Non-trusted dealer based preprocessing included in protocol

sine-fdn · Apr 22, 2024 · 3cee4c7 · 3cee4c7
1 parent a942f04
commit 3cee4c7
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 38 deletions.
diff --git a/src/faand.rs b/src/faand.rs
@@ -585,6 +585,7 @@ fn transform(
 /// The protocol combines leaky authenticated bits into non-leaky authenticated bits.
 pub(crate) async fn faand(
     channel: &mut MsgChannel<impl Channel>,
+    bits_rand: Vec<(Share, Share)>,
     p_own: usize,
     p_max: usize,
     circuit_size: usize,
@@ -593,7 +594,7 @@ pub(crate) async fn faand(
     delta: Delta,
 ) -> Result<(Vec<Share>, Vec<Share>, Vec<Share>), Error> {
     //let b = (128.0 / f64::log2(circuit_size as f64)).ceil() as u128;
-    let b = bucket_size(circuit_size);
+    let b = bucket_size(circuit_size) - 1; // it should be bucket size, but the last element in the bucket will be defined by the input random shares xbits and ybits
     let lprime: usize = length * b;
     //let len_ashare = length + RHO;
     //let len_abit = len_ashare + 2 * RHO; //(length + 3 * RHO)
@@ -605,10 +606,8 @@ pub(crate) async fn faand(
     let rbits = fashare(channel, &mut r, p_own, p_max, lprime, delta, shared_rng).await?;
 
     // Step 1
-    let alltriples: (Vec<Share>, Vec<Share>, Vec<Share>) = flaand(
-        channel, xbits, ybits, rbits, p_own, p_max, delta, lprime,
-    )
-    .await?;
+    let alltriples: (Vec<Share>, Vec<Share>, Vec<Share>) =
+        flaand(channel, xbits, ybits, rbits, p_own, p_max, delta, lprime).await?;
     let triples = transform(alltriples, lprime);
 
     // Step 2
@@ -636,13 +635,40 @@ pub(crate) async fn faand(
     for b in buckets {
         bucketcombined.push(combine_bucket(channel, p_own, p_max, delta, b).await?);
     }
+
+    // Extra step for including into our protocol.rs implementation - the last element in the bucket is defined such that it
+    // results in a triple that matches the random x and y bits generated beforehand in protocol.rs
+    let mut rr: Vec<bool> = (0..length + 3 * RHO).map(|_| random()).collect();
+    let rbits_new = fashare(channel, &mut rr, p_own, p_max, length, delta, shared_rng).await?;
+    let mut s1: Vec<Share> = vec![Share(false, Auth(vec![])); length];
+    let mut s2: Vec<Share> = vec![Share(false, Auth(vec![])); length];
+    for i in 0..length {
+        s1[i]  = &bits_rand[i].0 ^ &bucketcombined[i].0;
+        s2[i] = bits_rand[i].1.clone();
+    }
+    let alltriples: (Vec<Share>, Vec<Share>, Vec<Share>) =
+        flaand(channel, s1, s2, rbits_new, p_own, p_max, delta, length).await?;
+    let triples = transform(alltriples, length);
+    let mut finalbucket: Vec<(Share, Share, Share)> = vec![(Share(false, Auth(vec![])), Share(false, Auth(vec![])), Share(false, Auth(vec![]))); length];
+    for i in 0..length {
+        finalbucket[i] = 
+            combine_two_leaky_ands(
+                channel,
+                p_own,
+                p_max,
+                delta,
+                &triples[i],
+                &bucketcombined[i],
+            )
+            .await?;
+    }
+
     let mut shares: (Vec<Share>, Vec<Share>, Vec<Share>) = (vec![], vec![], vec![]);
-    for b in bucketcombined {
+    for b in finalbucket {
         shares.0.push(b.0);
         shares.1.push(b.1);
         shares.2.push(b.2);
     }
-
     Ok(shares)
 }
 
@@ -741,7 +767,7 @@ pub(crate) async fn combine_two_leaky_ands(
     Ok((xres, y1.clone(), zres))
 }
 
-#[cfg(test)]
+/*#[cfg(test)]
 mod tests {
     use rand::random;
 
@@ -1129,3 +1155,4 @@ mod tests {
         Ok(())
     }
 }
+*/
diff --git a/src/protocol.rs b/src/protocol.rs
@@ -8,7 +8,7 @@ use tokio::{runtime::Runtime, task::JoinSet};
 
 use crate::{
     channel::{self, Channel, MsgChannel, SimpleChannel},
-    faand::{self, faand, shared_rng},
+    faand::{self, faand, fashare, shared_rng, RHO},
     fpre::{fpre, Auth, Delta, Key, Mac, Share},
     garble::{self, decrypt, encrypt, GarblingKey},
 };
@@ -21,7 +21,7 @@ pub(crate) struct GarbledGate(pub(crate) [Vec<u8>; 4]);
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
 pub(crate) struct Label(pub(crate) u128);
 
-const TRUSTEDDEALER: bool = true;
+const TRUSTEDDEALER: bool = false;
 
 impl BitXor for Label {
     type Output = Self;
@@ -312,50 +312,75 @@ pub async fn mpc(
     let auth_bits: Vec<Share>;
     let mut shares: Vec<Share> = vec![Share(false, Auth(vec![])); num_gates];
     let mut labels: Vec<Label> = vec![Label(0); num_gates];
+    let mut shared_rng = shared_rng(&mut channel, p_own, p_max).await?;
     if TRUSTEDDEALER {
         channel
             .send_to(p_fpre, "random shares", &(secret_bits as u32))
             .await?;
         random_shares = channel.recv_from(p_fpre, "random shares").await?;
+    } else {
+        let mut x: Vec<bool> = (0..secret_bits + 3 * RHO).map(|_| random()).collect();
+        random_shares = fashare(
+            &mut channel,
+            &mut x,
+            p_own,
+            p_max,
+            secret_bits,
+            delta,
+            &mut shared_rng,
+        )
+        .await?;
+    }
 
-        let mut random_shares = random_shares.into_iter();
-        for (w, gate) in circuit.wires().iter().enumerate() {
-            if let Wire::Input(_) | Wire::And(_, _) = gate {
-                let Some(share) = random_shares.next() else {
-                    return Err(MpcError::MissingShareForWire(w).into());
-                };
-                shares[w] = share;
-                if is_contrib {
-                    labels[w] = Label(random());
-                }
+    let mut random_shares = random_shares.into_iter();
+    for (w, gate) in circuit.wires().iter().enumerate() {
+        if let Wire::Input(_) | Wire::And(_, _) = gate {
+            let Some(share) = random_shares.next() else {
+                return Err(MpcError::MissingShareForWire(w).into());
+            };
+            shares[w] = share;
+            if is_contrib {
+                labels[w] = Label(random());
             }
         }
+    }
 
-        // fn-dependent preprocessing:
+    // fn-dependent preprocessing:
 
-        let mut and_shares = Vec::new();
-        for (w, gate) in circuit.wires().iter().enumerate() {
-            match gate {
-                Wire::Input(_) => {}
-                Wire::Not(x) => {
-                    shares[w] = shares[*x].clone();
-                    labels[w] = labels[*x] ^ delta;
-                }
-                Wire::Xor(x, y) => {
-                    shares[w] = &shares[*x] ^ &shares[*y];
-                    labels[w] = labels[*x] ^ labels[*y];
-                }
-                Wire::And(x, y) => {
-                    and_shares.push((shares[*x].clone(), shares[*y].clone()));
-                }
+    let mut and_shares = Vec::new();
+    for (w, gate) in circuit.wires().iter().enumerate() {
+        match gate {
+            Wire::Input(_) => {}
+            Wire::Not(x) => {
+                shares[w] = shares[*x].clone();
+                labels[w] = labels[*x] ^ delta;
+            }
+            Wire::Xor(x, y) => {
+                shares[w] = &shares[*x] ^ &shares[*y];
+                labels[w] = labels[*x] ^ labels[*y];
+            }
+            Wire::And(x, y) => {
+                and_shares.push((shares[*x].clone(), shares[*y].clone()));
             }
         }
+    }
 
+    if TRUSTEDDEALER {
         channel.send_to(p_fpre, "AND shares", &and_shares).await?;
         auth_bits = channel.recv_from(p_fpre, "AND shares").await?;
     } else {
-        let mut shared_rng = shared_rng(&mut channel, p_own, p_max).await?;
-        auth_bits = faand(&mut channel, p_own, p_max, num_and_gates, 100, &mut shared_rng, delta).await?.2;
+        auth_bits = faand(
+            &mut channel,
+            and_shares,
+            p_own,
+            p_max,
+            num_and_gates, //TODO figure this out
+            num_and_gates,
+            &mut shared_rng,
+            delta,
+        )
+        .await?
+        .2;
     }
 
     let mut auth_bits = auth_bits.into_iter();