USENIX artifact reproduction script

docker/Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:22.04
 ARG DEBIAN_FRONTEND=noninteractive
-RUN apt update && apt install -y wget git build-essential net-tools iproute2 iperf iputils-ping numactl ant openjdk-11-jre-headless openjdk-11-jdk-headless tcpdump
+RUN apt update && apt install -y wget git build-essential net-tools iproute2 iperf iputils-ping numactl ant openjdk-11-jre-headless openjdk-11-jdk-headless tcpdump time
 WORKDIR /root
 COPY . oram
 WORKDIR /root/oram

docker/parse_logs

@@ -0,0 +1,72 @@
+#!/usr/bin/perl
+
+use strict;
+
+my $size = 0;
+my $who = '';
+my $mode = '';
+my %res = ();
+my $offlinebytes = 0;
+my $netsetup = '';
+
+while(<>) {
+    if (/Network setup: (.*)/) {
+        $netsetup = "$1 ";
+        next;
+    }
+    $size = "$1|$2" if /===== Running oram (\d+) (\d+)/;
+    $res{$size} = {} unless defined $res{$size};
+    $who = $1 if /===== ([CDE]) output/;
+    $mode = $1 if /(Online Time|Offline Time|ETE)/;
+    if(/WC\(ms\): (\d+)/) {
+        if (defined $res{$size}->{$who.$mode}) {
+            print "Redefinition of res{$size}->{$who$mode}\n";
+        } else {
+            $res{$size}->{$who.$mode} = $1/1000
+        }
+    }
+    if (/Total Offline Band\(bytes\): (\d+)/) {
+        $offlinebytes = $1;
+    }
+    if (/Total Online Band\(bytes\): (\d+)/) {
+        # Note that the java code reports bandwidth *per iteration*
+        my $onlinebytes = $1;
+        my $totbytes = $onlinebytes + $offlinebytes;
+        $res{$size}->{'onlbytes'} = 0 unless
+            defined $res{$size}->{'onlbytes'};
+        $res{$size}->{'totbytes'} = 0 unless
+            defined $res{$size}->{'totbytes'};
+        $res{$size}->{'onlbytes'} += $onlinebytes;
+        $res{$size}->{'totbytes'} += $totbytes;
+    }
+}
+
+sub max3 {
+    my $m = $_[0];
+    $m = $_[1] if $_[1] > $m;
+    $m = $_[2] if $_[2] > $m;
+    $m;
+}
+
+foreach $size (sort keys %res) {
+    my $iters = $1 if $size =~ /\|(\d+)/;
+    my $online = &max3($res{$size}->{'COnline Time'},
+        $res{$size}->{'DOnline Time'},
+        $res{$size}->{'EOnline Time'});
+    my $total = &max3($res{$size}->{'CETE'},
+        $res{$size}->{'DETE'},
+        $res{$size}->{'EETE'});
+    print "CircuitORAMOnline read $size $netsetup$online s\n";
+    print "CircuitORAMTotal read $size $netsetup$total s\n";
+}
+
+print "\n";
+
+foreach $size (sort keys %res) {
+    # Note that the java code reports bandwidth *per iteration*
+    my $iters = $1 if $size =~ /\|(\d+)/;
+    my $online = $res{$size}->{'onlbytes'} * $iters;
+    my $total = $res{$size}->{'totbytes'} * $iters;
+    print "CircuitORAMOnline read $size $netsetup$online KiB\n";
+    print "CircuitORAMTotal read $size $netsetup$total KiB\n";
+}

docker/repro

@@ -0,0 +1,142 @@
+#!/bin/bash
+
+# Reproduce the 3-party Circuit ORAM experiments from our paper:
+
+# Adithya Vadapalli, Ryan Henry, Ian Goldberg. Duoram: A
+# Bandwidth-Efficient Distributed ORAM for 2- and 3-Party Computation.
+# USENIX Security Symposium 2023.
+
+# cd into the directory containing this script (from the bash faq 028)
+if [[ $BASH_SOURCE = */* ]]; then
+  cd -- "${BASH_SOURCE%/*}/" || exit
+fi
+
+# If the master NUMA commands are set, use them for Circuit ORAM
+if [ "$NUMA_P0" != "" ]; then
+    export ORAM_NUMA_C="$NUMA_P0"
+fi
+if [ "$NUMA_P1" != "" ]; then
+    export ORAM_NUMA_D="$NUMA_P1"
+fi
+if [ "$NUMA_21" != "" ]; then
+    export ORAM_NUMA_E="$NUMA_P2"
+fi
+
+# Allow running only subsets of the experiment suite.  Valid values are
+# "test", "small", "large", "all", "none".  ("none" is useful if you
+# just want to re-parse the output of existing logs.)  You can also say
+# "single" followed by all the arguments to "run" (below) to run a
+# single experiment; for example:
+# ./repro single 20 1us 100gbit 128
+if [ "$1" == "" ]; then
+    whichexps="test"
+else
+    whichexps="$1"
+fi
+
+# The number of operations per run; the graphs in the paper use 128
+if [ "$whichexps" == "single" -o "$2" == "" ]; then
+    # If there's an explicit experiment on the command line, don't read
+    # the next argument as the number of operations.  $numops will be
+    # ignored, anyway, since it will be specified as part of the
+    # command.
+    numops=128
+else
+    numops="$2"
+fi
+
+# Run one experiment
+# Arguments:
+# $1: depth (the ORAM has 2^depth elements)
+# $2: latency (e.g., 30ms)
+# $3: bandwidth (e.g., 100mbit)
+# $4: number of operations (e.g., 128)
+run() {
+    now=`date`
+    echo "$now: Running $1 $2 $3 $4 ..."
+    logfile="read_${2}_${3}_${4}.out${LOGSUFFIX}"
+    ./set-networking $2 $3
+    echo "Network setup: $2 $3" >> $logfile
+    ./run-experiment $1 $4 >> $logfile
+}
+
+# Parse the output logs.  We run this in the docker in case you don't
+# have perl installed on the host.
+# Arguments: a list of logfiles
+parse() {
+    cat $* | docker exec -w /root/oram -i oram_C ./parse_logs
+}
+
+# A very small kick-the-tires test to ensure everything compiled and
+# built properly
+if [ "$whichexps" == "test" ]; then
+    echo "Running test experiment..."
+    run 16 1us 100gbit 2
+    parse read_1us_100gbit_2.out${LOGSUFFIX}
+    exit
+fi
+
+# Be able to run a single experiment specified on the command line
+if [ "$whichexps" == "single" ]; then
+    echo "Running single experiment..."
+    shift
+    run $*
+    exit
+fi
+
+now=`date`
+echo "$now: Starting experiments"
+
+if [ "$whichexps" == "small" -o "$whichexps" == "all" ]; then
+    echo "Running small experiments..."
+    # Figure 9(a)
+    run 16 30ms 100mbit ${numops}
+    run 18 30ms 100mbit ${numops}
+    run 20 30ms 100mbit ${numops}
+    run 22 30ms 100mbit ${numops}
+    run 24 30ms 100mbit ${numops}
+    run 26 30ms 100mbit ${numops}
+    # Figures 9(b) and 9(c)
+    # Note that we set the latency to 1us, which really means "don't add
+    # artificial latency", but we measure the one-way latency to
+    # actually be 30us, which is what we report in the paper. (pings
+    # from one docker to the other take about 60us round trip.)
+    run 16 1us 100gbit ${numops}
+    run 18 1us 100gbit ${numops}
+    run 20 1us 100gbit ${numops}
+    run 22 1us 100gbit ${numops}
+    run 24 1us 100gbit ${numops}
+    run 26 1us 100gbit ${numops}
+fi
+if [ "$whichexps" == "large" -o "$whichexps" == "all" ]; then
+    echo "Running large experiments..."
+    # Figure 9(a)
+    run 28 30ms 100mbit ${numops}
+    run 30 30ms 100mbit ${numops}
+    run 32 30ms 100mbit ${numops}
+    # Figures 9(b) and 9(c)
+    run 28 1us 100gbit ${numops}
+    run 30 1us 100gbit ${numops}
+    run 32 1us 100gbit ${numops}
+fi
+
+now=`date`
+echo "$now: Experiments complete"
+
+# If you specified a custom log suffix, you're going to be parsing the
+# outputs differently.
+if [ "$LOGSUFFIX" == "" ]; then
+
+parse *_${numops}.out > oram_${numops}.dat
+
+echo
+echo "# Figure 9(a)"
+egrep 'Floram read .* 30ms 100mbit .* s$' oram_${numops}.dat | sort -k3 -n
+echo
+echo "# Figure 9(b)"
+egrep 'Floram read .* 1us 100gbit .* s$' oram_${numops}.dat | sort -k3 -n
+echo
+echo "# Figure 9(c)"
+egrep 'Floram read .* 1us 100gbit .* KiB$' oram_${numops}.dat | sort -k3 -n
+
+fi