Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Align XofTurboShake128 with VDAF-13
Browse files Browse the repository at this point in the history 
* Bump seed size for XofTurboShake128 to 32 bytes
* Allow variable length seeds for compatibility with IDPF.
* Make the dst length prefix 2 bytes
@cjpatton
cjpatton committed Dec 16, 2024
1 parent 937e8a6 commit c14dd95
Showing 14 changed files with 152 additions and 122 deletions.
10 changes: 5 additions & 5 deletions benches/cycle_counts.rs
View file
Original file line number Diff line number Diff line change
@@ -105,7 +105,7 @@ fn prio2_shard_and_prepare_1000() -> Prio2PrepareShare {
prio2_shard_and_prepare(1000)
}

fn prio3_client_count() -> Vec<Prio3InputShare<Field64, 16>> {
fn prio3_client_count() -> Vec<Prio3InputShare<Field64, 32>> {
let prio3 = Prio3::new_count(2).unwrap();
let measurement = true;
let nonce = [0; 16];
@@ -115,7 +115,7 @@ fn prio3_client_count() -> Vec<Prio3InputShare<Field64, 16>> {
.1
}

fn prio3_client_histogram_10() -> Vec<Prio3InputShare<Field128, 16>> {
fn prio3_client_histogram_10() -> Vec<Prio3InputShare<Field128, 32>> {
let prio3 = Prio3::new_histogram(2, 10, 3).unwrap();
let measurement = 9;
let nonce = [0; 16];
@@ -125,7 +125,7 @@ fn prio3_client_histogram_10() -> Vec<Prio3InputShare<Field128, 16>> {
.1
}

fn prio3_client_sum_32() -> Vec<Prio3InputShare<Field64, 16>> {
fn prio3_client_sum_32() -> Vec<Prio3InputShare<Field64, 32>> {
let bits = 16;
let prio3 = Prio3::new_sum(2, (1 << bits) - 1).unwrap();
let measurement = 1337;
@@ -136,7 +136,7 @@ fn prio3_client_sum_32() -> Vec<Prio3InputShare<Field64, 16>> {
.1
}

fn prio3_client_count_vec_1000() -> Vec<Prio3InputShare<Field128, 16>> {
fn prio3_client_count_vec_1000() -> Vec<Prio3InputShare<Field128, 32>> {
let len = 1000;
let prio3 = Prio3::new_sum_vec(2, 1, len, 31).unwrap();
let measurement = vec![0; len];
@@ -148,7 +148,7 @@ fn prio3_client_count_vec_1000() -> Vec<Prio3InputShare<Field128, 16>> {
}

#[cfg(feature = "multithreaded")]
fn prio3_client_count_vec_multithreaded_1000() -> Vec<Prio3InputShare<Field128, 16>> {
fn prio3_client_count_vec_multithreaded_1000() -> Vec<Prio3InputShare<Field128, 32>> {
let len = 1000;
let prio3 = Prio3::new_sum_vec_multithreaded(2, 1, len, 31).unwrap();
let measurement = vec![0; len];
8 changes: 4 additions & 4 deletions benches/speed_tests.rs
View file
Original file line number Diff line number Diff line change
@@ -179,7 +179,7 @@ fn prio3(c: &mut Criterion) {
let vdaf = Prio3::new_count(num_shares).unwrap();
let measurement = black_box(true);
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) = vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
vdaf.prepare_init(
@@ -215,7 +215,7 @@ fn prio3(c: &mut Criterion) {
let vdaf = Prio3::new_sum(num_shares, max_measurement).unwrap();
let measurement = max_measurement;
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) = vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
vdaf.prepare_init(
@@ -285,7 +285,7 @@ fn prio3(c: &mut Criterion) {
.map(|i| i & 1)
.collect::<Vec<_>>();
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) = vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
vdaf.prepare_init(
@@ -414,7 +414,7 @@ fn prio3(c: &mut Criterion) {
let vdaf = Prio3::new_histogram(num_shares, *input_length, *chunk_length).unwrap();
let measurement = black_box(0);
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) = vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
vdaf.prepare_init(
20 changes: 10 additions & 10 deletions src/dp/distributions.rs
View file
Original file line number Diff line number Diff line change
@@ -391,15 +391,15 @@ mod tests {
DiscreteGaussian::new(Ratio::<BigUint>::from_integer(BigUint::from(5u8))).unwrap();

// check samples are consistent
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let samples: Vec<i8> = (0..10)
.map(|_| i8::try_from(sampler.sample(&mut rng)).unwrap())
.collect();
let samples1: Vec<i8> = (0..10)
.map(|_| i8::try_from(sampler.sample(&mut rng)).unwrap())
.collect();
assert_eq!(samples, vec![0, -3, -2, 3, 2, -1, -5, 4, -7, -5]);
assert_eq!(samples1, vec![2, 7, -8, -3, 1, -3, -3, 6, -3, -1]);
assert_eq!(samples, [10, 7, 2, 1, -1, -2, -1, 3, -3, -1]);
assert_eq!(samples1, [3, 6, 3, -7, -8, -1, 2, -4, -11, -4]);
}

#[test]
@@ -410,7 +410,7 @@ mod tests {
// sample from a manually created distribution
let sampler1 =
DiscreteGaussian::new(Ratio::<BigUint>::from_integer(BigUint::from(4u8))).unwrap();
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let samples1: Vec<i8> = (0..10)
.map(|_| i8::try_from(sampler1.sample(&mut rng)).unwrap())
.collect();
@@ -422,7 +422,7 @@ mod tests {
let sampler2 = zcdp
.create_distribution(Ratio::<BigUint>::from_integer(1u8.into()))
.unwrap();
let mut rng2 = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng2 = SeedStreamTurboShake128::from_seed([0u8; 32]);
let samples2: Vec<i8> = (0..10)
.map(|_| i8::try_from(sampler2.sample(&mut rng2)).unwrap())
.collect();
@@ -570,7 +570,7 @@ mod tests {
.unwrap();

// collect that number of samples
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([1u8; 32]);
let samples: Vec<BigInt> = (1..n_samples)
.map(|_| {
sample_discrete_gaussian(&Ratio::<BigUint>::from_integer(sigma.clone()), &mut rng)
@@ -604,7 +604,7 @@ mod tests {
#[test]
fn empirical_test_gauss() {
[100, 2000, 20000].iter().for_each(|p| {
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let sampler = || {
sample_discrete_gaussian(
&Ratio::<BigUint>::from_integer((*p).to_biguint().unwrap()),
@@ -626,7 +626,7 @@ mod tests {
#[test]
fn empirical_test_bernoulli_mean() {
[2u8, 5u8, 7u8, 9u8].iter().for_each(|p| {
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let sampler = || {
if sample_bernoulli(
&Ratio::<BigUint>::new(BigUint::one(), (*p).into()),
@@ -650,7 +650,7 @@ mod tests {
#[test]
fn empirical_test_geometric_mean() {
[2u8, 5u8, 7u8, 9u8].iter().for_each(|p| {
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let sampler = || {
sample_geometric_exp(
&Ratio::<BigUint>::new(BigUint::one(), (*p).into()),
@@ -673,7 +673,7 @@ mod tests {
#[test]
fn empirical_test_laplace_mean() {
[2u8, 5u8, 7u8, 9u8].iter().for_each(|p| {
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let sampler = || {
sample_discrete_laplace(
&Ratio::<BigUint>::new(BigUint::one(), (*p).into()),
58 changes: 29 additions & 29 deletions src/flp/szk.rs
View file
Original file line number Diff line number Diff line change
@@ -313,7 +313,7 @@ where
phantom: PhantomData<P>,
}

impl<T: Type> Szk<T, XofTurboShake128, 16> {
impl<T: Type> Szk<T, XofTurboShake128, 32> {
/// Create an instance of [`Szk`] using [`XofTurboShake128`].
pub fn new_turboshake128(typ: T, algorithm_id: u32) -> Self {
Szk::new(typ, algorithm_id)
@@ -666,15 +666,15 @@ mod tests {

fn generic_szk_test<T: Type>(typ: T, encoded_measurement: &[T::Field], valid: bool) {
let mut nonce = [0u8; 16];
let mut verify_key = [0u8; 16];
let mut verify_key = [0u8; 32];
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(typ.clone(), algorithm_id);
thread_rng().fill(&mut verify_key[..]);
thread_rng().fill(&mut nonce[..]);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = if szk_typ.has_joint_rand() {
Some(Seed::<16>::generate().unwrap())
Some(Seed::generate().unwrap())
} else {
None
};
@@ -726,7 +726,7 @@ mod tests {

//test mutated jr seed
if szk_typ.has_joint_rand() {
let joint_rand_seed_opt = Some(Seed::<16>::generate().unwrap());
let joint_rand_seed_opt = Some(Seed::<32>::generate().unwrap());
if let Ok(leader_decision) = szk_typ.decide(verifier, joint_rand_seed_opt.clone()) {
assert!(!leader_decision, "Leader accepted wrong jr seed");
};
@@ -800,9 +800,9 @@ mod tests {
let encoded_measurement = sum.encode_measurement(&9).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(sum, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let leader_seed_opt = Some(Seed::<16>::generate().unwrap());
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = Some(Seed::generate().unwrap());
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) {
@@ -835,9 +835,9 @@ mod tests {
let encoded_measurement = sumvec.encode_measurement(&vec![1, 16, 0]).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(sumvec, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let leader_seed_opt = Some(Seed::<16>::generate().unwrap());
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = Some(Seed::generate().unwrap());
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) {
@@ -869,9 +869,9 @@ mod tests {
let encoded_measurement = count.encode_measurement(&true).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(count, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let leader_seed_opt = Some(Seed::<16>::generate().unwrap());
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = Some(Seed::generate().unwrap());
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) {
@@ -904,8 +904,8 @@ mod tests {
let encoded_measurement = sum.encode_measurement(&9).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(sum, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = None;
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
@@ -945,8 +945,8 @@ mod tests {
let encoded_measurement = sum.encode_measurement(&9).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(sum, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = None;
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
@@ -985,8 +985,8 @@ mod tests {
let encoded_measurement = count.encode_measurement(&true).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(count, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = None;
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
@@ -1025,8 +1025,8 @@ mod tests {
let encoded_measurement = count.encode_measurement(&true).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(count, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = None;
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
@@ -1066,9 +1066,9 @@ mod tests {
let encoded_measurement = sumvec.encode_measurement(&vec![1, 16, 0]).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(sumvec, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let leader_seed_opt = Some(Seed::<16>::generate().unwrap());
let prove_rand_seed = Seed::generate().unwrap();
let helper_seed = Seed::generate().unwrap();
let leader_seed_opt = Some(Seed::generate().unwrap());
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) {
@@ -1107,9 +1107,9 @@ mod tests {
let encoded_measurement = sumvec.encode_measurement(&vec![1, 16, 0]).unwrap();
let algorithm_id = 5;
let szk_typ = Szk::new_turboshake128(sumvec, algorithm_id);
let prove_rand_seed = Seed::<16>::generate().unwrap();
let helper_seed = Seed::<16>::generate().unwrap();
let leader_seed_opt = Some(Seed::<16>::generate().unwrap());
let prove_rand_seed = Seed::<32>::generate().unwrap();
let helper_seed = Seed::<32>::generate().unwrap();
let leader_seed_opt = Some(Seed::<32>::generate().unwrap());
let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap();
let mut leader_input_share = encoded_measurement.clone().to_owned();
for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) {
Loading

0 comments on commit c14dd95

Please sign in to comment.