SoftSpokenOT.

data61 · Aug 25, 2022 · 6a42453 · 6a42453
1 parent e08a6ad
commit 6a42453
Show file tree

Hide file tree

Showing 171 changed files with 2,179 additions and 1,023 deletions.
diff --git a/.gitignore b/.gitignore
@@ -119,3 +119,7 @@ _build/
 
 # environment
 .env
+
+# temp doc files
+doc/readme.md
+doc/xml
diff --git a/.gitmodules b/.gitmodules
@@ -1,12 +1,18 @@
 [submodule "SimpleOT"]
- path = SimpleOT
+ path = deps/SimpleOT
  url = https://github.com/mkskeller/SimpleOT
 [submodule "mpir"]
- path = mpir
+ path = deps/mpir
  url = https://github.com/wbhart/mpir
 [submodule "Programs/Circuits"]
  path = Programs/Circuits
  url = https://github.com/mkskeller/bristol-fashion
 [submodule "simde"]
- path = simde
+ path = deps/simde
  url = https://github.com/simd-everywhere/simde
+[submodule "deps/libOTe"]
+ path = deps/libOTe
+ url = https://github.com/mkskeller/softspoken-implementation
+[submodule "deps/SimplestOT_C"]
+ path = deps/SimplestOT_C
+ url = https://github.com/mkskeller/SimplestOT_C
diff --git a/BMR/Party.cpp b/BMR/Party.cpp
@@ -249,6 +249,7 @@ FakeProgramParty::FakeProgramParty(int argc, const char** argv) :
  }
  cout << "Compiler: " << prev << endl;
  P = new PlainPlayer(N, 0);
+ Share<gf2n_long>::MAC_Check::setup(*P);
  if (argc > 4)
  threshold = atoi(argv[4]);
  cout << "Threshold for multi-threaded evaluation: " << threshold << endl;
@@ -280,6 +281,7 @@ FakeProgramParty::~FakeProgramParty()
  cerr << "Dynamic storage: " << 1e-9 * dynamic_memory.capacity_in_bytes()
  << " GB" << endl;
 #endif
+ Share<gf2n_long>::MAC_Check::teardown();
 }
 
 void FakeProgramParty::_compute_prfs_outputs(Key* keys)

diff --git a/BMR/RealGarbleWire.h b/BMR/RealGarbleWire.h
@@ -48,8 +48,6 @@ class RealGarbleWire : public PRFRegister
  static void inputbvec(GC::Processor<GC::Secret<RealGarbleWire>>& processor,
  ProcessorBase& input_processor, const vector<int>& args);
 
- RealGarbleWire(const Register& reg) : PRFRegister(reg) {}
-
  void garble(PRFOutputs& prf_output, const RealGarbleWire<T>& left,
  const RealGarbleWire<T>& right);
 

diff --git a/BMR/RealGarbleWire.hpp b/BMR/RealGarbleWire.hpp
@@ -110,7 +110,7 @@ void RealGarbleWire<T>::inputbvec(
 {
  GarbleInputter<T> inputter;
  processor.inputbvec(inputter, input_processor, args,
- inputter.party.P->my_num());
+ *inputter.party.P);
 }
 
 template<class T>

diff --git a/BMR/RealProgramParty.hpp b/BMR/RealProgramParty.hpp
@@ -97,8 +97,6 @@ RealProgramParty<T>::RealProgramParty(int argc, const char** argv) :
  if (online_opts.live_prep)
  {
  mac_key.randomize(prng);
- if (T::needs_ot)
- BaseMachine::s().ot_setups.push_back({*P, true});
  prep = new typename T::LivePrep(0, usage);
  }
  else
@@ -107,6 +105,7 @@ RealProgramParty<T>::RealProgramParty(int argc, const char** argv) :
  prep = new Sub_Data_Files<T>(N, prep_dir, usage);
  }
 
+ T::MAC_Check::setup(*P);
  MC = new typename T::MAC_Check(mac_key);
 
  garble_processor.reset(program);
@@ -219,6 +218,7 @@ RealProgramParty<T>::~RealProgramParty()
  delete garble_inputter;
  delete garble_protocol;
  cout << "Data sent = " << data_sent * 1e-6 << " MB" << endl;
+ T::MAC_Check::teardown();
 }
 
 template<class T>

diff --git a/BMR/Register.h b/BMR/Register.h
@@ -152,7 +152,7 @@ class Register {
  * for pipelining matters.
  */
 
- Register(int n_parties);
+ Register();
 
  void init(int n_parties);
  void init(int rfd, int n_parties);
@@ -278,10 +278,6 @@ class ProgramRegister : public Phase, public Register
 
  static int threshold(int) { throw not_implemented(); }
 
- static Register new_reg();
- static Register tmp_reg() { return new_reg(); }
- static Register and_reg() { return new_reg(); }
-
  template<class T>
  static void store(NoMemory& dest,
  const vector<GC::WriteAccess<T> >& accesses) { (void)dest; (void)accesses; }
@@ -306,8 +302,6 @@ class ProgramRegister : public Phase, public Register
  void other_input(Input&, int) {}
 
  char get_output() { return 0; }
-
- ProgramRegister(const Register& reg) : Register(reg) {}
 };
 
 class PRFRegister : public ProgramRegister
@@ -319,8 +313,6 @@ class PRFRegister : public ProgramRegister
  static void load(vector<GC::ReadAccess<T> >& accesses,
  const NoMemory& source);
 
- PRFRegister(const Register& reg) : ProgramRegister(reg) {}
-
  void op(const PRFRegister& left, const PRFRegister& right, Function func);
  void XOR(const Register& left, const Register& right);
  void input(party_id_t from, char input = -1);
@@ -396,8 +388,6 @@ class EvalRegister : public ProgramRegister
  static void convcbit(Integer& dest, const GC::Clear& source,
  GC::Processor<GC::Secret<EvalRegister>>& proc);
 
- EvalRegister(const Register& reg) : ProgramRegister(reg) {}
-
  void op(const ProgramRegister& left, const ProgramRegister& right, Function func);
  void XOR(const Register& left, const Register& right);
 
@@ -427,8 +417,6 @@ class GarbleRegister : public ProgramRegister
  static void load(vector<GC::ReadAccess<T> >& accesses,
  const NoMemory& source);
 
- GarbleRegister(const Register& reg) : ProgramRegister(reg) {}
-
  void op(const Register& left, const Register& right, Function func);
  void XOR(const Register& left, const Register& right);
  void input(party_id_t from, char value = -1);
@@ -452,8 +440,6 @@ class RandomRegister : public ProgramRegister
  static void load(vector<GC::ReadAccess<T> >& accesses,
  const NoMemory& source);
 
- RandomRegister(const Register& reg) : ProgramRegister(reg) {}
-
  void randomize();
 
  void op(const Register& left, const Register& right, Function func);
@@ -469,12 +455,6 @@ class RandomRegister : public ProgramRegister
 };
 
 
-inline Register::Register(int n_parties) :
- garbled_entry(n_parties), external(NO_SIGNAL),
- mask(NO_SIGNAL), keys(n_parties)
-{
-}
-
 inline void KeyVector::operator=(const KeyVector& other)
 {
  resize(other.size());

diff --git a/BMR/Register.hpp b/BMR/Register.hpp
@@ -14,15 +14,7 @@ void ProgramRegister::inputbvec(T& processor, ProcessorBase& input_processor,
  const vector<int>& args)
 {
  NoOpInputter inputter;
- int my_num = -1;
- try
- {
- my_num = ProgramParty::s().P->my_num();
- }
- catch (exception&)
- {
- }
- processor.inputbvec(inputter, input_processor, args, my_num);
+ processor.inputbvec(inputter, input_processor, args, *ProgramParty::s().P);
 }
 
 template<class T>
@@ -31,7 +23,7 @@ void EvalRegister::inputbvec(T& processor, ProcessorBase& input_processor,
 {
  EvalInputter inputter;
  processor.inputbvec(inputter, input_processor, args,
- ProgramParty::s().P->my_num());
+ *ProgramParty::s().P);
 }
 
 template <class T>

diff --git a/BMR/Register_inline.h b/BMR/Register_inline.h
@@ -9,10 +9,10 @@
 #include "CommonParty.h"
 #include "Party.h"
 
-
-inline Register ProgramRegister::new_reg()
+inline Register::Register() :
+ garbled_entry(CommonParty::s().get_n_parties()), external(NO_SIGNAL),
+ mask(NO_SIGNAL), keys(CommonParty::s().get_n_parties())
 {
- return Register(CommonParty::s().get_n_parties());
 }
 
 #endif /* BMR_REGISTER_INLINE_H_ */
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,13 +1,28 @@
 The changelog explains changes pulled through from the private development repository. Bug fixes and small enhancements are committed between releases and not documented here.
 
+## 0.3.3 (Aug 25, 2022)
+
+- Use SoftSpokenOT to avoid unclear security of KOS OT extension candidate
+- Fix security bug in MAC check when using multithreading
+- Fix security bug to prevent selective failure attack by checking earlier
+- Fix security bug in Mama: insufficient sacrifice.
+- Inverse permutation (@Quitlox)
+- Easier direct compilation (@eriktaubeneck)
+- Generally allow element-vector operations
+- Increase maximum register size to 2^54
+- Client example in Python
+- Uniform base OTs across platforms
+- Multithreaded base OT computation
+- Faster random bit generation in two-player Semi(2k)
+
 ## 0.3.2 (May 27, 2022)
 
 - Secure shuffling
 - O(n log n) radix sorting
 - Documented BGV encryption interface
 - Optimized matrix multiplication in dealer protocol
 - Fixed security bug in homomorphic encryption parameter generation
-- Fixed Security bug in Temi matrix multiplication
+- Fixed security bug in Temi matrix multiplication
 
 ## 0.3.1 (Apr 19, 2022)
 

diff --git a/CONFIG b/CONFIG
@@ -31,24 +31,21 @@ ARCH = -mtune=native -msse4.1 -msse4.2 -maes -mpclmul -mavx -mavx2 -mbmi2 -madx
 ARCH = -march=native
 
 MACHINE := $(shell uname -m)
+ARM := $(shell uname -m | grep x86; echo $$?)
 OS := $(shell uname -s)
 ifeq ($(MACHINE), x86_64)
-# set this to 0 to avoid using AVX for OT
 ifeq ($(OS), Linux)
-CHECK_AVX := $(shell grep -q avx /proc/cpuinfo; echo $$?)
-ifeq ($(CHECK_AVX), 0)
 AVX_OT = 1
 else
 AVX_OT = 0
 endif
 else
-AVX_OT = 1
-endif
-else
 ARCH =
 AVX_OT = 0
 endif
 
+USE_KOS = 0
+
 # allow to set compiler in CONFIG.mine
 CXX = g++
 
@@ -87,7 +84,7 @@ else
 BOOST = -lboost_thread $(MY_BOOST)
 endif
 
-CFLAGS += $(ARCH) $(MY_CFLAGS) $(GDEBUG) -Wextra -Wall $(OPTIM) -I$(ROOT) -pthread $(PROF) $(DEBUG) $(MOD) $(GF2N_LONG) $(PREP_DIR) $(SSL_DIR) $(SECURE) -std=c++11 -Werror
+CFLAGS += $(ARCH) $(MY_CFLAGS) $(GDEBUG) -Wextra -Wall $(OPTIM) -I$(ROOT) -I$(ROOT)/deps -pthread $(PROF) $(DEBUG) $(MOD) $(GF2N_LONG) $(PREP_DIR) $(SSL_DIR) $(SECURE) -std=c++11 -Werror
 CPPFLAGS = $(CFLAGS)
 LD = $(CXX)
 
@@ -98,3 +95,10 @@ ifeq ($(USE_NTL),1)
 CFLAGS += -Wno-error=unused-parameter -Wno-error=deprecated-copy
 endif
 endif
+
+ifeq ($(USE_KOS),1)
+CFLAGS += -DUSE_KOS
+else
+CFLAGS += -std=c++17
+LDLIBS += -llibOTe -lcryptoTools
+endif
diff --git a/Compiler/GC/instructions.py b/Compiler/GC/instructions.py
@@ -342,7 +342,8 @@ class stmcb(base.DirectMemoryWriteInstruction, base.VectorInstruction):
  code = opcodes['STMCB']
  arg_format = ['cb','long']
 
-class ldmsbi(base.ReadMemoryInstruction, base.VectorInstruction):
+class ldmsbi(base.ReadMemoryInstruction, base.VectorInstruction,
+ base.IndirectMemoryInstruction):
  """ Copy secret bit memory cell with run-time address to secret bit
  register.
 
@@ -351,8 +352,10 @@ class ldmsbi(base.ReadMemoryInstruction, base.VectorInstruction):
  """
  code = opcodes['LDMSBI']
  arg_format = ['sbw','ci']
+ direct = staticmethod(ldmsb)
 
-class stmsbi(base.WriteMemoryInstruction, base.VectorInstruction):
+class stmsbi(base.WriteMemoryInstruction, base.VectorInstruction,
+ base.IndirectMemoryInstruction):
  """ Copy secret bit register to secret bit memory cell with run-time
  address.
 
@@ -361,8 +364,10 @@ class stmsbi(base.WriteMemoryInstruction, base.VectorInstruction):
  """
  code = opcodes['STMSBI']
  arg_format = ['sb','ci']
+ direct = staticmethod(stmsb)
 
-class ldmcbi(base.ReadMemoryInstruction, base.VectorInstruction):
+class ldmcbi(base.ReadMemoryInstruction, base.VectorInstruction,
+ base.IndirectMemoryInstruction):
  """ Copy clear bit memory cell with run-time address to clear bit
  register.
 
@@ -371,8 +376,10 @@ class ldmcbi(base.ReadMemoryInstruction, base.VectorInstruction):
  """
  code = opcodes['LDMCBI']
  arg_format = ['cbw','ci']
+ direct = staticmethod(ldmcb)
 
-class stmcbi(base.WriteMemoryInstruction, base.VectorInstruction):
+class stmcbi(base.WriteMemoryInstruction, base.VectorInstruction,
+ base.IndirectMemoryInstruction):
  """ Copy clear bit register to clear bit memory cell with run-time
  address.
 
@@ -381,6 +388,7 @@ class stmcbi(base.WriteMemoryInstruction, base.VectorInstruction):
  """
  code = opcodes['STMCBI']
  arg_format = ['cb','ci']
+ direct = staticmethod(stmcb)
 
 class ldmsdi(base.ReadMemoryInstruction):
  code = opcodes['LDMSDI']