void OTExtSnd::BuildQMatrix(CBitVector& T, uint64_t OT_ptr, uint64_t numblocks) {
BYTE* Tptr = T.GetArr();
uint8_t* ctr_buf = (uint8_t*) calloc (AES_BYTES, sizeof(uint8_t));
uint32_t dummy;
uint64_t* counter = (uint64_t*) ctr_buf;
uint64_t wd_size_bytes = m_nBlockSizeBytes;//pad_to_power_of_two(m_nBaseOTs/8);//1 << (ceil_log2(m_nBaseOTs) - 3);
uint64_t rowbytelen = wd_size_bytes * numblocks;
AES_KEY_CTX* seedptr = m_vBaseOTKeys;
uint64_t global_OT_ptr = OT_ptr + m_nCounter;
uint64_t iters = rowbytelen / AES_BYTES;
for (uint64_t k = 0, b; k < m_nBaseOTs; k++) {
*counter = global_OT_ptr;
for (b = 0; b < iters; b++, (*counter)++, Tptr += AES_BYTES) {
m_cCrypt->encrypt(seedptr + k, Tptr, ctr_buf, AES_BYTES);
#ifdef DEBUG_MALICIOUS
cout << "k = " << k << ": "<< (hex) << ((uint64_t*) Tptr)[0] << ((uint64_t*) Tptr)[1] << (hex) << endl;
#endif
}
#ifdef DEBUG_OT_SEED_EXPANSION
cout << "Xs[" << k << "]: " << (hex);
for(uint64_t i = 0; i < AES_BYTES * iters; i++) {
cout << setw(2) << setfill('0') << (uint32_t) (Tptr-AES_BYTES*iters)[i];
}
cout << (dec) << " (" << (*counter)-iters << ")" <<endl;
#endif
}
free(ctr_buf);
}
//XOR m_nU on top
void OTExtSnd::UnMaskBaseOTs(CBitVector& T, CBitVector& RcvBuf, uint64_t numblocks) {
uint64_t rowbytelen = m_nBlockSizeBytes * numblocks;
uint8_t* rcvbufptr = RcvBuf.GetArr();
#ifdef GENERATE_T_EXPLICITELY
uint64_t blocksizebytes = m_nBaseOTs * rowbytelen;
#endif
for (uint64_t k = 0; k < m_nBaseOTs; k++, rcvbufptr += rowbytelen) {
#ifdef GENERATE_T_EXPLICITELY
if (m_vU.GetBit(k) == 0) {
T.XORBytes(rcvbufptr, k * rowbytelen, rowbytelen);
} else {
T.XORBytes(rcvbufptr + blocksizebytes, k * rowbytelen, rowbytelen);
}
#else
if (m_vU.GetBit(k)) {
T.XORBytes(rcvbufptr, k * rowbytelen, rowbytelen);
}
#endif
}
}
void CClient::RunOTThread()
{
// generate input vector
int nInputStart = m_pCircuit->GetInputStart(ID_CLIENT);
int nInputEnd = m_pCircuit->GetInputEnd(ID_CLIENT);
int nInputSize = nInputEnd-nInputStart+1;
m_r.Create(nInputSize);
for(int i=nInputStart; i<=nInputEnd; i++)
{
m_r.SetBit(i-nInputStart, m_pGates[i].val);
}
// IKNP-first step: sender of Naor-Pinkas
ZZ& p = CConfig::GetInstance()->GetPrime();
ZZ& g = CConfig::GetInstance()->GetGenerator();
ZZ q = p/2 - 1;
int nBufSize = NUM_EXECS_NAOR_PINKAS * FIELD_SIZE_IN_BYTES;
BYTE* pBuf = new BYTE[nBufSize];
// generate and send c
CBitVector rnd;
rnd.Create( NUM_EXECS_NAOR_PINKAS*FIELD_SIZE_IN_BITS, m_aSeed, m_nCounter);
ZZ* pC = new ZZ[NUM_EXECS_NAOR_PINKAS ];
BYTE* pBufIdx = pBuf;
BYTE* pBufIn = rnd.GetArr();
ZZ ztmp, ztmp2;
for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++)
{
ZZFromBytes(ztmp, pBufIn, FIELD_SIZE_IN_BYTES);
rem(ztmp2, ztmp, p);
SqrMod(pC[i], ztmp2, p);
BytesFromZZ(pBufIdx, pC[i], FIELD_SIZE_IN_BYTES);
pBufIn += FIELD_SIZE_IN_BYTES;
pBufIdx += FIELD_SIZE_IN_BYTES;
}
m_sockOT.Send(pBuf, NUM_EXECS_NAOR_PINKAS * FIELD_SIZE_IN_BYTES);
// receive pk0
m_sockOT.Receive(pBuf, nBufSize);
ZZ* pPK0 = new ZZ[NUM_EXECS_NAOR_PINKAS];
ZZ* pPK1 = new ZZ[NUM_EXECS_NAOR_PINKAS];
pBufIdx = pBuf;
for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++ )
{
ZZFromBytes(pPK0[i], pBufIdx, FIELD_SIZE_IN_BYTES);
pBufIdx += FIELD_SIZE_IN_BYTES;
// pPK[i] = pC[i]/pPK0[i]
InvMod(ztmp, pPK0[i], p);
MulMod(pPK1[i], pC[i], ztmp, p);
}
delete [] pBuf;
// send <g^r1, Enc(M0)> and <g^r2, Enc(M1)>
int nMsgSize = (nInputEnd-nInputStart)/SHA1_BITS + 1; // in sha1 scale
int nMsginOT = FIELD_SIZE_IN_BYTES + nMsgSize*SHA1_BYTES;
int nBufSize2 = NUM_EXECS_NAOR_PINKAS * nMsginOT * 2;
BYTE* pBuf2 = new BYTE[nBufSize2];
// to do
ZZ* pR0 = new ZZ[NUM_EXECS_NAOR_PINKAS];
ZZ* pR1 = new ZZ[NUM_EXECS_NAOR_PINKAS];
rnd.Create( NUM_EXECS_NAOR_PINKAS*2*FIELD_SIZE_IN_BITS, m_aSeed, m_nCounter);
pBufIdx = rnd.GetArr();
for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++)
{
ZZFromBytes(ztmp, pBufIdx, FIELD_SIZE_IN_BYTES);
rem(pR0[i], ztmp, q);
pBufIdx += FIELD_SIZE_IN_BYTES;
ZZFromBytes(ztmp, pBufIdx, FIELD_SIZE_IN_BYTES);
rem(pR1[i], ztmp, q);
pBufIdx += FIELD_SIZE_IN_BYTES;
}
ZZ gr0, gr1, pkr0, pkr1;
pBufIdx = pBuf2;
sha1_context sha;
BYTE tmp[FIELD_SIZE_IN_BYTES];
SHA_BUFFER buf_key;
for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++)
{
// put g^r0
PowerMod(gr0, g, pR0[i], p);
BytesFromZZ(pBufIdx, gr0, FIELD_SIZE_IN_BYTES);
pBufIdx += FIELD_SIZE_IN_BYTES;
// compute the key for M0
PowerMod(pkr0, pPK0[i], pR0[i], p);
BytesFromZZ(tmp, pkr0, FIELD_SIZE_IN_BYTES);
sha1_starts(&sha);
sha1_update(&sha, tmp, FIELD_SIZE_IN_BYTES);
sha1_finish(&sha, (BYTE*) &buf_key);
// put Enc(M0): M0 = t
for(int j=0, k=0; j<nMsgSize; j++)
{
sha1_starts(&sha);
sha1_update(&sha, (BYTE*) &buf_key, sizeof(buf_key));
sha1_update(&sha, (BYTE*) &j, sizeof(int));
sha1_finish(&sha, pBufIdx);
for(int x=0; x < SHA1_BYTES; x++, k++, pBufIdx++ )
{
*(pBufIdx) ^= m_T[i].GetByte(k);
}
}
// put g^r1
PowerMod(gr1, g, pR1[i], p);
BytesFromZZ(pBufIdx, gr1, FIELD_SIZE_IN_BYTES);
pBufIdx += FIELD_SIZE_IN_BYTES;
// compute the key for M1
PowerMod(pkr1, pPK1[i], pR1[i], p);
BytesFromZZ(tmp, pkr1, FIELD_SIZE_IN_BYTES);
sha1_starts(&sha);
sha1_update(&sha, tmp, FIELD_SIZE_IN_BYTES);
sha1_finish(&sha, (BYTE*) &buf_key);
// put Enc(M1) : M1 = r xor t
for(int j=0,k=0; j<nMsgSize; j++)
{
sha1_starts(&sha);
sha1_update(&sha, (BYTE*) &buf_key, sizeof(buf_key));
sha1_update(&sha, (BYTE*) &j, sizeof(int));
sha1_finish(&sha, pBufIdx);
for(int x=0; x < SHA1_BYTES; x++, pBufIdx++, k++ )
{
*pBufIdx ^= m_T[i].GetByte(k) ^ m_r.GetByte(k);
}
}
}
m_sockOT.Send(pBuf2, nBufSize2);
delete [] pBuf2;
delete [] pR0;
delete [] pR1;
// IKNP: recv the keys for client inputs
KEY* pKeys = new KEY[nInputSize*2];
m_sockOT.Receive(pKeys, nInputSize*sizeof(KEY)*2);
KEY* pKeyIdx = pKeys;
KEY* pYaoKeyIdx = m_pYaoKeys + nInputStart;
CBitVector tj;
tj.Create(NUM_EXECS_NAOR_PINKAS);
for(int i=nInputStart, j=0; i<nInputEnd+1; i++, j++)
{
for(int x=0; x<NUM_EXECS_NAOR_PINKAS; x++)
tj.SetBit(x, m_T[x].GetBit(j));
sha1_starts(&sha);
sha1_update(&sha, tj.GetArr(), NUM_EXECS_NAOR_PINKAS/8);
sha1_update(&sha, (BYTE*)&j, sizeof(int));
sha1_finish(&sha, (BYTE*)&buf_key);
/*
#ifdef _DEBUG
cout << "H(tj, j)=";
LOG_KEY(*pYaoKeyIdx);
cout <<endl;
cout << "gate-val=" << (int) m_pGates[i].val << endl;
cout << "key0=";
LOG_KEY(*pKeyIdx);
cout << "key1=";
LOG_KEY(*(pKeyIdx+1));
#endif
*/
if( !m_pGates[i].val )
{
XOR_KEYP3(pYaoKeyIdx, (&buf_key), pKeyIdx);
pKeyIdx++;
pKeyIdx++;
}
else
{
pKeyIdx++;
XOR_KEYP3(pYaoKeyIdx, (&buf_key), pKeyIdx);
pKeyIdx++;
}
/*
#ifdef _DEBUG
cout << "gateid: " << i << " ";
LOG_KEY(*pYaoKeyIdx);
cout << endl;
#endif
*/
pYaoKeyIdx++;
}
// clean-up
delete [] pKeys;
m_bOTDone = TRUE;
}
void KKOTExtSnd::KKHashValues(CBitVector &Q, CBitVector *seedbuf,
CBitVector *snd_buf, uint64_t OT_ptr,
uint64_t OT_len, uint64_t **mat_mul) {
uint64_t numhashiters =
ceil_divide(m_nBitLength, m_cCrypt->get_hash_bytes());
uint32_t rowbytelen = bits_in_bytes(m_nBaseOTs);
uint32_t hashinbytelen = rowbytelen + sizeof(uint64_t);
uint32_t hashoutbitlen = ceil_log2(m_nSndVals);
uint64_t wd_size_bytes =
m_nBlockSizeBytes; // 1 << (ceil_log2(m_nBaseOTs) - 3);
uint32_t u;
uint32_t aes_key_bytes = m_cCrypt->get_aes_key_bytes();
uint32_t choicebitlen = ceil_log2(m_nSndVals);
uint64_t *Qptr = (uint64_t *)Q.GetArr();
uint8_t **sbp = (uint8_t **)malloc(sizeof(uint8_t *) * m_nSndVals);
uint8_t *inbuf = (uint8_t *)calloc(hashinbytelen, 1);
uint8_t *resbuf = (uint8_t *)calloc(m_cCrypt->get_hash_bytes(), 1);
uint8_t *hash_buf = (uint8_t *)calloc(m_cCrypt->get_hash_bytes(), 1);
uint64_t *tmpbuf = (uint64_t *)calloc(
PadToMultiple(bits_in_bytes(m_nBitLength), sizeof(uint64_t)), 1);
uint8_t *tmpbufb = (uint8_t *)calloc(bits_in_bytes(m_nBitLength), 1);
uint64_t global_OT_ptr = OT_ptr + m_nCounter;
CBitVector mask(m_nCodeWordBits);
for (u = 0; u < m_nSndVals; u++) {
sbp[u] = seedbuf[u].GetArr();
}
for (uint64_t i = 0; i < OT_len; global_OT_ptr++, i++, Qptr += 2) {
for (u = 0; u < m_nSndVals; u++) {
mask.Copy(m_vU, 0, rowbytelen);
mask.ANDBytes((uint8_t *)m_vCodeWords[u], 0, rowbytelen);
mask.XORBytes(Q.GetArr() + i * rowbytelen, rowbytelen);
#ifdef DEBUG_OT_HASH_IN
cout << "Hash-In for i = " << global_OT_ptr << ", u = " << u << ": "
<< (hex);
for (uint32_t p = 0; p < rowbytelen; p++)
cout << setw(2) << setfill('0') << (uint32_t)mask.GetArr()[p];
cout << (dec) << endl;
// cout << "Using codeword " << (hex) << m_vCodeWords[u][0] <<
// m_vCodeWords[u][1] << (hex) << m_vCodeWords[u][2] << m_vCodeWords[u][3] <<
// (dec) << endl;
#endif
if (m_eSndOTFlav != Snd_GC_OT) {
#ifdef FIXED_KEY_AES_HASHING
FixedKeyHashing(m_kCRFKey, sbp[u], (BYTE *)Qptr, hash_buf, i,
hashinbytelen, m_cCrypt);
#else
memcpy(inbuf, &global_OT_ptr, sizeof(uint64_t));
// memcpy(inbuf+sizeof(uint64_t), Q.GetArr() + i *
// wd_size_bytes, rowbytelen);
memcpy(inbuf + sizeof(uint64_t), mask.GetArr(), rowbytelen);
m_cCrypt->hash_buf(resbuf, aes_key_bytes, inbuf, hashinbytelen,
hash_buf);
memcpy(sbp[u], resbuf, aes_key_bytes);
// snd_buf[u].SetBits(resbuf, i * hashoutbitlen, hashoutbitlen);
} else {
// TODO: mecr has not been tested with KK-OT!!
BitMatrixMultiplication(tmpbufb, bits_in_bytes(hashoutbitlen),
mask.GetArr(), m_nBaseOTs, mat_mul,
tmpbuf);
// BitMatrixMultiplication(tmpbufb, bits_in_bytes(m_nBitLength),
// Q.GetArr() + i * wd_size_bytes, m_nBaseOTs, mat_mul, tmpbuf);
// m_vValues[u].SetBits(tmpbufb, (OT_ptr + i)* m_nBitLength,
// m_nBitLength);
snd_buf[u].SetBits(tmpbufb, i * hashoutbitlen, hashoutbitlen);
// m_vTempOTMasks.SetBytes(tmpbufb, (uint64_t) (OT_ptr + i) *
// aes_key_bytes, (uint64_t) aes_key_bytes);
// m_vValues[u].SetBytes(Q.GetArr() + i * wd_size_bytes, (OT_ptr
// + i)* wd_size_bytes, rowbytelen);
}
#endif
#ifdef DEBUG_OT_HASH_OUT
cout << "Hash-Out for i = " << global_OT_ptr << ", u = " << u
<< ": " << (hex);
for (uint32_t p = 0; p < aes_key_bytes; p++)
cout << setw(2) << setfill('0') << (uint32_t)sbp[u][p];
cout << (dec) << endl;
#endif
sbp[u] += m_cCrypt->get_aes_key_bytes();
}
}
// TODO: difference is in here!! (could be solved by giving the
// bit-length as parameter in the function call)
for (uint32_t u = 0; u < m_nSndVals; u++) {
m_fMaskFct->expandMask(&snd_buf[u], seedbuf[u].GetArr(), 0, OT_len,
m_nBitLength * choicebitlen, m_cCrypt);
// cout << "Mask " << u << ": ";
// snd_buf[u].PrintHex();
}
// m_vValues[0].PrintHex();
// m_vValues[1].PrintHex();
free(resbuf);
free(inbuf);
free(sbp);
free(hash_buf);
free(tmpbuf);
free(tmpbufb);
}
void OTExtSnd::HashValues(CBitVector& Q, CBitVector* seedbuf, CBitVector* snd_buf, uint64_t OT_ptr, uint64_t OT_len, uint64_t** mat_mul) {
uint64_t numhashiters = ceil_divide(m_nBitLength, m_cCrypt->get_hash_bytes());
uint32_t rowbytelen = bits_in_bytes(m_nBaseOTs);
uint32_t hashinbytelen = rowbytelen + sizeof(uint64_t);
uint64_t wd_size_bytes = m_nBlockSizeBytes;//1 << (ceil_log2(m_nBaseOTs) - 3);
uint32_t u;
uint32_t aes_key_bytes = m_cCrypt->get_aes_key_bytes();
uint64_t* Qptr = (uint64_t*) Q.GetArr();
uint64_t* Uptr = (uint64_t*) m_vU.GetArr();
uint8_t** sbp = (uint8_t**) malloc(sizeof(uint8_t*) * m_nSndVals);
uint8_t* inbuf = (uint8_t*) calloc(hashinbytelen, 1);
uint8_t* resbuf = (uint8_t*) calloc(m_cCrypt->get_hash_bytes(), 1);
uint8_t* hash_buf = (uint8_t*) calloc(m_cCrypt->get_hash_bytes(), 1);
uint64_t* tmpbuf = (uint64_t*) calloc(PadToMultiple(bits_in_bytes(m_nBitLength), sizeof(uint64_t)), 1);
uint8_t* tmpbufb = (uint8_t*) calloc(bits_in_bytes(m_nBitLength), 1);
uint64_t global_OT_ptr = OT_ptr + m_nCounter;
for (u = 0; u < m_nSndVals; u++)
sbp[u] = seedbuf[u].GetArr();
for (uint64_t i = 0; i < OT_len; global_OT_ptr++, i++, Qptr += 2) {
for (u = 0; u < m_nSndVals; u++) {
#ifdef HIGH_SPEED_ROT_LT
if(u == 1) {
Qptr[0]^=Uptr[0];
Qptr[1]^=Uptr[1];
}
#else
if (u == 1)
Q.XORBytes((uint8_t*) Uptr, i * wd_size_bytes, rowbytelen);
#endif
#ifdef DEBUG_OT_HASH_IN
cout << "Hash-In for i = " << global_OT_ptr << ", u = " << u << ": " << (hex);
for(uint32_t p = 0; p < rowbytelen; p++)
cout << setw(2) << setfill('0') << (uint32_t) (Q.GetArr() + i * wd_size_bytes)[p];
cout << (dec) << endl;
#endif
if(m_eSndOTFlav != Snd_GC_OT) {
#ifdef FIXED_KEY_AES_HASHING
FixedKeyHashing(m_kCRFKey, sbp[u], (BYTE*) Qptr, hash_buf, i, hashinbytelen, m_cCrypt);
#else
memcpy(inbuf, &global_OT_ptr, sizeof(uint64_t));
memcpy(inbuf+sizeof(uint64_t), Q.GetArr() + i * wd_size_bytes, rowbytelen);
m_cCrypt->hash_buf(resbuf, aes_key_bytes, inbuf, hashinbytelen, hash_buf);
memcpy(sbp[u], resbuf, aes_key_bytes);
} else {
BitMatrixMultiplication(tmpbufb, bits_in_bytes(m_nBitLength), Q.GetArr() + i * wd_size_bytes, m_nBaseOTs, mat_mul, tmpbuf);
//m_vValues[u].SetBits(tmpbufb, (OT_ptr + i)* m_nBitLength, m_nBitLength);
snd_buf[u].SetBits(tmpbufb, i * m_nBitLength, m_nBitLength);
//m_vTempOTMasks.SetBytes(tmpbufb, (uint64_t) (OT_ptr + i) * aes_key_bytes, (uint64_t) aes_key_bytes);
//m_vValues[u].SetBytes(Q.GetArr() + i * wd_size_bytes, (OT_ptr + i)* wd_size_bytes, rowbytelen);
}
#endif
#ifdef DEBUG_OT_HASH_OUT
cout << "Hash-Out for i = " << global_OT_ptr << ", u = " << u << ": " << (hex);
for(uint32_t p = 0; p < aes_key_bytes; p++)
cout << setw(2) << setfill('0') << (uint32_t) sbp[u][p];
cout << (dec) << endl;
#endif
sbp[u] += aes_key_bytes;
}
}
//m_vValues[0].PrintHex();
//m_vValues[1].PrintHex();
#ifndef HIGH_SPEED_ROT_LT
if(m_eSndOTFlav != Snd_GC_OT) {
//Two calls to expandMask, both writing into snd_buf
for (uint32_t u = 0; u < m_nSndVals; u++)
m_fMaskFct->expandMask(snd_buf[u], seedbuf[u].GetArr(), 0, OT_len, m_nBitLength, m_cCrypt);
}
#endif
free(resbuf);
free(inbuf);
free(sbp);
free(hash_buf);
free(tmpbuf);
free(tmpbufb);
}
void CServer::RunOTThread()
{
cout << "\not thread started\n" << flush;
// IKNP-first step: receiver of Naor-Pinkas
ZZ& p = CConfig::GetInstance()->GetPrime();
ZZ q = p/2 - 1;
ZZ& g = CConfig::GetInstance()->GetGenerator();
// NP receiver: receive Cs
int nBufSize = NUM_EXECS_NAOR_PINKAS * FIELD_SIZE_IN_BYTES;
BYTE* pBuf = new BYTE[nBufSize];
m_sockOT.Receive(pBuf, nBufSize);
ZZ* pC = new ZZ[NUM_EXECS_NAOR_PINKAS];
BYTE* pBufIdx = pBuf;
for(int i=0, idx=0; i<NUM_EXECS_NAOR_PINKAS; i++)
{
ZZFromBytes(pC[i], pBufIdx, FIELD_SIZE_IN_BYTES);
pBufIdx += FIELD_SIZE_IN_BYTES;
#ifdef _DEBUG
cout << "pC[" << i <<"]: " << pC[i] << endl;
#endif
}
// compute pk0, pk1
CBitVector rnd;
rnd.Create(NUM_EXECS_NAOR_PINKAS*FIELD_SIZE_IN_BITS, m_aSeed, m_nCounter);
BYTE* pBufRnd = rnd.GetArr();
ZZ* pK = new ZZ[NUM_EXECS_NAOR_PINKAS];
ZZ ztmp;
for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++)
{
ZZFromBytes(ztmp, pBufRnd, FIELD_SIZE_IN_BYTES);
pBufRnd += FIELD_SIZE_IN_BYTES;
rem(pK[i], ztmp, q);
}
pBufIdx = pBuf;
ZZ pk0, pk1;
for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++)
{
// compute pk0, pk1
if( !m_S.GetBit(i) )
{
PowerMod(pk0, g, pK[i], p);
}
else
{
PowerMod(pk1, g, pK[i], p);
//pk0 = pC[i]/pk1;
InvMod(ztmp, pk1, p);
MulMod(pk0, pC[i], ztmp, p);
}
#ifdef _DEBUG
cout << "pk0[" << i << "]: " << pk0 << endl;
#endif
// put pk0
BytesFromZZ(pBufIdx, pk0, FIELD_SIZE_IN_BYTES);
pBufIdx += FIELD_SIZE_IN_BYTES;
}
m_sockOT.Send(pBuf, nBufSize);
delete [] pC;
delete [] pBuf;
if( m_bStop ) return;
// NP receiver: get the g^r0, Enc(M0), g^r2, Enc(M1)
int nInputStart = m_pCircuit->GetInputStart(ID_CLIENT);
int nInputEnd = m_pCircuit->GetInputEnd(ID_CLIENT);
int nMsgSize = (nInputEnd-nInputStart)/SHA1_BITS + 1; // in sha1 scale
int nMsginOT = FIELD_SIZE_IN_BYTES + nMsgSize*SHA1_BYTES;
int nBufSize2 = NUM_EXECS_NAOR_PINKAS * nMsginOT * 2;
BYTE* pBuf2 = new BYTE[nBufSize2];
m_sockOT.Receive(pBuf2, nBufSize2);
ZZ w;
ZZ key;
BYTE tmp[FIELD_SIZE_IN_BYTES];
sha1_context sha;
SHA_BUFFER buf_key;
BYTE** ppMat = new BYTE*[NUM_EXECS_NAOR_PINKAS];
BYTE* pBufToRead;
BYTE* pBufMatIdx;
pBufIdx = pBuf2;
for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++)
{
ppMat[i] = new BYTE[nMsgSize*SHA1_BYTES];
if( !m_S.GetBit(i))
{
pBufToRead = pBufIdx;
pBufIdx += nMsginOT + nMsginOT;
}
else
{
pBufIdx += nMsginOT;
pBufToRead = pBufIdx;
pBufIdx += nMsginOT;
}
ZZFromBytes(w, pBufToRead, FIELD_SIZE_IN_BYTES);
pBufToRead += FIELD_SIZE_IN_BYTES;
PowerMod(key, w, pK[i], p);
BytesFromZZ(tmp, key, FIELD_SIZE_IN_BYTES);
sha1_starts(&sha);
sha1_update(&sha, tmp, FIELD_SIZE_IN_BYTES);
sha1_finish(&sha, (BYTE*) &buf_key);
pBufMatIdx=ppMat[i];
for(int j=0; j<nMsgSize; j++)
{
sha1_starts(&sha);
sha1_update(&sha, (BYTE*) &buf_key, sizeof(buf_key));
sha1_update(&sha, (BYTE*) &j, sizeof(int));
sha1_finish(&sha, tmp);
for(int x=0; x<SHA1_BYTES; x++, pBufMatIdx++, pBufToRead++ )
{
*(pBufMatIdx) = *(pBufToRead) ^ tmp[x];
}
}
}
delete [] pK;
if( m_bStop ) return;
// IKNP-second step: send the keys for client inputs
int nInputSize = nInputEnd - nInputStart + 1;
KEY* pKeys = new KEY[nInputSize*2];
YAO_WIRE* wire;
KEY* wirekey;
CBitVector qj;
qj.Create(NUM_EXECS_NAOR_PINKAS);
int j=0; // 0-starting index
KEY* pKeyIdx = pKeys;
for(int i=nInputStart; !m_bStop && i<=nInputEnd; i++,j++)
{
while( m_nGatesDone < i ) {
SleepMiliSec(100);
}
// compute qj
for(int r=0; r<NUM_EXECS_NAOR_PINKAS; r++)
{
qj.SetBit( r, ppMat[r][j/8] & bitmask[j & 0x7] );
}
// compute hash
sha1_starts(&sha);
sha1_update(&sha, qj.GetArr(), NUM_EXECS_NAOR_PINKAS/8);
sha1_update(&sha, (BYTE*)&j, sizeof(int));
sha1_finish(&sha, (BYTE*)&buf_key);
// y0
wire = m_pYaoWires+i;
wirekey = wire->keys + wire->b;
XOR_KEYP3( pKeyIdx, (&buf_key), wirekey );
pKeyIdx++;
// compute qj xor s
for(int x=0; x<NUM_EXECS_NAOR_PINKAS/8; x++ )
qj.GetArr()[x] ^= m_S.GetByte(x);
/*
#ifdef _DEBUG
cout << "qj xor s = ";
for(int z=0; z<NUM_EXECS_NAOR_PINKAS; z++)
cout << (int) qj.GetBit(z);
cout << endl;
#endif
*/
// y1
sha1_starts(&sha);
sha1_update(&sha, qj.GetArr(), NUM_EXECS_NAOR_PINKAS/8);
sha1_update(&sha, (BYTE*)&j, sizeof(int));
sha1_finish(&sha, (BYTE*)&buf_key);
wirekey = wire->keys + (wire->b^1);
XOR_KEYP3( pKeyIdx, (&buf_key), wirekey );
pKeyIdx++;
}
m_sockOT.Send( pKeys, nInputSize*sizeof(KEY)*2);
// clean-up
delete [] pBuf2;
for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++)
{
delete [] ppMat[i];
}
delete [] ppMat;
delete [] pKeys;
cout << "\not thread ended \n" << flush;
}
