const uint16_t* CLAVPixFmtConverter::GetRandomDitherCoeffs(int height, int coeffs, int bits, int line)
{
if (m_pSettings->GetDitherMode() != LAVDither_Random)
return nullptr;
int totalWidth = 8 * coeffs;
if (!m_pRandomDithers || totalWidth > m_ditherWidth || height > m_ditherHeight || bits != m_ditherBits) {
if (m_pRandomDithers)
_aligned_free(m_pRandomDithers);
m_pRandomDithers = nullptr;
m_ditherWidth = totalWidth;
m_ditherHeight = height;
m_ditherBits = bits;
m_pRandomDithers = (uint16_t *)_aligned_malloc(m_ditherWidth * m_ditherHeight * 2, 16);
#ifdef DEBUG
LARGE_INTEGER frequency, start, end;
QueryPerformanceFrequency(&frequency);
QueryPerformanceCounter(&start);
DbgLog((LOG_TRACE, 10, L"Creating dither matrix"));
#endif
// Seed random number generator
time_t seed = time(nullptr);
seed >>= 1;
srand_sse((unsigned int)seed);
bits = (1 << bits);
for (int i = 0; i < m_ditherHeight; i++) {
uint16_t *ditherline = m_pRandomDithers + (m_ditherWidth * i);
for (int j = 0; j < m_ditherWidth; j += 4) {
int rnds[4];
rand_sse(rnds);
ditherline[j+0] = rnds[0] % bits;
ditherline[j+1] = rnds[1] % bits;
ditherline[j+2] = rnds[2] % bits;
ditherline[j+3] = rnds[3] % bits;
}
}
#ifdef DEBUG
QueryPerformanceCounter(&end);
double diff = (end.QuadPart - start.QuadPart) * 1000.0 / frequency.QuadPart;
DbgLog((LOG_TRACE, 10, L"Finished creating dither matrix (took %2.3fms)", diff));
#endif
}
if (line < 0 || line >= m_ditherHeight)
line = rand() % m_ditherHeight;
return &m_pRandomDithers[line * m_ditherWidth];
}
int main(int argc, char* argv[]) {
//----------------------
#ifndef DEBUG
srand(time(NULL));
srand_sse(time(NULL));
#else
srand(1);
srand_sse(1111);
#endif
if (argc < 3) {
printf("Usage: %s <scd file name> <port> \n", argv[0]);
return -1;
}
int port = atoi(argv[2]);
int connfd = server_init(port);
if (connfd == -1) {
printf("Something's wrong with the socket!\n");
return -1;
}
#define GARBLING
#ifndef GARBLING
server_close(connfd);
return 0;
#else
//----------------------------------------- Garbling
GarbledCircuit garbledCircuit;
long i, j, cid;
readCircuitFromFile(&garbledCircuit, argv[1]);
printf("garbledCircuit.I[0] = %d\n", garbledCircuit.I[0]);
int n = garbledCircuit.n;
int g = garbledCircuit.g;
int p = garbledCircuit.p;
int m = garbledCircuit.m;
int c = garbledCircuit.c;
int e = n - g;
int *garbler_inputs = (int *) malloc(sizeof(int) * (g) * c);
block *inputLabels = (block *) malloc(sizeof(block) * 2 * n * c);
block *initialDFFLable = (block *) malloc(sizeof(block) * 2 * p);
block *outputLabels = (block *) malloc(sizeof(block) * 2 * m * c);
printf("\n\ninputs:\n");
for (cid = 0; cid < c; cid++) {
for (j = 0; j < g; j++) {
garbler_inputs[cid * g + j] = rand() % 2;
printf("%d ", garbler_inputs[cid * g + j]);
}
}
printf("\n\n");
#ifndef DEBUG
block R = randomBlock();
*((short *) (&R)) |= 1;
#else
block R = makeBlock((long )(-1), (long )(-1));
#endif
uint8_t * rptr = (uint8_t*) &R;
for (int i = 0; i < 16; i++)
rptr[i] = 0xff;
// *((short *) (&R)) |= 1;
rptr[0] |= 1;
createInputLabels(inputLabels, R, n * c);
createInputLabels(initialDFFLable, R, p);
///--------------------------------------------------------------- OT Extension
//Parameters
int numOTs = c * e;
int bitlength = 128;
m_nSecParam = 128;
m_nNumOTThreads = 1;
BYTE version;
crypto *crypt = new crypto(m_nSecParam, (uint8_t*) m_vSeed);
InitOTSender(connfd, crypt);
CBitVector delta, X1, X2;
delta.Create(numOTs, bitlength, crypt);
m_fMaskFct = new XORMasking(bitlength, delta);
for (int i=0;i<numOTs;i++)
delta.SetBytes(rptr, i*16, 16);
printf("Delta: ");
for (int i = 0; i < 16; i++) {
printf("%02x", delta.GetByte(i));
}
printf("\n");
printf("R: ");
print__m128i(R);
printf("\n");
X1.Create(numOTs, bitlength);
X1.Reset();
X2.Create(numOTs, bitlength);
X2.Reset();
uint8_t* b = new BYTE[16];
BYTE* b2 = new BYTE[16];
cout << "Sender performing " << numOTs << " C_OT extensions on "
<< bitlength << " bit elements" << endl;
version = C_OT;
ObliviouslySend(X1, X2, numOTs, bitlength, version, crypt);
//putting X1 & X2 into inputLabels
printf("printing inputLabels after copy from X1 and X2:\n\n");
uint8_t* inputLabelsptr;
for (cid = 0; cid < c; cid++) {
for (j = 0; j < e; j++) {
inputLabelsptr = (uint8_t*) &inputLabels[2 * (cid * n + g + j)];
X1.GetBytes(inputLabelsptr, 16*(cid * e + j), 16);
print__m128i(inputLabels[2 * (cid * n + g + j)]);
inputLabelsptr = (uint8_t*) &inputLabels[2 * (cid * n + g + j) + 1];
X2.GetBytes(inputLabelsptr, 16*(cid * e + j), 16);
print__m128i(inputLabels[2 * (cid * n + g + j) + 1]);
}
}
//print
printf("Printing X1:\n");
for (int j = 0; j < numOTs; j++) {
for (int i = 0; i < 16; i++) {
b[i] = X1.GetByte(i + j * 16);
printf("%02x", b[i]);
}
printf("\n");
}
printf("\n\n");
printf("Printing X2:\n");
for (int j = 0; j < numOTs; j++) {
for (int i = 0; i < 16; i++) {
b[i] = X2.GetByte(i + j * 16);
printf("%02x", b[i]);
}
printf("\n");
}
printf("\n\n");
printf("Printing delta:\t");
for (int i = 0; i < 16; i++) {
b[i] = delta.GetByte(i);
printf("%02x", b[i]);
}
printf("\n");
//----------------------------------------------------end of OT Extension
for (cid = 0; cid < c; cid++) {
for (j = 0; j < g; j++) {
if (garbler_inputs[cid * g + j] == 0)
send_block(connfd, inputLabels[2 * (cid * n + j)]);
else
send_block(connfd, inputLabels[2 * (cid * n + j) + 1]);
printf("i(%ld, %ld, %d)\n", cid, j, garbler_inputs[cid * g + j]);
print__m128i(inputLabels[2 * (cid * n + j)]);
print__m128i(inputLabels[2 * (cid * n + j) + 1]);
}
//------------------------------------------------------------------------------------------ CHANGE 1
for (j = 0; j < e; j++) {
// int ev_input;
// read(connfd, &ev_input, sizeof(int));
// if (!ev_input)
// send_block(connfd, inputLabels[2 * (cid * n + g + j)]);
// else
// send_block(connfd, inputLabels[2 * (cid * n + g + j) + 1]);
printf("evaluator : i(%ld, %ld, ?)\n", cid, j);
print__m128i(inputLabels[2 * (cid * n + g + j)]);
print__m128i(inputLabels[2 * (cid * n + g + j) + 1]);
}
printf("Compare to: ");
printf("\n");
//----------------------------------------------------------------------end
}
printf("\n\n");
for (j = 0; j < p; j++) //p:#DFF
{
printf("garbledCircuit.I[j] = %d\n", garbledCircuit.I[j]);
if (garbledCircuit.I[j] == CONST_ZERO) // constant zero
{
send_block(connfd, initialDFFLable[2 * j]);
printf("dffi(%ld, %ld, %d)\n", cid, j, 0);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
} else if (garbledCircuit.I[j] == CONST_ONE) // constant zero
{
send_block(connfd, initialDFFLable[2 * j + 1]);
printf("dffi(%ld, %ld, %d)\n", cid, j, 0);
print__m128i(inputLabels[2 * j]);
print__m128i(inputLabels[2 * j + 1]);
} else if (garbledCircuit.I[j] < g) //belongs to Alice (garbler)
{
int index = garbledCircuit.I[j];
if (garbler_inputs[index] == 0)
send_block(connfd, initialDFFLable[2 * j]);
else
send_block(connfd, initialDFFLable[2 * j + 1]);
printf("dffi(%ld, %ld, %d)\n", cid, j, garbler_inputs[index]);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
}
//------------------------------------------------------------------------------------------ CHANGE 2
else //**** belongs to Bob
{
// int ev_input;
// read(connfd, &ev_input, sizeof(int));
// if (!ev_input)
// send_block(connfd, initialDFFLable[2 * j]);
// else
// send_block(connfd, initialDFFLable[2 * j + 1]);
// printf("dffi(%ld, %ld, %d)\n", cid, j, ev_input);
print__m128i(initialDFFLable[2 * j]);
print__m128i(initialDFFLable[2 * j + 1]);
printf("\n");
}
//----------------------------------------------------------------------end
}
printf("\n\n");
///--------------------------------------------------------------- OT Extension
//Parameters
numOTs = p;
delta.Create(numOTs, bitlength, crypt);
m_fMaskFct = new XORMasking(bitlength, delta);
for (int i=0;i<numOTs;i++)
delta.SetBytes(rptr, i*16, 16);
printf("Delta: ");
for (int i = 0; i < 16; i++) {
printf("%02x", delta.GetByte(i));
}
printf("\n");
printf("R: ");
print__m128i(R);
printf("\n");
X1.Create(numOTs, bitlength);
X1.Reset();
X2.Create(numOTs, bitlength);
X2.Reset();
cout << "Sender performing " << numOTs << " C_OT extensions on "
<< bitlength << " bit elements" << endl;
version = C_OT;
ObliviouslySend(X1, X2, numOTs, bitlength, version, crypt);
//putting X1 & X2 into inputLabels
printf("printing inputLabels after copy from X1 and X2:\n\n");
for (j = 0; j < p; j++) {
inputLabelsptr = (uint8_t*) &initialDFFLable[2 * j];
X1.GetBytes(inputLabelsptr, 16*(j), 16);
inputLabelsptr = (uint8_t*) &initialDFFLable[2 * j +1];
X2.GetBytes(inputLabelsptr, 16*( j), 16);
}
delete crypt;
//----------------------------------------------------end of OT Extension
garbledCircuit.globalKey = randomBlock();
send_block(connfd, garbledCircuit.globalKey); // send DKC key
printf("R: ");
print__m128i(R);
printf("\n");
garble(&garbledCircuit, inputLabels, initialDFFLable, outputLabels, &R,
connfd);
printf("***************** InputLabels\n");
for (int i=0;i<n*c*2;i++)
print__m128i(inputLabels[i]);
for (cid = 0; cid < c; cid++) {
for (i = 0; i < m; i++) {
short outputType = getLSB(outputLabels[2 * (m * cid + i) + 0]);
send_type(connfd, outputType);
}
}
server_close(connfd);
removeGarbledCircuit(&garbledCircuit);
return 0;
#endif
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels, OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const __m128i *sched = ((__m128i *)(dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText,*cipherText;
block tweak;
long a, b, i, j,rnds = 10;
block blocks[4];
block keys[4];
long lsb0,lsb1;
block keyToEncrypt;
int input0, input1, output;
srand_sse( time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for(i=0;i<2*garbledCircuit->n;i+=2) {
garbledCircuit->wires[i/2].id = i+1;
garbledCircuit->wires[i/2].label0 = inputLabels[i];
garbledCircuit->wires[i/2].label1 = inputLabels[i+1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
garblingContext.R = xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for(i=0; i< garbledCircuit->q;i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0; input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
input0 = garbledGate->input0; input1 = garbledGate->input1;
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(A0, B0);
keys[0] = xorBlocks(keys[0], tweak);
keys[1] = xorBlocks(A0,B1);
keys[1] = xorBlocks(keys[1], tweak);
keys[2] = xorBlocks(A1, B0);
keys[2] = xorBlocks(keys[2], tweak);
keys[3] = xorBlocks(A1, B1);
keys[3] = xorBlocks(keys[3], tweak);
block mask[4]; block newToken;
mask[0] = keys[0];
mask[1] = keys[1];
mask[2] = keys[2];
mask[3] = keys[3];
AES_ecb_encrypt_blks(keys, 4, &(garblingContext.dkCipherContext.K));
mask[0] = xorBlocks(mask[0], keys[0]);
mask[1] = xorBlocks(mask[1],keys[1]);
mask[2] = xorBlocks(mask[2],keys[2]);
mask[3] = xorBlocks(mask[3],keys[3]);
if (2*lsb0 + lsb1 ==0)
newToken = mask[0];
if (2*lsb0 + 1-lsb1 ==0)
newToken = mask[1];
if (2*(1-lsb0) + lsb1 ==0)
newToken = mask[2];
if (2*(1-lsb0) + 1-lsb1 ==0)
newToken = mask[3];
block newToken2 = xorBlocks(garblingContext.R, newToken);
if (garbledGate->type == ANDGATE) {
if (lsb1 ==1 & lsb0 ==1) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == ORGATE) {
if (!(lsb1 ==0 & lsb0 ==0)) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == XORGATE) {
if ((lsb1 ==0 & lsb0 ==1) ||(lsb1 ==1 & lsb0 ==0) ) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == NOTGATE) {
if (lsb0 ==0) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
block *label0 = &garbledCircuit->wires[garbledGate->output].label0;
block *label1 = &garbledCircuit->wires[garbledGate->output].label1;
if (garbledGate->type == ANDGATE) {
blocks[0] = *label0;
blocks[1] = *label0;
blocks[2] = *label0;
blocks[3] = *label1;
goto write;
}
if (garbledGate->type == ORGATE) {
blocks[0] = *label0;
blocks[1] = *label1;
blocks[2] = *label1;
blocks[3] = *label1;
goto write;
}
if (garbledGate->type == XORGATE) {
blocks[0] = *label0;
blocks[1] = *label1;
blocks[2] = *label1;
blocks[3] = *label0;
goto write;
}
if (garbledGate->type == NOTGATE) {
blocks[0] = *label1;
blocks[1] = *label0;
blocks[2] = *label1;
blocks[3] = *label0;
goto write;
}
write:
if (2*lsb0 + lsb1 !=0)
garbledTable[tableIndex].table[2*lsb0 + lsb1 -1] = xorBlocks(blocks[0], mask[0]);
if (2*lsb0 + 1-lsb1 !=0)
garbledTable[tableIndex].table[2*lsb0 + 1-lsb1-1] = xorBlocks(blocks[1], mask[1]);
if (2*(1-lsb0) + lsb1 !=0)
garbledTable[tableIndex].table[2*(1-lsb0) + lsb1-1] = xorBlocks(blocks[2], mask[2]);
if (2*(1-lsb0) + (1-lsb1) !=0)
garbledTable[tableIndex].table[2*(1-lsb0) + (1-lsb1)-1] = xorBlocks(blocks[3], mask[3]);
tableIndex++;
}
for(i=0;i<garbledCircuit->m;i++) {
outputMap[2*i] = garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2*i+1] = garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels,
OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const block *sched = ((block *) (dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText, *cipherText;
block tweak;
long i, j, rnds = 10;
block blocks[4];
block keys[4];
long lsb0, lsb1;
int input0, input1, output;
srand_sse(time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for (i = 0; i < 2 * garbledCircuit->n; i += 2) {
garbledCircuit->wires[i / 2].label0 = inputLabels[i];
garbledCircuit->wires[i / 2].label1 = inputLabels[i + 1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
block rkey = randomBlock();
AES_KEY KR;
AES_set_encrypt_key((unsigned char *) &rkey, 128, &KR);
const __m128i *sched2 = ((__m128i *) (KR.rd_key));
garblingContext.R =
xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for (i = 0; i < garbledCircuit->q; i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0;
input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 =
xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 =
xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block val = _mm_xor_si128(tweak, sched[0]);
for (j = 1; j < rnds; j++)
val = _mm_aesenc_si128(val, sched2[j]);
garbledCircuit->wires[garbledGate->output].label0 =
_mm_aesenclast_si128(val, sched[j]);
garbledCircuit->wires[garbledGate->output].label1 =
xorBlocks(garblingContext.R,
garbledCircuit->wires[garbledGate->output].label0);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(xorBlocks(A0, B0) , tweak);
keys[1] = xorBlocks(xorBlocks(A0,B1), tweak);
keys[2] = xorBlocks(xorBlocks(A1, B0), tweak);
keys[3] = xorBlocks(xorBlocks(A1, B1), tweak);
block *temp[2];
temp[0] = &garbledCircuit->wires[garbledGate->output].label0;
temp[1] = &garbledCircuit->wires[garbledGate->output].label1;
int bp = 0;
blocks[0] =
xorBlocks(keys[0], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[1] =
xorBlocks(keys[1], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[2] =
xorBlocks(keys[2], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[3] =
xorBlocks(keys[3], *(temp[(garbledGate->type & (1<<bp))>>bp]));
write:
AES_ecb_encrypt_blks_4(keys, &(garblingContext.dkCipherContext.K));
garbledTable[tableIndex].table[2 * lsb0 + lsb1] =
xorBlocks(blocks[0], keys[0]);
garbledTable[tableIndex].table[2 * lsb0 + 1 - lsb1] =
xorBlocks(blocks[1], keys[1]);
garbledTable[tableIndex].table[2 * (1 - lsb0) + lsb1] =
xorBlocks(blocks[2], keys[2]);
garbledTable[tableIndex].table[2 * (1 - lsb0) + (1 - lsb1)] =
xorBlocks(blocks[3], keys[3]);
tableIndex++;
}
for (i = 0; i < garbledCircuit->m; i++) {
outputMap[2 * i] =
garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2 * i + 1] =
garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels, OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const __m128i *sched = ((__m128i *)(dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText,*cipherText;
block tweak;
long a, b, i, j,rnds = 10;
block blocks[4];
block keys[4];
long lsb0,lsb1;
block keyToEncrypt;
int input0, input1,output;
srand_sse( time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for(i=0;i<2*garbledCircuit->n;i+=2) {
garbledCircuit->wires[i/2].id = i+1;
garbledCircuit->wires[i/2].label0 = inputLabels[i];
garbledCircuit->wires[i/2].label1 = inputLabels[i+1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
block rkey = randomBlock();
AES_KEY KR;
AES_set_encrypt_key(&rkey, 128, &KR);
const __m128i *sched2 = ((__m128i *)(KR.rd_key));
garblingContext.R = xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for(i=0; i< garbledCircuit->q;i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0; input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
char templ[20];
char templ2[20];
block val = _mm_xor_si128 (tweak, sched[0]);
for (j=1; j<rnds; j++) val = _mm_aesenc_si128 (val,sched2[j]);
*((block*)templ) = _mm_aesenclast_si128 (val, sched[j]);
val = _mm_aesenclast_si128 (val, sched[j]);
*((block *)templ2) = xorBlocks(*((block *)templ), garblingContext.R);
TRUNCATE(templ);
TRUNCATE(templ2);
block *label0 = (block *)templ;
block *label1 = (block *)templ2;
garbledCircuit->wires[garbledGate->output].label0 = *((block*)templ);
garbledCircuit->wires[garbledGate->output].label1 = *((block*)templ2);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(A0, B0);
keys[0] = xorBlocks(keys[0], tweak);
keys[1] = xorBlocks(A0,B1);
keys[1] = xorBlocks(keys[1], tweak);
keys[2] = xorBlocks(A1, B0);
keys[2] = xorBlocks(keys[2], tweak);
keys[3] = xorBlocks(A1, B1);
keys[3] = xorBlocks(keys[3], tweak);
if (garbledGate->type == ANDGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label0);
blocks[2] = xorBlocks(keys[2], *label0);
blocks[3] = xorBlocks(keys[3], *label1);
goto write;
}
if (garbledGate->type == ORGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label1);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label1);
goto write;
}
if (garbledGate->type == XORGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label1);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label0);
goto write;
}
if (garbledGate->type == NOTGATE) {
blocks[0] = xorBlocks(keys[0], *label1);
blocks[1] = xorBlocks(keys[1], *label0);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label0);
goto write;
}
write:
AES_ecb_encrypt_blks(keys, 4, &(garblingContext.dkCipherContext.K));
char toWrite[4][16];
char **dest[4];
*((block *) toWrite[0]) = xorBlocks(blocks[0], keys[0]);
*((block *) toWrite[1]) = xorBlocks(blocks[1], keys[1]);
*((block *) toWrite[2]) = xorBlocks(blocks[2], keys[2]);
*((block *) toWrite[3]) = xorBlocks(blocks[3], keys[3]);
short *cpsrc; short *cpdst;
cpsrc = (short *)toWrite[0];
cpdst = (short *)&garbledTable[tableIndex].table[2*lsb0 + lsb1];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[1];
cpdst = (short *)&garbledTable[tableIndex].table[2*(lsb0) + (1-lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[2];
cpdst = (short *)&garbledTable[tableIndex].table[2*(1-lsb0) + (lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[3];
cpdst = (short *)&garbledTable[tableIndex].table[2*(1-lsb0) + (1-lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
tableIndex++;
}
for(i=0;i<garbledCircuit->m;i++) {
outputMap[2*i] = garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2*i+1] = garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}