int main(int argc, char **argv) {
srand(time(NULL));
GarbledCircuit garbledCircuit;
GarblingContext garblingContext;
if (argc != 2) {
printf("Usage: <prog_name> number_of_gates (in thousands)");
}
//Set up circuit parameters
int n = atoi(argv[1]) * 1024;
int m = 1;
int q = n;
int r = 5 * n;
//Set up input and output tokens/labels.
block *labels = (block*) malloc(sizeof(block) * 2 * n);
block *exlabels = (block*) malloc(sizeof(block) * n);
block *outputbs2 = (block*) malloc(sizeof(block) * m);
block *outputbs = (block*) malloc(sizeof(block) * m);
int *inp = (int *) malloc(sizeof(int) * n);
countToN(inp, n);
int outputs[1];
OutputMap outputMap = outputbs;
InputLabels inputLabels = labels;
//Actually build a circuit. Alternatively, this circuit could be read
//from a file.
createInputLabels(labels, n);
createEmptyGarbledCircuit(&garbledCircuit, n, m, q, r, inputLabels);
startBuilding(&garbledCircuit, &garblingContext);
MIXEDCircuit(&garbledCircuit, &garblingContext, n, inp, outputs);
finishBuilding(&garbledCircuit, &garblingContext, outputMap, outputs);
//Garble the built circuit.
garbleCircuit(&garbledCircuit, inputLabels, outputMap);
//Evaluate the circuit with random values and check the computed
//values match the outputs of the desired function.
checkCircuit(&garbledCircuit, inputLabels, outputMap, &(checkfn));
return 0;
}
int fixedZeroWire(GarbledCircuit *garbledCircuit,
GarblingContext *garblingContext) {
int ind = getNextWire(garblingContext);
garblingContext->fixedWires[ind] = FIXED_ZERO_GATE;
Wire *wire = &garbledCircuit->wires[ind];
if (wire->id != 0)
printf("ERROR: Reusing output at wire %d\n", ind);
block labels[2];
createInputLabels(labels, 1);
InputLabels inputLabels = labels;
wire->id = ind;
wire->label0 = randomBlock();
wire->label1 = xorBlocks(garblingContext->R, wire->label0);
return ind;
}
int
main(int argc, char *argv[])
{
GarbledCircuit gc;
block *outputMap = allocate_blocks(2 * m);
block *inputLabels = allocate_blocks(2 * n);
block seed;
int *timeGarble = calloc(times, sizeof(int));
int *timeEval = calloc(times, sizeof(int));
double *timeGarbleMedians = calloc(times, sizeof(double));
double *timeEvalMedians = calloc(times, sizeof(double));
unsigned char hash[SHA_DIGEST_LENGTH];
GarbleType type = GARBLE_TYPE_STANDARD;
seed = seedRandom(NULL);
createInputLabels(inputLabels, n);
buildAESCircuit(&gc, inputLabels);
/* readCircuitFromFile(&gc, AES_CIRCUIT_FILE_NAME); */
garbleCircuit(&gc, outputMap, type);
hashGarbledCircuit(&gc, hash, type);
{
block *extractedLabels = allocate_blocks(n);
block *computedOutputMap = allocate_blocks(m);
int *inputs = calloc(n, sizeof(int));
int *outputVals = calloc(m, sizeof(int));
for (int i = 0; i < n; ++i) {
inputs[i] = rand() % 2;
}
extractLabels(extractedLabels, inputLabels, inputs, gc.n);
evaluate(&gc, extractedLabels, computedOutputMap, type);
assert(mapOutputs(outputMap, computedOutputMap, outputVals, m) == SUCCESS);
{
GarbledCircuit gc2;
(void) seedRandom(&seed);
createInputLabels(inputLabels, n);
buildAESCircuit(&gc2, inputLabels);
assert(checkGarbledCircuit(&gc2, hash, type) == SUCCESS);
}
free(extractedLabels);
free(computedOutputMap);
free(inputs);
free(outputVals);
}
for (int j = 0; j < times; j++) {
for (int i = 0; i < times; i++) {
timeGarble[i] = timedGarble(&gc, outputMap, type);
timeEval[i] = timedEval(&gc, inputLabels, type);
}
timeGarbleMedians[j] = ((double) median(timeGarble, times)) / gc.q;
timeEvalMedians[j] = ((double) median(timeEval, times)) / gc.q;
}
double garblingTime = doubleMean(timeGarbleMedians, times);
double evalTime = doubleMean(timeEvalMedians, times);
printf("%lf %lf\n", garblingTime, evalTime);
free(outputMap);
free(inputLabels);
free(timeGarble);
free(timeEval);
free(timeGarbleMedians);
free(timeEvalMedians);
return 0;
}
int main() {
char* refId = "rs1048659";
char* name = "HG00372";
// CI part
int i,j;
read_names();
read_ids();
int size_names = size_of_names();
int size_ids = size_of_ids();
int refId_id = find_ids_id(refId);
int name_id = find_name_id(name);
read_encs();
char encC = get_char_in_enc((size_names*refId_id)+name_id);
read_skeys();
char skeyC = get_char_in_skeys((size_names*refId_id)+name_id);
// SPU -> GC building part
GarbledCircuit garbledCircuit;
GarblingContext garblingContext;
int inputsNb = 32;
int wiresNb = 50000;
int gatesNb = 50000;
int outputsNb = 32;
//Create a circuit.
block labels[2 * inputsNb];
createInputLabels(labels, inputsNb);
InputLabels inputLabels = labels;
createEmptyGarbledCircuit(&garbledCircuit, inputsNb, outputsNb, gatesNb,
wiresNb, inputLabels);
startBuilding(&garbledCircuit, &garblingContext);
// Transform generator's input into fixed wire
int zero = fixedZeroWire(&garbledCircuit,&garblingContext);
int one = fixedOneWire(&garbledCircuit,&garblingContext);
int onewire = getNextWire(&garblingContext);
NOTGate(&garbledCircuit,&garblingContext,zero,onewire);
int zerowire = getNextWire(&garblingContext);
NOTGate(&garbledCircuit,&garblingContext,one,zerowire);
int outputs[outputsNb];
int *inp = (int *) malloc(sizeof(int) * inputsNb*2);
countToN(inp, inputsNb);
//countToN(outputs, inputsNb);
int bits[inputsNb];
int_into_ints(encC,bits);
for (i = 0; i < inputsNb; i++) {
if (bits[i]) {
inp[inputsNb+i] = onewire;
} else {
inp[inputsNb+i] = zerowire;
}
}
int tempOutput[2*outputsNb];
XORCircuit(&garbledCircuit, &garblingContext, inputsNb*2, inp, outputs);
block *outputbs = (block*) malloc(sizeof(block) * outputsNb);
OutputMap outputMap = outputbs;
finishBuilding(&garbledCircuit, &garblingContext, outputMap, outputs);
garbleCircuit(&garbledCircuit, inputLabels, outputMap);
// MU -> Evaluation part
block extractedLabels[inputsNb];
int extractedInputs[inputsNb];
int_into_ints(skeyC,extractedInputs);
extractLabels(extractedLabels, inputLabels, extractedInputs, inputsNb);
block computedOutputMap[outputsNb];
evaluate(&garbledCircuit, extractedLabels, computedOutputMap);
int outputVals[outputsNb];
mapOutputs(outputMap, computedOutputMap, outputVals, outputsNb);
//TODO
int res = ints_into_int(outputVals);
printf("RESULT IS : %d\n",res);
return 0;
}
int main(int argc, char* argv[]) {
//----------------------
#ifndef DEBUG
srand(time(NULL));
srand_sse(time(NULL));
#else
srand(1);
srand_sse(1111);
#endif
if (argc < 3) {
printf("Usage: %s <scd file name> <port> \n", argv[0]);
return -1;
}
int port = atoi(argv[2]);
int connfd = server_init(port);
if (connfd == -1) {
printf("Something's wrong with the socket!\n");
return -1;
}
#define GARBLING
#ifndef GARBLING
server_close(connfd);
return 0;
#else
//----------------------------------------- Garbling
GarbledCircuit garbledCircuit;
long i, j, cid;
readCircuitFromFile(&garbledCircuit, argv[1]);
printf("garbledCircuit.I[0] = %d\n", garbledCircuit.I[0]);
int n = garbledCircuit.n;
int g = garbledCircuit.g;
int p = garbledCircuit.p;
int m = garbledCircuit.m;
int c = garbledCircuit.c;
int e = n - g;
int *garbler_inputs = (int *) malloc(sizeof(int) * (g) * c);
block *inputLabels = (block *) malloc(sizeof(block) * 2 * n * c);
block *initialDFFLable = (block *) malloc(sizeof(block) * 2 * p);
block *outputLabels = (block *) malloc(sizeof(block) * 2 * m * c);
printf("\n\ninputs:\n");
for (cid = 0; cid < c; cid++) {
for (j = 0; j < g; j++) {
garbler_inputs[cid * g + j] = rand() % 2;
printf("%d ", garbler_inputs[cid * g + j]);
}
}
printf("\n\n");
#ifndef DEBUG
block R = randomBlock();
*((short *) (&R)) |= 1;
#else
block R = makeBlock((long )(-1), (long )(-1));
#endif
uint8_t * rptr = (uint8_t*) &R;
for (int i = 0; i < 16; i++)
rptr[i] = 0xff;
// *((short *) (&R)) |= 1;
rptr[0] |= 1;
createInputLabels(inputLabels, R, n * c);
createInputLabels(initialDFFLable, R, p);
///--------------------------------------------------------------- OT Extension
//Parameters
int numOTs = c * e;
int bitlength = 128;
m_nSecParam = 128;
m_nNumOTThreads = 1;
BYTE version;
crypto *crypt = new crypto(m_nSecParam, (uint8_t*) m_vSeed);
InitOTSender(connfd, crypt);
CBitVector delta, X1, X2;
delta.Create(numOTs, bitlength, crypt);
m_fMaskFct = new XORMasking(bitlength, delta);
for (int i=0;i<numOTs;i++)
delta.SetBytes(rptr, i*16, 16);
printf("Delta: ");
for (int i = 0; i < 16; i++) {
printf("%02x", delta.GetByte(i));
}
printf("\n");
printf("R: ");
print__m128i(R);
printf("\n");
X1.Create(numOTs, bitlength);
X1.Reset();
X2.Create(numOTs, bitlength);
X2.Reset();
uint8_t* b = new BYTE[16];
BYTE* b2 = new BYTE[16];
cout << "Sender performing " << numOTs << " C_OT extensions on "
<< bitlength << " bit elements" << endl;
version = C_OT;
ObliviouslySend(X1, X2, numOTs, bitlength, version, crypt);
//putting X1 & X2 into inputLabels
printf("printing inputLabels after copy from X1 and X2:\n\n");
uint8_t* inputLabelsptr;
for (cid = 0; cid < c; cid++) {
for (j = 0; j < e; j++) {
inputLabelsptr = (uint8_t*) &inputLabels[2 * (cid * n + g + j)];
X1.GetBytes(inputLabelsptr, 16*(cid * e + j), 16);
print__m128i(inputLabels[2 * (cid * n + g + j)]);
inputLabelsptr = (uint8_t*) &inputLabels[2 * (cid * n + g + j) + 1];
X2.GetBytes(inputLabelsptr, 16*(cid * e + j), 16);
print__m128i(inputLabels[2 * (cid * n + g + j) + 1]);
}
}
//print
printf("Printing X1:\n");
for (int j = 0; j < numOTs; j++) {
for (int i = 0; i < 16; i++) {
b[i] = X1.GetByte(i + j * 16);
printf("%02x", b[i]);
}
printf("\n");
}
printf("\n\n");
printf("Printing X2:\n");
for (int j = 0; j < numOTs; j++) {
for (int i = 0; i < 16; i++) {
b[i] = X2.GetByte(i + j * 16);
printf("%02x", b[i]);
}
printf("\n");
}
printf("\n\n");
printf("Printing delta:\t");
for (int i = 0; i < 16; i++) {
b[i] = delta.GetByte(i);
printf("%02x", b[i]);
}
printf("\n");
//----------------------------------------------------end of OT Extension
for (cid = 0; cid < c; cid++) {
for (j = 0; j < g; j++) {
if (garbler_inputs[cid * g + j] == 0)
send_block(connfd, inputLabels[2 * (cid * n + j)]);
else
send_block(connfd, inputLabels[2 * (cid * n + j) + 1]);
printf("i(%ld, %ld, %d)\n", cid, j, garbler_inputs[cid * g + j]);
print__m128i(inputLabels[2 * (cid * n + j)]);
print__m128i(inputLabels[2 * (cid * n + j) + 1]);
}
//------------------------------------------------------------------------------------------ CHANGE 1
for (j = 0; j < e; j++) {
// int ev_input;
// read(connfd, &ev_input, sizeof(int));
// if (!ev_input)
// send_block(connfd, inputLabels[2 * (cid * n + g + j)]);
// else
// send_block(connfd, inputLabels[2 * (cid * n + g + j) + 1]);
printf("evaluator : i(%ld, %ld, ?)\n", cid, j);
print__m128i(inputLabels[2 * (cid * n + g + j)]);
print__m128i(inputLabels[2 * (cid * n + g + j) + 1]);
}
printf("Compare to: ");
printf("\n");
//----------------------------------------------------------------------end
}
printf("\n\n");
for (j = 0; j < p; j++) //p:#DFF
{
printf("garbledCircuit.I[j] = %d\n", garbledCircuit.I[j]);
if (garbledCircuit.I[j] == CONST_ZERO) // constant zero
{
send_block(connfd, initialDFFLable[2 * j]);
printf("dffi(%ld, %ld, %d)\n", cid, j, 0);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
} else if (garbledCircuit.I[j] == CONST_ONE) // constant zero
{
send_block(connfd, initialDFFLable[2 * j + 1]);
printf("dffi(%ld, %ld, %d)\n", cid, j, 0);
print__m128i(inputLabels[2 * j]);
print__m128i(inputLabels[2 * j + 1]);
} else if (garbledCircuit.I[j] < g) //belongs to Alice (garbler)
{
int index = garbledCircuit.I[j];
if (garbler_inputs[index] == 0)
send_block(connfd, initialDFFLable[2 * j]);
else
send_block(connfd, initialDFFLable[2 * j + 1]);
printf("dffi(%ld, %ld, %d)\n", cid, j, garbler_inputs[index]);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
}
//------------------------------------------------------------------------------------------ CHANGE 2
else //**** belongs to Bob
{
// int ev_input;
// read(connfd, &ev_input, sizeof(int));
// if (!ev_input)
// send_block(connfd, initialDFFLable[2 * j]);
// else
// send_block(connfd, initialDFFLable[2 * j + 1]);
// printf("dffi(%ld, %ld, %d)\n", cid, j, ev_input);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
printf("\n");
}
//----------------------------------------------------------------------end
}
printf("\n\n");
///--------------------------------------------------------------- OT Extension
//Parameters
numOTs = p;
delta.Create(numOTs, bitlength, crypt);
m_fMaskFct = new XORMasking(bitlength, delta);
for (int i=0;i<numOTs;i++)
delta.SetBytes(rptr, i*16, 16);
printf("Delta: ");
for (int i = 0; i < 16; i++) {
printf("%02x", delta.GetByte(i));
}
printf("\n");
printf("R: ");
print__m128i(R);
printf("\n");
X1.Create(numOTs, bitlength);
X1.Reset();
X2.Create(numOTs, bitlength);
X2.Reset();
cout << "Sender performing " << numOTs << " C_OT extensions on "
<< bitlength << " bit elements" << endl;
version = C_OT;
ObliviouslySend(X1, X2, numOTs, bitlength, version, crypt);
//putting X1 & X2 into inputLabels
printf("printing inputLabels after copy from X1 and X2:\n\n");
for (j = 0; j < p; j++) {
inputLabelsptr = (uint8_t*) &initialDFFLable[2 * j];
X1.GetBytes(inputLabelsptr, 16*(j), 16);
inputLabelsptr = (uint8_t*) &initialDFFLable[2 * j +1];
X2.GetBytes(inputLabelsptr, 16*( j), 16);
}
delete crypt;
//----------------------------------------------------end of OT Extension
garbledCircuit.globalKey = randomBlock();
send_block(connfd, garbledCircuit.globalKey); // send DKC key
printf("R: ");
print__m128i(R);
printf("\n");
garble(&garbledCircuit, inputLabels, initialDFFLable, outputLabels, &R,
connfd);
printf("***************** InputLabels\n");
for (int i=0;i<n*c*2;i++)
print__m128i(inputLabels[i]);
for (cid = 0; cid < c; cid++) {
for (i = 0; i < m; i++) {
short outputType = getLSB(outputLabels[2 * (m * cid + i) + 0]);
send_type(connfd, outputType);
}
}
server_close(connfd);
removeGarbledCircuit(&garbledCircuit);
return 0;
#endif
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels,
OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const block *sched = ((block *) (dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText, *cipherText;
block tweak;
long i, j, rnds = 10;
block blocks[4];
block keys[4];
long lsb0, lsb1;
int input0, input1, output;
srand_sse(time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for (i = 0; i < 2 * garbledCircuit->n; i += 2) {
garbledCircuit->wires[i / 2].label0 = inputLabels[i];
garbledCircuit->wires[i / 2].label1 = inputLabels[i + 1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
block rkey = randomBlock();
AES_KEY KR;
AES_set_encrypt_key((unsigned char *) &rkey, 128, &KR);
const __m128i *sched2 = ((__m128i *) (KR.rd_key));
garblingContext.R =
xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for (i = 0; i < garbledCircuit->q; i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0;
input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 =
xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 =
xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block val = _mm_xor_si128(tweak, sched[0]);
for (j = 1; j < rnds; j++)
val = _mm_aesenc_si128(val, sched2[j]);
garbledCircuit->wires[garbledGate->output].label0 =
_mm_aesenclast_si128(val, sched[j]);
garbledCircuit->wires[garbledGate->output].label1 =
xorBlocks(garblingContext.R,
garbledCircuit->wires[garbledGate->output].label0);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(xorBlocks(A0, B0) , tweak);
keys[1] = xorBlocks(xorBlocks(A0,B1), tweak);
keys[2] = xorBlocks(xorBlocks(A1, B0), tweak);
keys[3] = xorBlocks(xorBlocks(A1, B1), tweak);
block *temp[2];
temp[0] = &garbledCircuit->wires[garbledGate->output].label0;
temp[1] = &garbledCircuit->wires[garbledGate->output].label1;
int bp = 0;
blocks[0] =
xorBlocks(keys[0], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[1] =
xorBlocks(keys[1], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[2] =
xorBlocks(keys[2], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[3] =
xorBlocks(keys[3], *(temp[(garbledGate->type & (1<<bp))>>bp]));
write:
AES_ecb_encrypt_blks_4(keys, &(garblingContext.dkCipherContext.K));
garbledTable[tableIndex].table[2 * lsb0 + lsb1] =
xorBlocks(blocks[0], keys[0]);
garbledTable[tableIndex].table[2 * lsb0 + 1 - lsb1] =
xorBlocks(blocks[1], keys[1]);
garbledTable[tableIndex].table[2 * (1 - lsb0) + lsb1] =
xorBlocks(blocks[2], keys[2]);
garbledTable[tableIndex].table[2 * (1 - lsb0) + (1 - lsb1)] =
xorBlocks(blocks[3], keys[3]);
tableIndex++;
}
for (i = 0; i < garbledCircuit->m; i++) {
outputMap[2 * i] =
garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2 * i + 1] =
garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels, OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const __m128i *sched = ((__m128i *)(dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText,*cipherText;
block tweak;
long a, b, i, j,rnds = 10;
block blocks[4];
block keys[4];
long lsb0,lsb1;
block keyToEncrypt;
int input0, input1, output;
srand_sse( time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for(i=0;i<2*garbledCircuit->n;i+=2) {
garbledCircuit->wires[i/2].id = i+1;
garbledCircuit->wires[i/2].label0 = inputLabels[i];
garbledCircuit->wires[i/2].label1 = inputLabels[i+1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
garblingContext.R = xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for(i=0; i< garbledCircuit->q;i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0; input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
input0 = garbledGate->input0; input1 = garbledGate->input1;
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(A0, B0);
keys[0] = xorBlocks(keys[0], tweak);
keys[1] = xorBlocks(A0,B1);
keys[1] = xorBlocks(keys[1], tweak);
keys[2] = xorBlocks(A1, B0);
keys[2] = xorBlocks(keys[2], tweak);
keys[3] = xorBlocks(A1, B1);
keys[3] = xorBlocks(keys[3], tweak);
block mask[4]; block newToken;
mask[0] = keys[0];
mask[1] = keys[1];
mask[2] = keys[2];
mask[3] = keys[3];
AES_ecb_encrypt_blks(keys, 4, &(garblingContext.dkCipherContext.K));
mask[0] = xorBlocks(mask[0], keys[0]);
mask[1] = xorBlocks(mask[1],keys[1]);
mask[2] = xorBlocks(mask[2],keys[2]);
mask[3] = xorBlocks(mask[3],keys[3]);
if (2*lsb0 + lsb1 ==0)
newToken = mask[0];
if (2*lsb0 + 1-lsb1 ==0)
newToken = mask[1];
if (2*(1-lsb0) + lsb1 ==0)
newToken = mask[2];
if (2*(1-lsb0) + 1-lsb1 ==0)
newToken = mask[3];
block newToken2 = xorBlocks(garblingContext.R, newToken);
if (garbledGate->type == ANDGATE) {
if (lsb1 ==1 & lsb0 ==1) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == ORGATE) {
if (!(lsb1 ==0 & lsb0 ==0)) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == XORGATE) {
if ((lsb1 ==0 & lsb0 ==1) ||(lsb1 ==1 & lsb0 ==0) ) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == NOTGATE) {
if (lsb0 ==0) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
block *label0 = &garbledCircuit->wires[garbledGate->output].label0;
block *label1 = &garbledCircuit->wires[garbledGate->output].label1;
if (garbledGate->type == ANDGATE) {
blocks[0] = *label0;
blocks[1] = *label0;
blocks[2] = *label0;
blocks[3] = *label1;
goto write;
}
if (garbledGate->type == ORGATE) {
blocks[0] = *label0;
blocks[1] = *label1;
blocks[2] = *label1;
blocks[3] = *label1;
goto write;
}
if (garbledGate->type == XORGATE) {
blocks[0] = *label0;
blocks[1] = *label1;
blocks[2] = *label1;
blocks[3] = *label0;
goto write;
}
if (garbledGate->type == NOTGATE) {
blocks[0] = *label1;
blocks[1] = *label0;
blocks[2] = *label1;
blocks[3] = *label0;
goto write;
}
write:
if (2*lsb0 + lsb1 !=0)
garbledTable[tableIndex].table[2*lsb0 + lsb1 -1] = xorBlocks(blocks[0], mask[0]);
if (2*lsb0 + 1-lsb1 !=0)
garbledTable[tableIndex].table[2*lsb0 + 1-lsb1-1] = xorBlocks(blocks[1], mask[1]);
if (2*(1-lsb0) + lsb1 !=0)
garbledTable[tableIndex].table[2*(1-lsb0) + lsb1-1] = xorBlocks(blocks[2], mask[2]);
if (2*(1-lsb0) + (1-lsb1) !=0)
garbledTable[tableIndex].table[2*(1-lsb0) + (1-lsb1)-1] = xorBlocks(blocks[3], mask[3]);
tableIndex++;
}
for(i=0;i<garbledCircuit->m;i++) {
outputMap[2*i] = garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2*i+1] = garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels, OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const __m128i *sched = ((__m128i *)(dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText,*cipherText;
block tweak;
long a, b, i, j,rnds = 10;
block blocks[4];
block keys[4];
long lsb0,lsb1;
block keyToEncrypt;
int input0, input1,output;
srand_sse( time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for(i=0;i<2*garbledCircuit->n;i+=2) {
garbledCircuit->wires[i/2].id = i+1;
garbledCircuit->wires[i/2].label0 = inputLabels[i];
garbledCircuit->wires[i/2].label1 = inputLabels[i+1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
block rkey = randomBlock();
AES_KEY KR;
AES_set_encrypt_key(&rkey, 128, &KR);
const __m128i *sched2 = ((__m128i *)(KR.rd_key));
garblingContext.R = xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for(i=0; i< garbledCircuit->q;i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0; input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
char templ[20];
char templ2[20];
block val = _mm_xor_si128 (tweak, sched[0]);
for (j=1; j<rnds; j++) val = _mm_aesenc_si128 (val,sched2[j]);
*((block*)templ) = _mm_aesenclast_si128 (val, sched[j]);
val = _mm_aesenclast_si128 (val, sched[j]);
*((block *)templ2) = xorBlocks(*((block *)templ), garblingContext.R);
TRUNCATE(templ);
TRUNCATE(templ2);
block *label0 = (block *)templ;
block *label1 = (block *)templ2;
garbledCircuit->wires[garbledGate->output].label0 = *((block*)templ);
garbledCircuit->wires[garbledGate->output].label1 = *((block*)templ2);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(A0, B0);
keys[0] = xorBlocks(keys[0], tweak);
keys[1] = xorBlocks(A0,B1);
keys[1] = xorBlocks(keys[1], tweak);
keys[2] = xorBlocks(A1, B0);
keys[2] = xorBlocks(keys[2], tweak);
keys[3] = xorBlocks(A1, B1);
keys[3] = xorBlocks(keys[3], tweak);
if (garbledGate->type == ANDGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label0);
blocks[2] = xorBlocks(keys[2], *label0);
blocks[3] = xorBlocks(keys[3], *label1);
goto write;
}
if (garbledGate->type == ORGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label1);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label1);
goto write;
}
if (garbledGate->type == XORGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label1);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label0);
goto write;
}
if (garbledGate->type == NOTGATE) {
blocks[0] = xorBlocks(keys[0], *label1);
blocks[1] = xorBlocks(keys[1], *label0);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label0);
goto write;
}
write:
AES_ecb_encrypt_blks(keys, 4, &(garblingContext.dkCipherContext.K));
char toWrite[4][16];
char **dest[4];
*((block *) toWrite[0]) = xorBlocks(blocks[0], keys[0]);
*((block *) toWrite[1]) = xorBlocks(blocks[1], keys[1]);
*((block *) toWrite[2]) = xorBlocks(blocks[2], keys[2]);
*((block *) toWrite[3]) = xorBlocks(blocks[3], keys[3]);
short *cpsrc; short *cpdst;
cpsrc = (short *)toWrite[0];
cpdst = (short *)&garbledTable[tableIndex].table[2*lsb0 + lsb1];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[1];
cpdst = (short *)&garbledTable[tableIndex].table[2*(lsb0) + (1-lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[2];
cpdst = (short *)&garbledTable[tableIndex].table[2*(1-lsb0) + (lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[3];
cpdst = (short *)&garbledTable[tableIndex].table[2*(1-lsb0) + (1-lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
tableIndex++;
}
for(i=0;i<garbledCircuit->m;i++) {
outputMap[2*i] = garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2*i+1] = garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
