SoftSpokenOT.

Author: mkskeller

.gitignore

@@ -119,3 +119,7 @@ _build/
 
 # environment
 .env
+
+# temp doc files
+doc/readme.md
+doc/xml

.gitmodules

@@ -1,12 +1,18 @@
 [submodule "SimpleOT"]
-	path = SimpleOT
+	path = deps/SimpleOT
 	url = https://github.com/mkskeller/SimpleOT
 [submodule "mpir"]
-	path = mpir
+	path = deps/mpir
 	url = https://github.com/wbhart/mpir
 [submodule "Programs/Circuits"]
 	path = Programs/Circuits
 	url = https://github.com/mkskeller/bristol-fashion
 [submodule "simde"]
-	path = simde
+	path = deps/simde
 	url = https://github.com/simd-everywhere/simde
+[submodule "deps/libOTe"]
+	path = deps/libOTe
+	url = https://github.com/mkskeller/softspoken-implementation
+[submodule "deps/SimplestOT_C"]
+	path = deps/SimplestOT_C
+	url = https://github.com/mkskeller/SimplestOT_C

BMR/Party.cpp

@@ -249,6 +249,7 @@ FakeProgramParty::FakeProgramParty(int argc, const char** argv) :
 	}
 	cout << "Compiler: " << prev << endl;
 	P = new PlainPlayer(N, 0);
+	Share<gf2n_long>::MAC_Check::setup(*P);
 	if (argc > 4)
 		threshold = atoi(argv[4]);
 	cout << "Threshold for multi-threaded evaluation: " << threshold << endl;
@@ -280,6 +281,7 @@ FakeProgramParty::~FakeProgramParty()
         cerr << "Dynamic storage: " << 1e-9 * dynamic_memory.capacity_in_bytes()
                 << " GB" << endl;
 #endif
+    Share<gf2n_long>::MAC_Check::teardown();
 }
 
 void FakeProgramParty::_compute_prfs_outputs(Key* keys)

BMR/RealGarbleWire.h

@@ -48,8 +48,6 @@ class RealGarbleWire : public PRFRegister
 	static void inputbvec(GC::Processor<GC::Secret<RealGarbleWire>>& processor,
 			ProcessorBase& input_processor, const vector<int>& args);
 
-	RealGarbleWire(const Register& reg) : PRFRegister(reg) {}
-
 	void garble(PRFOutputs& prf_output, const RealGarbleWire<T>& left,
 			const RealGarbleWire<T>& right);
 

BMR/RealGarbleWire.hpp

@@ -110,7 +110,7 @@ void RealGarbleWire<T>::inputbvec(
 {
 	GarbleInputter<T> inputter;
 	processor.inputbvec(inputter, input_processor, args,
-			inputter.party.P->my_num());
+			*inputter.party.P);
 }
 
 template<class T>

BMR/RealProgramParty.hpp

@@ -97,8 +97,6 @@ RealProgramParty<T>::RealProgramParty(int argc, const char** argv) :
 	if (online_opts.live_prep)
 	{
 		mac_key.randomize(prng);
-		if (T::needs_ot)
-			BaseMachine::s().ot_setups.push_back({*P, true});
 		prep = new typename T::LivePrep(0, usage);
 	}
 	else
@@ -107,6 +105,7 @@ RealProgramParty<T>::RealProgramParty(int argc, const char** argv) :
 		prep = new Sub_Data_Files<T>(N, prep_dir, usage);
 	}
 
+	T::MAC_Check::setup(*P);
 	MC = new typename T::MAC_Check(mac_key);
 
 	garble_processor.reset(program);
@@ -219,6 +218,7 @@ RealProgramParty<T>::~RealProgramParty()
 	delete garble_inputter;
 	delete garble_protocol;
 	cout << "Data sent = " << data_sent * 1e-6 << " MB" << endl;
+	T::MAC_Check::teardown();
 }
 
 template<class T>

BMR/Register.h

@@ -152,7 +152,7 @@ class Register {
 	                   *  for pipelining matters.
 	                   */
 
-	Register(int n_parties);
+	Register();
 
 	void init(int n_parties);
 	void init(int rfd, int n_parties);
@@ -278,10 +278,6 @@ class ProgramRegister : public Phase, public Register
 
 	static int threshold(int) { throw not_implemented(); }
 
-	static Register new_reg();
-	static Register tmp_reg() { return new_reg(); }
-	static Register and_reg() { return new_reg(); }
-
 	template<class T>
 	static void store(NoMemory& dest,
 			const vector<GC::WriteAccess<T> >& accesses) { (void)dest; (void)accesses; }
@@ -306,8 +302,6 @@ class ProgramRegister : public Phase, public Register
 	void other_input(Input&, int) {}
 
 	char get_output() { return 0; }
-
-	ProgramRegister(const Register& reg) : Register(reg) {}
 };
 
 class PRFRegister : public ProgramRegister
@@ -319,8 +313,6 @@ class PRFRegister : public ProgramRegister
 	static void load(vector<GC::ReadAccess<T> >& accesses,
 			const NoMemory& source);
 
-	PRFRegister(const Register& reg) : ProgramRegister(reg) {}
-
 	void op(const PRFRegister& left, const PRFRegister& right, Function func);
 	void XOR(const Register& left, const Register& right);
 	void input(party_id_t from, char input = -1);
@@ -396,8 +388,6 @@ class EvalRegister : public ProgramRegister
 	static void convcbit(Integer& dest, const GC::Clear& source,
 	        GC::Processor<GC::Secret<EvalRegister>>& proc);
 
-	EvalRegister(const Register& reg) : ProgramRegister(reg) {}
-
 	void op(const ProgramRegister& left, const ProgramRegister& right, Function func);
 	void XOR(const Register& left, const Register& right);
 
@@ -427,8 +417,6 @@ class GarbleRegister : public ProgramRegister
 	static void load(vector<GC::ReadAccess<T> >& accesses,
 			const NoMemory& source);
 
-	GarbleRegister(const Register& reg) : ProgramRegister(reg) {}
-
 	void op(const Register& left, const Register& right, Function func);
 	void XOR(const Register& left, const Register& right);
         void input(party_id_t from, char value = -1);
@@ -452,8 +440,6 @@ class RandomRegister : public ProgramRegister
 	static void load(vector<GC::ReadAccess<T> >& accesses,
 			const NoMemory& source);
 
-	RandomRegister(const Register& reg) : ProgramRegister(reg) {}
-
 	void randomize();
 
 	void op(const Register& left, const Register& right, Function func);
@@ -469,12 +455,6 @@ class RandomRegister : public ProgramRegister
 };
 
 
-inline Register::Register(int n_parties) :
-		garbled_entry(n_parties), external(NO_SIGNAL),
-		mask(NO_SIGNAL), keys(n_parties)
-{
-}
-
 inline void KeyVector::operator=(const KeyVector& other)
 {
 	resize(other.size());

BMR/Register.hpp

@@ -14,15 +14,7 @@ void ProgramRegister::inputbvec(T& processor, ProcessorBase& input_processor,
 		const vector<int>& args)
 {
 	NoOpInputter inputter;
-	int my_num = -1;
-	try
-	{
-		my_num = ProgramParty::s().P->my_num();
-	}
-	catch (exception&)
-	{
-	}
-	processor.inputbvec(inputter, input_processor, args, my_num);
+	processor.inputbvec(inputter, input_processor, args, *ProgramParty::s().P);
 }
 
 template<class T>
@@ -31,7 +23,7 @@ void EvalRegister::inputbvec(T& processor, ProcessorBase& input_processor,
 {
 	EvalInputter inputter;
 	processor.inputbvec(inputter, input_processor, args,
-			ProgramParty::s().P->my_num());
+			*ProgramParty::s().P);
 }
 
 template <class T>

BMR/Register_inline.h

@@ -9,10 +9,10 @@
 #include "CommonParty.h"
 #include "Party.h"
 
-
-inline Register ProgramRegister::new_reg()
+inline Register::Register() :
+        garbled_entry(CommonParty::s().get_n_parties()), external(NO_SIGNAL),
+        mask(NO_SIGNAL), keys(CommonParty::s().get_n_parties())
 {
-	return Register(CommonParty::s().get_n_parties());
 }
 
 #endif /* BMR_REGISTER_INLINE_H_ */

CHANGELOG.md

@@ -1,13 +1,28 @@
 The changelog explains changes pulled through from the private development repository. Bug fixes and small enhancements are committed between releases and not documented here.
 
+## 0.3.3 (Aug 25, 2022)
+
+- Use SoftSpokenOT to avoid unclear security of KOS OT extension candidate
+- Fix security bug in MAC check when using multithreading
+- Fix security bug to prevent selective failure attack by checking earlier
+- Fix security bug in Mama: insufficient sacrifice.
+- Inverse permutation (@Quitlox)
+- Easier direct compilation (@eriktaubeneck)
+- Generally allow element-vector operations
+- Increase maximum register size to 2^54
+- Client example in Python
+- Uniform base OTs across platforms
+- Multithreaded base OT computation
+- Faster random bit generation in two-player Semi(2k)
+
 ## 0.3.2 (May 27, 2022)
 
 - Secure shuffling
 - O(n log n) radix sorting
 - Documented BGV encryption interface
 - Optimized matrix multiplication in dealer protocol
 - Fixed security bug in homomorphic encryption parameter generation
-- Fixed Security bug in Temi matrix multiplication
+- Fixed security bug in Temi matrix multiplication
 
 ## 0.3.1 (Apr 19, 2022)
 

CONFIG

@@ -31,24 +31,21 @@ ARCH = -mtune=native -msse4.1 -msse4.2 -maes -mpclmul -mavx -mavx2 -mbmi2 -madx
 ARCH = -march=native
 
 MACHINE := $(shell uname -m)
+ARM := $(shell uname -m | grep x86; echo $$?)
 OS := $(shell uname -s)
 ifeq ($(MACHINE), x86_64)
-# set this to 0 to avoid using AVX for OT
 ifeq ($(OS), Linux)
-CHECK_AVX := $(shell grep -q avx /proc/cpuinfo; echo $$?)
-ifeq ($(CHECK_AVX), 0)
 AVX_OT = 1
 else
 AVX_OT = 0
 endif
 else
-AVX_OT = 1
-endif
-else
 ARCH =
 AVX_OT = 0
 endif
 
+USE_KOS = 0
+
 # allow to set compiler in CONFIG.mine
 CXX = g++
 
@@ -87,7 +84,7 @@ else
 BOOST = -lboost_thread $(MY_BOOST)
 endif
 
-CFLAGS += $(ARCH) $(MY_CFLAGS) $(GDEBUG) -Wextra -Wall $(OPTIM) -I$(ROOT) -pthread $(PROF) $(DEBUG) $(MOD) $(GF2N_LONG) $(PREP_DIR) $(SSL_DIR) $(SECURE) -std=c++11 -Werror
+CFLAGS += $(ARCH) $(MY_CFLAGS) $(GDEBUG) -Wextra -Wall $(OPTIM) -I$(ROOT) -I$(ROOT)/deps -pthread $(PROF) $(DEBUG) $(MOD) $(GF2N_LONG) $(PREP_DIR) $(SSL_DIR) $(SECURE) -std=c++11 -Werror
 CPPFLAGS = $(CFLAGS)
 LD = $(CXX)
 
@@ -98,3 +95,10 @@ ifeq ($(USE_NTL),1)
 CFLAGS += -Wno-error=unused-parameter -Wno-error=deprecated-copy
 endif
 endif
+
+ifeq ($(USE_KOS),1)
+CFLAGS += -DUSE_KOS
+else
+CFLAGS += -std=c++17
+LDLIBS += -llibOTe -lcryptoTools
+endif

Compiler/GC/instructions.py

@@ -342,7 +342,8 @@ class stmcb(base.DirectMemoryWriteInstruction, base.VectorInstruction):
     code = opcodes['STMCB']
     arg_format = ['cb','long']
 
-class ldmsbi(base.ReadMemoryInstruction, base.VectorInstruction):
+class ldmsbi(base.ReadMemoryInstruction, base.VectorInstruction,
+             base.IndirectMemoryInstruction):
     """ Copy secret bit memory cell with run-time address to secret bit
     register.
 
@@ -351,8 +352,10 @@ class ldmsbi(base.ReadMemoryInstruction, base.VectorInstruction):
     """
     code = opcodes['LDMSBI']
     arg_format = ['sbw','ci']
+    direct = staticmethod(ldmsb)
 
-class stmsbi(base.WriteMemoryInstruction, base.VectorInstruction):
+class stmsbi(base.WriteMemoryInstruction, base.VectorInstruction,
+             base.IndirectMemoryInstruction):
     """ Copy secret bit register to secret bit memory cell with run-time
     address.
 
@@ -361,8 +364,10 @@ class stmsbi(base.WriteMemoryInstruction, base.VectorInstruction):
     """
     code = opcodes['STMSBI']
     arg_format = ['sb','ci']
+    direct = staticmethod(stmsb)
 
-class ldmcbi(base.ReadMemoryInstruction, base.VectorInstruction):
+class ldmcbi(base.ReadMemoryInstruction, base.VectorInstruction,
+             base.IndirectMemoryInstruction):
     """ Copy clear bit memory cell with run-time address to clear bit
     register.
 
@@ -371,8 +376,10 @@ class ldmcbi(base.ReadMemoryInstruction, base.VectorInstruction):
     """
     code = opcodes['LDMCBI']
     arg_format = ['cbw','ci']
+    direct = staticmethod(ldmcb)
 
-class stmcbi(base.WriteMemoryInstruction, base.VectorInstruction):
+class stmcbi(base.WriteMemoryInstruction, base.VectorInstruction,
+             base.IndirectMemoryInstruction):
     """ Copy clear bit register to clear bit memory cell with run-time
     address.
 
@@ -381,6 +388,7 @@ class stmcbi(base.WriteMemoryInstruction, base.VectorInstruction):
     """
     code = opcodes['STMCBI']
     arg_format = ['cb','ci']
+    direct = staticmethod(stmcb)
 
 class ldmsdi(base.ReadMemoryInstruction):
     code = opcodes['LDMSDI']