double_block( double_block (tmp2[1]));
tmp3[0] = xorBlocks(tmp[r[3*i]], tmp2[0]);
tmp3[1] = xorBlocks(tmp[!r[3*i]], tmp2[1]);
prps[I].H<2>(tmp, tmp3, 2*i);
T[i] = tmp[r[3*i]];
tmp[1] = xorBlocks(tmp[0], tmp[1]);
local_io->send_block(&tmp[1], 1);
}
for(int i = 0; i < length; ++i) {
block W = xorBlocks(T[i], prps[I].H(MAC[3*i], 2*i+r[3*i])), tmp;
local_io->recv_block(&tmp, 1);
if(r[3*i]) W = xorBlocks(W, tmp);
eq[I]->add(&W, sizeof(block));
}
block * G = new block[length];
block * C = new block[length];
block * GR = new block[length];
bool * d = new bool[length];
bool * dR = new bool[length];
for (int i = 0; i < length; ++i) {
C[i] = KEY[3*i+1] ^ MAC[3*i+1];
C[i] = C[i] ^ (select_mask[getLSB(MAC[3*i+1])] & Delta);
G[i] = H2D(KEY[3*i], Delta, I);
G[i] = G[i] ^ C[i];
}
if(party == ALICE) {
local_io->send_data(G, sizeof(block)*length);
local_io->recv_data(GR, sizeof(block)*length);
} else {
for(int i = 0; i < length; ++i) {
block V[2], tmp2[2];
V[0] = double_block(MAC[3*i]);
V[1] = double_block(MAC[3*i]);
tmp2[0] = double_block(double_block(MAC[3*i+2]));
tmp2[1] = double_block(double_block(xorBlocks(MAC[3*i+2], MAC[3*i+1])));
xorBlocks_arr(V, V, tmp2, 2);
prps[I].H<2>(V, V, 2*i);
block U;
local_io->recv_block(&U, 1);
tmp2[0] = KEY[3*i];
tmp2[1] = xorBlocks(KEY[3*i], Delta);
prps[I].H<2>(tmp2, tmp2, 2*i);
T[i] = xorBlocks(tmp2[0], tmp2[1]);
T[i] = xorBlocks(T[i], V[0]);
T[i] = xorBlocks(T[i], V[1]);
block T2 = xorBlocks(tmp2[0], V[r[3*i]]);
if(r[3*i])
T2 = xorBlocks(T2, U);
eq[I]->add(&T2, sizeof(block));
}
local_io->send_block(T, length);
local_io->recv_data(GR, sizeof(block)*length);
local_io->send_data(G, sizeof(block)*length);
}
local_io->flush();
delete[] T;
}
void check_correctness(block * MAC, block * KEY, bool * r, int length) {
if (party == ALICE) {
io[0]->send_data(r, length*3);
io[0]->send_block(&Delta, 1);
io[0]->send_block(KEY, length*3);
block DD;io[0]->recv_block(&DD, 1);
for(int i = 0; i < length*3; ++i) {
block tmp;io[0]->recv_block(&tmp, 1);
if(r[i]) tmp = xorBlocks(tmp, DD);
if (!block_cmp(&tmp, &MAC[i], 1))
cout <<i<<"\tWRONG ABIT!"<<endl<<flush;
}
} else {
bool tmp[3];
for(int i = 0; i < length; ++i) {
io[0]->recv_data(tmp, 3);
bool res = ((tmp[0] != r[3*i] ) && (tmp[1] != r[3*i+1]));
if(res != (tmp[2] != r[3*i+2]) ) {
cout <<i<<"\tWRONG!"<<endl<<flush;
}
}
block DD;io[0]->recv_block(&DD, 1);
for(int i = 0; i < length*3; ++i) {
block tmp;io[0]->recv_block(&tmp, 1);
if(r[i]) tmp = xorBlocks(tmp, DD);
if (!block_cmp(&tmp, &MAC[i], 1))
cout <<i<<"\tWRONG ABIT!"<<endl<<flush;
}
io[0]->send_block(&Delta, 1);
io[0]->send_block(KEY, length*3);
for(int i = 0; i < length; ++i) {
block S = H2(MAC[3*i], KEY[3*i], I);
S = S ^ MAC[3*i+2] ^ KEY[3*i+2];
S = S ^ (select_mask[getLSB(MAC[3*i])] & (GR[i] ^ C[i]));
G[i] = S ^ (select_mask[getLSB(MAC[3*i+2])] & Delta);
d[i] = getL2SB(G[i]);
}
if(party == ALICE) {
local_io->send_bool(d, length);
local_io->recv_bool(dR,length);
} else {
local_io->recv_bool(dR, length);
local_io->send_bool(d, length);
}
local_io->flush();
for(int i = 0; i < length; ++i) {
d[i] = d[i] != dR[i];
if (d[i]) {
if(party == ALICE)
MAC[3*i+2] = MAC[3*i+2] ^ one;
else
KEY[3*i+2] = KEY[3*i+2] ^ ZDelta;
G[i] = G[i] ^ Delta;
}
eq[I]->add_block(G[i]);
}
delete[] G;
delete[] GR;
delete[] C;
delete[] d;
delete[] dR;
}
block H2D(block a, block b, int I) {
block d[2];
d[0] = a;
d[1] = a ^ b;
prps[I].permute_block(d, 2);
d[0] = d[0] ^ d[1];
return d[0] ^ b;
}
void combine(block * MAC, block * KEY, bool * r, int length, int bucket_size) {
block S, HS, S2, HS2; prg.random_block(&S, 1);
HS = S;
prp.permute_block(&HS, 1);
if (party == ALICE) {
io[0]->send_block(&HS, 1);
io[0]->recv_block(&HS2, 1);
io[0]->recv_block(&S2, 1);
io[0]->send_block(&S, 1);
} else {
io[0]->recv_block(&HS2, 1);
io[0]->send_block(&HS, 1);
io[0]->send_block(&S, 1);
io[0]->recv_block(&S2, 1);
}
S = xorBlocks(S, S2);
HS = S2;
prp.permute_block(&HS, 1);
if (!block_cmp(&HS, &HS2, 1)) {
cout <<"cheat!"<<endl;
}
int * ind = new int[length*bucket_size];
block H2(block a, block b, int I) {
block d[2];
d[0] = a;
d[1] = b;
prps[I].permute_block(d, 2);
d[0] = d[0] ^ d[1];
d[0] = d[0] ^ a;
return d[0] ^ b;
}
bool getL2SB(block b) {
unsigned char x = *((unsigned char*)&b);
return ((x >> 1) & 0x1) == 1;
}
void combine(block S, int I, block * MAC, block * KEY, int length, int bucket_size, block * MAC_res, block * KEY_res) {
int *location = new int[length*bucket_size];
for(int i = 0; i < length*bucket_size; ++i) location[i] = i;
PRG prg(&S);
PRG prg(&S, I);
int * ind = new int[length*bucket_size];
prg.random_data(ind, length*bucket_size*4);
for(int i = length*bucket_size-1; i>=0; --i) {
int index = ind[i]%(i+1);
@@ -374,68 +306,89 @@ class Fpre {
bool *data = new bool[length*bucket_size];
bool *data2 = new bool[length*bucket_size];
block * MAC2 = new block[length*3];
block * KEY2 = new block[length*3];
bool * r2 = new bool[length*3];
vector<future<void>> res;
for(int i = 0; i < THDS; ++i)
res.push_back(pool->enqueue(combine_merge, this, length/THDS*i, length/THDS, i, data, data2, MAC2, KEY2, r2, location));
for(int i = 0; i < THDS; ++i)
res[i].get();
memcpy(MAC, MAC2, sizeof(block)*3*length);
memcpy(KEY, KEY2, sizeof(block)*3*length);
memcpy(r, r2, sizeof(bool)*3*length);
for(int i = 0; i < length; ++i) {
for(int j = 1; j < bucket_size; ++j) {
data[i*bucket_size+j] = getLSB(MAC[location[i*bucket_size]*3+1] ^ MAC[location[i*bucket_size+j]*3+1]);
}
}
if(party == ALICE) {
io[I]->send_bool(data, length*bucket_size);
io[I]->recv_bool(data2, length*bucket_size);
} else {
io[I]->recv_bool(data2, length*bucket_size);
io[I]->send_bool(data, length*bucket_size);
}
io[I]->flush();
for(int i = 0; i < length; ++i) {
for(int j = 1; j < bucket_size; ++j) {
data[i*bucket_size+j] = (data[i*bucket_size+j] != data2[i*bucket_size+j]);
}
}
for(int i = 0; i < length; ++i) {
for(int j = 0; j < 3; ++j) {
MAC_res[i*3+j] = MAC[location[i*bucket_size]*3+j];
KEY_res[i*3+j] = KEY[location[i*bucket_size]*3+j];
}
for(int j = 1; j < bucket_size; ++j) {
MAC_res[3*i] = MAC_res[3*i] ^ MAC[location[i*bucket_size+j]*3];
KEY_res[3*i] = KEY_res[3*i] ^ KEY[location[i*bucket_size+j]*3];
MAC_res[i*3+2] = MAC_res[i*3+2] ^ MAC[location[i*bucket_size+j]*3+2];
KEY_res[i*3+2] = KEY_res[i*3+2] ^ KEY[location[i*bucket_size+j]*3+2];
if(data[i*bucket_size+j]) {
KEY_res[i*3+2] = KEY_res[i*3+2] ^ KEY[location[i*bucket_size+j]*3];
MAC_res[i*3+2] = MAC_res[i*3+2] ^ MAC[location[i*bucket_size+j]*3];
}
}
}
delete[] data;
delete[] location;
delete[] data2;
delete[] MAC2;
delete[] KEY2;
delete[] r2;
}
//for debug
void check_correctness(block * MAC, block * KEY, int length) {
if (party == ALICE) {
for(int i = 0; i < length*3; ++i) {
bool tmp = getLSB(MAC[i]);
io[0]->send_data(&tmp, 1);
}
io[0]->send_block(&Delta, 1);
io[0]->send_block(KEY, length*3);
block DD;io[0]->recv_block(&DD, 1);
for(int i = 0; i < length*3; ++i) {
block tmp;io[0]->recv_block(&tmp, 1);
if(getLSB(MAC[i])) tmp = tmp ^ DD;
if (!cmpBlock(&tmp, &MAC[i], 1))
cout <<i<<"\tWRONG ABIT2!\n";
}
} else {
bool tmp[3];
for(int i = 0; i < length; ++i) {
io[0]->recv_data(tmp, 3);
bool res = ((tmp[0] != getLSB(MAC[3*i]) ) && (tmp[1] != getLSB(MAC[3*i+1])));
if(res != (tmp[2] != getLSB(MAC[3*i+2])) ) {
cout <<i<<"\tWRONG!\t";
}
}
block DD;io[0]->recv_block(&DD, 1);
for(int i = 0; i < length*3; ++i) {
block tmp;io[0]->recv_block(&tmp, 1);
if(getLSB(MAC[i])) tmp = tmp ^ DD;
if (!cmpBlock(&tmp, &MAC[i], 1))
cout <<i<<"\tWRONG ABIT2!\n";
}
io[0]->send_block(&Delta, 1);
io[0]->send_block(KEY, length*3);
}
io[0]->flush();
}
};
void combine_merge(Fpre * fpre, int start, int length, int I, bool * data, bool* data2, block * MAC2, block * KEY2, bool *r2, int * location) {
fpre->io[I]->flush();
int bucket_size = fpre->bucket_size;
for(int i = start; i < start+length; ++i) {
for(int j = 1; j < bucket_size; ++j) {
data[i*bucket_size+j] = (fpre->r[location[i*bucket_size]*3+1]!=fpre->r[location[i*bucket_size+j]*3+1]);
}
}
if(fpre->party == ALICE) {
send_bool(fpre->io[I], data + start * bucket_size, length*bucket_size);
recv_bool(fpre->io[I], data2 + start*bucket_size, length*bucket_size);
} else {
recv_bool(fpre->io[I], data2 + start*bucket_size, length*bucket_size);
send_bool(fpre->io[I], data + start * bucket_size, length*bucket_size);
}
for(int i = start; i < start+length; ++i) {
for(int j = 1; j < bucket_size; ++j) {
data[i*bucket_size+j] = (data[i*bucket_size+j] != data2[i*bucket_size+j]);
}
}
for(int i = start; i < start+length; ++i) {
for(int j = 0; j < 3; ++j) {
MAC2[i*3+j] = fpre->MAC[location[i*bucket_size]*3+j];
KEY2[i*3+j] = fpre->KEY[location[i*bucket_size]*3+j];
r2[i*3+j] = fpre->r[location[i*bucket_size]*3+j];
}
for(int j = 1; j < bucket_size; ++j) {
MAC2[3*i] = xorBlocks(MAC2[3*i], fpre->MAC[location[i*bucket_size+j]*3]);
KEY2[3*i] = xorBlocks(KEY2[3*i], fpre->KEY[location[i*bucket_size+j]*3]);
r2[3*i] = (r2[3*i] != fpre->r[location[i*bucket_size+j]*3]);
MAC2[i*3+2] = xorBlocks(MAC2[i*3+2], fpre->MAC[location[i*bucket_size+j]*3+2]);
KEY2[i*3+2] = xorBlocks(KEY2[i*3+2], fpre->KEY[location[i*bucket_size+j]*3+2]);
r2[i*3+2] = (r2[i*3+2] != fpre->r[location[i*bucket_size+j]*3+2]);
if(data[i*bucket_size+j]) {
KEY2[i*3+2] = xorBlocks(KEY2[i*3+2], fpre->KEY[location[i*bucket_size+j]*3]);
MAC2[i*3+2] = xorBlocks(MAC2[i*3+2], fpre->MAC[location[i*bucket_size+j]*3]);
r2[i*3+2] = (r2[i*3+2] != fpre->r[location[i*bucket_size+j]*3]);
}
}
}
fpre->io[I]->flush();
}
}
#endif// FPRE_H__

118
emp-ag2pc/helper.h
View File

@@ -1,103 +1,57 @@
#ifndef __HELPER
#define __HELPER
#ifndef EMP_AG2PC_HELPER_H__
#define EMP_AG2PC_HELPER_H__
#include <emp-tool/emp-tool.h>
#include "c2pc_config.h"
#include <immintrin.h>
#include <boost/align/align.hpp>
#include "config.h"
using std::future;
using std::cout;
using std::endl;
using std::flush;
#undef align
namespace emp {
void send_bool_aligned(NetIO* io, const bool * data, int length) {
unsigned long long * data64 = (unsigned long long * )data;
int i = 0;
#if !defined(__BMI2__)
unsigned long long mask;
#endif
for(; i < length/8; ++i) {
unsigned long long tmp;
#if defined(__BMI2__)
tmp = _pext_u64(data64[i], 0x0101010101010101ULL);
#else
// https://github.com/Forceflow/libmorton/issues/6
tmp = 0;
mask = 0x0101010101010101ULL;
for (unsigned long long bb = 1; mask != 0; bb += bb) {
if (data64[i] & mask & -mask) { tmp |= bb; }
mask &= (mask - 1);
}
#endif
io->send_data(&tmp, 1);
}
if (8*i != length)
io->send_data(data + 8*i, length - 8*i);
}
void recv_bool_aligned(NetIO* io, bool * data, int length) {
unsigned long long * data64 = (unsigned long long *) data;
int i = 0;
#if !defined(__BMI2__)
unsigned long long mask;
#endif
for(; i < length/8; ++i) {
unsigned long long tmp = 0;
io->recv_data(&tmp, 1);
#if defined(__BMI2__)
data64[i] = _pdep_u64(tmp, (unsigned long long) 0x0101010101010101ULL);
#else
data64[i] = 0;
mask = 0x0101010101010101ULL;
for (unsigned long long bb = 1; mask != 0; bb += bb) {
if (tmp & bb) {data64[i] |= mask & (-mask); }
mask &= (mask - 1);
}
#endif
}
if (8*i != length)
io->recv_data(data + 8*i, length - 8*i);
}
void send_bool(NetIO * io, bool * data, int length) {
void * ptr = (void *)data;
size_t space = length;
void * aligned = boost::alignment::align(alignof(uint64_t), sizeof(uint64_t), ptr, space);
if(aligned == nullptr)
io->send_data(data, length);
else{
int diff = length - space;
io->send_data(data, diff);
send_bool_aligned(io, (const bool*)aligned, length - diff);
}
template<typename T>
void joinNclean(vector<future<T>>& res) {
for(auto &v: res) v.get();
res.clear();
}
void recv_bool(NetIO * io, bool * data, int length) {
void * ptr = (void *)data;
size_t space = length;
void * aligned = boost::alignment::align(alignof(uint64_t), sizeof(uint64_t), ptr, space);
if(aligned == nullptr)
io->recv_data(data, length);
else{
int diff = length - space;
io->recv_data(data, diff);
recv_bool_aligned(io, (bool*)aligned, length - diff);
}
}
template<int B>
void send_partial_block(NetIO * io, const block * data, int length) {
template<typename T, int B>
void send_partial_block(T * io, const block * data, int length) {
for(int i = 0; i < length; ++i) {
io->send_data(&(data[i]), B);
}
}
template<int B>
void recv_partial_block(NetIO * io, block * data, int length) {
template<typename T, int B>
void recv_partial_block(T * io, block * data, int length) {
for(int i = 0; i < length; ++i) {
io->recv_data(&(data[i]), B);
}
}
template<typename T>
block coin_tossing(PRG prg, T* io, int party) {
block S, S2;
char dgst[Hash::DIGEST_SIZE];
prg.random_block(&S, 1);
if(party == ALICE) {
Hash::hash_once(dgst, &S, sizeof(block));
io->send_data(dgst, Hash::DIGEST_SIZE);
io->recv_block(&S2, 1);
io->send_block(&S, 1);
} else {
char dgst2[Hash::DIGEST_SIZE];
io->recv_data(dgst2, Hash::DIGEST_SIZE);
io->send_block(&S, 1);
io->recv_block(&S2, 1);
Hash::hash_once(dgst, &S2, sizeof(block));
if (memcmp(dgst, dgst2, Hash::DIGEST_SIZE)!= 0)
error("cheat CT!");
}
io->flush();
return S ^ S2;
}
}
#endif// __HELPER

48
emp-ag2pc/leaky_deltaot.h Normal file
View File

@@ -0,0 +1,48 @@
#ifndef LEAKY_DELTA_OT_H__
#define LEAKY_DELTA_OT_H__
#include <emp-ot/emp-ot.h>
namespace emp {
#ifdef __GNUC__
#ifndef __clang__
#pragma GCC push_options
#pragma GCC optimize ("unroll-loops")
#endif
#endif
template<typename T>
class LeakyDeltaOT: public IKNP<T> { public:
LeakyDeltaOT(T * io): IKNP<T>(io, false){
}
void send_dot(block * data, int length) {
this->send_cot(data, length);
this->io->flush();
block one = makeBlock(0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFE);
for (int i = 0; i < length; ++i) {
data[i] = data[i] & one;
}
}
void recv_dot(block* data, int length) {
bool * b = new bool[length];
this->prg.random_bool(b, length);
this->recv_cot(data, b, length);
this->io->flush();
block ch[2];
ch[0] = zero_block;
ch[1] = makeBlock(0, 1);
block one = makeBlock(0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFE);
for (int i = 0; i < length; ++i) {
data[i] = (data[i] & one) ^ ch[b[i]];
}
delete[] b;
}
};
#ifdef __GNUC_
#ifndef __clang___
#pragma GCC pop_options
#endif
#endif
}
#endif// LEAKY_DELTA_OT_H__

14
run
View File

@@ -2,29 +2,29 @@
if [ "$1" == "-p1" ]
then
shift
perf record $1 1 $2 & (sleep 0.1; $1 2 $2)
perf record $1 1 12345 & (sleep 0.1; $1 2 12345)
elif [ "$1" == "-p2" ]
then
shift
(sleep 0.1; $1 1 $2) & (perf record $1 2 $2)
(sleep 0.1; $1 1 12345) & (perf record $1 2 12345)
elif [ "$1" == "-m1" ]
then
shift
valgrind --leak-check=full $1 1 $2 & $1 2 $2
valgrind --leak-check=full $1 1 12345 & $1 2 12345
elif [ "$1" == "-m2" ]
then
shift
$1 1 $2 & valgrind --leak-check=full $1 2 $2
$1 1 12345 & valgrind --leak-check=full $1 2 12345
elif [ "$1" == "-t1" ]
then
shift
time $1 1 $2 & $1 2 $2
time $1 1 12345 & $1 2 12345
elif [ "$1" == "-t2" ]
then
shift
$1 1 $2 & time $1 2 $2
$1 1 12345 & time $1 2 12345
else
(sleep 0.05; $1 1 $2) & $1 2 $2
(sleep 0.05; $1 1 12345) & $1 2 12345
fi

79
test/abit.cpp
View File

@@ -1,71 +1,48 @@
#include <emp-tool/emp-tool.h>
#include "abit.h"
#include "emp-ag2pc/leaky_deltaot.h"
#include<thread>
using namespace std;
using namespace emp;
static inline uint64_t get_cycles()
{
uint64_t t;
__asm volatile ("rdtsc" : "=A"(t));
return t;
}
int size = 1<<25;
const int nt = 10;
void fun(ABit * abit, int party, bool * bb, block * t1) {
if(party == ALICE) {
abit->send(t1, size);
} else {
abit->recv(t1, bb, size);
}
}
int size = 10000000;
int main(int argc, char** argv) {
int port, party;
parse_party_and_port(argv, &party, &port);
NetIO *io[nt];
NetIO *io2[nt];
ABit *abit[nt];
ABit *abit2[nt];
block *t1[nt];bool*bb[nt];
block *t2[nt];bool*bb2[nt];
PRG prg;
for(int i = 0; i < nt; ++i){
io[i] = new NetIO(party==ALICE ? nullptr:IP, port+i);
io2[i] = new NetIO(party==ALICE ? nullptr:IP, port+i+20);
abit[i] = new ABit(io[i]);
abit2[i] = new ABit(io2[i]);
t1[i] = new block[size];
bb[i] = new bool[size];
t2[i] = new block[size];
bb2[i] = new bool[size];
prg.random_bool(bb[i], size);
}
auto tt1 = clock_start();
vector<thread> ths;
for(int i = 0; i < nt; ++i) {
ths.push_back(thread(fun, abit[i], party, bb[i], t1[i]));
ths.push_back(thread(fun, abit2[i], ALICE+BOB-party, bb2[i], t2[i]));
}
NetIO * io = new NetIO(party==ALICE ? nullptr:"127.0.0.1", port);
LeakyDeltaOT<NetIO> *abit = new LeakyDeltaOT<NetIO>(io);
bool delta[128];
block * t1 = new block[size];
prg.random_bool(delta, 128);
delta[0] = true;
for(int i = 0; i < 2*nt; ++i)
ths[i].join();
if(party == ALICE)
abit->setup_send(delta);
else abit->setup_recv();
auto tt1 = clock_start();
if(party == ALICE) {
abit->send_dot(t1, size);
} else {
abit->recv_dot(t1, size);
}
cout << time_from(tt1)<<endl;
/* block Delta, tmp;
if (party == ALICE) {
io->send_block(&(abit.Delta), 1);
block Delta, tmp;
if (party == ALICE) {
io->send_block(&(abit->Delta), 1);
io->send_block(t1, size);
} else {
} else {
io->recv_block (&Delta, 1);
for(int i = 0; i < size; ++i) {
io->recv_block (&tmp, 1);
if(bb[i])
tmp = xorBlocks(tmp, Delta);
assert(memcmp(&t1[i], &tmp, 16)==0);
io->recv_block (&tmp, 1);
if(getLSB(t1[i]))
tmp = tmp ^ Delta;
if(memcmp(&t1[i], &tmp, 16)!=0)
error("check failed!");
}
}*/
}
delete io;
return 0;
}

4
test/aes.cpp
View File

@@ -7,8 +7,8 @@ int main(int argc, char** argv) {
int party, port;
parse_party_and_port(argv, &party, &port);
NetIO* io = new NetIO(party==ALICE ? nullptr:IP, port);
io->set_nodelay();
test(party, io, circuit_file_location+"AES-non-expanded.txt");
// io->set_nodelay();
test<NetIO>(party, io, circuit_file_location+"AES-non-expanded.txt");
delete io;
return 0;
}

8
test/amortized_2pc.cpp
View File

@@ -1,9 +1,9 @@
#include <emp-tool/emp-tool.h>
#include "amortized_2pc.h"
#include "emp-ag2pc/amortized_2pc.h"
#include "test/single_execution.h"
using namespace std;
using namespace emp;
const string circuit_file_location = macro_xstr(EMP_CIRCUIT_PATH);
static char out3[] = "92b404e556588ced6c1acd4ebf053f6809f73a93";//bafbc2c87c33322603f38e06c3e0f79c1f1b1475";
const static int runs = 4;
int main(int argc, char** argv) {
@@ -11,7 +11,7 @@ int main(int argc, char** argv) {
parse_party_and_port(argv, &party, &port);
NetIO* io = new NetIO(party==ALICE ? nullptr:IP, port);
io->set_nodelay();
// io->set_nodelay();
string file = "ands.txt";//circuit_file_location+"/AES-non-expanded.txt";//adder_32bit.txt";
file = circuit_file_location+"/AES-non-expanded.txt";//adder_32bit.txt";
file = circuit_file_location+"/sha-1.txt";
@@ -19,7 +19,7 @@ int main(int argc, char** argv) {
CircuitFile cf(file.c_str());
auto t1 = clock_start();
AmortizedC2PC<runs> twopc(io, party, &cf);
AmortizedC2PC<NetIO, runs> twopc(io, party, &cf);
io->flush();
cout << "one time:\t"<<party<<"\t" <<time_from(t1)<<endl;
t1 = clock_start();

2
test/sha1.cpp
View File

@@ -7,7 +7,7 @@ int main(int argc, char** argv) {
int party, port;
parse_party_and_port(argv, &party, &port);
NetIO* io = new NetIO(party==ALICE ? nullptr:IP, port);
io->set_nodelay();
// io->set_nodelay();
test(party, io, circuit_file_location+"sha-1.txt", string("92b404e556588ced6c1acd4ebf053f6809f73a93"));
delete io;
return 0;

2
test/sha256.cpp
View File

@@ -7,7 +7,7 @@ int main(int argc, char** argv) {
int party, port;
parse_party_and_port(argv, &party, &port);
NetIO* io = new NetIO(party==ALICE ? nullptr:IP, port);
io->set_nodelay();
// io->set_nodelay();
test(party, io, circuit_file_location+"sha-256.txt", "da5698be17b9b46962335799779fbeca8ce5d491c0d26243bafef9ea1837a9d8");
delete io;
return 0;

2
test/simple_circuit.cpp
View File

@@ -7,7 +7,7 @@ int main(int argc, char** argv) {
int party, port;
parse_party_and_port(argv, &party, &port);
NetIO* io = new NetIO(party==ALICE ? nullptr:IP, port);
io->set_nodelay();
//io->set_nodelay();
test(party, io, "test/ands.txt");
delete io;
return 0;

36
test/single_execution.h
View File

@@ -3,12 +3,44 @@
using namespace std;
using namespace emp;
inline const char* hex_char_to_bin(char c) {
switch(toupper(c)) {
case '0': return "0000";
case '1': return "0001";
case '2': return "0010";
case '3': return "0011";
case '4': return "0100";
case '5': return "0101";
case '6': return "0110";
case '7': return "0111";
case '8': return "1000";
case '9': return "1001";
case 'A': return "1010";
case 'B': return "1011";
case 'C': return "1100";
case 'D': return "1101";
case 'E': return "1110";
case 'F': return "1111";
default: return "0";
}
}
inline std::string hex_to_binary(std::string hex) {
std::string bin;
for(unsigned i = 0; i != hex.length(); ++i)
bin += hex_char_to_bin(hex[i]);
return bin;
}
const string circuit_file_location = macro_xstr(EMP_CIRCUIT_PATH);
void test(int party, NetIO* io, string name, string check_output = "") {
template<typename T>
void test(int party, T* io, string name, string check_output = "") {
string file = name;//circuit_file_location + name;
CircuitFile cf(file.c_str());
auto t1 = clock_start();
C2PC twopc(io, party, &cf);
C2PC<T> twopc(io, party, &cf);
io->flush();
cout << "one time:\t"<<party<<"\t" <<time_from(t1)<<endl;

25
test/triple.cpp Normal file
View File

@@ -0,0 +1,25 @@
#include <emp-tool/emp-tool.h>
#include "emp-ag2pc/fpre.h"
#include<thread>
using namespace std;
using namespace emp;
int N = 1<<20;
int main(int argc, char** argv) {
int port, party;
parse_party_and_port(argv, &party, &port);
HighSpeedNetIO *io;
io = new HighSpeedNetIO(party==ALICE ? nullptr:IP, port);
Fpre<HighSpeedNetIO> * fpre = new Fpre<HighSpeedNetIO>(io, party, N);
auto tt1 = clock_start();
fpre->refill();
//fpre->refill();
cout << time_from(tt1)/(N)*1000<<endl;
cout << fpre->bandwidth()<<endl;
fpre->check_correctness(fpre->MAC_res, fpre->KEY_res, fpre->batch_size);
delete io;
return 0;
}