OTExtensionWithMatrix OTExtensionWithMatrix::setup(TwoPartyPlayer& player,
        int128 delta, OT_ROLE role, bool passive)
{
    BaseOT baseOT(128, 128, &player, INV_ROLE(role));
    PRNG G;
    G.ReSeed();
    baseOT.set_receiver_inputs(delta);
    baseOT.exec_base(false);
    return OTExtensionWithMatrix(baseOT, &player, passive);
}
Beispiel #2
0
void PartSetup<FD>::insecure_debug_keys(vector<PartSetup<FD> >& setups, int nplayers, bool simple_pk)
{
    cout << "generating INSECURE keys for debugging" << endl;
    setups.clear();
    Rq_Element zero(params, evaluation, evaluation),
            one(params, evaluation, evaluation);
    zero.assign_zero();
    one.assign_one();
    PRNG G;
    G.ReSeed();
    if (simple_pk)
        pk.assign(zero, zero, zero, zero - one);
    else
        pk.KeyGen(one, G, nplayers);
    setups.resize(nplayers, *this);
    setups[0].sk.assign(one);
    for (int i = 1; i < nplayers; i++)
        setups[i].sk.assign(zero);
}
Beispiel #3
0
void PartSetup<FD>::fake(vector<FHE_SK>& sks, vector<T>& alphais,
        int nplayers, bool distributed)
{
  insecure("global key generation");
  if (distributed)
      cout << "Faking distributed key generation" << endl;
  else
      cout << "Faking key generation with extra noise" << endl;
  PRNG G;
  G.ReSeed();
  pk = FHE_PK(params, FieldD.get_prime());
  FHE_SK sk(params, FieldD.get_prime());
  calpha = Ciphertext(params);
  sks.resize(nplayers, pk);
  alphais.resize(nplayers);

  if (distributed)
      DistKeyGen::fake(pk, sks, FieldD.get_prime(), nplayers);
  else
  {
      Rq_Element sk = FHE_SK(pk).s();
      for (int i = 0; i < nplayers; i++)
      {
          Rq_Element ski = pk.sample_secret_key(G);
          sks[i].assign(ski);
          sk += ski;
      }
      pk.KeyGen(sk, G, nplayers);
  }

  for (int i = 0; i < nplayers; i++)
    {
      Plaintext_<FD> m(FieldD);
      m.randomize(G,Diagonal);
      Ciphertext calphai = pk.encrypt(m);
      calpha += calphai;
      alphais[i] = m.element(0);
    }
}
void OTExtensionWithMatrix::transfer(int nOTs,
                                     const BitVector& receiverInput)
{
#ifdef OTEXT_TIMER
    timeval totalstartv, totalendv;
    gettimeofday(&totalstartv, NULL);
#endif
    cout << "\tDoing " << nOTs << " extended OTs as " << role_to_str(ot_role) << endl;
    if (nOTs % nbaseOTs != 0)
        throw invalid_length(); //"nOTs must be a multiple of nbaseOTs\n");
    if (nOTs == 0)
        return;
    // add k + s to account for discarding k OTs
    nOTs += 2 * 128;

    int slice = nOTs / nsubloops / 128;
    BitMatrix t1(nOTs), u(nOTs);
    senderOutputMatrices.resize(2, BitMatrix(nOTs));
    // resize to account for extra k OTs that are discarded
    PRNG G;
    G.ReSeed();
    BitVector newReceiverInput(nOTs);
    for (unsigned int i = 0; i < receiverInput.size_bytes(); i++)
    {
        newReceiverInput.set_byte(i, receiverInput.get_byte(i));
    }

    //BitVector newReceiverInput(receiverInput);
    newReceiverInput.resize(nOTs);

    receiverOutputMatrix.resize(nOTs);

    for (int loop = 0; loop < nloops; loop++)
    {
        // randomize last 128 + 128 bits that will be discarded
        for (int i = 0; i < 4; i++)
            newReceiverInput.set_word(nOTs/64 - i, G.get_word());

        // subloop for first part to interleave communication with computation
        for (int start = 0; start < nOTs / 128; start += slice)
        {
            vector<octetStream> os(2);

            BitMatrixSlice receiverOutputSlice(receiverOutputMatrix, start, slice);
            BitMatrixSlice senderOutputSlices[2] = {
                BitMatrixSlice(senderOutputMatrices[0], start, slice),
                BitMatrixSlice(senderOutputMatrices[1], start, slice)
            };
            BitMatrixSlice t1Slice(t1, start, slice);
            BitMatrixSlice uSlice(u, start, slice);

            // expand with PRG and create correlation
            if (ot_role & RECEIVER)
            {
                for (int i = 0; i < nbaseOTs; i++)
                {
                    receiverOutputSlice.randomize(i, G_sender[i][0]);
                    t1Slice.randomize(i, G_sender[i][1]);
                }

                t1Slice ^= receiverOutputSlice;
                t1Slice ^= newReceiverInput;
                t1Slice.pack(os[0]);

//                t1 = receiverOutputMatrix;
//                t1 ^= newReceiverInput;
//                receiverOutputMatrix.print_side_by_side(t1);
            }
#ifdef OTEXT_TIMER
            timeval commst1, commst2;
            gettimeofday(&commst1, NULL);
#endif
            // send t0 + t1 + x
            send_if_ot_receiver(player, os, ot_role);

            // sender adjusts using base receiver bits
            if (ot_role & SENDER)
            {
                for (int i = 0; i < nbaseOTs; i++)
                    // randomize base receiver output
                    senderOutputSlices[0].randomize(i, G_receiver[i]);

                // u = t0 + t1 + x
                uSlice.unpack(os[1]);
                senderOutputSlices[0].conditional_xor(baseReceiverInput, u);
            }
#ifdef OTEXT_TIMER
            gettimeofday(&commst2, NULL);
#ifdef VERBOSE
            double commstime = timeval_diff(&commst1, &commst2);
            cout << "\t\tCommunication took time " << commstime/1000000 << endl << flush;
#endif
            times["Communication"] += timeval_diff(&commst1, &commst2);
#endif

            // transpose t0[i] onto receiverOutput and tmp (q[i]) onto senderOutput[i][0]

#ifdef VERBOSE
            cout << "Starting matrix transpose\n" << flush << endl;
#endif
#ifdef OTEXT_TIMER
            timeval transt1, transt2;
            gettimeofday(&transt1, NULL);
#endif
            // transpose in 128-bit chunks
            if (ot_role & RECEIVER)
                receiverOutputSlice.transpose();
            if (ot_role & SENDER)
                senderOutputSlices[0].transpose();

#ifdef OTEXT_TIMER
            gettimeofday(&transt2, NULL);
#ifdef VERBOSE
            double transtime = timeval_diff(&transt1, &transt2);
            cout << "\t\tMatrix transpose took time " << transtime/1000000 << endl << flush;
#endif
            times["Matrix transpose"] += timeval_diff(&transt1, &transt2);
#endif
        }

        // correlation check
        if (!passive_only)
        {
#ifdef OTEXT_TIMER
            timeval startv, endv;
            gettimeofday(&startv, NULL);
#endif
            check_correlation(nOTs, newReceiverInput);
#ifdef OTEXT_TIMER
            gettimeofday(&endv, NULL);
#ifdef VERBOSE
            double elapsed = timeval_diff(&startv, &endv);
            cout << "\t\tTotal correlation check time: " << elapsed/1000000 << endl << flush;
#endif
            times["Total correlation check"] += timeval_diff(&startv, &endv);
#endif
        }

        hash_outputs(nOTs);
#ifdef OTEXT_TIMER
#ifdef VERBOSE
        gettimeofday(&totalendv, NULL);
        double elapsed = timeval_diff(&totalstartv, &totalendv);
        cout << "\t\tTotal thread time: " << elapsed/1000000 << endl << flush;
#endif
#endif
    }

#ifdef OTEXT_TIMER
    gettimeofday(&totalendv, NULL);
    times["Total thread"] +=  timeval_diff(&totalstartv, &totalendv);
#endif

    receiverOutputMatrix.resize(nOTs - 2 * 128);
    senderOutputMatrices[0].resize(nOTs - 2 * 128);
    senderOutputMatrices[1].resize(nOTs - 2 * 128);
}
Beispiel #5
0
int main(int argc, const char** argv)
{
    ezOptionParser opt;

    opt.add(
        "", // Default.
        1, // Required?
        1, // Number of args expected.
        0, // Delimiter if expecting multiple args.
        "This player's number, 0/1 (required).", // Help description.
        "-p", // Flag token.
        "--player" // Flag token.
    );

    opt.add(
        "5000", // Default.
        0, // Required?
        1, // Number of args expected.
        0, // Delimiter if expecting multiple args.
        "Base port number (default: 5000).", // Help description.
        "-pn", // Flag token.
        "--portnum" // Flag token.
    );

    opt.add(
        "localhost", // Default.
        0, // Required?
        1, // Number of args expected.
        0, // Delimiter if expecting multiple args.
        "Host name(s) that player 0 is running on (default: localhost). Split with commas.", // Help description.
        "-h", // Flag token.
        "--hostname" // Flag token.
    );

    opt.add(
        "1024",
        0,
        1,
        0,
        "Number of extended OTs to run (default: 1024).",
        "-n",
        "--nOTs"
    );

    opt.add(
        "128", // Default.
        0, // Required?
        1, // Number of args expected.
        0, // Delimiter if expecting multiple args.
        "Number of base OTs to run (default: 128).", // Help description.
        "-b", // Flag token.
        "--nbase" // Flag token.
    );

    opt.add(
        "s",
        0,
        1,
        0,
        "Mode for OT. a (asymmetric) or s (symmetric, i.e. play both sender/receiver) (default: s).",
        "-m",
        "--mode"
    );
    opt.add(
        "1",
        0,
        1,
        0,
        "Number of threads (default: 1).",
        "-x",
        "--nthreads"
    );

    opt.add(
        "1",
        0,
        1,
        0,
        "Number of loops (default: 1).",
        "-l",
        "--nloops"
    );

    opt.add(
        "1",
        0,
        1,
        0,
        "Number of subloops (default: 1).",
        "-s",
        "--nsubloops"
    );

    opt.add(
        "", // Default.
        0, // Required?
        0, // Number of args expected.
        0, // Delimiter if expecting multiple args.
        "Run in passive security mode.", // Help description.
        "-pas", // Flag token.
        "--passive" // Flag token.
    );

    opt.add(
        "", // Default.
        0, // Required?
        0, // Number of args expected.
        0, // Delimiter if expecting multiple args.
        "Write results to files.", // Help description.
        "-o", // Flag token.
        "--output" // Flag token.
    );

    opt.add(
        "", // Default.
        0, // Required?
        0, // Number of args expected.
        0, // Delimiter if expecting multiple args.
        "Use fake base OTs.", // Help description.
        "-f", // Flag token.
        "--fake" // Flag token.
    );

    opt.parse(argc, argv);

    string hostname, ot_mode, usage;
    int my_num, portnum_base, nthreads, nloops, nsubloops, nbase;
    long nOTs;
    bool passive = false;
    opt.get("-p")->getInt(my_num);
    opt.get("-pn")->getInt(portnum_base);
    opt.get("-h")->getString(hostname);
    opt.get("-n")->getLong(nOTs);
    opt.get("-m")->getString(ot_mode);
    opt.get("--nthreads")->getInt(nthreads);
    opt.get("--nloops")->getInt(nloops);
    opt.get("--nsubloops")->getInt(nsubloops);
    opt.get("--nbase")->getInt(nbase);
    if (opt.isSet("-pas"))
        passive = true;

    if (!opt.isSet("-p"))
    {
        opt.getUsage(usage);
        cout << usage;
        exit(0);
    }

    cout << "Player 0 host name = " << hostname << endl;
    cout << "Creating " << nOTs << " extended OTs in " << nthreads << " threads\n";
    cout << "Running in mode " << ot_mode << endl;

    if (passive)
        cout << "Running with PASSIVE security only\n";

    if (nbase < 128)
        cout << "WARNING: only using " << nbase << " seed OTs, using these for OT extensions is insecure.\n";

    OT_ROLE ot_role;
    if (ot_mode.compare("s") == 0)
        ot_role = BOTH;
    else if (ot_mode.compare("a") == 0)
    {
        if (my_num == 0)
            ot_role = SENDER;
        else
            ot_role = RECEIVER;
    }
    else
    {
        cerr << "Invalid OT mode argument: " << ot_mode << endl;
        exit(1);
    }

    // PRG for generating inputs etc
    PRNG G;
    G.ReSeed();

    // Several names for multiplexing
    vector<Names> N;
    unsigned int pos = 0;
    while (pos < hostname.length())
    {
        string::size_type new_pos = hostname.find(',', pos);
        if (new_pos == string::npos)
            new_pos = hostname.length();
        int len = new_pos - pos;
        string name = hostname.substr(pos, len);
        pos = new_pos + 1;

        vector<string> names(2);
        names[my_num] = "localhost";
        names[1-my_num] = name;
        N.push_back(Names(my_num, portnum_base, names));
    }

    TwoPartyPlayer* P = new TwoPartyPlayer(N[0], 1 - my_num, 500);

    timeval baseOTstart, baseOTend;
    gettimeofday(&baseOTstart, NULL);
    // swap role for base OTs
    BaseOT baseOT = BaseOT(nbase, 128, 1 - my_num, P, INV_ROLE(ot_role));
    FakeOT fakeOT = FakeOT(nbase, 128, 1 - my_num, P, INV_ROLE(ot_role));
    BaseOT* bot_;
    if (opt.isSet("-f"))
    {
        cout << "WARNING: using fake base OTs, not secure\n";
        bot_ = &fakeOT;
    }
    else
    {
        cout << "Using Chou-Orlandi base OTs\n";
        bot_ = &baseOT;
    }
    BaseOT& bot = *bot_;
    bot.exec_base();
    gettimeofday(&baseOTend, NULL);
    double basetime = timeval_diff(&baseOTstart, &baseOTend);
    cout << "\t\tBaseTime (" << role_to_str(ot_role) << "): " << basetime/1000000 << endl << flush;

    // Receiver send something to force synchronization
    // (since Sender finishes baseOTs before Receiver)
    int a = 3;
    vector<octetStream> os(2);
    os[0].store(a);
    P->send_receive_player(os);
    os[1].get(a);
    cout << a << endl;

#ifdef BASE_OT_DEBUG
    // check base OTs
    bot.check();
    // check after extending with PRG a few times
    for (int i = 0; i < 8; i++)
    {
        bot.extend_length();
        bot.check();
    }
    cout << "Verifying base OTs (debugging)\n";
#endif
    // divide nOTs between threads and loops
    nOTs = DIV_CEIL(nOTs, nthreads * nloops);
    // round up to multiple of base OTs and subloops
    // discount for discarded OTs
    nOTs = DIV_CEIL(nOTs + 2 * 128, nbase * nsubloops) * nbase * nsubloops - 2 * 128;
    cout << "Running " << nOTs << " OT extensions per thread and loop\n" << flush;

    BitVector receiverInput(nOTs);
    receiverInput.randomize(G);
    // convert baseOT selection bits to BitVector
    // (not already BitVector due to legacy PVW code)
    BitVector baseReceiverInput(nbase);
    for (int i = 0; i < nbase; i++)
    {
        baseReceiverInput.set_bit(i, bot.receiver_inputs[i]);
    }
    cout << "Initialize OT Extension\n";
    vector<OT_thread_info> tinfos(nthreads);
    vector<pthread_t> threads(nthreads);
    timeval OTextstart, OTextend;
    gettimeofday(&OTextstart, NULL);
#ifndef __MACH__
    timespec start, end;
    clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &start);
#endif

    // copy base inputs/outputs for each thread
    vector<BitVector> base_receiver_input_copy(nthreads);
    vector<vector< vector<BitVector> > > base_sender_inputs_copy(nthreads, vector<vector<BitVector> >(nbase, vector<BitVector>(2)));
    vector< vector<BitVector> > base_receiver_outputs_copy(nthreads, vector<BitVector>(nbase));
    vector<TwoPartyPlayer*> players(nthreads);

    for (int i = 0; i < nthreads; i++)
    {
        tinfos[i].receiverInput.assign(receiverInput);

        base_receiver_input_copy[i].assign(baseReceiverInput);
        for (int j = 0; j < nbase; j++)
        {
            base_sender_inputs_copy[i][j][0].assign(bot.sender_inputs[j][0]);
            base_sender_inputs_copy[i][j][1].assign(bot.sender_inputs[j][1]);
            base_receiver_outputs_copy[i][j].assign(bot.receiver_outputs[j]);
        }
        // now setup resources for each thread
        // round robin with the names
        players[i] = new TwoPartyPlayer(N[i%N.size()], 1 - my_num, (i+1) * 1000);
        tinfos[i].thread_num = i+1;
        tinfos[i].other_player_num = 1 - my_num;
        tinfos[i].nOTs = nOTs;
        tinfos[i].ot_ext = new OTExtensionWithMatrix(nbase, bot.length(),
                nloops, nsubloops,
                players[i],
                base_receiver_input_copy[i],
                base_sender_inputs_copy[i],
                base_receiver_outputs_copy[i],
                ot_role,
                passive);

        // create the thread
        pthread_create(&threads[i], NULL, run_otext_thread, &tinfos[i]);
        
        // extend base OTs with PRG for the next thread
        bot.extend_length();
    }
    // wait for threads to finish
    for (int i = 0; i < nthreads; i++)
    {
        pthread_join(threads[i],NULL);
        cout << "thread " << i+1 << " finished\n" << flush;
    }

    map<string,long long>& times = tinfos[0].ot_ext->times;
    for (map<string,long long>::iterator it = times.begin(); it != times.end(); it++)
    {
        long long sum = 0;
        for (int i = 0; i < nthreads; i++)
            sum += tinfos[i].ot_ext->times[it->first];

        cout << it->first << " on average took time "
                << double(sum) / nthreads / 1e6 << endl;
    }

    gettimeofday(&OTextend, NULL);
#ifndef __MACH__
    clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &end);
    cout << "Processor time: " << double(timespec_diff(&start, &end)) / 1e9 << endl;
#endif
    double totaltime = timeval_diff(&OTextstart, &OTextend);
    cout << "Time for OTExt threads (" << role_to_str(ot_role) << "): " << totaltime/1000000 << endl << flush;

    if (opt.isSet("-o"))
    {
        char filename[1024];
        sprintf(filename, RECEIVER_INPUT, my_num);
        ofstream outf(filename);
        receiverInput.output(outf, false);
        outf.close();

        sprintf(filename, RECEIVER_OUTPUT, my_num);
        outf.open(filename);
        for (unsigned int i = 0; i < tinfos[0].ot_ext->receiverOutput.size(); i++)
            tinfos[0].ot_ext->receiverOutput[i].output(outf, false);
        outf.close();

        for (int i = 0; i < 2; i++)
        {
            sprintf(filename, SENDER_OUTPUT, my_num, i);
            outf.open(filename);
            for (int j = 0; j < nOTs; j++)
                tinfos[0].ot_ext->senderOutput[i][j].output(outf, false);
            outf.close();
        }
    }
}
Beispiel #6
0
void PairwiseGenerator<FD>::run()
{
    PRNG G;
    G.ReSeed();
    MAC_Check<typename FD::T> MC(machine.setup<FD>().alphai);

    while (total < machine.nTriplesPerThread)
    {
        timers["Randomization"].start();
        a.randomize(G);
        b.randomize(G);
        timers["Randomization"].stop();
        size_t prover_memory = EC.generate_proof(C, a, ciphertexts, cleartexts);
        timers["Plaintext multiplication"].start();
        c.mul(a, b);
        timers["Plaintext multiplication"].stop();
        timers["FFT of b"].start();
        for (int i = 0; i < machine.sec; i++)
            b_mod_q.at(i).from_vec(b.at(i).get_poly());
        timers["FFT of b"].stop();
        timers["Proof exchange"].start();
        size_t verifier_memory = EC.create_more(ciphertexts, cleartexts);
        timers["Proof exchange"].stop();
        volatile_memory = max(prover_memory, verifier_memory);

        Rq_Element values({machine.setup<FD>().params, evaluation, evaluation});
        for (int k = 0; k < machine.sec; k++)
        {
            producer.ai = a[k];
            producer.bi = b[k];
            producer.ci = c[k];

            for (int j = 0; j < 3; j++)
            {
                timers["Plaintext multiplication"].start();
                producer.macs[j].mul(machine.setup<FD>().alpha, producer.values[j]);
                timers["Plaintext multiplication"].stop();

                if (j == 1)
                    values = b_mod_q[k];
                else
                {
                    timers["Plaintext conversion"].start();
                    values.from_vec(producer.values[j].get_poly());
                    timers["Plaintext conversion"].stop();
                }

                for (auto m : multipliers)
                    m->multiply_alpha_and_add(producer.macs[j], values);
            }
            producer.reset();
            total += producer.sacrifice(P, MC);
        }

        timers["Checking"].start();
        MC.Check(P);
        timers["Checking"].stop();
    }

    cout << "Could save " << 1e-9 * a.report_size(CAPACITY) << " GB" << endl;
    timers.insert(EC.timers.begin(), EC.timers.end());
    timers.insert(producer.timers.begin(), producer.timers.end());
    timers["Networking"] = P.timer;
}