void OTExtSnd::BuildQMatrix(CBitVector& T, uint64_t OT_ptr, uint64_t numblocks) { BYTE* Tptr = T.GetArr(); uint8_t* ctr_buf = (uint8_t*) calloc (AES_BYTES, sizeof(uint8_t)); uint32_t dummy; uint64_t* counter = (uint64_t*) ctr_buf; uint64_t wd_size_bytes = m_nBlockSizeBytes;//pad_to_power_of_two(m_nBaseOTs/8);//1 << (ceil_log2(m_nBaseOTs) - 3); uint64_t rowbytelen = wd_size_bytes * numblocks; AES_KEY_CTX* seedptr = m_vBaseOTKeys; uint64_t global_OT_ptr = OT_ptr + m_nCounter; uint64_t iters = rowbytelen / AES_BYTES; for (uint64_t k = 0, b; k < m_nBaseOTs; k++) { *counter = global_OT_ptr; for (b = 0; b < iters; b++, (*counter)++, Tptr += AES_BYTES) { m_cCrypt->encrypt(seedptr + k, Tptr, ctr_buf, AES_BYTES); #ifdef DEBUG_MALICIOUS cout << "k = " << k << ": "<< (hex) << ((uint64_t*) Tptr)[0] << ((uint64_t*) Tptr)[1] << (hex) << endl; #endif } #ifdef DEBUG_OT_SEED_EXPANSION cout << "Xs[" << k << "]: " << (hex); for(uint64_t i = 0; i < AES_BYTES * iters; i++) { cout << setw(2) << setfill('0') << (uint32_t) (Tptr-AES_BYTES*iters)[i]; } cout << (dec) << " (" << (*counter)-iters << ")" <<endl; #endif } free(ctr_buf); }
//XOR m_nU on top void OTExtSnd::UnMaskBaseOTs(CBitVector& T, CBitVector& RcvBuf, uint64_t numblocks) { uint64_t rowbytelen = m_nBlockSizeBytes * numblocks; uint8_t* rcvbufptr = RcvBuf.GetArr(); #ifdef GENERATE_T_EXPLICITELY uint64_t blocksizebytes = m_nBaseOTs * rowbytelen; #endif for (uint64_t k = 0; k < m_nBaseOTs; k++, rcvbufptr += rowbytelen) { #ifdef GENERATE_T_EXPLICITELY if (m_vU.GetBit(k) == 0) { T.XORBytes(rcvbufptr, k * rowbytelen, rowbytelen); } else { T.XORBytes(rcvbufptr + blocksizebytes, k * rowbytelen, rowbytelen); } #else if (m_vU.GetBit(k)) { T.XORBytes(rcvbufptr, k * rowbytelen, rowbytelen); } #endif } }
void CClient::RunOTThread() { // generate input vector int nInputStart = m_pCircuit->GetInputStart(ID_CLIENT); int nInputEnd = m_pCircuit->GetInputEnd(ID_CLIENT); int nInputSize = nInputEnd-nInputStart+1; m_r.Create(nInputSize); for(int i=nInputStart; i<=nInputEnd; i++) { m_r.SetBit(i-nInputStart, m_pGates[i].val); } // IKNP-first step: sender of Naor-Pinkas ZZ& p = CConfig::GetInstance()->GetPrime(); ZZ& g = CConfig::GetInstance()->GetGenerator(); ZZ q = p/2 - 1; int nBufSize = NUM_EXECS_NAOR_PINKAS * FIELD_SIZE_IN_BYTES; BYTE* pBuf = new BYTE[nBufSize]; // generate and send c CBitVector rnd; rnd.Create( NUM_EXECS_NAOR_PINKAS*FIELD_SIZE_IN_BITS, m_aSeed, m_nCounter); ZZ* pC = new ZZ[NUM_EXECS_NAOR_PINKAS ]; BYTE* pBufIdx = pBuf; BYTE* pBufIn = rnd.GetArr(); ZZ ztmp, ztmp2; for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++) { ZZFromBytes(ztmp, pBufIn, FIELD_SIZE_IN_BYTES); rem(ztmp2, ztmp, p); SqrMod(pC[i], ztmp2, p); BytesFromZZ(pBufIdx, pC[i], FIELD_SIZE_IN_BYTES); pBufIn += FIELD_SIZE_IN_BYTES; pBufIdx += FIELD_SIZE_IN_BYTES; } m_sockOT.Send(pBuf, NUM_EXECS_NAOR_PINKAS * FIELD_SIZE_IN_BYTES); // receive pk0 m_sockOT.Receive(pBuf, nBufSize); ZZ* pPK0 = new ZZ[NUM_EXECS_NAOR_PINKAS]; ZZ* pPK1 = new ZZ[NUM_EXECS_NAOR_PINKAS]; pBufIdx = pBuf; for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++ ) { ZZFromBytes(pPK0[i], pBufIdx, FIELD_SIZE_IN_BYTES); pBufIdx += FIELD_SIZE_IN_BYTES; // pPK[i] = pC[i]/pPK0[i] InvMod(ztmp, pPK0[i], p); MulMod(pPK1[i], pC[i], ztmp, p); } delete [] pBuf; // send <g^r1, Enc(M0)> and <g^r2, Enc(M1)> int nMsgSize = (nInputEnd-nInputStart)/SHA1_BITS + 1; // in sha1 scale int nMsginOT = FIELD_SIZE_IN_BYTES + nMsgSize*SHA1_BYTES; int nBufSize2 = NUM_EXECS_NAOR_PINKAS * nMsginOT * 2; BYTE* pBuf2 = new BYTE[nBufSize2]; // to do ZZ* pR0 = new ZZ[NUM_EXECS_NAOR_PINKAS]; ZZ* pR1 = new ZZ[NUM_EXECS_NAOR_PINKAS]; rnd.Create( NUM_EXECS_NAOR_PINKAS*2*FIELD_SIZE_IN_BITS, m_aSeed, m_nCounter); pBufIdx = rnd.GetArr(); for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++) { ZZFromBytes(ztmp, pBufIdx, FIELD_SIZE_IN_BYTES); rem(pR0[i], ztmp, q); pBufIdx += FIELD_SIZE_IN_BYTES; ZZFromBytes(ztmp, pBufIdx, FIELD_SIZE_IN_BYTES); rem(pR1[i], ztmp, q); pBufIdx += FIELD_SIZE_IN_BYTES; } ZZ gr0, gr1, pkr0, pkr1; pBufIdx = pBuf2; sha1_context sha; BYTE tmp[FIELD_SIZE_IN_BYTES]; SHA_BUFFER buf_key; for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++) { // put g^r0 PowerMod(gr0, g, pR0[i], p); BytesFromZZ(pBufIdx, gr0, FIELD_SIZE_IN_BYTES); pBufIdx += FIELD_SIZE_IN_BYTES; // compute the key for M0 PowerMod(pkr0, pPK0[i], pR0[i], p); BytesFromZZ(tmp, pkr0, FIELD_SIZE_IN_BYTES); sha1_starts(&sha); sha1_update(&sha, tmp, FIELD_SIZE_IN_BYTES); sha1_finish(&sha, (BYTE*) &buf_key); // put Enc(M0): M0 = t for(int j=0, k=0; j<nMsgSize; j++) { sha1_starts(&sha); sha1_update(&sha, (BYTE*) &buf_key, sizeof(buf_key)); sha1_update(&sha, (BYTE*) &j, sizeof(int)); sha1_finish(&sha, pBufIdx); for(int x=0; x < SHA1_BYTES; x++, k++, pBufIdx++ ) { *(pBufIdx) ^= m_T[i].GetByte(k); } } // put g^r1 PowerMod(gr1, g, pR1[i], p); BytesFromZZ(pBufIdx, gr1, FIELD_SIZE_IN_BYTES); pBufIdx += FIELD_SIZE_IN_BYTES; // compute the key for M1 PowerMod(pkr1, pPK1[i], pR1[i], p); BytesFromZZ(tmp, pkr1, FIELD_SIZE_IN_BYTES); sha1_starts(&sha); sha1_update(&sha, tmp, FIELD_SIZE_IN_BYTES); sha1_finish(&sha, (BYTE*) &buf_key); // put Enc(M1) : M1 = r xor t for(int j=0,k=0; j<nMsgSize; j++) { sha1_starts(&sha); sha1_update(&sha, (BYTE*) &buf_key, sizeof(buf_key)); sha1_update(&sha, (BYTE*) &j, sizeof(int)); sha1_finish(&sha, pBufIdx); for(int x=0; x < SHA1_BYTES; x++, pBufIdx++, k++ ) { *pBufIdx ^= m_T[i].GetByte(k) ^ m_r.GetByte(k); } } } m_sockOT.Send(pBuf2, nBufSize2); delete [] pBuf2; delete [] pR0; delete [] pR1; // IKNP: recv the keys for client inputs KEY* pKeys = new KEY[nInputSize*2]; m_sockOT.Receive(pKeys, nInputSize*sizeof(KEY)*2); KEY* pKeyIdx = pKeys; KEY* pYaoKeyIdx = m_pYaoKeys + nInputStart; CBitVector tj; tj.Create(NUM_EXECS_NAOR_PINKAS); for(int i=nInputStart, j=0; i<nInputEnd+1; i++, j++) { for(int x=0; x<NUM_EXECS_NAOR_PINKAS; x++) tj.SetBit(x, m_T[x].GetBit(j)); sha1_starts(&sha); sha1_update(&sha, tj.GetArr(), NUM_EXECS_NAOR_PINKAS/8); sha1_update(&sha, (BYTE*)&j, sizeof(int)); sha1_finish(&sha, (BYTE*)&buf_key); /* #ifdef _DEBUG cout << "H(tj, j)="; LOG_KEY(*pYaoKeyIdx); cout <<endl; cout << "gate-val=" << (int) m_pGates[i].val << endl; cout << "key0="; LOG_KEY(*pKeyIdx); cout << "key1="; LOG_KEY(*(pKeyIdx+1)); #endif */ if( !m_pGates[i].val ) { XOR_KEYP3(pYaoKeyIdx, (&buf_key), pKeyIdx); pKeyIdx++; pKeyIdx++; } else { pKeyIdx++; XOR_KEYP3(pYaoKeyIdx, (&buf_key), pKeyIdx); pKeyIdx++; } /* #ifdef _DEBUG cout << "gateid: " << i << " "; LOG_KEY(*pYaoKeyIdx); cout << endl; #endif */ pYaoKeyIdx++; } // clean-up delete [] pKeys; m_bOTDone = TRUE; }
void KKOTExtSnd::KKHashValues(CBitVector &Q, CBitVector *seedbuf, CBitVector *snd_buf, uint64_t OT_ptr, uint64_t OT_len, uint64_t **mat_mul) { uint64_t numhashiters = ceil_divide(m_nBitLength, m_cCrypt->get_hash_bytes()); uint32_t rowbytelen = bits_in_bytes(m_nBaseOTs); uint32_t hashinbytelen = rowbytelen + sizeof(uint64_t); uint32_t hashoutbitlen = ceil_log2(m_nSndVals); uint64_t wd_size_bytes = m_nBlockSizeBytes; // 1 << (ceil_log2(m_nBaseOTs) - 3); uint32_t u; uint32_t aes_key_bytes = m_cCrypt->get_aes_key_bytes(); uint32_t choicebitlen = ceil_log2(m_nSndVals); uint64_t *Qptr = (uint64_t *)Q.GetArr(); uint8_t **sbp = (uint8_t **)malloc(sizeof(uint8_t *) * m_nSndVals); uint8_t *inbuf = (uint8_t *)calloc(hashinbytelen, 1); uint8_t *resbuf = (uint8_t *)calloc(m_cCrypt->get_hash_bytes(), 1); uint8_t *hash_buf = (uint8_t *)calloc(m_cCrypt->get_hash_bytes(), 1); uint64_t *tmpbuf = (uint64_t *)calloc( PadToMultiple(bits_in_bytes(m_nBitLength), sizeof(uint64_t)), 1); uint8_t *tmpbufb = (uint8_t *)calloc(bits_in_bytes(m_nBitLength), 1); uint64_t global_OT_ptr = OT_ptr + m_nCounter; CBitVector mask(m_nCodeWordBits); for (u = 0; u < m_nSndVals; u++) { sbp[u] = seedbuf[u].GetArr(); } for (uint64_t i = 0; i < OT_len; global_OT_ptr++, i++, Qptr += 2) { for (u = 0; u < m_nSndVals; u++) { mask.Copy(m_vU, 0, rowbytelen); mask.ANDBytes((uint8_t *)m_vCodeWords[u], 0, rowbytelen); mask.XORBytes(Q.GetArr() + i * rowbytelen, rowbytelen); #ifdef DEBUG_OT_HASH_IN cout << "Hash-In for i = " << global_OT_ptr << ", u = " << u << ": " << (hex); for (uint32_t p = 0; p < rowbytelen; p++) cout << setw(2) << setfill('0') << (uint32_t)mask.GetArr()[p]; cout << (dec) << endl; // cout << "Using codeword " << (hex) << m_vCodeWords[u][0] << // m_vCodeWords[u][1] << (hex) << m_vCodeWords[u][2] << m_vCodeWords[u][3] << // (dec) << endl; #endif if (m_eSndOTFlav != Snd_GC_OT) { #ifdef FIXED_KEY_AES_HASHING FixedKeyHashing(m_kCRFKey, sbp[u], (BYTE *)Qptr, hash_buf, i, hashinbytelen, m_cCrypt); #else memcpy(inbuf, &global_OT_ptr, sizeof(uint64_t)); // memcpy(inbuf+sizeof(uint64_t), Q.GetArr() + i * // wd_size_bytes, rowbytelen); memcpy(inbuf + sizeof(uint64_t), mask.GetArr(), rowbytelen); m_cCrypt->hash_buf(resbuf, aes_key_bytes, inbuf, hashinbytelen, hash_buf); memcpy(sbp[u], resbuf, aes_key_bytes); // snd_buf[u].SetBits(resbuf, i * hashoutbitlen, hashoutbitlen); } else { // TODO: mecr has not been tested with KK-OT!! BitMatrixMultiplication(tmpbufb, bits_in_bytes(hashoutbitlen), mask.GetArr(), m_nBaseOTs, mat_mul, tmpbuf); // BitMatrixMultiplication(tmpbufb, bits_in_bytes(m_nBitLength), // Q.GetArr() + i * wd_size_bytes, m_nBaseOTs, mat_mul, tmpbuf); // m_vValues[u].SetBits(tmpbufb, (OT_ptr + i)* m_nBitLength, // m_nBitLength); snd_buf[u].SetBits(tmpbufb, i * hashoutbitlen, hashoutbitlen); // m_vTempOTMasks.SetBytes(tmpbufb, (uint64_t) (OT_ptr + i) * // aes_key_bytes, (uint64_t) aes_key_bytes); // m_vValues[u].SetBytes(Q.GetArr() + i * wd_size_bytes, (OT_ptr // + i)* wd_size_bytes, rowbytelen); } #endif #ifdef DEBUG_OT_HASH_OUT cout << "Hash-Out for i = " << global_OT_ptr << ", u = " << u << ": " << (hex); for (uint32_t p = 0; p < aes_key_bytes; p++) cout << setw(2) << setfill('0') << (uint32_t)sbp[u][p]; cout << (dec) << endl; #endif sbp[u] += m_cCrypt->get_aes_key_bytes(); } } // TODO: difference is in here!! (could be solved by giving the // bit-length as parameter in the function call) for (uint32_t u = 0; u < m_nSndVals; u++) { m_fMaskFct->expandMask(&snd_buf[u], seedbuf[u].GetArr(), 0, OT_len, m_nBitLength * choicebitlen, m_cCrypt); // cout << "Mask " << u << ": "; // snd_buf[u].PrintHex(); } // m_vValues[0].PrintHex(); // m_vValues[1].PrintHex(); free(resbuf); free(inbuf); free(sbp); free(hash_buf); free(tmpbuf); free(tmpbufb); }
void OTExtSnd::HashValues(CBitVector& Q, CBitVector* seedbuf, CBitVector* snd_buf, uint64_t OT_ptr, uint64_t OT_len, uint64_t** mat_mul) { uint64_t numhashiters = ceil_divide(m_nBitLength, m_cCrypt->get_hash_bytes()); uint32_t rowbytelen = bits_in_bytes(m_nBaseOTs); uint32_t hashinbytelen = rowbytelen + sizeof(uint64_t); uint64_t wd_size_bytes = m_nBlockSizeBytes;//1 << (ceil_log2(m_nBaseOTs) - 3); uint32_t u; uint32_t aes_key_bytes = m_cCrypt->get_aes_key_bytes(); uint64_t* Qptr = (uint64_t*) Q.GetArr(); uint64_t* Uptr = (uint64_t*) m_vU.GetArr(); uint8_t** sbp = (uint8_t**) malloc(sizeof(uint8_t*) * m_nSndVals); uint8_t* inbuf = (uint8_t*) calloc(hashinbytelen, 1); uint8_t* resbuf = (uint8_t*) calloc(m_cCrypt->get_hash_bytes(), 1); uint8_t* hash_buf = (uint8_t*) calloc(m_cCrypt->get_hash_bytes(), 1); uint64_t* tmpbuf = (uint64_t*) calloc(PadToMultiple(bits_in_bytes(m_nBitLength), sizeof(uint64_t)), 1); uint8_t* tmpbufb = (uint8_t*) calloc(bits_in_bytes(m_nBitLength), 1); uint64_t global_OT_ptr = OT_ptr + m_nCounter; for (u = 0; u < m_nSndVals; u++) sbp[u] = seedbuf[u].GetArr(); for (uint64_t i = 0; i < OT_len; global_OT_ptr++, i++, Qptr += 2) { for (u = 0; u < m_nSndVals; u++) { #ifdef HIGH_SPEED_ROT_LT if(u == 1) { Qptr[0]^=Uptr[0]; Qptr[1]^=Uptr[1]; } #else if (u == 1) Q.XORBytes((uint8_t*) Uptr, i * wd_size_bytes, rowbytelen); #endif #ifdef DEBUG_OT_HASH_IN cout << "Hash-In for i = " << global_OT_ptr << ", u = " << u << ": " << (hex); for(uint32_t p = 0; p < rowbytelen; p++) cout << setw(2) << setfill('0') << (uint32_t) (Q.GetArr() + i * wd_size_bytes)[p]; cout << (dec) << endl; #endif if(m_eSndOTFlav != Snd_GC_OT) { #ifdef FIXED_KEY_AES_HASHING FixedKeyHashing(m_kCRFKey, sbp[u], (BYTE*) Qptr, hash_buf, i, hashinbytelen, m_cCrypt); #else memcpy(inbuf, &global_OT_ptr, sizeof(uint64_t)); memcpy(inbuf+sizeof(uint64_t), Q.GetArr() + i * wd_size_bytes, rowbytelen); m_cCrypt->hash_buf(resbuf, aes_key_bytes, inbuf, hashinbytelen, hash_buf); memcpy(sbp[u], resbuf, aes_key_bytes); } else { BitMatrixMultiplication(tmpbufb, bits_in_bytes(m_nBitLength), Q.GetArr() + i * wd_size_bytes, m_nBaseOTs, mat_mul, tmpbuf); //m_vValues[u].SetBits(tmpbufb, (OT_ptr + i)* m_nBitLength, m_nBitLength); snd_buf[u].SetBits(tmpbufb, i * m_nBitLength, m_nBitLength); //m_vTempOTMasks.SetBytes(tmpbufb, (uint64_t) (OT_ptr + i) * aes_key_bytes, (uint64_t) aes_key_bytes); //m_vValues[u].SetBytes(Q.GetArr() + i * wd_size_bytes, (OT_ptr + i)* wd_size_bytes, rowbytelen); } #endif #ifdef DEBUG_OT_HASH_OUT cout << "Hash-Out for i = " << global_OT_ptr << ", u = " << u << ": " << (hex); for(uint32_t p = 0; p < aes_key_bytes; p++) cout << setw(2) << setfill('0') << (uint32_t) sbp[u][p]; cout << (dec) << endl; #endif sbp[u] += aes_key_bytes; } } //m_vValues[0].PrintHex(); //m_vValues[1].PrintHex(); #ifndef HIGH_SPEED_ROT_LT if(m_eSndOTFlav != Snd_GC_OT) { //Two calls to expandMask, both writing into snd_buf for (uint32_t u = 0; u < m_nSndVals; u++) m_fMaskFct->expandMask(snd_buf[u], seedbuf[u].GetArr(), 0, OT_len, m_nBitLength, m_cCrypt); } #endif free(resbuf); free(inbuf); free(sbp); free(hash_buf); free(tmpbuf); free(tmpbufb); }
void CServer::RunOTThread() { cout << "\not thread started\n" << flush; // IKNP-first step: receiver of Naor-Pinkas ZZ& p = CConfig::GetInstance()->GetPrime(); ZZ q = p/2 - 1; ZZ& g = CConfig::GetInstance()->GetGenerator(); // NP receiver: receive Cs int nBufSize = NUM_EXECS_NAOR_PINKAS * FIELD_SIZE_IN_BYTES; BYTE* pBuf = new BYTE[nBufSize]; m_sockOT.Receive(pBuf, nBufSize); ZZ* pC = new ZZ[NUM_EXECS_NAOR_PINKAS]; BYTE* pBufIdx = pBuf; for(int i=0, idx=0; i<NUM_EXECS_NAOR_PINKAS; i++) { ZZFromBytes(pC[i], pBufIdx, FIELD_SIZE_IN_BYTES); pBufIdx += FIELD_SIZE_IN_BYTES; #ifdef _DEBUG cout << "pC[" << i <<"]: " << pC[i] << endl; #endif } // compute pk0, pk1 CBitVector rnd; rnd.Create(NUM_EXECS_NAOR_PINKAS*FIELD_SIZE_IN_BITS, m_aSeed, m_nCounter); BYTE* pBufRnd = rnd.GetArr(); ZZ* pK = new ZZ[NUM_EXECS_NAOR_PINKAS]; ZZ ztmp; for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++) { ZZFromBytes(ztmp, pBufRnd, FIELD_SIZE_IN_BYTES); pBufRnd += FIELD_SIZE_IN_BYTES; rem(pK[i], ztmp, q); } pBufIdx = pBuf; ZZ pk0, pk1; for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++) { // compute pk0, pk1 if( !m_S.GetBit(i) ) { PowerMod(pk0, g, pK[i], p); } else { PowerMod(pk1, g, pK[i], p); //pk0 = pC[i]/pk1; InvMod(ztmp, pk1, p); MulMod(pk0, pC[i], ztmp, p); } #ifdef _DEBUG cout << "pk0[" << i << "]: " << pk0 << endl; #endif // put pk0 BytesFromZZ(pBufIdx, pk0, FIELD_SIZE_IN_BYTES); pBufIdx += FIELD_SIZE_IN_BYTES; } m_sockOT.Send(pBuf, nBufSize); delete [] pC; delete [] pBuf; if( m_bStop ) return; // NP receiver: get the g^r0, Enc(M0), g^r2, Enc(M1) int nInputStart = m_pCircuit->GetInputStart(ID_CLIENT); int nInputEnd = m_pCircuit->GetInputEnd(ID_CLIENT); int nMsgSize = (nInputEnd-nInputStart)/SHA1_BITS + 1; // in sha1 scale int nMsginOT = FIELD_SIZE_IN_BYTES + nMsgSize*SHA1_BYTES; int nBufSize2 = NUM_EXECS_NAOR_PINKAS * nMsginOT * 2; BYTE* pBuf2 = new BYTE[nBufSize2]; m_sockOT.Receive(pBuf2, nBufSize2); ZZ w; ZZ key; BYTE tmp[FIELD_SIZE_IN_BYTES]; sha1_context sha; SHA_BUFFER buf_key; BYTE** ppMat = new BYTE*[NUM_EXECS_NAOR_PINKAS]; BYTE* pBufToRead; BYTE* pBufMatIdx; pBufIdx = pBuf2; for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++) { ppMat[i] = new BYTE[nMsgSize*SHA1_BYTES]; if( !m_S.GetBit(i)) { pBufToRead = pBufIdx; pBufIdx += nMsginOT + nMsginOT; } else { pBufIdx += nMsginOT; pBufToRead = pBufIdx; pBufIdx += nMsginOT; } ZZFromBytes(w, pBufToRead, FIELD_SIZE_IN_BYTES); pBufToRead += FIELD_SIZE_IN_BYTES; PowerMod(key, w, pK[i], p); BytesFromZZ(tmp, key, FIELD_SIZE_IN_BYTES); sha1_starts(&sha); sha1_update(&sha, tmp, FIELD_SIZE_IN_BYTES); sha1_finish(&sha, (BYTE*) &buf_key); pBufMatIdx=ppMat[i]; for(int j=0; j<nMsgSize; j++) { sha1_starts(&sha); sha1_update(&sha, (BYTE*) &buf_key, sizeof(buf_key)); sha1_update(&sha, (BYTE*) &j, sizeof(int)); sha1_finish(&sha, tmp); for(int x=0; x<SHA1_BYTES; x++, pBufMatIdx++, pBufToRead++ ) { *(pBufMatIdx) = *(pBufToRead) ^ tmp[x]; } } } delete [] pK; if( m_bStop ) return; // IKNP-second step: send the keys for client inputs int nInputSize = nInputEnd - nInputStart + 1; KEY* pKeys = new KEY[nInputSize*2]; YAO_WIRE* wire; KEY* wirekey; CBitVector qj; qj.Create(NUM_EXECS_NAOR_PINKAS); int j=0; // 0-starting index KEY* pKeyIdx = pKeys; for(int i=nInputStart; !m_bStop && i<=nInputEnd; i++,j++) { while( m_nGatesDone < i ) { SleepMiliSec(100); } // compute qj for(int r=0; r<NUM_EXECS_NAOR_PINKAS; r++) { qj.SetBit( r, ppMat[r][j/8] & bitmask[j & 0x7] ); } // compute hash sha1_starts(&sha); sha1_update(&sha, qj.GetArr(), NUM_EXECS_NAOR_PINKAS/8); sha1_update(&sha, (BYTE*)&j, sizeof(int)); sha1_finish(&sha, (BYTE*)&buf_key); // y0 wire = m_pYaoWires+i; wirekey = wire->keys + wire->b; XOR_KEYP3( pKeyIdx, (&buf_key), wirekey ); pKeyIdx++; // compute qj xor s for(int x=0; x<NUM_EXECS_NAOR_PINKAS/8; x++ ) qj.GetArr()[x] ^= m_S.GetByte(x); /* #ifdef _DEBUG cout << "qj xor s = "; for(int z=0; z<NUM_EXECS_NAOR_PINKAS; z++) cout << (int) qj.GetBit(z); cout << endl; #endif */ // y1 sha1_starts(&sha); sha1_update(&sha, qj.GetArr(), NUM_EXECS_NAOR_PINKAS/8); sha1_update(&sha, (BYTE*)&j, sizeof(int)); sha1_finish(&sha, (BYTE*)&buf_key); wirekey = wire->keys + (wire->b^1); XOR_KEYP3( pKeyIdx, (&buf_key), wirekey ); pKeyIdx++; } m_sockOT.Send( pKeys, nInputSize*sizeof(KEY)*2); // clean-up delete [] pBuf2; for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++) { delete [] ppMat[i]; } delete [] ppMat; delete [] pKeys; cout << "\not thread ended \n" << flush; }