Shamir secret sharing.

data61 · Jan 5, 2019 · 216fbdf · 216fbdf
1 parent 343f484
commit 216fbdf
Show file tree

Hide file tree

Showing 57 changed files with 1,375 additions and 215 deletions.
diff --git a/Auth/MAC_Check.cpp b/Auth/MAC_Check.cpp
@@ -12,6 +12,8 @@
 #include "Math/BitVec.h"
 #include "Math/Rep3Share.h"
 #include "Math/MaliciousRep3Share.h"
+#include "Math/ShamirShare.h"
+#include "Math/MaliciousShamirShare.h"
 
 #include <algorithm>
 
@@ -460,3 +462,7 @@ template class MAC_Check_Base<Rep3Share<gf2n>>;
 template class MAC_Check_Base<Rep3Share<Integer>>;
 template class MAC_Check_Base<MaliciousRep3Share<gfp>>;
 template class MAC_Check_Base<MaliciousRep3Share<gf2n>>;
+template class MAC_Check_Base<ShamirShare<gfp>>;
+template class MAC_Check_Base<ShamirShare<gf2n>>;
+template class MAC_Check_Base<MaliciousShamirShare<gfp>>;
+template class MAC_Check_Base<MaliciousShamirShare<gf2n>>;
diff --git a/Auth/MaliciousShamirMC.h b/Auth/MaliciousShamirMC.h
@@ -0,0 +1,35 @@
+/*
+ * MaliciousShamirMC.h
+ *
+ */
+
+#ifndef AUTH_MALICIOUSSHAMIRMC_H_
+#define AUTH_MALICIOUSSHAMIRMC_H_
+
+#include "ShamirMC.h"
+
+template<class T>
+class MaliciousShamirMC : public ShamirMC<T>
+{
+    vector<vector<typename T::clear>> reconstructions;
+
+public:
+    MaliciousShamirMC();
+
+    // emulate MAC_Check
+    MaliciousShamirMC(const typename T::value_type& _, int __ = 0, int ___ = 0) :
+            MaliciousShamirMC()
+    { (void)_; (void)__; (void)___; }
+
+    // emulate Direct_MAC_Check
+    MaliciousShamirMC(const typename T::value_type& _, Names& ____, int __ = 0,
+            int ___ = 0) :
+            MaliciousShamirMC()
+    { (void)_; (void)__; (void)___; (void)____; }
+
+
+    void POpen_End(vector<typename T::clear>& values, const vector<T>& S,
+            const Player& P);
+};
+
+#endif /* AUTH_MALICIOUSSHAMIRMC_H_ */
diff --git a/Auth/MaliciousShamirMC.hpp b/Auth/MaliciousShamirMC.hpp
@@ -0,0 +1,52 @@
+/*
+ * MaliciousShamirMC.cpp
+ *
+ */
+
+#include "MaliciousShamirMC.h"
+#include "Processor/ShamirMachine.h"
+
+template<class T>
+MaliciousShamirMC<T>::MaliciousShamirMC()
+{
+    this->threshold = 2 * ShamirMachine::s().threshold;
+}
+
+template<class T>
+void MaliciousShamirMC<T>::POpen_End(vector<typename T::clear>& values,
+        const vector<T>& S, const Player& P)
+{
+    (void) P;
+    int threshold = ShamirMachine::s().threshold;
+    if (reconstructions.empty())
+    {
+        reconstructions.resize(2 * threshold + 2);
+        for (int i = threshold + 1; i <= 2 * threshold + 1; i++)
+        {
+            reconstructions[i].resize(i);
+            for (int j = 0; j < i; j++)
+                reconstructions[i][j] = Shamir<T>::get_rec_factor(j, i);
+        }
+    }
+
+    values.clear();
+    values.resize(S.size());
+    vector<T> shares(2 * threshold + 1);
+    for (size_t i = 0; i < values.size(); i++)
+    {
+        for (size_t j = 0; j < shares.size(); j++)
+            shares[j].unpack(this->os[j]);
+        T value = 0;
+        for (int j = 0; j < threshold + 1; j++)
+            value += shares[j] * reconstructions[threshold + 1][j];
+        for (int j = threshold + 2; j <= 2 * threshold + 1; j++)
+        {
+            T check = 0;
+            for (int k = 0; k < j; k++)
+                check += shares[k] * reconstructions[j][k];
+            if (check != value)
+                throw mac_fail();
+        }
+        values[i] = value;
+    }
+}
diff --git a/Auth/ShamirMC.h b/Auth/ShamirMC.h
@@ -0,0 +1,40 @@
+/*
+ * ShamirMC.h
+ *
+ */
+
+#ifndef AUTH_SHAMIRMC_H_
+#define AUTH_SHAMIRMC_H_
+
+#include "MAC_Check.h"
+#include "Math/ShamirShare.h"
+#include "Processor/ShamirMachine.h"
+
+template<class T>
+class ShamirMC : public MAC_Check_Base<T>
+{
+    vector<typename T::clear> reconstruction;
+
+protected:
+    vector<octetStream> os;
+    int threshold;
+
+public:
+    ShamirMC() : threshold(ShamirMachine::s().threshold) {}
+
+    // emulate MAC_Check
+    ShamirMC(const typename T::value_type& _, int __ = 0, int ___ = 0) : ShamirMC()
+    { (void)_; (void)__; (void)___; }
+
+    // emulate Direct_MAC_Check
+    ShamirMC(const typename T::value_type& _, Names& ____, int __ = 0, int ___ = 0) :
+        ShamirMC()
+    { (void)_; (void)__; (void)___; (void)____; }
+
+    void POpen_Begin(vector<typename T::clear>& values,const vector<T>& S,const Player& P);
+    void POpen_End(vector<typename T::clear>& values,const vector<T>& S,const Player& P);
+
+    void Check(const Player& P) { (void)P; }
+};
+
+#endif /* AUTH_SHAMIRMC_H_ */
diff --git a/Auth/ShamirMC.hpp b/Auth/ShamirMC.hpp
@@ -0,0 +1,47 @@
+/*
+ * ShamirMC.cpp
+ *
+ */
+
+#include "ShamirMC.h"
+
+template<class T>
+void ShamirMC<T>::POpen_Begin(vector<typename T::clear>& values,
+        const vector<T>& S, const Player& P)
+{
+    (void) values;
+    os.clear();
+    os.resize(P.num_players());
+    if (P.my_num() <= threshold)
+    {
+        for (auto& share : S)
+            share.pack(os[P.my_num()]);
+        for (int i = 0; i < P.num_players(); i++)
+            if (i != P.my_num())
+                P.send_to(i, os[P.my_num()], true);
+    }
+    for (int i = 0; i <= threshold; i++)
+        if (i != P.my_num())
+            P.receive_player(i, os[i], true);
+}
+
+template<class T>
+void ShamirMC<T>::POpen_End(vector<typename T::clear>& values,
+        const vector<T>& S, const Player& P)
+{
+    (void) P;
+    int n_relevant_players = ShamirMachine::s().threshold + 1;
+    if (reconstruction.empty())
+    {
+        reconstruction.resize(n_relevant_players, 1);
+        for (int i = 0; i < n_relevant_players; i++)
+            reconstruction[i] = Shamir<typename T::clear>::get_rec_factor(i,
+                    n_relevant_players);
+    }
+
+    values.clear();
+    values.resize(S.size());
+    for (size_t i = 0; i < values.size(); i++)
+        for (int j = 0; j < n_relevant_players; j++)
+            values[i] += os[j].template get<typename T::clear>() * reconstruction[j];
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 The changelog explains changes pulled through from the private development repository. Bug fixes and small enchancements are committed between releases and not documented here.
 
+## 0.0.6 (Jan 5, 2019)
+
+- Shamir secret sharing
+
 ## 0.0.5 (Nov 5, 2018)
+
+- More three-party replicated secret sharing
 - Encrypted communication for replicated secret sharing
 
 ## 0.0.4 (Oct 11, 2018)

diff --git a/Compiler/GC/types.py b/Compiler/GC/types.py
@@ -1,5 +1,5 @@
 from Compiler.types import MemValue, read_mem_value, regint, Array
-from Compiler.types import _bitint, _number, _fix
+from Compiler.types import _bitint, _number, _fix, _structure
 from Compiler.program import Tape, Program
 from Compiler.exceptions import *
 from Compiler import util, oram, floatingpoint
@@ -66,6 +66,12 @@ def bit_decompose(self, bit_length=None):
         else:
             return self.decomposed[:n] + suffix
     @classmethod
+    def malloc(cls, size):
+        return Program.prog.malloc(size, cls)
+    @staticmethod
+    def n_elements():
+        return 1
+    @classmethod
     def load_mem(cls, address, mem_type=None):
         res = cls()
         if mem_type == 'sd':

diff --git a/Compiler/types.py b/Compiler/types.py
@@ -1773,7 +1773,7 @@ class cfix(_number, _structure):
     """ Clear fixed point type. """
     __slots__ = ['value', 'f', 'k', 'size']
     reg_type = 'c'
-    scalars = (int, long, float)
+    scalars = (int, long, float, regint)
     @classmethod
     def set_precision(cls, f, k = None):
         # k is the whole bitlength of fixed point
@@ -1829,7 +1829,12 @@ def __init__(self, v=None, size=None):
         if isinstance(v, cint):
             self.v = cint(v,size=self.size)
         elif isinstance(v, cfix.scalars):
-            self.v = cint(int(round(v * (2 ** f))),size=self.size)
+            v = v * (2 ** f)
+            try:
+                v = int(round(v))
+            except TypeError:
+                pass
+            self.v = cint(v, size=self.size)
         elif isinstance(v, cfix):
             self.v = v.v
         elif isinstance(v, MemValue):
@@ -2072,9 +2077,11 @@ def __init__(self, _v=None, size=None):
             self.v = _v.v
         elif isinstance(_v, (MemValue, MemFix)):
             #this is a memvalue object
-            self.v = self.conv(_v.read())
+            self.v = sfix(_v.read()).v
         else:
             raise CompilerError('cannot convert %s to sfix' % _v)
+        if not isinstance(self.v, self.int_type):
+            raise CompilerError('sfix conversion failure: %s/%s' % (_v, self.v))
 
     @vectorize
     def load_int(self, v):
@@ -2304,16 +2311,17 @@ def __init__(self, v, p=None, z=None, s=None, size=None):
                 z = v.z
                 s = v.s
                 v = v.v
-            elif isinstance(v, sint):
-                v, p, z, s = floatingpoint.Int2FL(v, program.bit_length,
-                                                  self.vlen, self.kappa)
             elif isinstance(v, sfix):
                 f = v.f
                 v, p, z, s = floatingpoint.Int2FL(v.v, v.k,
                                                   self.vlen, self.kappa)
                 p = p - f
-            else:
+            elif util.is_constant_float(v):
                 v, p, z, s = self.convert_float(v, self.vlen, self.plen)
+            else:
+                v, p, z, s = floatingpoint.Int2FL(sint.conv(v),
+                                                  program.bit_length,
+                                                  self.vlen, self.kappa)
         if isinstance(v, int):
             if not ((v >= 2**(self.vlen-1) and v < 2**(self.vlen)) or v == 0):
                 raise CompilerError('Floating point number malformed: significand')
@@ -2554,6 +2562,11 @@ def print_float_plain(self):
     'ci': regint,
 }
 
+def _get_type(t):
+    if t in _types:
+        return _types[t]
+    else:
+        return t
 
 class Array(object):
     @classmethod
@@ -2566,8 +2579,7 @@ def create_from(cls, l):
         return res
 
     def __init__(self, length, value_type, address=None, debug=None):
-        if value_type in _types:
-            value_type = _types[value_type]
+        value_type = _get_type(value_type)
         self.address = address
         self.length = length
         self.value_type = value_type
@@ -2695,7 +2707,7 @@ def reveal(self):
 class SubMultiArray(object):
     def __init__(self, sizes, value_type, address, index, debug=None):
         self.sizes = sizes
-        self.value_type = value_type
+        self.value_type = _get_type(value_type)
         self.address = address + index * reduce(operator.mul, self.sizes) * \
                        self.value_type.n_elements()
         self.sub_cache = {}

diff --git a/Compiler/util.py b/Compiler/util.py
@@ -137,6 +137,9 @@ def reveal(x):
 def is_constant(x):
     return isinstance(x, (int, long, bool))
 
+def is_constant_float(x):
+    return isinstance(x, float) or is_constant(x)
+
 def is_zero(x):
     try:
         return int(x) is 0

diff --git a/GC/Machine.cpp b/GC/Machine.cpp
@@ -14,6 +14,7 @@
 #include "Thread.hpp"
 #include "ThreadMaster.hpp"
 #include "Auth/MaliciousRepMC.hpp"
+#include "Processor/Replicated.hpp"
 
 namespace GC
 {

diff --git a/License.txt b/License.txt
@@ -1,5 +1,5 @@
 CSIRO Open Source Software Licence Agreement (variation of the BSD / MIT License)
-Copyright (c) 2018, Commonwealth Scientific and Industrial Research Organisation (CSIRO) ABN 41 687 119 230.
+Copyright (c) 2019, Commonwealth Scientific and Industrial Research Organisation (CSIRO) ABN 41 687 119 230.
 All rights reserved. CSIRO is willing to grant you a licence to this MP-SPDZ sofware on the following terms, except where otherwise indicated for third party material.
 Redistribution and use of this software in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

diff --git a/Makefile b/Makefile
@@ -39,7 +39,7 @@ OBJS = $(BMR) $(FHEOFFLINE) $(TINYOTOFFLINE) $(YAO) $(COMPLETE)
 DEPS := $(OBJS:.o=.d)
 
 
-all: gen_input online offline externalIO yao replicated
+all: gen_input online offline externalIO yao replicated shamir
 
 ifeq ($(USE_GF2N_LONG),1)
 all: bmr
@@ -80,6 +80,8 @@ replicated: rep-field rep-ring rep-bin
 
 tldr: malicious-rep-field-party.x Setup.x
 
+shamir: shamir-party.x malicious-shamir-party.x galois-degree.x
+
 Fake-Offline.x: Fake-Offline.cpp $(COMMON) $(PROCESSOR)
 	$(CXX) $(CFLAGS) -o $@ Fake-Offline.cpp $(COMMON) $(PROCESSOR) $(LDLIBS)
 
@@ -179,6 +181,12 @@ replicated-field-party.x: replicated-field-party.cpp $(PROCESSOR) $(COMMON)
 malicious-rep-field-party.x: malicious-rep-field-party.cpp $(PROCESSOR) $(COMMON)
 	$(CXX) $(CFLAGS) -o $@ $^ $(LDLIBS)
 
+shamir-party.x: shamir-party.cpp $(PROCESSOR) $(COMMON)
+	$(CXX) $(CFLAGS) -o $@ $^ $(LDLIBS)
+
+malicious-shamir-party.x: malicious-shamir-party.cpp $(PROCESSOR) $(COMMON)
+	$(CXX) $(CFLAGS) -o $@ $^ $(LDLIBS)
+
 $(LIBSIMPLEOT): SimpleOT/Makefile
 	$(MAKE) -C SimpleOT
 

diff --git a/Math/MaliciousRep3Share.h b/Math/MaliciousRep3Share.h
@@ -23,6 +23,7 @@ class MaliciousRep3Share : public Rep3Share<T>
     typedef MAC_Check Direct_MC;
     typedef ReplicatedInput<MaliciousRep3Share<T>> Input;
     typedef ReplicatedPrivateOutput<MaliciousRep3Share<T>> PrivateOutput;
+    typedef Rep3Share<T> Honest;
 
     static string type_short()
     {