emp-toolkit
garble.h
Go to the documentation of this file.
1 #ifndef LIBGARBLE_H
2 #define LIBGARBLE_H
3 
4 #include "block.h"
5 
6 #include <stdbool.h>
7 #include <stdint.h>
8 #include <stdio.h>
9 #include <openssl/sha.h>
10 
11 #define GARBLE_OK 0
12 #define GARBLE_ERR -1
13 
14 /* Supported garbling types */
15 typedef enum {
16  /* GRR3 and free-XOR as used in JustGarble */
17  GARBLE_TYPE_STANDARD,
18  /* Half-gates approach of Zahur, Rosulek, and Evans (Eurocrypt 2015) */
19  GARBLE_TYPE_HALFGATES,
20  /* Privacy-free approach of Zahur, Rosulek, and Evans (Eurocrypt 2015) */
21  GARBLE_TYPE_PRIVACY_FREE,
22 } garble_type_e;
23 
24 /* Supported gate types */
25 typedef enum {
26  GARBLE_GATE_ZERO = 0,
27  GARBLE_GATE_ONE = 15,
28  GARBLE_GATE_AND = 8,
29  GARBLE_GATE_OR = 14,
30  GARBLE_GATE_XOR = 6,
31  GARBLE_GATE_NOT = 5,
32  GARBLE_GATE_EMPTY = -1,
33 } garble_gate_type_e;
34 
35 typedef struct {
36  /* The type of gate this is */
37  garble_gate_type_e type;
38  /* The input/output wires associated with this gate */
39  uint64_t input0, input1, output;
40 } garble_gate;
41 
42 typedef enum {
43  GARBLE_FIXED_WIRE_ZERO = 0,
44  GARBLE_FIXED_WIRE_ONE = 1
45 } garble_fixed_wire_e;
46 
47 typedef struct {
48  garble_fixed_wire_e type;
49  int idx;
50 } garble_fixed_wire;
51 
52 typedef struct {
53  /* n: number of inputs */
54  /* m: number of outputs */
55  /* q: number of gates */
56  /* r: number of wires */
57  uint64_t n, m, q, r;
58  /* garbling scheme type */
59  garble_type_e type;
60 
61  garble_gate *gates; /* q */
62  block *table; /* q */
63  block *wires; /* 2 * r */
64  int *outputs; /* m */
65 
66  /* permutation bits of output wire labels */
67  bool *output_perms;
68  /* fixed label used for constant values */
69  block fixed_label;
70  /* key used for fixed-key AES */
71  block global_key;
72 } garble_circuit;
73 
74 /* Return the table size of a garbled circuit */
75 inline
76 size_t garble_table_size(const garble_circuit *gc)
77 {
78  switch(gc->type) {
79  case GARBLE_TYPE_STANDARD:
80  return 3 * sizeof(block);
81  case GARBLE_TYPE_HALFGATES:
82  return 2 * sizeof(block);
83  case GARBLE_TYPE_PRIVACY_FREE:
84  return sizeof(block);
85  }
86  return 0;
87 }
88 
89 /* Create a new circuit */
90 int
91 garble_new(garble_circuit *gc, uint64_t n, uint64_t m, garble_type_e type);
92 /* Delete a garbled circuit */
93 void
94 garble_delete(garble_circuit *gc);
95 
96 /* Garbles a circuit.
97  If 'input_labels' is NULL, generate input-wire labels.
98  If 'output_labels' is NULL, don't store output-wire labels.
99  */
100 int
101 garble_garble(garble_circuit *gc, const block *input_labels,
102  block *output_labels);
103 /* Hash a given garbled circuit */
104 void
105 garble_hash(const garble_circuit *gc, unsigned char hash[SHA_DIGEST_LENGTH]);
106 /* Check that 'gc' matches the hash specified in 'hash' */
107 int
108 garble_check(garble_circuit *gc, const unsigned char hash[SHA_DIGEST_LENGTH]);
109 /* Create a random delta block */
110 block
111 garble_create_delta(void);
112 /* Create 'n' input labels and store them in 'labels'.
113  'delta' specified the delta block to use; if NULL, generate a new delta.
114  'privacyfree' specifies whether you are using the privacy free garbling scheme.
115  */
116 void
117 garble_create_input_labels(block *labels, uint64_t n, block *delta,
118  bool privacyfree);
119 /* Evaluate garbled circuit 'gc'.
120  'input_labels' specifies the input wire labels to use.
121  'output_labels', if not NULL, stores the output wire labels.
122  'outputs', if not NULL, stores the actual output of the computation.
123  */
124 int
125 garble_eval(const garble_circuit *gc, const block *input_labels,
126  block *output_labels, bool *outputs);
127 void
128 garble_extract_labels(block *extracted_labels, const block *labels,
129  const bool *bits, uint64_t n);
130 
131 /* XXX: not to be used in practice, as knowing both output blocks is completely
132  * insecure! */
133 int
134 garble_map_outputs(const block *output_labels, const block *map, bool *vals,
135  uint64_t m);
136 
137 /* write/read circuit description to/from file */
138 int
139 garble_circuit_to_file(garble_circuit *gc, char *fname);
140 int
141 garble_circuit_from_file(garble_circuit *gc, char *fname);
142 
143 size_t
144 garble_size(const garble_circuit *gc, bool wires);
145 
146 int
147 garble_save(const garble_circuit *gc, FILE *f, bool wires);
148 int
149 garble_load(garble_circuit *gc, FILE *f, bool wires);
150 
151 int
152 garble_to_buffer(const garble_circuit *gc, char *buf, bool wires);
153 int
154 garble_from_buffer(garble_circuit *gc, const char *buf, bool wires);
155 
156 #endif
garble_circuit
Definition: garble.h:52
garble_type_e
garble_type_e
Definition: garble.h:15
garble_circuit::global_key
block global_key
Definition: garble.h:71
garble_create_delta
block garble_create_delta(void)
garble_circuit::wires
block * wires
Definition: garble.h:63
garble_garble
int garble_garble(garble_circuit *gc, const block *input_labels, block *output_labels)
garble_check
int garble_check(garble_circuit *gc, const unsigned char hash[SHA_DIGEST_LENGTH])
garble_fixed_wire
Definition: garble.h:47
block
__m128i block
Definition: block.h:8
garble_circuit_from_file
int garble_circuit_from_file(garble_circuit *gc, char *fname)
GARBLE_GATE_XOR
Definition: garble.h:30
garble_fixed_wire_e
garble_fixed_wire_e
Definition: garble.h:42
garble_fixed_wire::idx
int idx
Definition: garble.h:49
GARBLE_TYPE_STANDARD
Definition: garble.h:17
GARBLE_GATE_EMPTY
Definition: garble.h:32
garble_save
int garble_save(const garble_circuit *gc, FILE *f, bool wires)
garble_circuit::fixed_label
block fixed_label
Definition: garble.h:69
garble_create_input_labels
void garble_create_input_labels(block *labels, uint64_t n, block *delta, bool privacyfree)
garble_gate::output
uint64_t output
Definition: garble.h:39
garble_fixed_wire::type
garble_fixed_wire_e type
Definition: garble.h:48
GARBLE_GATE_AND
Definition: garble.h:28
garble_new
int garble_new(garble_circuit *gc, uint64_t n, uint64_t m, garble_type_e type)
garble_gate::type
garble_gate_type_e type
Definition: garble.h:37
garble_size
size_t garble_size(const garble_circuit *gc, bool wires)
garble_gate_type_e
garble_gate_type_e
Definition: garble.h:25
garble_circuit::type
garble_type_e type
Definition: garble.h:59
garble_circuit_to_file
int garble_circuit_to_file(garble_circuit *gc, char *fname)
GARBLE_GATE_ONE
Definition: garble.h:27
garble_table_size
size_t garble_table_size(const garble_circuit *gc)
Definition: garble.h:76
GARBLE_FIXED_WIRE_ONE
Definition: garble.h:44
garble_eval
int garble_eval(const garble_circuit *gc, const block *input_labels, block *output_labels, bool *outputs)
GARBLE_TYPE_HALFGATES
Definition: garble.h:19
garble_extract_labels
void garble_extract_labels(block *extracted_labels, const block *labels, const bool *bits, uint64_t n)
GARBLE_TYPE_PRIVACY_FREE
Definition: garble.h:21
garble_load
int garble_load(garble_circuit *gc, FILE *f, bool wires)
garble_from_buffer
int garble_from_buffer(garble_circuit *gc, const char *buf, bool wires)
garble_to_buffer
int garble_to_buffer(const garble_circuit *gc, char *buf, bool wires)
garble_circuit::r
uint64_t r
Definition: garble.h:57
garble_circuit::outputs
int * outputs
Definition: garble.h:64
GARBLE_GATE_OR
Definition: garble.h:29
garble_circuit::output_perms
bool * output_perms
Definition: garble.h:67
GARBLE_GATE_ZERO
Definition: garble.h:26
garble_gate
Definition: garble.h:35
garble_map_outputs
int garble_map_outputs(const block *output_labels, const block *map, bool *vals, uint64_t m)
GARBLE_FIXED_WIRE_ZERO
Definition: garble.h:43
garble_circuit::table
block * table
Definition: garble.h:62
garble_hash
void garble_hash(const garble_circuit *gc, unsigned char hash[SHA_DIGEST_LENGTH])
garble_delete
void garble_delete(garble_circuit *gc)
GARBLE_GATE_NOT
Definition: garble.h:31
garble_circuit::gates
garble_gate * gates
Definition: garble.h:61