emp-toolkit
iv.h
Go to the documentation of this file.
1 #ifndef IV_H__
2 #define IV_H__
3 #include <emp-tool/emp-tool.h>
4 #include "input-validity/elgamal.h"
5 #include <emp-ot/emp-ot.h>
6 
7 class IV { public:
8  const bool is_check = true;
9  const bool is_evaluate = false;
10  Elgamal *elgamal;
11  NetIO * io;
12  int party;
13  int n1, n2, n3;
14  PRG prg;
15  PRP prp;
16  MOTExtension * ot;
17  Commitment commitment;
18  const int ssp = 40;
19  block *seed = nullptr, *key = nullptr, *key_seed = nullptr, *hcot_seed = nullptr;
20  block * Y0 = nullptr;
21  block * Y1 = nullptr;
22  block * seed_Y0 = nullptr;
23  block * seed_Y1 = nullptr;
24  bool * choose = nullptr;
25  PRG ** prgs = nullptr;
26  block * deltas = nullptr;
27  bool * input1;
28  bool* input2;
29  XorTree<> * xortree;
30  ~IV() {
31  delete elgamal;
32  delete ot;
33  delete[] Y0;
34  delete[] Y1;
35  if(party == ALICE) {
36  for(int i = 0; i < ssp+1; ++i)
37  delete prgs[i];
38  delete[] prgs;
39  delete[] seed;
40  delete[] seed_Y0;
41  delete[] seed_Y1;
42  delete[] key;
43  delete[] deltas;
44  delete[] input1;
45  } else {
46  delete[] choose;
47  delete[] key_seed;
48  delete[] input2;
49  }
50  delete xortree;
51  }
52 
53  IV(NetIO * io, int party, int n1, int _n2, int n3) {
54  this->io = io;
55  elgamal = new Elgamal(io, party, n1);
56  this->party = party;
57  this->n1 = n1;
58  xortree = new XorTree<>(_n2);
59  this->n2 = xortree->output_size();
60  this->n3 = n3;
61  Y0 = new block[n2*(ssp+1)];
62  Y1 = new block[n2*(ssp+1)];
63  ot = new MOTExtension(io);
64  OTCO otco(io);
65  if(party == ALICE) {
66  prgs = new PRG*[(ssp+1)];
67  seed = new block[ssp+1];
68  seed_Y0 = new block[n2];
69  seed_Y1 = new block[n2];
70  key = new block[ssp];
71  deltas = new block[ssp+1];
72  input1 = new bool[n1];
73  prg.random_block(seed, ssp+1);
74  prg.random_block(seed_Y0, n2);
75  prg.random_block(seed_Y1, n2);
76  prg.random_block(key, ssp);
77  otco.send(key, seed, ssp);
78  for(int j = 0; j < ssp+1; ++j) {
79  prgs[j] = new PRG(&seed[j]);
80  prgs[j]->random_block(&deltas[j], 1);
81  deltas[j] = GarbleCircuit::make_delta(deltas[j]);
82  for(int i = 0; i < n2; ++i) {
83  prgs[j]->random_block(&Y0[i*(ssp+1)+j], 1);
84  }
85  }
86  AES_KEY aes;
87  block * tmp = new block[ssp+1];
88  for(int i = 0; i < n2; ++i) {
89  AES_set_encrypt_key(seed_Y0[i], &aes);
90  memcpy(tmp, &Y0[i*(ssp+1)], (ssp+1)*sizeof(block));
91  AES_ecb_encrypt_blks(tmp, ssp+1, &aes);
92  io->send_block(tmp, ssp+1);
93 
94  AES_set_encrypt_key(seed_Y1[i], &aes);
95  memcpy(tmp, &Y0[i*(ssp+1)], (ssp+1)*sizeof(block));
96  for(int j = 0; j < ssp+1; ++j)
97  tmp[j] = xorBlocks(tmp[j], deltas[j]);
98  AES_ecb_encrypt_blks(tmp, ssp+1, &aes);
99  io->send_block(tmp, ssp+1);
100  }
101  delete[] tmp;
102  } else {
103  input2 = new bool[n2];
104  choose = new bool[ssp];
105  key_seed = new block[ssp];
106  uint8_t * c = new uint8_t[ssp];
107  prg.random_data(c, ssp);
108  for(int i = 0; i < ssp; ++i) {
109  choose[i] = (c[i]%2 == 1);
110  }
111  delete[] c;
112  otco.recv(key_seed, choose, ssp);
113 
114  for(int i = 0; i < n2; ++i) {
115  io->recv_block(&Y0[i*(ssp+1)], ssp+1);
116  io->recv_block(&Y1[i*(ssp+1)], ssp+1);
117  }
118  }
119  }
120 
121  bool evalgAlice(void *f ) {
122  bn_tpl* omegas = new bn_tpl[n3];
123  eb_tpl* hs = new eb_tpl[n3];
124  block (*L10) = new block[n1];
125  block (*L11) = new block[n1];
126  block *L1x = new block[n1];
127  block *L2x = new block[n2];
128  block *Lo = new block[n3];
129  block * i2 = new block[xortree->input_size()];
130  uint8_t * permute = new uint8_t[n1];
131  uint8_t * loc = new uint8_t[n1];
132 
133  //step 15-17
134  for(int i = 0; i < n3; ++i) {
135  bn_newl(omegas[i][0], omegas[i][1]);
136  eb_newl(hs[i][0], hs[i][1]);
137  prg.random_bn(omegas[i][0]);
138  bn_sub_mod(omegas[i][1], elgamal->w, omegas[i][1], elgamal->q);
139  eb_mul_fix_norm(hs[i][0], elgamal->gTbl, omegas[i][0]);
140  eb_mul_fix_norm(hs[i][1], elgamal->gTbl, omegas[i][1]);
141  io->send_eb(hs[i], 2);
142  }
143  bn_t inEqChk;
144  Hash hash;
145  for(int j = 0; j < ssp; ++j) {
146  io->set_key(&key[j]);
147  eb_tpl u[2]; bn_t r[2];Com com[2];
148  prgs[j]->random_data(permute, n1);
149  for(int i = 0; i < n1; ++i){
150  if(input1[i]) loc[i] = 1-(permute[i]%2);
151  else loc[i] = (permute[i]%2);
152  }
153  io->send_data_enc(loc, n1);
154  for(int i = 0; i < n1; ++i) {
155  elgamal->commit(r[0], u[0], false, prgs[j]);
156  elgamal->commit(r[1], u[1], true, prgs[j]);
157 
158  int ind = input1[i] ? 1 : 0;
159  L10[i] = KDF(u[0][1]);//problem
160  L11[i] = KDF(u[1][1]);//problem
161  int p = (permute[i] %2);
162  hash.reset();hash.put_eb(u[p], 2);
163  hash.digest(com[p]);
164  hash.reset();hash.put_eb(u[1-p], 2);
165  hash.digest(com[1-p]);
166 
167  bn_sub_mod(inEqChk, elgamal->r[i], r[ind], elgamal->q);
168  io->send_eb_enc(u[ind], 2);
169  io->send_data(com[p], sizeof(Com));
170  io->send_data(com[1-p], sizeof(Com));
171 
172  io->send_bn_enc(&inEqChk, 1);
173  }
174 
175  HalfGateGen<NetIO, RTCktOpt::off> gc(io);
176  gc.set_delta(deltas[j]);
177 
178  for(int i = 0; i < n2; ++i) {
179  L2x[i] = Y0[i*(ssp+1)+j];
180  }
181 
182  prgs[j]->random_block(L1x, n1);
183  gc.generic_to_xor(L1x, L10, L11, n1);
184  local_gc = &gc;
185  xortree->circuit(i2, L2x);
186  run_function(f, Lo, L1x, i2);
187 
188  bn_tpl K, outRcvyDecom;
189  eb_tpl outRcvyCom;
190  block tmp[3];
191  for(int i = 0; i < n3; ++i) {
192  prgs[j]->random_bn(K, 2);
193  eb_mul_fix_norm(outRcvyCom[0], elgamal->gTbl, K[0]);
194  eb_mul_fix_norm(outRcvyCom[1], elgamal->gTbl, K[1]);
195  eb_add_norm(outRcvyCom[0], outRcvyCom[0], hs[i][0]);
196  eb_add_norm(outRcvyCom[1], outRcvyCom[1], hs[i][1]);
197  io->send_eb(outRcvyCom, 2);
198 
199  bn_add_mod(outRcvyDecom[0], omegas[i][0], K[0], elgamal->q);
200  bn_add_mod(outRcvyDecom[1], omegas[i][1], K[1], elgamal->q);
201  io->send_bn_enc(outRcvyDecom, 2);
202 
203  for(int ind = 0; ind < 2; ++ind) {
204  if (ind == 1) Lo[i] = xorBlocks(Lo[i], gc.delta);
205  tmp[0] = tmp[1] = zero_block();
206  int bn_size = bn_size_raw(K[ind]);
207  bn_write_raw((uint64_t*)tmp, bn_size, K[ind]);
208  tmp[0] = xorBlocks(prp.H(Lo[i], 0), tmp[0]);
209  tmp[1] = xorBlocks(prp.H(Lo[i], 1), tmp[1]);
210  tmp[2] = prp.H(Lo[i], 2);
211  io->send_data(&bn_size, 4);
212  io->send_block(tmp, 3);
213  }
214  }
215  }
216  delete[] i2;
217  delete[] loc;
218  delete[] permute;
219  delete[] omegas;
220  delete[] hs;
221  delete[] L10;
222  delete[] L11;
223  delete[] L1x;
224  delete[] L2x;
225  delete[] Lo;
226  return true;
227  }
228 
229  bool evalgBob(void *f, bool * output) {
230  eb_tpl* hs = new eb_tpl[n3];
231  block *L1 = new block[n1];
232  block *L1x = new block[n1];
233  block *L2x = new block[n2];
234  block *Lo = new block[n3];
235  block (*L10) = new block[n1];
236  block (*L11) = new block[n1];
237  block * i2 = new block[xortree->input_size()];
238  uint8_t * permute = new uint8_t[n1];
239  uint8_t * loc = new uint8_t[n1];
240  bool cheat = false;
241  bool evaluated = false, recovered = false;
242  for(int i = 0; i < n3; ++i) {
243  io->recv_eb(hs[i], 2);
244  }
245  Hash hash;
246 
247  bn_t inEqChk;
248  for(int j = 0; j < ssp; ++j) {
249  if (choose[j] == is_evaluate) {
250  io->set_key(&key_seed[j]);
251  eb_tpl u;
252  Com com[2], com_chk;
253  io->recv_data_enc(loc, n1);
254  for(int i = 0; i < n1; ++i) {
255  io->recv_eb_enc(u, 2);
256  L1[i] = KDF(u[1]);//problem
257  io->recv_data(com[0], sizeof(Com));
258  io->recv_data(com[1], sizeof(Com));
259  io->recv_bn_enc(&inEqChk, 1);
260  if(!elgamal->check_eq(u, elgamal->com[i], inEqChk))
261  cheat = true;
262  hash.reset();hash.put_eb(u, 2);
263  hash.digest(com_chk);
264  if(strncmp(com[loc[i]], com_chk, sizeof(Com))!=0)
265  cheat = true;
266  }
267 
268  HalfGateEva<NetIO,RTCktOpt::off> gc(io);
269  for(int i = 0; i < n2; ++i) {
270  if (input2[i])
271  L2x[i] = Y1[i*(ssp+1)+j];
272  else
273  L2x[i] = Y0[i*(ssp+1)+j];
274  }
275 
276  gc.generic_to_xor(L1x, L1, n1);
277  local_gc = &gc;
278  xortree->circuit(i2, L2x);
279  run_function(f, Lo, L1x, i2);
280 
281  bn_tpl outRcvyDecom;
282  eb_tpl outRcvyCom;eb_t tmp;
283  block tmp_blocks[3];
284  for(int i = 0; i < n3; ++i) {
285  io->recv_eb(outRcvyCom, 2);
286  io->recv_bn_enc(outRcvyDecom, 2);
287  eb_mul_fix_norm(tmp, elgamal->gTbl, outRcvyDecom[0]);
288  if (eb_cmp(tmp, outRcvyCom[0])!=CMP_EQ)
289  cheat=true;
290  eb_mul_fix_norm(tmp, elgamal->gTbl, outRcvyDecom[1]);
291  if (eb_cmp(tmp, outRcvyCom[1])!=CMP_EQ)
292  cheat=true;
293 
294  for(int ind = 0; ind < 2; ++ind) {
295  block o = prp.H(Lo[i], 2);
296  int bn_size;
297  io->recv_data(&bn_size, 4);
298  io->recv_block(tmp_blocks, 3);
299  if(recovered) continue;
300  if(block_cmp(&o, &tmp_blocks[2], 1)) {
301  if(!evaluated)
302  output[i] = (ind==1);
303  else if (output[i] != (ind == 1)) {
304  tmp_blocks[0] = xorBlocks(tmp_blocks[0], prp.H(Lo[i], 0));
305  tmp_blocks[1] = xorBlocks(tmp_blocks[1], prp.H(Lo[i], 1));
306  cout <<"recover input!"<<endl;
307  }
308  }
309  }
310  }
311  evaluated = true;
312 
313  } else {
314  io->set_key(nullptr);
315  PRG seed_prg(&key_seed[j]);
316  block delta_to_use;
317  seed_prg.random_block(&delta_to_use, 1);
318  seed_prg.random_block(L2x, n2);
319 
320  seed_prg.random_data(permute, n1);
321  io->recv_data_enc(loc, n1);
322 
323  eb_tpl u[2];bn_t r[2];eb_tpl uchk;
324  Com com[2];Com comchk[2];bn_t inEqChk;
325  for(int i = 0; i < n1; ++i) {
326  elgamal->commit(r[0], u[0], false, &seed_prg);
327  elgamal->commit(r[1], u[1], true, &seed_prg);
328  L10[i] = KDF(u[0][1]);//problem
329  L11[i] = KDF(u[1][1]);//problem
330 
331  int p = permute[i]%2;
332  hash.reset();hash.put_eb(u[p], 2);
333  hash.digest(com[p]);
334  hash.reset();hash.put_eb(u[1-p], 2);
335  hash.digest(com[1-p]);
336  io->recv_eb_enc(uchk, 2);
337  io->recv_data(comchk[p], sizeof(Com));
338  if(strncmp(comchk[p], com[p], sizeof(Com))!=0)
339  cheat = true;
340  io->recv_data(comchk[1-p], sizeof(Com));
341  if(strncmp(comchk[1-p], com[1-p], sizeof(Com))!=0)
342  cheat = true;
343  io->recv_bn_enc(&inEqChk, 1);
344  }
345 
346  char dgstgc[2][20];
347  HashIO hashio(io);
348  HalfGateEva<HashIO, RTCktOpt::off> gc(&hashio);
349  gc.generic_to_xor(L1x, L1, n1);
350  local_gc = &gc;
351  xortree->circuit(i2, L2x);
352  run_function(f, Lo, L1x, i2);
353  hashio.get_digest(dgstgc[0]);
354 
355  HashIO hashio2(io);
356  HalfGateGen<HashIO,RTCktOpt::off> gc2(&hashio2);
357  gc2.set_delta(delta_to_use);
358 
359  seed_prg.random_block(L1x, n1);
360 // seed_prg.random_block(L1x, n1);
361  gc2.generic_to_xor(L1x, L10, L11, n1);
362  local_gc = &gc2;
363  xortree->circuit(i2, L2x);
364  run_function(f, Lo, L1x, i2);
365  hashio2.get_digest(dgstgc[1]);
366 
367  if(strncmp(dgstgc[0], dgstgc[1], 20)!=0)
368  cheat = true;
369 
370  bn_tpl K, outRcvyDecom;
371  eb_tpl outRcvyCom, outRcvyComChk;
372  block tmp[3], tmp_chk[3];
373  for(int i = 0; i < n3; ++i) {
374  seed_prg.random_bn(K, 2);
375  eb_mul_fix_norm(outRcvyCom[0], elgamal->gTbl, K[0]);
376  eb_mul_fix_norm(outRcvyCom[1], elgamal->gTbl, K[1]);
377  eb_add_norm(outRcvyCom[0], outRcvyCom[0], hs[i][0]);
378  eb_add_norm(outRcvyCom[1], outRcvyCom[1], hs[i][1]);
379 
380  io->recv_eb(outRcvyComChk, 2);
381  if(eb_cmp(outRcvyComChk[0], outRcvyCom[0])!=CMP_EQ)
382  cheat = true;
383  io->recv_bn_enc(outRcvyDecom, 2);
384 
385  for(int ind = 0; ind < 2; ++ind) {
386  if (ind == 1) Lo[i] = xorBlocks(Lo[i], gc2.delta);
387  tmp[0] = tmp[1] = zero_block();
388  bn_write_raw((uint64_t*)tmp, bn_size_raw(K[ind]), K[ind]);
389  tmp[0] = xorBlocks(prp.H(Lo[i], 0), tmp[0]);
390  tmp[1] = xorBlocks(prp.H(Lo[i], 1), tmp[1]);
391  tmp[2] = prp.H(Lo[i], 2);
392  int bn_size;
393  io->recv_data(&bn_size, 4);
394  io->recv_block(tmp_chk, 3);
395  if(!block_cmp(tmp, tmp_chk, 3))cheat=true;
396  }
397  }
398 
399  }
400  }
401  delete[] i2;
402  delete[] loc;
403  delete[] permute;
404  delete[] hs;
405  delete[] L1;
406  delete[] L1x;
407  delete[] L2x;
408  delete[] L10;
409  delete[] L11;
410  delete[] Lo;
411  return !cheat;
412  }
413 
414  bool checkf1Bob(void * f) {
415  eb_tpl* X = new eb_tpl[n1];
416  block* X0lbl = new block[n1];
417  block* X1lbl = new block[n1];
418  block* Xlbl = new block[n1];
419  block prg_seed, Z1, block_tmp;
420  Com comZ;
421  Decom decomZ;
422 
423  //Pick X, compute input label
424  for(int i = 0; i < n1; ++i) {
425  eb_newl(X[i][0], X[i][1]);
426  elgamal->prg.random_eb(X[i][0], X[i][1]);
427  X0lbl[i] = KDF(X[i][0]);
428  X1lbl[i] = KDF(X[i][1]);
429  }
430  elgamal->send(X);
431  if(f == nullptr) return true;
432  //step 7.
433  prg.random_block(&prg_seed, 1);
434  PRG prg_loc(&prg_seed);
435  prg_loc.random_block(Xlbl, n1);
436  for(int i = 0; i < n1; ++i)
437  *((char *) &Xlbl[i]) &= 0xfe;
438 
439  PrivacyFreeGen<NetIO> gc(io);
440  gc.privacy_free_to_xor(Xlbl, X0lbl, X1lbl, n1);
441  local_gc = &gc;
442  run_function(f, &block_tmp, Xlbl);
443  io->recv_data(comZ, sizeof(Com));
444 
445  //step 8.
446  io->send_block(&gc.delta, 1);
447  io->send_block(&prg_seed, 1);
448  elgamal->open();
449 
450  io->recv_data(decomZ, sizeof(Decom));
451  io->recv_block(&Z1, 1);
452  bool valid_com = commitment.open(decomZ, comZ, &Z1, sizeof(block));
453  block_tmp = xorBlocks(block_tmp, gc.delta);
454  bool f1ok = block_cmp(&Z1, &block_tmp, 1);
455 
456  delete[] X;
457  delete[] Xlbl;
458  delete[] X0lbl;
459  delete[] X1lbl;
460  return valid_com and f1ok;
461  }
462 
463  bool checkf1Alice(bool * b, void * f) {
464  eb_tpl * Xs = new eb_tpl[n1];
465  eb_t * X = new eb_t[n1];
466  block* X0lbl = new block[n1];
467  block* X1lbl = new block[n1];
468  block* Xlbl = new block[n1];
469  memcpy(input1, b, n1);
470  block block_tmp, prg_seed, delta, Z1;
471  Com comL;Decom decomL;
472  char hash_eval[20], hash_open[20];
473 
474  //step 4
475  elgamal->recv(X, b);
476 
477  if(f == nullptr) return true;
478  for(int i = 0; i < n1; ++i)
479  Xlbl[i] = KDF(X[i]);
480 
481  //step 7
482  //io->set_hash_io();
483  HashIO hashio(io);
484  PrivacyFreeEva<HashIO> gc(&hashio);
485  gc.privacy_free_to_xor(Xlbl, Xlbl, b, n1);
486  local_gc = &gc;
487  run_function(f, &Z1, Xlbl);
488  hashio.get_digest(hash_eval);
489 
490  commitment.commit(decomL, comL, &Z1, sizeof(block));
491  io->send_data(comL, sizeof(Com));
492 
493  //step 8
494  io->recv_block(&delta, 1);
495  io->recv_block(&prg_seed, 1);
496  PRG prg_loc(&prg_seed);
497  elgamal->open(Xs, b, X);
498 
499  for(int i = 0; i < n1; ++i) {
500  X0lbl[i] = KDF(Xs[i][0]);
501  X1lbl[i] = KDF(Xs[i][1]);
502  }
503  prg_loc.random_block(Xlbl, n1);
504  for(int i = 0; i < n1; ++i)
505  *((char *) &Xlbl[i]) &= 0xfe;
506 
507  HashIO hashio2(io);
508  PrivacyFreeGen<HashIO> gc2(&hashio2);
509 // io->set_hash_io();
510  gc2.set_delta(delta);
511  local_gc = &gc2;
512  gc2.privacy_free_to_xor(Xlbl, X0lbl, X1lbl, n1);
513  run_function(f, &block_tmp, Xlbl);
514  hashio2.get_digest(hash_open);
515 // io->set_net_io();
516 
517  bool check_gc = (strncmp(hash_eval, hash_open, 20) == 0);
518  io->send_data(decomL, sizeof(Decom));
519  io->send_block(&Z1, 1);
520 
521  delete[] X;
522  delete[] Xs;
523  delete[] Xlbl;
524  delete[] X0lbl;
525  delete[] X1lbl;
526  return check_gc;
527  }
528 
529 
530  bool checkf2Alice(void * f) {
531  block res, Z2;
532  Com comZ;
533  Decom decomZ;
534  block *Ylbl = new block[n2];
535 
536  ot->send(seed_Y0, seed_Y1, n2);
537 
538  if(f == nullptr) return true;
539  for(int i = 0; i < n2; ++i) {
540  Ylbl[i] = Y0[i*(ssp+1)+ssp];
541  *((char *) &Ylbl[i]) &= 0xfe;
542  }
543 
544  PrivacyFreeGen<NetIO> gc(io);
545  gc.set_delta(deltas[ssp]);
546  local_gc = &gc;
547  block * i2 = new block[xortree->input_size()];
548  xortree->circuit(i2, Ylbl);
549  run_function(f, &res, i2);
550  io->recv_data(comZ, sizeof(Com));
551  io->send_block(&seed[ssp], 1);
552  io->recv_data(decomZ, sizeof(Decom));
553  io->recv_block(&Z2, 1);
554  bool valid_com = commitment.open
555  (decomZ, comZ, &Z2, sizeof(block));
556 
557  res = xorBlocks(res, deltas[ssp]);
558  bool f2ok = block_cmp(&Z2, &res, 1);
559 
560  delete[] i2;
561  delete []Ylbl;
562  return valid_com and f2ok;
563  }
564 
565  bool checkf2Bob(bool * b, void * f) {
566  block Z2, block_tmp, delta, prg_seed;
567  xortree->gen(input2, b);
568 
569  Com comL;Decom decomL;
570  char hash_eval[20], hash_open[20];
571  block *Ylbl = new block[n2];
572  block * seed_Y = new block[n2];
573 
574  ot->recv(seed_Y, input2, n2);
575  AES_KEY aes;
576  for(int i = 0; i < n2; ++i) {
577  AES_set_decrypt_key(seed_Y[i], &aes);
578  if (input2[i]) {
579  AES_ecb_decrypt_blks(&Y1[i*(ssp+1)], ssp+1, &aes);
580  Ylbl[i] = Y1[i*(ssp+1)+ssp];
581  *((char *) &Ylbl[i]) |= 0x1;
582  }
583  else {
584  AES_ecb_decrypt_blks(&Y0[i*(ssp+1)], ssp+1, &aes);
585  Ylbl[i] = Y0[i*(ssp+1)+ssp];
586  *((char *) &Ylbl[i]) &= 0xfe;
587  }
588  }
589 
590  if(f == nullptr) return true;
591  HashIO hashio(io);
592 // io->set_hash_io();
593  PrivacyFreeEva<HashIO> gc(&hashio);
594  local_gc = &gc;
595  block * i2 = new block[xortree->input_size()];
596  xortree->circuit(i2, Ylbl);
597  run_function(f, &Z2, i2);
598 
599  hashio.get_digest(hash_eval);
600  commitment.commit(decomL, comL, &Z2, sizeof(block));
601  io->send_data(comL, sizeof(Com));
602 
603  io->recv_block(&prg_seed, 1);
604  PRG seed_prg(&prg_seed);
605  seed_prg.random_block(&delta, 1);
606  seed_prg.random_block(Ylbl, n2);
607  for(int i = 0; i < n2; ++i)
608  *((char *) &Ylbl[i]) &= 0xfe;
609 
610  HashIO hashio2(io);
611  PrivacyFreeGen<HashIO> gc2(&hashio2);
612  gc2.set_delta(delta);
613  local_gc = &gc2;
614  xortree->circuit(i2, Ylbl);
615  run_function(f, &block_tmp, i2);
616  hashio2.get_digest(hash_open);
617  bool check_gc = (strncmp(hash_open, hash_eval, 20) == 0);
618  io->send_data(decomL, sizeof(Decom));
619  io->send_block(&Z2, 1);
620 
621  delete[] i2;
622  delete[] Ylbl;
623  delete[] seed_Y;
624  return check_gc;
625  }
626 
627 
628 };
629 #endif// IV_H__
IV::Y1
block * Y1
Definition: iv.h:21
IV::IV
IV(NetIO *io, int party, int n1, int _n2, int n3)
Definition: iv.h:53
PrivacyFreeEva
Definition: privacy_free_eva.h:28
IV::n2
int n2
Definition: iv.h:13
Hash::put_eb
void put_eb(const eb_t *eb, int length)
Definition: hash.h:57
Hash::reset
void reset()
Definition: hash.h:45
IOChannel::recv_eb_enc
void recv_eb_enc(eb_t *eb, size_t num)
Definition: io_channel.h:102
GarbleCircuit::make_delta
static block make_delta(const block &a)
Definition: garble_circuit.h:30
Commitment
Definition: com.h:13
IOChannel::send_data
void send_data(const void *data, int nbyte)
Definition: io_channel.h:14
IOChannel::send_bn_enc
void send_bn_enc(const bn_t *bn, size_t num)
Definition: io_channel.h:54
IV::xortree
XorTree * xortree
Definition: iv.h:29
IOChannel::recv_data
void recv_data(void *data, int nbyte)
Definition: io_channel.h:17
HashIO
Definition: hash_io_channel.h:9
run_function
void run_function(void *function, const Ts &... args)
Definition: utils.h:35
block
__m128i block
Definition: block.h:8
XorTree::input_size
int input_size()
Definition: xor_tree.h:69
Elgamal::send
void send(eb_tpl *X)
Definition: elgamal.h:86
IV::checkf1Bob
bool checkf1Bob(void *f)
Definition: iv.h:414
OT::send
void send(const block *data0, const block *data1, int length)
Definition: ot.h:10
IOChannel::recv_bn_enc
void recv_bn_enc(bn_t *bn, size_t num)
Definition: io_channel.h:117
IV::checkf2Alice
bool checkf2Alice(void *f)
Definition: iv.h:530
xorBlocks
block xorBlocks(block x, block y)
Definition: block.h:35
PrivacyFreeGen
Definition: privacy_free_gen.h:28
IV::is_evaluate
const bool is_evaluate
Definition: iv.h:9
NetIO
Definition: net_io_channel.h:22
Elgamal::w
bn_t w
Definition: elgamal.h:10
IOChannel::recv_data_enc
void recv_data_enc(void *data, int len)
Definition: io_channel.h:69
XorTree::circuit
void circuit(block *out, block *in)
Definition: xor_tree.h:38
IV
Definition: iv.h:7
IV::input1
bool * input1
Definition: iv.h:27
IV::key
block * key
Definition: iv.h:19
zero_block
#define zero_block()
Definition: block.h:66
IV::party
int party
Definition: iv.h:12
XorTree::gen
void gen(bool *out, bool *in)
Definition: xor_tree.h:73
IOChannel::set_key
void set_key(const block *b)
Definition: io_channel.h:26
IOChannel::recv_eb
void recv_eb(eb_t *eb, size_t num)
Definition: io_channel.h:150
eb_tpl
eb_t eb_tpl[2]
Definition: utils_ec.h:14
Elgamal::check_eq
bool check_eq(eb_tpl new_com, eb_tpl old_com, bn_t r_diff)
Definition: elgamal.h:73
Elgamal::r
bn_t * r
Definition: elgamal.h:66
IOChannel::send_eb
void send_eb(const eb_t *eb, size_t num)
Definition: io_channel.h:140
Elgamal::q
bn_t q
Definition: elgamal.h:10
IV::checkf1Alice
bool checkf1Alice(bool *b, void *f)
Definition: iv.h:463
Elgamal::prg
PRG prg
Definition: elgamal.h:12
IV::key_seed
block * key_seed
Definition: iv.h:19
HalfGateGen::generic_to_xor
void generic_to_xor(const block *new_b0, const block *b0, const block *b1, int length)
Definition: halfgate_gen.h:88
IV::input2
bool * input2
Definition: iv.h:28
AES_KEY
Definition: aes.h:57
Elgamal::gTbl
const eb_t * gTbl
Definition: elgamal.h:9
XorTree
Definition: xor_tree.h:10
IV::seed_Y1
block * seed_Y1
Definition: iv.h:23
PRG::random_block
void random_block(block *data, int nblocks=1)
Definition: prg.h:75
IOChannel::send_data_enc
void send_data_enc(const void *data, int len)
Definition: io_channel.h:37
IV::evalgAlice
bool evalgAlice(void *f)
Definition: iv.h:121
bn_tpl
bn_t bn_tpl[2]
Definition: utils_ec.h:15
IV::evalgBob
bool evalgBob(void *f, bool *output)
Definition: iv.h:229
PRP::H
block H(block in, uint64_t id)
Definition: prp.h:48
IV::seed
block * seed
Definition: iv.h:19
IV::ssp
const int ssp
Definition: iv.h:18
MOTExtension_KOS
Definition: mextension_kos.h:9
IV::choose
bool * choose
Definition: iv.h:24
IV::hcot_seed
block * hcot_seed
Definition: iv.h:19
PRP
Definition: prp.h:11
IV::elgamal
Elgamal * elgamal
Definition: iv.h:10
OTCO
Definition: co.h:8
IV::n1
int n1
Definition: iv.h:13
Com
char Com[20]
Definition: com.h:10
KDF
block KDF(eb_t in)
Definition: utils_ec.hpp:20
Elgamal::recv
void recv(eb_t *X, bool *b)
Definition: elgamal.h:133
Elgamal::open
void open()
Definition: elgamal.h:124
IV::prg
PRG prg
Definition: iv.h:14
IV::is_check
const bool is_check
Definition: iv.h:8
IV::ot
MOTExtension * ot
Definition: iv.h:16
OT::recv
void recv(block *data, const bool *b, int length)
Definition: ot.h:13
IV::seed_Y0
block * seed_Y0
Definition: iv.h:22
ALICE
#define ALICE
Definition: utils.h:15
HalfGateGen::delta
block delta
Definition: halfgate_gen.h:30
Elgamal::commit
void commit(bn_t r, eb_tpl com, bool b, PRG *prg)
Definition: elgamal.h:67
HashIO::get_digest
void get_digest(char *dgst)
Definition: hash_io_channel.h:22
Decom
block Decom[1]
Definition: com.h:11
PRG
Definition: prg.h:16
IOChannel::send_eb_enc
void send_eb_enc(const eb_t *eb, size_t num)
Definition: io_channel.h:87
PRG::random_bn
void random_bn(T t, L... l)
Definition: prg.h:87
block_cmp
bool block_cmp(const block *x, const block *y, int nblocks)
Definition: block.h:56
Hash
Definition: hash.h:12
PRG::random_data
void random_data(void *data, int nbytes)
Definition: prg.h:49
IV::io
NetIO * io
Definition: iv.h:11
HalfGateEva
Definition: halfgate_eva.h:29
IOChannel::send_block
void send_block(const block *data, int nblock)
Definition: io_channel.h:132
PrivacyFreeGen::privacy_free_to_xor
void privacy_free_to_xor(const block *new_b0, const block *b0, const block *b1, int length)
Definition: privacy_free_gen.h:74
MOTExtension
MOTExtension_KOS MOTExtension
Definition: emp-ot.h:14
IV::prgs
PRG ** prgs
Definition: iv.h:25
Elgamal::com
eb_tpl * com
Definition: elgamal.h:64
IV::deltas
block * deltas
Definition: iv.h:26
PRG::random_eb
void random_eb(T t, L... l)
Definition: prg.h:113
IOChannel::recv_block
void recv_block(block *data, int nblock)
Definition: io_channel.h:136
IV::n3
int n3
Definition: iv.h:13
XorTree::output_size
int output_size()
Definition: xor_tree.h:64
Elgamal
Definition: elgamal.h:5
IV::prp
PRP prp
Definition: iv.h:15
Hash::digest
void digest(char *a)
Definition: hash.h:38
HalfGateGen
Definition: halfgate_gen.h:29
IV::~IV
~IV()
Definition: iv.h:30
IV::Y0
block * Y0
Definition: iv.h:20
PrivacyFreeEva::privacy_free_to_xor
void privacy_free_to_xor(block *new_block, const block *old_block, const bool *b, int length)
Definition: privacy_free_eva.h:60
Commitment::open
bool open(Decom decom, Com com, const void *message, int nbytes)
Definition: com.h:24
IV::commitment
Commitment commitment
Definition: iv.h:17
local_gc
GarbleCircuit * local_gc
Definition: backend.cpp:8
Commitment::commit
void commit(Decom decom, Com com, const void *message, int nbytes)
Definition: com.h:16
HalfGateEva::generic_to_xor
void generic_to_xor(block *new_block, const block *old_block, int length)
Definition: halfgate_eva.h:82
IV::checkf2Bob
bool checkf2Bob(bool *b, void *f)
Definition: iv.h:565
HalfGateGen::set_delta
void set_delta(const block &_delta)
Definition: halfgate_gen.h:51
PrivacyFreeGen::set_delta
void set_delta(const block &_delta)
Definition: privacy_free_gen.h:51
PrivacyFreeGen::delta
block delta
Definition: privacy_free_gen.h:29