int genericGate(GarbledCircuit *garbledCircuit, GarblingContext *garblingContext, int input0, int input1, int output, int *vals, int type) {
createNewWire(&(garbledCircuit->wires[output]), garblingContext, output);
GarbledGate *garbledGate = &(garbledCircuit->garbledGates[garblingContext->gateIndex]);
GarbledTable *garbledTable = &(garbledCircuit->garbledTable[garblingContext->tableIndex]);
garbledGate->id = garblingContext->gateIndex;
garbledGate->type = type;
garbledGate->input0 = input0;
garbledGate->input1 = input1;
garbledGate->output = output;
block blocks[4];
block keys[4];
long lsb0 = getLSB(garbledCircuit->wires[input0].label0);
long lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block tweak;
block keyToEncrypt;
tweak = makeBlock(garblingContext->gateIndex, (long)0);
garblingContext->gateIndex++;
garblingContext->tableIndex++;
return garbledGate->id;
}
void load_bg(Block world[][WORLD_SIZE], std::string world_name, sf::Texture* worldtextures){
std::ifstream tilefile(resourcePath() + world_name);
for (int x = 0; x < WORLD_SIZE; x++)
{
for (int y = 0; y < WORLD_SIZE; y++){
std::string str;
tilefile >> str;
int n[2] = {x, y};
world[x][y] = makeBlock(str, n, worldtextures);
}
}
}
int
genericGate(GarbledCircuit *garbledCircuit, GarblingContext *garblingContext,
int input0, int input1, int output, int *vals, int type)
{
createNewWire(&(garbledCircuit->wires[output]), garblingContext, output);
GarbledGate *garbledGate = &(garbledCircuit->garbledGates[garblingContext->gateIndex]);
garbledGate->id = garblingContext->gateIndex;
garbledGate->type = type;
garbledGate->input0 = input0;
garbledGate->input1 = input1;
garbledGate->output = output;
block tweak;
tweak = makeBlock(garblingContext->gateIndex, (long)0);
garblingContext->gateIndex++;
garblingContext->tableIndex++;
return garbledGate->id;
}
/* dfs:
*
* Current scheme adds articulation point to first non-trivial child
* block. If none exists, it will be added to its parent's block, if
* non-trivial, or else given its own block.
*
* FIX:
* This should be modified to:
* - allow user to specify which block gets a node, perhaps on per-node basis.
* - if an articulation point is not used in one of its non-trivial blocks,
* dummy edges should be added to preserve biconnectivity
* - turn on user-supplied blocks.
*
*/
static void dfs(Agraph_t * g, Agnode_t * n, circ_state * state, int isRoot)
{
Agedge_t *e;
Agnode_t *curtop;
LOWVAL(n) = VAL(n) = state->orderCount++;
stackPush(state->bcstack, n);
for (e = agfstedge(g, n); e; e = agnxtedge(g, e, n)) {
Agnode_t *neighbor = e->head;
if (neighbor == n)
neighbor = e->tail;
if (neighbor == PARENT(n))
continue;
if (VAL(neighbor)) {
LOWVAL(n) = min_value(LOWVAL(n), VAL(neighbor));
continue;
}
if (!stackCheck(state->bcstack, n)) {
stackPush(state->bcstack, n);
}
PARENT(neighbor) = n;
curtop = top(state->bcstack);
dfs(g, neighbor, state, 0);
LOWVAL(n) = min_value(LOWVAL(n), LOWVAL(neighbor));
if (LOWVAL(neighbor) >= VAL(n)) {
block_t *block = NULL;
Agnode_t *np;
if (top(state->bcstack) != curtop)
do {
np = stackPop(state->bcstack);
if (!BCDONE(np)) {
if (!block)
block = makeBlock(g, state);
addNode(block, np);
}
} while (np != n);
if (block) { /* If block != NULL, it's not empty */
if (isRoot && (BLOCK(n) == block))
insertBlock(&state->bl, block);
else
appendBlock(&state->bl, block);
}
if ((LOWVAL(n) < VAL(n)) && (!stackCheck(state->bcstack, n))) {
stackPush(state->bcstack, n);
}
}
}
if ((LOWVAL(n) == VAL(n)) && !BCDONE(n)) {
block_t *block = makeBlock(g, state);
stackPop(state->bcstack);
addNode(block, n);
if (isRoot)
insertBlock(&state->bl, block);
else
appendBlock(&state->bl, block);
}
}
/***********************************************************************
* make topology from JSON string - implementation
**********************************************************************/
std::shared_ptr<Pothos::Topology> Pothos::Topology::make(const std::string &json)
{
//parse the json string/file to a JSON object
const auto topObj = parseJSONStr(json);
//create the proxy environment (local) and the registry
auto env = Pothos::ProxyEnvironment::make("managed");
auto registry = env->findProxy("Pothos/BlockRegistry");
auto evaluator = env->findProxy("Pothos/Util/EvalEnvironment").callProxy("make");
//create thread pools
std::map<std::string, Pothos::Proxy> threadPools;
Poco::JSON::Object::Ptr threadPoolObj;
if (topObj->isObject("threadPools")) threadPoolObj = topObj->getObject("threadPools");
std::vector<std::string> threadPoolNames;
if (threadPoolObj) threadPoolObj->getNames(threadPoolNames);
for (const auto &name : threadPoolNames)
{
std::stringstream ss;
threadPoolObj->getObject(name)->stringify(ss);
Pothos::ThreadPoolArgs args(ss.str());
threadPools[name] = env->findProxy("Pothos/ThreadPool").callProxy("new", args);
}
//create the topology and add it to the blocks
//the IDs 'self', 'this', and '' can be used
std::map<std::string, Pothos::Proxy> blocks;
auto topology = Pothos::Topology::make();
blocks["self"] = env->makeProxy(topology);
blocks["this"] = env->makeProxy(topology);
blocks[""] = env->makeProxy(topology);
//create the blocks
Poco::JSON::Array::Ptr blockArray;
if (topObj->isArray("blocks")) blockArray = topObj->getArray("blocks");
if (blockArray) for (size_t i = 0; i < blockArray->size(); i++)
{
if (not blockArray->isObject(i)) throw Pothos::DataFormatException(
"Pothos::Topology::make()", "blocks["+std::to_string(i)+"] must be an object");
const auto &blockObj = blockArray->getObject(i);
if (not blockObj->has("id")) throw Pothos::DataFormatException(
"Pothos::Topology::make()", "blocks["+std::to_string(i)+"] missing 'id' field");
const auto id = blockObj->getValue<std::string>("id");
blocks[id] = makeBlock(registry, evaluator, blockObj);
//set the thread pool
const auto threadPoolName = blockObj->optValue<std::string>("threadPool", "default");
auto threadPoolIt = threadPools.find(threadPoolName);
if (threadPoolIt != threadPools.end()) blocks[id].callVoid("setThreadPool", threadPoolIt->second);
else if (threadPoolName != "default") throw Pothos::DataFormatException(
"Pothos::Topology::make()", "blocks["+id+"] unknown threadPool = " + threadPoolName);
}
//create the topology and connect the blocks
Poco::JSON::Array::Ptr connArray;
if (topObj->isArray("connections")) connArray = topObj->getArray("connections");
if (connArray) for (size_t i = 0; i < connArray->size(); i++)
{
if (not connArray->isArray(i)) throw Pothos::DataFormatException(
"Pothos::Topology::make()", "connections["+std::to_string(i)+"] must be an array");
const auto &connArgs = connArray->getArray(i);
if (connArgs->size() != 4) throw Pothos::DataFormatException(
"Pothos::Topology::make()", "connections["+std::to_string(i)+"] must be size 4");
//extract connection arg fields
const auto srcId = connArgs->getElement<std::string>(0);
const auto srcPort = connArgs->get(1).toString();
const auto dstId = connArgs->getElement<std::string>(2);
const auto dstPort = connArgs->get(3).toString();
//check that the block IDs exist
if (blocks.count(srcId) == 0) throw Pothos::DataFormatException(
"Pothos::Topology::make()", "connections["+std::to_string(i)+"] no such ID: " + srcId);
if (blocks.count(dstId) == 0) throw Pothos::DataFormatException(
"Pothos::Topology::make()", "connections["+std::to_string(i)+"] no such ID: " + dstId);
//make the connection
topology->connect(blocks.at(srcId), srcPort, blocks.at(dstId), dstPort);
}
return topology;
}
Vlabel Vunit::makeScratchBlock() {
return makeBlock(AreaIndex::Main);
}
int main(int argc, char* argv[]) {
//----------------------
#ifndef DEBUG
srand(time(NULL));
srand_sse(time(NULL));
#else
srand(1);
srand_sse(1111);
#endif
if (argc < 3) {
printf("Usage: %s <scd file name> <port> \n", argv[0]);
return -1;
}
int port = atoi(argv[2]);
int connfd = server_init(port);
if (connfd == -1) {
printf("Something's wrong with the socket!\n");
return -1;
}
#define GARBLING
#ifndef GARBLING
server_close(connfd);
return 0;
#else
//----------------------------------------- Garbling
GarbledCircuit garbledCircuit;
long i, j, cid;
readCircuitFromFile(&garbledCircuit, argv[1]);
printf("garbledCircuit.I[0] = %d\n", garbledCircuit.I[0]);
int n = garbledCircuit.n;
int g = garbledCircuit.g;
int p = garbledCircuit.p;
int m = garbledCircuit.m;
int c = garbledCircuit.c;
int e = n - g;
int *garbler_inputs = (int *) malloc(sizeof(int) * (g) * c);
block *inputLabels = (block *) malloc(sizeof(block) * 2 * n * c);
block *initialDFFLable = (block *) malloc(sizeof(block) * 2 * p);
block *outputLabels = (block *) malloc(sizeof(block) * 2 * m * c);
printf("\n\ninputs:\n");
for (cid = 0; cid < c; cid++) {
for (j = 0; j < g; j++) {
garbler_inputs[cid * g + j] = rand() % 2;
printf("%d ", garbler_inputs[cid * g + j]);
}
}
printf("\n\n");
#ifndef DEBUG
block R = randomBlock();
*((short *) (&R)) |= 1;
#else
block R = makeBlock((long )(-1), (long )(-1));
#endif
uint8_t * rptr = (uint8_t*) &R;
for (int i = 0; i < 16; i++)
rptr[i] = 0xff;
// *((short *) (&R)) |= 1;
rptr[0] |= 1;
createInputLabels(inputLabels, R, n * c);
createInputLabels(initialDFFLable, R, p);
///--------------------------------------------------------------- OT Extension
//Parameters
int numOTs = c * e;
int bitlength = 128;
m_nSecParam = 128;
m_nNumOTThreads = 1;
BYTE version;
crypto *crypt = new crypto(m_nSecParam, (uint8_t*) m_vSeed);
InitOTSender(connfd, crypt);
CBitVector delta, X1, X2;
delta.Create(numOTs, bitlength, crypt);
m_fMaskFct = new XORMasking(bitlength, delta);
for (int i=0;i<numOTs;i++)
delta.SetBytes(rptr, i*16, 16);
printf("Delta: ");
for (int i = 0; i < 16; i++) {
printf("%02x", delta.GetByte(i));
}
printf("\n");
printf("R: ");
print__m128i(R);
printf("\n");
X1.Create(numOTs, bitlength);
X1.Reset();
X2.Create(numOTs, bitlength);
X2.Reset();
uint8_t* b = new BYTE[16];
BYTE* b2 = new BYTE[16];
cout << "Sender performing " << numOTs << " C_OT extensions on "
<< bitlength << " bit elements" << endl;
version = C_OT;
ObliviouslySend(X1, X2, numOTs, bitlength, version, crypt);
//putting X1 & X2 into inputLabels
printf("printing inputLabels after copy from X1 and X2:\n\n");
uint8_t* inputLabelsptr;
for (cid = 0; cid < c; cid++) {
for (j = 0; j < e; j++) {
inputLabelsptr = (uint8_t*) &inputLabels[2 * (cid * n + g + j)];
X1.GetBytes(inputLabelsptr, 16*(cid * e + j), 16);
print__m128i(inputLabels[2 * (cid * n + g + j)]);
inputLabelsptr = (uint8_t*) &inputLabels[2 * (cid * n + g + j) + 1];
X2.GetBytes(inputLabelsptr, 16*(cid * e + j), 16);
print__m128i(inputLabels[2 * (cid * n + g + j) + 1]);
}
}
//print
printf("Printing X1:\n");
for (int j = 0; j < numOTs; j++) {
for (int i = 0; i < 16; i++) {
b[i] = X1.GetByte(i + j * 16);
printf("%02x", b[i]);
}
printf("\n");
}
printf("\n\n");
printf("Printing X2:\n");
for (int j = 0; j < numOTs; j++) {
for (int i = 0; i < 16; i++) {
b[i] = X2.GetByte(i + j * 16);
printf("%02x", b[i]);
}
printf("\n");
}
printf("\n\n");
printf("Printing delta:\t");
for (int i = 0; i < 16; i++) {
b[i] = delta.GetByte(i);
printf("%02x", b[i]);
}
printf("\n");
//----------------------------------------------------end of OT Extension
for (cid = 0; cid < c; cid++) {
for (j = 0; j < g; j++) {
if (garbler_inputs[cid * g + j] == 0)
send_block(connfd, inputLabels[2 * (cid * n + j)]);
else
send_block(connfd, inputLabels[2 * (cid * n + j) + 1]);
printf("i(%ld, %ld, %d)\n", cid, j, garbler_inputs[cid * g + j]);
print__m128i(inputLabels[2 * (cid * n + j)]);
print__m128i(inputLabels[2 * (cid * n + j) + 1]);
}
//------------------------------------------------------------------------------------------ CHANGE 1
for (j = 0; j < e; j++) {
// int ev_input;
// read(connfd, &ev_input, sizeof(int));
// if (!ev_input)
// send_block(connfd, inputLabels[2 * (cid * n + g + j)]);
// else
// send_block(connfd, inputLabels[2 * (cid * n + g + j) + 1]);
printf("evaluator : i(%ld, %ld, ?)\n", cid, j);
print__m128i(inputLabels[2 * (cid * n + g + j)]);
print__m128i(inputLabels[2 * (cid * n + g + j) + 1]);
}
printf("Compare to: ");
printf("\n");
//----------------------------------------------------------------------end
}
printf("\n\n");
for (j = 0; j < p; j++) //p:#DFF
{
printf("garbledCircuit.I[j] = %d\n", garbledCircuit.I[j]);
if (garbledCircuit.I[j] == CONST_ZERO) // constant zero
{
send_block(connfd, initialDFFLable[2 * j]);
printf("dffi(%ld, %ld, %d)\n", cid, j, 0);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
} else if (garbledCircuit.I[j] == CONST_ONE) // constant zero
{
send_block(connfd, initialDFFLable[2 * j + 1]);
printf("dffi(%ld, %ld, %d)\n", cid, j, 0);
print__m128i(inputLabels[2 * j]);
print__m128i(inputLabels[2 * j + 1]);
} else if (garbledCircuit.I[j] < g) //belongs to Alice (garbler)
{
int index = garbledCircuit.I[j];
if (garbler_inputs[index] == 0)
send_block(connfd, initialDFFLable[2 * j]);
else
send_block(connfd, initialDFFLable[2 * j + 1]);
printf("dffi(%ld, %ld, %d)\n", cid, j, garbler_inputs[index]);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
}
//------------------------------------------------------------------------------------------ CHANGE 2
else //**** belongs to Bob
{
// int ev_input;
// read(connfd, &ev_input, sizeof(int));
// if (!ev_input)
// send_block(connfd, initialDFFLable[2 * j]);
// else
// send_block(connfd, initialDFFLable[2 * j + 1]);
// printf("dffi(%ld, %ld, %d)\n", cid, j, ev_input);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
printf("\n");
}
//----------------------------------------------------------------------end
}
printf("\n\n");
///--------------------------------------------------------------- OT Extension
//Parameters
numOTs = p;
delta.Create(numOTs, bitlength, crypt);
m_fMaskFct = new XORMasking(bitlength, delta);
for (int i=0;i<numOTs;i++)
delta.SetBytes(rptr, i*16, 16);
printf("Delta: ");
for (int i = 0; i < 16; i++) {
printf("%02x", delta.GetByte(i));
}
printf("\n");
printf("R: ");
print__m128i(R);
printf("\n");
X1.Create(numOTs, bitlength);
X1.Reset();
X2.Create(numOTs, bitlength);
X2.Reset();
cout << "Sender performing " << numOTs << " C_OT extensions on "
<< bitlength << " bit elements" << endl;
version = C_OT;
ObliviouslySend(X1, X2, numOTs, bitlength, version, crypt);
//putting X1 & X2 into inputLabels
printf("printing inputLabels after copy from X1 and X2:\n\n");
for (j = 0; j < p; j++) {
inputLabelsptr = (uint8_t*) &initialDFFLable[2 * j];
X1.GetBytes(inputLabelsptr, 16*(j), 16);
inputLabelsptr = (uint8_t*) &initialDFFLable[2 * j +1];
X2.GetBytes(inputLabelsptr, 16*( j), 16);
}
delete crypt;
//----------------------------------------------------end of OT Extension
garbledCircuit.globalKey = randomBlock();
send_block(connfd, garbledCircuit.globalKey); // send DKC key
printf("R: ");
print__m128i(R);
printf("\n");
garble(&garbledCircuit, inputLabels, initialDFFLable, outputLabels, &R,
connfd);
printf("***************** InputLabels\n");
for (int i=0;i<n*c*2;i++)
print__m128i(inputLabels[i]);
for (cid = 0; cid < c; cid++) {
for (i = 0; i < m; i++) {
short outputType = getLSB(outputLabels[2 * (m * cid + i) + 0]);
send_type(connfd, outputType);
}
}
server_close(connfd);
removeGarbledCircuit(&garbledCircuit);
return 0;
#endif
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels,
OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const block *sched = ((block *) (dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText, *cipherText;
block tweak;
long i, j, rnds = 10;
block blocks[4];
block keys[4];
long lsb0, lsb1;
int input0, input1, output;
srand_sse(time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for (i = 0; i < 2 * garbledCircuit->n; i += 2) {
garbledCircuit->wires[i / 2].label0 = inputLabels[i];
garbledCircuit->wires[i / 2].label1 = inputLabels[i + 1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
block rkey = randomBlock();
AES_KEY KR;
AES_set_encrypt_key((unsigned char *) &rkey, 128, &KR);
const __m128i *sched2 = ((__m128i *) (KR.rd_key));
garblingContext.R =
xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for (i = 0; i < garbledCircuit->q; i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0;
input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 =
xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 =
xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block val = _mm_xor_si128(tweak, sched[0]);
for (j = 1; j < rnds; j++)
val = _mm_aesenc_si128(val, sched2[j]);
garbledCircuit->wires[garbledGate->output].label0 =
_mm_aesenclast_si128(val, sched[j]);
garbledCircuit->wires[garbledGate->output].label1 =
xorBlocks(garblingContext.R,
garbledCircuit->wires[garbledGate->output].label0);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(xorBlocks(A0, B0) , tweak);
keys[1] = xorBlocks(xorBlocks(A0,B1), tweak);
keys[2] = xorBlocks(xorBlocks(A1, B0), tweak);
keys[3] = xorBlocks(xorBlocks(A1, B1), tweak);
block *temp[2];
temp[0] = &garbledCircuit->wires[garbledGate->output].label0;
temp[1] = &garbledCircuit->wires[garbledGate->output].label1;
int bp = 0;
blocks[0] =
xorBlocks(keys[0], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[1] =
xorBlocks(keys[1], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[2] =
xorBlocks(keys[2], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[3] =
xorBlocks(keys[3], *(temp[(garbledGate->type & (1<<bp))>>bp]));
write:
AES_ecb_encrypt_blks_4(keys, &(garblingContext.dkCipherContext.K));
garbledTable[tableIndex].table[2 * lsb0 + lsb1] =
xorBlocks(blocks[0], keys[0]);
garbledTable[tableIndex].table[2 * lsb0 + 1 - lsb1] =
xorBlocks(blocks[1], keys[1]);
garbledTable[tableIndex].table[2 * (1 - lsb0) + lsb1] =
xorBlocks(blocks[2], keys[2]);
garbledTable[tableIndex].table[2 * (1 - lsb0) + (1 - lsb1)] =
xorBlocks(blocks[3], keys[3]);
tableIndex++;
}
for (i = 0; i < garbledCircuit->m; i++) {
outputMap[2 * i] =
garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2 * i + 1] =
garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels, OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const __m128i *sched = ((__m128i *)(dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText,*cipherText;
block tweak;
long a, b, i, j,rnds = 10;
block blocks[4];
block keys[4];
long lsb0,lsb1;
block keyToEncrypt;
int input0, input1, output;
srand_sse( time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for(i=0;i<2*garbledCircuit->n;i+=2) {
garbledCircuit->wires[i/2].id = i+1;
garbledCircuit->wires[i/2].label0 = inputLabels[i];
garbledCircuit->wires[i/2].label1 = inputLabels[i+1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
garblingContext.R = xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for(i=0; i< garbledCircuit->q;i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0; input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
input0 = garbledGate->input0; input1 = garbledGate->input1;
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(A0, B0);
keys[0] = xorBlocks(keys[0], tweak);
keys[1] = xorBlocks(A0,B1);
keys[1] = xorBlocks(keys[1], tweak);
keys[2] = xorBlocks(A1, B0);
keys[2] = xorBlocks(keys[2], tweak);
keys[3] = xorBlocks(A1, B1);
keys[3] = xorBlocks(keys[3], tweak);
block mask[4]; block newToken;
mask[0] = keys[0];
mask[1] = keys[1];
mask[2] = keys[2];
mask[3] = keys[3];
AES_ecb_encrypt_blks(keys, 4, &(garblingContext.dkCipherContext.K));
mask[0] = xorBlocks(mask[0], keys[0]);
mask[1] = xorBlocks(mask[1],keys[1]);
mask[2] = xorBlocks(mask[2],keys[2]);
mask[3] = xorBlocks(mask[3],keys[3]);
if (2*lsb0 + lsb1 ==0)
newToken = mask[0];
if (2*lsb0 + 1-lsb1 ==0)
newToken = mask[1];
if (2*(1-lsb0) + lsb1 ==0)
newToken = mask[2];
if (2*(1-lsb0) + 1-lsb1 ==0)
newToken = mask[3];
block newToken2 = xorBlocks(garblingContext.R, newToken);
if (garbledGate->type == ANDGATE) {
if (lsb1 ==1 & lsb0 ==1) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == ORGATE) {
if (!(lsb1 ==0 & lsb0 ==0)) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == XORGATE) {
if ((lsb1 ==0 & lsb0 ==1) ||(lsb1 ==1 & lsb0 ==0) ) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == NOTGATE) {
if (lsb0 ==0) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
block *label0 = &garbledCircuit->wires[garbledGate->output].label0;
block *label1 = &garbledCircuit->wires[garbledGate->output].label1;
if (garbledGate->type == ANDGATE) {
blocks[0] = *label0;
blocks[1] = *label0;
blocks[2] = *label0;
blocks[3] = *label1;
goto write;
}
if (garbledGate->type == ORGATE) {
blocks[0] = *label0;
blocks[1] = *label1;
blocks[2] = *label1;
blocks[3] = *label1;
goto write;
}
if (garbledGate->type == XORGATE) {
blocks[0] = *label0;
blocks[1] = *label1;
blocks[2] = *label1;
blocks[3] = *label0;
goto write;
}
if (garbledGate->type == NOTGATE) {
blocks[0] = *label1;
blocks[1] = *label0;
blocks[2] = *label1;
blocks[3] = *label0;
goto write;
}
write:
if (2*lsb0 + lsb1 !=0)
garbledTable[tableIndex].table[2*lsb0 + lsb1 -1] = xorBlocks(blocks[0], mask[0]);
if (2*lsb0 + 1-lsb1 !=0)
garbledTable[tableIndex].table[2*lsb0 + 1-lsb1-1] = xorBlocks(blocks[1], mask[1]);
if (2*(1-lsb0) + lsb1 !=0)
garbledTable[tableIndex].table[2*(1-lsb0) + lsb1-1] = xorBlocks(blocks[2], mask[2]);
if (2*(1-lsb0) + (1-lsb1) !=0)
garbledTable[tableIndex].table[2*(1-lsb0) + (1-lsb1)-1] = xorBlocks(blocks[3], mask[3]);
tableIndex++;
}
for(i=0;i<garbledCircuit->m;i++) {
outputMap[2*i] = garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2*i+1] = garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels, OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const __m128i *sched = ((__m128i *)(dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText,*cipherText;
block tweak;
long a, b, i, j,rnds = 10;
block blocks[4];
block keys[4];
long lsb0,lsb1;
block keyToEncrypt;
int input0, input1,output;
srand_sse( time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for(i=0;i<2*garbledCircuit->n;i+=2) {
garbledCircuit->wires[i/2].id = i+1;
garbledCircuit->wires[i/2].label0 = inputLabels[i];
garbledCircuit->wires[i/2].label1 = inputLabels[i+1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
block rkey = randomBlock();
AES_KEY KR;
AES_set_encrypt_key(&rkey, 128, &KR);
const __m128i *sched2 = ((__m128i *)(KR.rd_key));
garblingContext.R = xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for(i=0; i< garbledCircuit->q;i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0; input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
char templ[20];
char templ2[20];
block val = _mm_xor_si128 (tweak, sched[0]);
for (j=1; j<rnds; j++) val = _mm_aesenc_si128 (val,sched2[j]);
*((block*)templ) = _mm_aesenclast_si128 (val, sched[j]);
val = _mm_aesenclast_si128 (val, sched[j]);
*((block *)templ2) = xorBlocks(*((block *)templ), garblingContext.R);
TRUNCATE(templ);
TRUNCATE(templ2);
block *label0 = (block *)templ;
block *label1 = (block *)templ2;
garbledCircuit->wires[garbledGate->output].label0 = *((block*)templ);
garbledCircuit->wires[garbledGate->output].label1 = *((block*)templ2);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(A0, B0);
keys[0] = xorBlocks(keys[0], tweak);
keys[1] = xorBlocks(A0,B1);
keys[1] = xorBlocks(keys[1], tweak);
keys[2] = xorBlocks(A1, B0);
keys[2] = xorBlocks(keys[2], tweak);
keys[3] = xorBlocks(A1, B1);
keys[3] = xorBlocks(keys[3], tweak);
if (garbledGate->type == ANDGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label0);
blocks[2] = xorBlocks(keys[2], *label0);
blocks[3] = xorBlocks(keys[3], *label1);
goto write;
}
if (garbledGate->type == ORGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label1);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label1);
goto write;
}
if (garbledGate->type == XORGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label1);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label0);
goto write;
}
if (garbledGate->type == NOTGATE) {
blocks[0] = xorBlocks(keys[0], *label1);
blocks[1] = xorBlocks(keys[1], *label0);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label0);
goto write;
}
write:
AES_ecb_encrypt_blks(keys, 4, &(garblingContext.dkCipherContext.K));
char toWrite[4][16];
char **dest[4];
*((block *) toWrite[0]) = xorBlocks(blocks[0], keys[0]);
*((block *) toWrite[1]) = xorBlocks(blocks[1], keys[1]);
*((block *) toWrite[2]) = xorBlocks(blocks[2], keys[2]);
*((block *) toWrite[3]) = xorBlocks(blocks[3], keys[3]);
short *cpsrc; short *cpdst;
cpsrc = (short *)toWrite[0];
cpdst = (short *)&garbledTable[tableIndex].table[2*lsb0 + lsb1];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[1];
cpdst = (short *)&garbledTable[tableIndex].table[2*(lsb0) + (1-lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[2];
cpdst = (short *)&garbledTable[tableIndex].table[2*(1-lsb0) + (lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[3];
cpdst = (short *)&garbledTable[tableIndex].table[2*(1-lsb0) + (1-lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
tableIndex++;
}
for(i=0;i<garbledCircuit->m;i++) {
outputMap[2*i] = garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2*i+1] = garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
CBlockMgr::CBlockMgr(void)
{
makeBlock();
}