docker stuff

Docker/Dockerfile

@@ -0,0 +1,13 @@
+FROM ubuntu:20.04
+ARG DEBIAN_FRONTEND=noninteractive 
+#the above line is avoid interaction
+RUN apt update && apt install -y wget git build-essential net-tools iproute2 iperf iputils-ping libbsd-dev libssl-dev libboost-all-dev iproute2 iperf iputils-ping wget cargo 
+ 
+WORKDIR /root
+
+RUN git clone git://git-crysp.uwaterloo.ca/duoram  
+RUN git clone https://git-crysp.uwaterloo.ca/iang/spiral-spir  
+RUN cd duoram/preprocessing-aes && make
+RUN cd duoram/duoram-online && make 
+RUN cd duoram/2P-duoram/cxx && make test0 test1 spir_test0 spir_test1
+ 

Docker/README.md

@@ -0,0 +1,6 @@
+- `./build-docker.sh` builds the docker image
+- `./run-docker.sh` launches three docker containers for parties P2, P0, and P1
+- `./set-networking.sh` sets up the latencies and bandwidth constraints among the three docker containers launched; pass arguments of latency and bandwidth (e.g., `./set-networking.sh 1ms 40mbit`).  `./unset-networking.sh` removes the latency and bandwidth settings.
+- `./experiments.sh` runs the three parties
+- `./cleanup.sh` stops the three dockers
+

Docker/build-docker.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build $* -t duoram . 

Docker/cleanup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+docker stop party0 &
+docker stop party1 &
+docker stop party2 &
+wait
+docker rm party0
+docker rm party1
+docker rm party2

Docker/experiments-online.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+ 
+A=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' party0) 
+B=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' party1) 
+C=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' party2) 
+echo $A
+echo $B
+echo $C
+docker exec -w /root/duoram/duoram-online party2 ./p2 $A $B 15 128 128 128 10 &
+sleep 2
+echo "P2 launched"
+docker exec -w /root/duoram/duoram-online party1 ./duoram1  $A $C 15 128 128 128 10 &
+sleep 2
+echo "P1 launched"
+docker exec -w /root/duoram/duoram-online party0 ./duoram0  $B $C 15 128 128 128 10 &
+echo "P0 launched"
+wait

Docker/experiments.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+ 
+A=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' party0) 
+B=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' party1) 
+C=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' party2) 
+echo $A
+echo $B
+echo $C
+docker exec -w /root/duoram/preprocessing-aes party2 ./p2preprocessing $A $B 4 15 & 
+sleep 2
+echo "P2 launched"
+docker exec -w /root/duoram/preprocessing-aes party1 ./preprocessing1  $A $C 4 15 & 
+sleep 2
+echo "P1 launched"
+docker exec -w /root/duoram/preprocessing-aes party0 ./preprocessing0  $B $C 4 15 &
+echo "P0 launched"
+wait

Docker/run-docker.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+docker run -d --name party2 -t duoram
+docker run -d --name party1 -t duoram
+docker run -d --name party0 -t duoram
+echo "All dockers launched"

Docker/set-networking.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+latency=1ms
+bw=40mbit
+
+if [ "$1" != "" ]; then
+    latency="$1"
+fi
+if [ "$2" != "" ]; then
+    bw="$2"
+fi
+docker exec --privileged  -w /root/duoram/preprocessing-aes party0 tc qdisc add dev eth0 root netem delay $latency rate $bw
+docker exec --privileged  -w /root/duoram/preprocessing-aes party1 tc qdisc add dev eth0 root netem delay $latency rate $bw
+docker exec --privileged  -w /root/duoram/preprocessing-aes party2 tc qdisc add dev eth0 root netem delay $latency rate $bw

Docker/unset-networking.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+docker exec --privileged -w /root/duoram/preprocessing-aes party2 tc qdisc del dev eth0 root
+docker exec --privileged -w /root/duoram/preprocessing-aes party1 tc qdisc del dev eth0 root
+docker exec --privileged -w /root/duoram/preprocessing-aes party0 tc qdisc del dev eth0 root

block.h

@@ -1,175 +0,0 @@
-
-#ifndef LOWMC_BLOCK_H__
-#define LOWMC_BLOCK_H__
-
-#include <bitset>       // std::bitset
-#include <string>       // std::string
-#include <iostream>     // std::istream and std::ostream
-
-#include <x86intrin.h>  // SSE and AVX intrinsics
-
-// namespace lowmc
-// {
-
-template <typename __mX>
-union block
-{
-  public:
-	typedef __mX value_type;
-
-	block(const uint64_t input = 0ULL) : bits(input) { }
-	block(const __mX & val) : mX(val) { }
-	block(const std::string bit_string) : bits(bit_string) { }
-	inline operator __mX() const { return mX; }
-	inline block<__mX> & operator=(const __mX & val) { mX = val; return *this; }
-	inline bool operator==(const __mX & rhs) const;
-	inline bool operator!=(const __mX & rhs) const { return !(*this == rhs); }
-	inline typename std::bitset<sizeof(__mX) * 8>::reference operator[](const size_t pos) { return bits[pos]; }
-	inline const bool operator[](const size_t pos) const { return bits[pos]; }
-	constexpr inline size_t size() const { return sizeof(__mX) * 8; }
-	inline const unsigned parity() const { return bits.count() % 2; }
-	inline void shiftr(const size_t pos) { bits >>= pos; }
- 	inline void shiftl(const size_t pos) { bits <<= pos; }
-	std::bitset<8 * sizeof(__mX)> bits;
-  //private:
-	block(std::bitset<8 * sizeof(__mX)> & bitset) : bits(bitset) { }
-	__mX mX;
-	
-};
-
-template<>
-inline bool block<__m128i>::operator==(const __m128i & rhs) const
-{
-	auto vcmp = _mm_xor_si128(*this, rhs);
-	return _mm_testz_si128(vcmp, vcmp);
-}
-template<>
-inline bool block<__m256i>::operator==(const __m256i & rhs) const
-{
-	auto vcmp = _mm256_xor_si256(*this, rhs);
-	return _mm256_testz_si256(vcmp, vcmp);
-}
-
-template<typename __mX>
-inline block<__mX> operator|(const block<__mX> & block1, const block<__mX> & block2);
-template<>
-inline block<__m256i> operator|(const block<__m256i> & block1, const block<__m256i> & block2)
-{
-	return _mm256_or_si256(block1, block2);
-}
- 
-template<>
-inline block<__m128i> operator|(const block<__m128i> & block1, const block<__m128i> & block2)
-{
-	return _mm_or_si128(block1, block2);
-}
-
-template<typename __mX>
-inline block<__mX> operator&(const block<__mX> & block1, const block<__mX> & block2);
-template<>
-inline block<__m256i> operator&(const block<__m256i> & block1, const block<__m256i> & block2)
-{
-	return _mm256_and_si256(block1, block2);
-}
- 
-template<>
-inline block<__m128i> operator&(const block<__m128i> & block1, const block<__m128i> & block2)
-{
-	return _mm_and_si128(block1, block2);
-}
-
-template<typename __mX>
-inline block<__mX> operator^(const block<__mX> & block1, const block<__mX> & block2);
- 
-
-template<>
-inline block<__m256i> operator^(const block<__m256i> & block1, const block<__m256i> & block2)
-{
-	return _mm256_xor_si256(block1, block2);
-}
-
-template<>
-inline block<__m128i> operator^(const block<__m128i> & block1, const block<__m128i> & block2)
-{
-	return _mm_xor_si128(block1, block2);
-}
-
-template<typename __mX>
-inline block<__mX> & operator^=(block<__mX> & block1, const block<__mX> & block2);
-template<>
-inline block<__m256i> & operator^=(block<__m256i> & block1, const block<__m256i> & block2)
-{
-	block1 = _mm256_xor_si256(block1, block2);
-	return block1;
-}
-template<>
-inline block<__m128i> & operator^=(block<__m128i> & block1, const block<__m128i> & block2)
-{
-	block1 = _mm_xor_si128(block1, block2);
-	return block1;
-}
-
-template<typename __mX>
-inline block<__mX> operator~(const block<__mX> & block);
-
- 
-
-template<>
-inline block<__m256i> operator~(const block<__m256i> & block)
-{
-	return ~static_cast<__m256i>(block);
-}
-template<>
-inline block<__m128i> operator~(const block<__m128i> & block)
-{
-	return ~static_cast<__m128i>(block);
-}
-
-template<typename __mX>
-inline block<__mX> operator<<(const block<__mX> & block, const long & shift);
-template<>
-inline block<__m256i> operator<<(const block<__m256i> & block , const long & shift)
-{
-	return _mm256_or_si256(_mm256_slli_epi64(block, shift), _mm256_blend_epi32(_mm256_setzero_si256(), _mm256_permute4x64_epi64(_mm256_srli_epi64(block, 64 - shift), _MM_SHUFFLE(2,1,0,0)), _MM_SHUFFLE(3,3,3,0)));
-}
-template<>
-inline block<__m128i> operator<<(const block<__m128i> & block, const long & shift)
-{
-  return _mm_or_si128(_mm_slli_epi64(block, shift), _mm_srli_epi64(_mm_slli_si128(block, 8), 64 - shift));
-}
-template<typename __mX>
-inline block<__mX> & operator<<=(block<__mX> & block, const long & shift)
-{
-	block = block << shift;
-	return block;
-}
-
-template<typename __mX>
-inline block<__mX> operator>>(const block<__mX> & block, const long & shift);
-
-// template<>
-// inline block<__m256i> operator>>(const block<__m256i> & block, const long & shift)
-// {
-// 	return _mm256_or_si256(_mm256_srli_epi64(block, shift), _mm256_blend_epi32(_mm256_setzero_si256(), _mm256_permute4x64_epi64(_mm256_slli_epi64(block, 64 - shift), _MM_SHUFFLE(0,3,2,1)), _MM_SHUFFLE(0,3,3,3)));
-// }
-
-template<>
-inline block<__m256i> operator>>(const block<__m256i> & block, const long & shift)
-{
-	return _mm256_or_si256(_mm256_srli_epi64(block, shift), _mm256_blend_epi32(_mm256_setzero_si256(), _mm256_permute4x64_epi64(_mm256_slli_epi64(block, 64 - shift), _MM_SHUFFLE(0,3,2,1)), _MM_SHUFFLE(0,3,3,3)));
-}
-template<>
-inline block<__m128i> operator>>(const block<__m128i> & block, const long & shift)
-{
-	return _mm_or_si128(_mm_srli_epi64(block, shift), _mm_slli_epi64(_mm_srli_si128(block, 8), 64 - shift));
-}
-template<typename __mX>
-inline block<__mX> & operator>>=(block<__mX> & block, const long & shift)
-{
-	block = block >> shift;
-	return block;
-}
-
-//} // namespace lowmc
-
-#endif // LOWMC_BLOCK_H__

dpf++/aes.h

@@ -1,152 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-
-#ifndef DPFPP_AES_H
-#define DPFPP_AES_H
-
-#include <x86intrin.h>
-#define EXPAND_ASSIST(v1,v2,v3,v4,shuff_const,aes_const)                    \
-    v2 = _mm_aeskeygenassist_si128(v4,aes_const);                           \
-    v3 = _mm_castps_si128(_mm_shuffle_ps(_mm_castsi128_ps(v3),              \
-                                         _mm_castsi128_ps(v1), 16));        \
-    v1 = _mm_xor_si128(v1,v3);                                              \
-    v3 = _mm_castps_si128(_mm_shuffle_ps(_mm_castsi128_ps(v3),              \
-                                         _mm_castsi128_ps(v1), 140));       \
-    v1 = _mm_xor_si128(v1,v3);                                              \
-    v2 = _mm_shuffle_epi32(v2,shuff_const);                                 \
-    v1 = _mm_xor_si128(v1,v2)
-
-struct AES_KEY
-{
-    AES_KEY(const __m128i userkey = _mm_set_epi64x(597349, 121379))
-      : rounds(10)
-    {
-        __m128i x0, x1, x2;
-        rd_key[0] = x0 = userkey;
-        x2 = _mm_setzero_si128();
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 1);
-        rd_key[1] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 2);
-        rd_key[2] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 4);
-        rd_key[3] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 8);
-        rd_key[4] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 16);
-        rd_key[5] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 32);
-        rd_key[6] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 64);
-        rd_key[7] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 128);
-        rd_key[8] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 27);
-        rd_key[9] = x0;
-        EXPAND_ASSIST(x0, x1, x2, x0, 255, 54);
-        rd_key[10] = x0;
-    }
-    __m128i rd_key[11];
-    unsigned int rounds;
-} ;
-
-static const AES_KEY default_aes_key;
-
-static inline void
-AES_ecb_encrypt_blks(__m128i * __restrict__ blks, unsigned int nblks, const AES_KEY * __restrict__ key)
-{
-    for (unsigned int i = 0; i < nblks; ++i)
-        blks[i] = _mm_xor_si128(blks[i], key->rd_key[0]);
-    for (unsigned int j = 1; j < key->rounds; ++j)
-        for (unsigned int i = 0; i < nblks; ++i)
-            blks[i] = _mm_aesenc_si128(blks[i], key->rd_key[j]);
-    for (unsigned int i = 0; i < nblks; ++i)
-        blks[i] = _mm_aesenclast_si128(blks[i], key->rd_key[key->rounds]);
-}
-
-static inline void
-AES_set_decrypt_key_fast(AES_KEY * __restrict__ dkey, const AES_KEY * __restrict__ ekey)
-{
-    int j = 0;
-    int i = ekey->rounds;
-#if (OCB_KEY_LEN == 0)
-    dkey->rounds = i;
-#endif
-    dkey->rd_key[i--] = ekey->rd_key[j++];
-    while (i)
-        dkey->rd_key[i--] = _mm_aesimc_si128(ekey->rd_key[j++]);
-    dkey->rd_key[i] = ekey->rd_key[j];
-}
-
-/*
-static inline void
-AES_set_decrypt_key(__m128i userkey, AES_KEY * __restrict__ key)
-{
-    AES_KEY temp_key;
-    AES_set_encrypt_key(userkey, &temp_key);
-    AES_set_decrypt_key_fast(key, &temp_key);
-}
-*/
-
-static inline void
-AES_ecb_decrypt_blks(__m128i * __restrict__ blks, unsigned nblks, const AES_KEY * __restrict__ key)
-{
-    unsigned i, j, rnds = key->rounds;
-    for (i = 0; i < nblks; ++i)
-        blks[i] = _mm_xor_si128(blks[i], key->rd_key[0]);
-    for (j = 1; j < rnds; ++j)
-        for (i = 0; i < nblks; ++i)
-            blks[i] = _mm_aesdec_si128(blks[i], key->rd_key[j]);
-    for (i = 0; i < nblks; ++i)
-        blks[i] = _mm_aesdeclast_si128(blks[i], key->rd_key[j]);
-}
-
-#endif

dpf++/bitutils.h

@@ -1,199 +0,0 @@
-/* Copyright (C) 2019  Anonymous
- *
- * This is a pre-release version of the DPF++ library distributed anonymously
- * for peer review. A public release of the software will be published under the
- * LPGL v2.1 license in the near future. Please do not redistribute this version
- * of the software.
- */
-
-#ifndef DPF_BITUTILS_H__
-#define DPF_BITUTILS_H__
-
-#include <bitset>       // std::bitset
-
-#include <x86intrin.h>  // SSE and AVX intrinsics
-
-namespace dpf
-{
-
-static const __m128i bool128_mask[2] = {
-	_mm_set_epi64x(0,1),                                        // 0b00...0001
-	_mm_set_epi64x(1,0)                                         // 0b00...0001 << 64
-};
-static const __m256i bool256_mask[4] = {
-	_mm256_set_epi64x(0,0,0,1),                                 // 0b00...0001
-	_mm256_set_epi64x(0,0,1,0),                                 // 0b00...0001 << 64
-	_mm256_set_epi64x(0,1,0,0),                                 // 0b00...0001 << 128
-	_mm256_set_epi64x(1,0,0,0)                                  // 0b00...0001 << 192
-};
-
-static const __m128i lsb128_mask[4] = {
-	_mm_setzero_si128(),                                        // 0b00...0000
-	_mm_set_epi64x(0,1),                                        // 0b00...0001
-	_mm_set_epi64x(0,2),                                        // 0b00...0010
-	_mm_set_epi64x(0,3)                                         // 0b00...0011
-};
-static const __m128i lsb128_mask_inv[4] = {
-	_mm_set1_epi8(-1),                                          // 0b11...1111
-	_mm_set_epi64x(-1,-2),                                      // 0b11...1110
-	_mm_set_epi64x(-1,-3),                                      // 0b11...1101
-	_mm_set_epi64x(-1,-4)                                       // 0b11...1100
-};
-static const __m128i if128_mask[2] = {
-	_mm_setzero_si128(),                                        // 0b00...0000
-	_mm_set1_epi8(-1)                                           // 0b11...1111
-};
-
-static const __m256i lsb256_mask[4] = {
-	_mm256_setzero_si256(),                                     // 0b00...0000
-	_mm256_set_epi64x(0,0,0,1),                                 // 0b00...0001
-	_mm256_set_epi64x(0,0,0,2),                                 // 0b00...0010
-	_mm256_set_epi64x(0,0,0,3)                                  // 0b00...0011
-};
-static const __m256i lsb256_mask_inv[4] = {
-	_mm256_set1_epi8(-1),                                       // 0b11...1111
-	_mm256_set_epi64x(-1,-1,-1,-2),                             // 0b11...1110
-	_mm256_set_epi64x(-1,-1,-1,-3),                             // 0b11...1101
-	_mm256_set_epi64x(-1,-1,-1,-4)                              // 0b11...1100
-};
-static const __m256i if256_mask[2] = {
-	_mm256_setzero_si256(),                                     // 0b00...0000
-	_mm256_set1_epi8(-1)                                        // 0b11...1111
-};
-
-inline __m128i xor_if(const __m128i & block1, const __m128i & block2, __m128i flag)
-{
- return _mm_xor_si128(block1, _mm_and_si128(block2, flag));
-}
-
-inline __m256i xor_if(const __m256i & block1, const __m256i & block2, __m256i flag)
-{
- return _mm256_xor_si256(block1, _mm256_and_si256(block2, flag));
-}
-
- 
-
-inline __m128i xor_if(const __m128i & block1, const __m128i & block2, bool flag)
-{
-	return _mm_xor_si128(block1, _mm_and_si128(block2, if128_mask[flag ? 1 : 0]));
-}
-inline __m256i xor_if(const __m256i & block1, const __m256i & block2, bool flag)
-{
-	return _mm256_xor_si256(block1, _mm256_and_si256(block2, if256_mask[flag ? 1 : 0]));
-}
-
-inline uint8_t get_lsb(const __m128i & block, uint8_t bits = 0b01)
-{
-	__m128i vcmp = _mm_xor_si128(_mm_and_si128(block, lsb128_mask[bits]), lsb128_mask[bits]);
-	return static_cast<uint8_t>(_mm_testz_si128(vcmp, vcmp));
-}
-inline uint8_t get_lsb(const __m256i & block, uint8_t bits = 0b01)
-{
-	__m256i vcmp = _mm256_xor_si256(_mm256_and_si256(block, lsb256_mask[bits]), lsb256_mask[bits]);
-	return static_cast<uint8_t>(_mm256_testz_si256(vcmp, vcmp));
-}
-template <typename __mX>
-inline uint8_t get_lsb01(const __mX & block) { return get_lsb(block, 0b01); }
-template <typename __mX>
-inline uint8_t get_lsb10(const __mX & block) { return get_lsb(block, 0b10); }
-
-
-inline __m128i clear_lsb(const __m128i & block, uint8_t bits = 0b01)
-{
-	return _mm_and_si128(block, lsb128_mask_inv[bits]);
-}
-inline __m256i clear_lsb(const __m256i & block, uint8_t bits = 0b01)
-{
-	return _mm256_and_si256(block, lsb256_mask_inv[bits]);
-}
-
-template<typename row_t = __m256i >	
-inline std::array<row_t, 128> bitsliced_clear_lsb(std::array<row_t, 128>& block, uint8_t bits = 0b11)
-{
-	if(bits == 0b11)
-	{
-	 block[0] = _mm256_set_epi64x(0, 0, 0, 0); 
-	 block[1] = _mm256_set_epi64x(0, 0, 0, 0); 
-	}
-	if(bits == 0b01)
-	{
-	  block[0] = _mm256_set_epi64x(0, 0, 0, 0); 
-	}
-	return block;
-}
-
-
-template<typename row_t = __m256i >	
-inline std::array<row_t, 128> bitsliced_clear_lsb(const std::array<row_t, 128> block, uint8_t bits = 0b11)
-{
-
-	std::array<row_t, 128> block2 = block;
-	if(bits == 0b11)
-	{
-	 block2[0] = _mm256_set_epi64x(0, 0, 0, 0); 
-	 block2[1] = _mm256_set_epi64x(0, 0, 0, 0); 
-	}
-	if(bits == 0b01)
-	{
-	  block2[0] = _mm256_set_epi64x(0, 0, 0, 0); 
-	}
-	return block2;
-}
-
-
-template<typename row_t = __m256i >	
-inline std::array<row_t, 128> bitsliced_set_lsb(std::array<row_t, 128>& block, row_t t)
-{
-	block[0] = block[0] & t;
-	 
-	return block;
-}
-
-template<typename row_t = __m256i >	
-inline row_t bitslicled_get_lsb(std::array<row_t, 128> block, uint8_t bit = 0b01)
-{	
-	if(bit == 0b01)	
-	{
-	 return block[0];
-	}
-	else if (bit == 0b10)
-	{
-	 return block[1];
-	}
-	else
-	{
-      return block[0];
-	}
-}
-
-template <typename __mX>
-inline __mX clear_lsb01(const __mX & block) { return clear_lsb(block, 0b01); }
-template <typename __mX>
-inline __mX clear_lsb10(const __mX & block) { return clear_lsb(block, 0b10); }
-template <typename __mX>
-inline __mX clear_lsb11(const __mX & block) { return clear_lsb(block, 0b11); }
-
-
-inline __m128i set_lsb(const __m128i & block, const bool val = true)
-{
-	return _mm_or_si128(clear_lsb(block, 0b01), lsb128_mask[val ? 0b01 : 0b00]);
-}
-inline __m256i set_lsb(const __m256i & block, const bool val = true)
-{
-	return _mm256_or_si256(clear_lsb(block, 0b01), lsb256_mask[val ? 0b01 : 0b00]);;
-}
-
-inline __m128i set_lsbs(const __m128i & block, const bool bits[2])
-{
-	int i = (bits[0] ? 1 : 0) + 2 * (bits[1] ? 1 : 0);
-	return _mm_or_si128(clear_lsb(block, 0b11), lsb128_mask[i]);
-}
-inline __m256i set_lsbs(const __m256i & block, const bool bits[2])
-{
-	int i = (bits[0] ? 1 : 0) + 2 * (bits[1] ? 1 : 0);
-	return _mm256_or_si256(clear_lsb(block, 0b11), lsb256_mask[i]);
-}
-
-} // namespace lowmc
-
-#endif // DPF_BITUTILS_H__

dpf++/dpf.h

@@ -1,431 +0,0 @@
-/* Copyright (C) 2019  Anonymous
- *
- * This is a pre-release version of the DPF++ library distributed anonymously
- * for peer review. A public release of the software will be published under the
- * LPGL v2.1 license in the near future. Please do not redistribute this version
- * of the software.
- */
-
-// #ifndef DPFPP_DPF_H__
-// #define DPFPP_DPF_H__
-
-// #include <type_traits>  // std::is_same<>
-// #include <limits>       // std::numeric_limits<>
-// #include <climits>      // CHAR_BIT
-// #include <cmath>        // std::log2, std::ceil, std::floor
-// #include <stdexcept>    // std::runtime_error
-// #include <array>        // std::array<>
-// #include <iostream>     // std::istream and std::ostream
-// #include <vector>       // std::vector<>
-// #include <memory>       // std::shared_ptr<>
-// #include <utility>      // std::move
-// #include <algorithm>    // std::copy
-// #include <cstring>      // std::memcpy
-
-// #include <bsd/stdlib.h> // arc4random_buf
-// #include <x86intrin.h>  // SSE and AVX intrinsics
-// #include <boost/asio/thread_pool.hpp>
-// #include "bitutils.h"
-// #include "../block.h"
-// #include "prg.h"
- 
-// #include "prg_aes_impl.h"
- 
-
-// constexpr int L = 0;
-// constexpr int R = 1;
-// const size_t ncores = 16;
-// uint64_t progress[ncores] = {0};
-// namespace dpf
-// {
-
-
-
-
-// template <typename node_t>
-// node_t init_val(uint64_t val);
-// template <> __m128i init_val(uint64_t val) { return _mm_set_epi64x(0, val); }
-// template <> __m256i init_val(uint64_t val) { return _mm256_set_epi64x(0, 0, 0, val); }
-
-
-// // template<typename leaf_t = bool, typename node_t = __m128i, typename prgkey_t = lowmc::lowmc<128,29, 11>>
-// // struct dpf_key;
-// template<typename leaf_t = __m128i, typename node_t = __m128i, typename leaf_type = __m128i, typename prgkey_t = AES_KEY>
-// struct dpf_key;
-// template<typename leaf_t = bool, typename node_t = __m128i, typename prgkey_t = lowmc::bitsliced_lowmc<128,29, 11,256>>
-// struct bitsliced_dpf_key;
-
- 
-// using slicerow_t = block<__m256i>;
-// using sliceblock_t = std::array<slicerow_t, 128>; 
-
-// template<typename leaf_t, typename node_t, typename prgkey_t>
-// inline leaf_t eval(const dpf_key <leaf_t, node_t, prgkey_t> & dpfkey, const size_t input);
-
-// template<typename leaf_t, typename node_t, typename prgkey_t>
-// inline void evalinterval(const dpf_key<leaf_t, node_t, prgkey_t> & dpfkey, const size_t from, const size_t to, leaf_t * output, uint8_t * t = NULL);
-
-// template<typename leaf_t, typename node_t, typename prgkey_t>
-// inline void evalfull(const dpf_key<leaf_t, node_t, prgkey_t> & dpfkey, leaf_t * output, uint8_t * t = NULL);
-
-// template<typename node_t, typename prgkey_t>
-// static inline void expand(const prgkey_t & prgkey, const node_t & seed, node_t s[2], uint8_t t[2], int lsbmask = 0b11)
-// {
-// 	dpf::PRG(prgkey, clear_lsb(seed, 0b11), s, 2);
-//  	t[L] = get_lsb(s[L]);
-// 	s[L] = clear_lsb(s[L], lsbmask);
-// 	t[R] = get_lsb(s[R]);
-// 	s[R] = clear_lsb(s[R], lsbmask);
-// } // dpf::expand
-
-// template<typename node_t, typename prgkey_t>
-// static inline void traverse2(const prgkey_t & prgkey, const node_t & seed,
-// 	const uint8_t cw_t[2], const node_t & cw, const uint8_t prev_t,
-// 	node_t s[2], uint8_t t[2], int lsbmask = 0b11)
-// {
-// 	dpf::PRG(prgkey, clear_lsb(seed, 0b11), s, 2);
-// 	t[L] = get_lsb(s[L]) ^ (cw_t[L] & prev_t);;
-// 	s[L] = clear_lsb(xor_if(s[L], cw, !prev_t), lsbmask);
-// 	t[R] = get_lsb(s[R]) ^ (cw_t[R] & prev_t);;
-// 	s[R] = clear_lsb(xor_if(s[R], cw, !prev_t), lsbmask);
-// } // dpf::expand
-
-// template<typename node_t, typename prgkey_t>
-// static inline void traverse(const prgkey_t & prgkey, const node_t & seed, const bool direction,
-// 	const uint8_t cw_t, const node_t & cw, const uint8_t prev_t,
-// 	node_t & s, uint8_t & t, int lsbmask = 0b11)
-// {
-// 	dpf::PRG(prgkey, clear_lsb(seed, 0b11), &s, 1, direction);
-// 	t = get_lsb(s) ^ (cw_t & prev_t);
-// 	s = clear_lsb(xor_if(s, cw, !prev_t), lsbmask);
-// } // dpf::traverse
-
-// template<typename finalizer_t, typename prgkey_t>
-// static inline void stretch_leaf(const prgkey_t & prgkey, const typename finalizer_t::value_type & seed, finalizer_t & s)
-// {
-// 	dpf::PRG(prgkey, clear_lsb(seed, 0b11), &s, s.size());
-// } // dpf::stretch_leaf
-
- 
-
-// template<typename leaf_t, typename node_t, typename leaf_type, typename prgkey_t>
-// struct dpf_key final
-// {
-//   public:
-	// static constexpr size_t bits_per_leaf = std::is_same<leaf_t, bool>::value ? 1 : sizeof(leaf_t) * CHAR_BIT;
-	// static constexpr bool is_packed = (sizeof(leaf_t) < sizeof(node_t));
-	// static constexpr size_t leaves_per_node = dpf_key::is_packed ? sizeof(node_t) * CHAR_BIT / bits_per_leaf : 1;
-	// static constexpr size_t nodes_per_leaf = dpf_key::is_packed ? 1 : std::ceil(static_cast<double>(bits_per_leaf) / (sizeof(node_t) * CHAR_BIT));
-	// static_assert(leaves_per_node * bits_per_leaf == sizeof(node_t) * CHAR_BIT
-	//     || nodes_per_leaf * sizeof(node_t) == sizeof(leaf_t));
-
-	// using finalizer_t = std::array<node_t, nodes_per_leaf>;
-	// typedef std::pair<finalizer_t, finalizer_t> (*finalizer_callback)(const prgkey_t &, const size_t, const leaf_t &, const node_t[2], const uint8_t[2]);
-
-	// inline static constexpr size_t depth(const size_t nitems) { return std::ceil(std::log2(std::ceil(static_cast<double>(nitems) / dpf_key::leaves_per_node))); }
-	// inline constexpr size_t depth() const { return dpf_key::depth(nitems); }
-
-	// inline static constexpr size_t input_bits(const size_t nitems) { return std::ceil(std::log2(nitems)); }
-	// inline constexpr size_t input_bits() const { return dpf_key::input_bits(nitems); }
-
-	// inline static constexpr size_t nodes_in_interval(const size_t from, const size_t to) { return (to < from) ? 0 : std::max(1.0, std::ceil(static_cast<double>(to+1) / leaves_per_node) - std::floor(static_cast<double>(from) / leaves_per_node)); }
-
-	// inline static constexpr size_t interval_bytes(const size_t from, const size_t to) { return nodes_in_interval(from, to) * (is_packed ? sizeof(node_t) : sizeof(leaf_t)); }
-	// inline constexpr size_t full_bytes() { return interval_bytes(0, nitems-1); }
-
-	// inline static constexpr size_t nodes_at_leaf_layer(const size_t nitems) { return std::ceil(static_cast<double>(nitems) / dpf_key::leaves_per_node); }
-	// inline constexpr size_t nodes_at_leaf_layer() const { return dpf_key::nodes_at_leaf_layer(nitems); }
-
-	// inline dpf_key(dpf_key &&) = default;
-	// inline dpf_key & operator=(dpf_key &&) = default;
-	// inline dpf_key(const dpf_key &) = default;
-	// inline dpf_key & operator=(const dpf_key &) = default;
-
-	// inline bool operator==(const dpf_key & rhs) const { return nitems == rhs.nitems && root == rhs.root && cw == rhs.cw && finalizer == rhs.finalizer; }
-	// inline bool operator!=(const dpf_key & rhs) const { return !(*this == rhs); }
-
- 
-
-	// static auto default_make_finalizer(const prgkey_t & prgkey, const size_t target, const leaf_t & val, const node_t s[2], const uint8_t t[2])
-	// {
-			
-	// 		finalizer_t finalizer;
-	// 		finalizer_t stretched[2];
-	// 		stretch_leaf(prgkey, s[L], stretched[L]);
-	// 		stretch_leaf(prgkey, s[R], stretched[R]);
-
-	// 		if constexpr(dpf_key::is_packed)
-	// 		{
-	// 			auto finalizer0 = reinterpret_cast<node_t *>(&finalizer[0]);
-	// 			if constexpr(std::numeric_limits<leaf_t>::is_integer)
-	// 			{
-	// 				if constexpr(std::is_same<leaf_t, bool>::value)
-	// 				{
-	// 					*finalizer0 = (node_t)init_val<__m128i>(val ? 1 : 0);
-	// 					//*finalizer0 = init_val<node_t>(val ? 1 : 0);
-	// 				}
-	// 				else
-	// 				{
-	// 					typedef typename std::make_unsigned_t<leaf_t> unsigned_leaf_t;
-	// 					*finalizer0 = init_val<node_t>(static_cast<unsigned_leaf_t>(val));
-	// 				}
-	// 				auto tmp = reinterpret_cast<std::bitset<8*sizeof(node_t)> *>(finalizer0);
-	// 				*tmp <<= bits_per_leaf * (target % leaves_per_node);
-	// 			}
-	// 			else
-	// 			{
-	// 				*finalizer0 = val;
-	// 			}
-	// 		}
-	// 		else
-	// 		{
-	// 			std::memcpy(&finalizer[0], &val, sizeof(finalizer_t));
-	// 		}
-	// 		for (size_t j = 0; j < nodes_per_leaf; ++j)
-	// 		{
-	// 			finalizer[j] ^= stretched[L][j] ^ stretched[R][j];
-	// 		}
-	// 		return std::make_pair(finalizer, finalizer);
-	// } // dpf_key::default_make_finalizer
-
-
-
-	// static auto gen(const prgkey_t & prgkey, size_t nitems, size_t target, const leaf_t & val = 1, const finalizer_callback make_finalizer = default_make_finalizer)
-	// {
-	// 	if (nitems <= target)
-	// 	{
-	// 		throw std::runtime_error("target point out of range");
-	// 	}
-
-	// 	node_t root[2];
-
-	// 	srand(1);
-	// 	arc4random_buf(root, sizeof(root));
- // 		root[0][0] = rand();
- // 		root[0][1] = rand();
- 
-
- // 		root[1][0] = rand();
- // 		root[1][1] = rand();
- 
-
-	// 	uint8_t t[2] = { get_lsb(root[0]), !t[0] };
-	// 	root[1] = set_lsb(root[1], t[1]);
-	// 	node_t s[2] = { root[0], root[1] };
-
-	// 	const size_t depth = dpf_key::depth(nitems);
-	// 	std::vector<node_t> cw;
-	// 	cw.reserve(depth);
-
-	// 	node_t s0[2], s1[2];
-	// 	uint8_t t0[2], t1[2];
-	// 	const size_t nbits = input_bits(nitems);
-	// 	for (size_t layer = 0; layer < depth; ++layer)
-	// 	{
-	// 		const uint8_t bit = (target >> (nbits - layer - 1)) & 1U;
-
-	// 		expand(prgkey, s[0], s0, t0);
-	// 		expand(prgkey, s[1], s1, t1);
-
-	// 		const uint8_t keep = (bit == 0) ? L : R, lose = 1 - keep;
-	// 		bool cwt[2] = {
-	// 		    cwt[L] = t0[L] ^ t1[L] ^ bit ^ 1,
-	// 		    cwt[R] = t0[R] ^ t1[R] ^ bit
-	// 		};
-	// 		auto nextcw = s0[lose] ^ s1[lose];
-
-	// 		s[L] = xor_if(s0[keep], nextcw, !t[L]);
-	// 		t[L] = t0[keep] ^ (t[L] & cwt[keep]);
-
-	// 		s[R] = xor_if(s1[keep], nextcw, !t[R]);
-	// 		t[R] = t1[keep] ^ (t[R] & cwt[keep]);
-
-	// 		cw.emplace_back(set_lsbs(nextcw, cwt));
-	// 	}
-	// 	cw.shrink_to_fit();
-
-	// 	auto [finalizer0, finalizer1] = make_finalizer(prgkey, target, val, s, t);
-	// 	return std::make_pair(
-	// 	    std::forward<dpf_key>(dpf_key(nitems, root[0], cw, finalizer0, prgkey)),
-	// 	    std::forward<dpf_key>(dpf_key(nitems, root[1], cw, finalizer1, prgkey)));
-	// } // dpf_key::gen
-
-	// inline leaf_t eval(const size_t input) const { return std::forward<leaf_t>(dpf::eval(*this, input)); }
-	// inline void evalinterval(const size_t from, const size_t to, leaf_t * output, uint8_t * t = NULL) const { dpf::evalinterval(*this, from, to, output, t); }
-	// inline void evalfull(leaf_t * output, uint8_t * t = NULL) const { dpf::evalfull(*this, output, t); }
-	
-	// const size_t nitems;
-	// const node_t root;
-	// const std::vector<node_t> cw;
-	// const finalizer_t finalizer;
-	// const prgkey_t prgkey;
-
- //  private:
-	// dpf_key(size_t nitems_, const node_t & root_, const std::vector<node_t> cw_,
-	// 	const finalizer_t & finalizer_, const prgkey_t & prgkey_)
-	//   : nitems(nitems_),
-	//     root(root_),
-	//     cw(cw_),
-	//     finalizer(finalizer_),
-	//     prgkey(prgkey_) { }
-//}; // struct dpf::dpf_key
-
- 
-
-// template<typename leaf_t, typename node_t>
-// inline leaf_t getword(const node_t & S, const size_t input)
-// {
-// 	auto S_ = reinterpret_cast<const leaf_t *>(&S);
-// 	if constexpr(sizeof(leaf_t) >= sizeof(node_t)) return *S_;
-
-// 	return S_[input];
-// } // dpf::getword
-
-// template<>
-// inline bool getword(const __m128i & S, const size_t input)
-// {
-// 	const __m128i mask = bool128_mask[input / 64];
-// 	__m128i vcmp = _mm_xor_si128(_mm_and_si128(S >> (input % 64), mask), mask);
-
-// 	return static_cast<bool>(_mm_testz_si128(vcmp, vcmp));
-// } // dpf::getword<__m128i,bool>
-
-// template<>
-// inline bool getword(const __m256i & S, const size_t input)
-// {
-// 	const __m256i mask = bool256_mask[input / 64];
-// 	__m256i vcmp = _mm256_xor_si256(_mm256_and_si256(S >> (input % 64), mask), mask);
-
-// 	return static_cast<bool>(_mm256_testz_si256(vcmp, vcmp));
-// } // dpf::getword<__m256i,bool>
-
-// template<typename leaf_t, typename node_t, typename prgkey_t>
-// inline void finalize(const prgkey_t & prgkey, std::array<node_t, dpf_key<leaf_t, node_t, prgkey_t>::nodes_per_leaf> finalizer, leaf_t * output, node_t * s, size_t nnodes, uint8_t * t)
-// {
-// 	auto output_ = reinterpret_cast<std::array<node_t, dpf_key<leaf_t, node_t, prgkey_t>::nodes_per_leaf> *>(output);
-
-// 	for (size_t i = 0; i < nnodes; ++i)
-// 	{
-// 		stretch_leaf(prgkey, s[i], output_[i]);
-// 		for (size_t j = 0; j < dpf_key<leaf_t, node_t, prgkey_t>::nodes_per_leaf; ++j)
-// 		{
-// 			output_[i][j] = xor_if(output_[i][j], finalizer[j], t[i]);
-// 		}
-// 	}
-// } // dpf::finalize
-
-
-
-// template<typename leaf_t, typename node_t, typename prgkey_t>
-// inline void __evalinterval(const dpf_key<leaf_t, node_t, prgkey_t> & dpfkey, const size_t from, const size_t to, leaf_t * output, uint8_t * _t)
-// {
-// 	auto nodes_per_leaf = dpfkey.nodes_per_leaf;
-// 	auto depth = dpfkey.depth();
-// 	auto nbits = dpfkey.input_bits();
-// 	auto nodes_in_interval = dpfkey.nodes_in_interval(from, to);
-// 	auto root = dpfkey.root;
-// 	auto prgkey = dpfkey.prgkey;
-
-// 	const size_t from_node = std::floor(static_cast<double>(from) / nodes_per_leaf);
-
-// 	node_t * s[2] = {
-// 	    reinterpret_cast<node_t *>(output) + nodes_in_interval * (nodes_per_leaf - 1),
-// 	    s[0] + nodes_in_interval / 2
-// 	};
-// 	uint8_t * t[2] = { _t, _t + nodes_in_interval / 2};
-
-// 	int curlayer = depth % 2;
-
-// 	s[curlayer][0] = root;
-// 	t[curlayer][0] = get_lsb(root, 0b01);
-
-// 	//printf("depth = %u\n", depth);
-
-// 	for (size_t layer = 0; layer < depth; ++layer)
-// 	{
-// 		auto & cw = dpfkey.cw[layer];
-// 		uint8_t cw_t[2] = { get_lsb(cw, 0b01), get_lsb(cw, 0b10) };
-// 		curlayer = 1-curlayer;
-
-// 		size_t i=0, j=0;
-// 		auto nextbit = (from_node >> (nbits-layer-1)) & 1;
-// 		size_t nodes_in_prev_layer = std::ceil(static_cast<double>(nodes_in_interval) / (1ULL << (depth-layer)));
-// 		size_t nodes_in_cur_layer = std::ceil(static_cast<double>(nodes_in_interval) / (1ULL << (depth-layer-1)));
-
-// 		//printf("nextbit = %u\n",  (from_node >> (nbits-layer-1)));
-
-// 		if (nextbit == 1) traverse(prgkey, s[1-curlayer][0], R, cw_t[R], cw, t[1-curlayer][j], s[curlayer][0], t[curlayer][0]); // these will not be called in evalfull
-// 		for (i = nextbit, j = nextbit; j < nodes_in_prev_layer-1; ++j, i+=2)
-// 		{
-// 			//printf("j = %u\n", j );
-// 			traverse2(prgkey, s[1-curlayer][j], cw_t, cw, t[1-curlayer][j], &s[curlayer][i], &t[curlayer][i]);
-// 		}
-// 		if (nodes_in_prev_layer > j)
-// 		{
-// 			//printf("jj' = %u\n", j );
-// 			if (i < nodes_in_cur_layer - 1) 
-// 			{
-// 				traverse2(prgkey, s[1-curlayer][j], cw_t, cw, t[1-curlayer][j], &s[curlayer][i], &t[curlayer][i]);
-// 				//printf("If\n");
-// 			}
-// 			else
-// 			{
-// 				traverse(prgkey, s[1-curlayer][j], L, cw_t[L], cw, t[1-curlayer][j], s[curlayer][i], t[curlayer][i]); // will not be called in evalfull
-// 			//	printf("else\n");
-// 			} 
-// 		}
-// 	}
-// 	finalize(prgkey, dpfkey.finalizer, output, s[0], nodes_in_interval, t[0]);
-// } // dpf::__evalinterval
-
-// template<typename leaf_t, typename node_t, typename prgkey_t>
-// inline void evalinterval(const dpf_key<leaf_t, node_t, prgkey_t> & dpfkey, const size_t from, const size_t to, leaf_t * output, uint8_t * t)
-// {
-// 	uint8_t * tt = t ? t : reinterpret_cast<uint8_t *>(malloc(dpfkey.nodes_in_interval(from, to) * sizeof(uint8_t)));
-// 	__evalinterval(dpfkey, from, to, output, tt);
-// 	if (!t) free(tt);
-// } // dpf::evalinterval
-
-// template<typename leaf_t, typename node_t, typename prgkey_t>
-// inline void evalfull(const dpf_key<leaf_t, node_t, prgkey_t> & dpfkey, leaf_t * output, uint8_t * t)
-// {
-// 	uint8_t * tt = t ? t : reinterpret_cast<uint8_t *>(malloc(dpfkey.nodes_at_leaf_layer() * sizeof(uint8_t)));
-// 	__evalinterval(dpfkey, 0, dpfkey.nitems-1, output, tt);
-// 	if (!t) free(tt);
-// } // dpf::evalfull
-
-// template<typename leaf_t, typename node_t, typename prgkey_t>
-// inline leaf_t eval(const dpf_key<leaf_t, node_t, prgkey_t> & dpfkey, const size_t input)
-// {
-// 	auto prgkey = dpfkey.prgkey;
-// 	auto root = dpfkey.root;
-// 	auto depth = dpfkey.depth();
-// 	auto nbits = dpfkey.input_bits();
-
-// 	node_t S = root;
-// 	uint8_t T = get_lsb(root, 0b01);
-
-// 	for (size_t layer = 0; layer < depth; ++layer)
-// 	{
-// 		auto & cw = dpfkey.cw[layer];
-// 		const uint8_t nextbit = (input >> (nbits-layer-1)) & 1;
-// 		traverse(prgkey, S, nextbit, get_lsb(cw, nextbit ? 0b10 : 0b01), cw, T, S, T); 
-// 	}
-// 	std::array<node_t, dpf_key<leaf_t, node_t, prgkey_t>::nodes_per_leaf> final;
-// 	finalize(prgkey, dpfkey.finalizer, &final, &S, 1, &T);
-
-// 	if constexpr(dpfkey.is_packed)
-// 	{
-// 		auto S_ = reinterpret_cast<node_t *>(&final);
-// 		return std::forward<leaf_t>(getword<leaf_t>(*S_, input % dpfkey.leaves_per_node));
-// 	}
-// 	else
-// 	{
-// 		auto ret = reinterpret_cast<leaf_t *>(&final);
-// 		return *ret;
-// 	}
-// // } // dpf::eval
- 
-// } // namespace dpf
-
-//#endif // DPFPP_DPF_H

dpf++/prg.h

@@ -1,20 +0,0 @@
-/* Copyright (C) 2019  Anonymous
- *
- * This is a pre-release version of the DPF++ library distributed anonymously
- * for peer review. A public release of the software will be published under the
- * LPGL v2.1 license in the near future. Please do not redistribute this version
- * of the software.
- */
-
-#ifndef DPFPP_PRG_H__
-#define DPFPP_PRG_H__
- 
-namespace dpf
-{
-
-template<typename node_t, typename lowmc>
-inline void PRG(const lowmc & prgkey, const node_t & seed, void * outbuf, const uint32_t len, const uint32_t from = 0);
- 
-
-} // namespace dpf
-#endif // DPFPP_PRG_H

dpf++/prg_aes_impl.h

@@ -1,73 +0,0 @@
-/* Copyright (C) 2019  Anonymous
- *
- * This is a pre-release version of the DPF++ library distributed anonymously
- * for peer review. A public release of the software will be published under the
- * LPGL v2.1 license in the near future. Please do not redistribute this version
- * of the software.
- */
-
-#ifndef DPFPP_PRG_AES_IMPL_H__
-#define DPFPP_PRG_AES_IMPL_H__
-
-#include "prg.h"
-#include "aes.h"
-
-namespace dpf
-{
-
-template<>
-inline void PRG(const AES_KEY & prgkey, const __m128i & seed, void * outbuf, const uint32_t len, const uint32_t from)
-{
- 
-	__m128i * outbuf128 = reinterpret_cast<__m128i *>(outbuf);
-	for (size_t i = 0; i < len; ++i)
-	{
-		outbuf128[i] = _mm_xor_si128(seed, _mm_set_epi64x(0, from+i));
-	}
-	AES_ecb_encrypt_blks(outbuf128, static_cast<unsigned int>(len), &prgkey);
-	for (size_t i = 0; i < len; ++i) 
-	{
-		outbuf128[i] = _mm_xor_si128(outbuf128[i], _mm_set_epi64x(0, from+i));
-		outbuf128[i] = _mm_xor_si128(outbuf128[i], seed);
-	}
-} // PRG<AES_KEY>
-inline void PRG_aes(const AES_KEY & prgkey, const __m128i & seed, void * outbuf, const uint32_t len, const uint32_t from = 0)
-{
-	__m128i * outbuf128 = reinterpret_cast<__m128i *>(outbuf);
-	for (size_t i = 0; i < len; ++i)
-	{
-		outbuf128[i] = _mm_xor_si128(seed, _mm_set_epi64x(0, from+i));
-	}
-	AES_ecb_encrypt_blks(outbuf128, static_cast<unsigned int>(len), &prgkey);
-	for (size_t i = 0; i < len; ++i) 
-	{
-		outbuf128[i] = _mm_xor_si128(outbuf128[i], _mm_set_epi64x(0, from+i));
-		outbuf128[i] = _mm_xor_si128(outbuf128[i], seed);
-	}
-} // PRG<AES_KEY>
-
-
-inline void PRG_aes(const AES_KEY & prgkey, const __m256i & seed, void * outbuf, const uint32_t len, const uint32_t from = 0)
-{
-	 __m256i * outbuf256 = reinterpret_cast<__m256i *>(outbuf);
-	 for (size_t i = 0; i < len; ++i)
-	 {
-	 	outbuf256[i] = _mm256_xor_si256(seed, _mm256_set_epi64x(0, 0, 0, from+i));
-	 }
-	
-	// AES_ecb_encrypt_blks(reinterpret_cast<__m128i *>(outbuf256), static_cast<unsigned int>(len), &prgkey);
-	
-	 for (size_t i = 0; i < len; ++i) 
-	 {
-		outbuf256[i] = _mm256_xor_si256(outbuf256[i], _mm256_set_epi64x(0, 0, 0, from+i));
-		outbuf256[i] = _mm256_xor_si256(outbuf256[i], seed);
-	 }
-} // PRG<AES_KEY>
-inline std::ostream & operator<<(std::ostream & os, const AES_KEY & prgkey)
-{
-	return os.write(reinterpret_cast<const char *>(&prgkey.rd_key[0]), sizeof(__m128i));
-} // operator<<
-
-} // namespace dpf
-
-#endif // DPFPP_PRG_AES_IMPL_H

dpf++/prg_lowmc_impl.h

@@ -1,41 +0,0 @@
-/* Copyright (C) 2019  Anonymous
- *
- * This is a pre-release version of the DPF++ library distributed anonymously
- * for peer review. A public release of the software will be published under the
- * LPGL v2.1 license in the near future. Please do not redistribute this version
- * of the software.
- */
-
-#ifndef DPFPP_PRG_LOWMC_IMPL_H__
-#define DPFPP_PRG_LOWMC_IMPL_H__
-
-#include "prg.h"
-#include "../lowmc/lowmc.h"
-
-namespace dpf
-{
-
-template <typename lowmc>
-inline void PRG(const lowmc & prgkey, const __m128i & seed, void * outbuf, const uint32_t len, const uint32_t from = 0)
-{
-	using block_t = typename lowmc::block_t;
-	block_t * outbuf128 = reinterpret_cast<block_t*>(outbuf);
-	//printf(" seed = %llu <-> %llu\n", seed[0], seed[1]);
-	for (size_t i = 0; i < len; ++i)
-	{
-		auto tmp = _mm_xor_si128(seed, _mm_set_epi64x(0, from+i));
-		outbuf128[i] = prgkey.encrypt(tmp);
-		outbuf128[i] = _mm_xor_si128(outbuf128[i], tmp);
-	}
-}
-
-template<typename lowmc>
-inline std::ostream & operator<<(std::ostream & os, const lowmc & prgkey)
-{
-	auto zero = _mm_setzero_si128();
-	return os.write(reinterpret_cast<const char *>(&zero), sizeof(__m128i));
-}
-
-} // namespace dpf
-
-#endif // DPFPP_PRG_LOWMC_IMPL_H

dpfgen.h

@@ -1,233 +0,0 @@
-void compute_CW(tcp::socket& sout, tcp::socket& sin, __m128i L, __m128i R, uint8_t bit, __m128i & CW)
-{
-
-  	
-
-	
-	struct cw_construction
-	{
-	  __m128i rand_b, gamma_b;
-	  uint8_t bit_b;
-	};
-
-
-	cw_construction computecw;
-	read(sin, boost::asio::buffer(&computecw, sizeof(computecw)));
-	__m128i rand_b  = computecw.rand_b;
-	__m128i gamma_b = computecw.gamma_b;
-	uint8_t bit_b   = computecw.bit_b;
-	
-
-
-	#ifdef DEBUG 
-		__m128i rand_b2, gamma_b2;
-		uint8_t bit_b2;
-	 	read(sin, boost::asio::buffer(&rand_b2, sizeof(rand_b)));
-	    read(sin, boost::asio::buffer(&gamma_b2, sizeof(gamma_b)));
-	    read(sin, boost::asio::buffer(&bit_b2, sizeof(bit_b)));
-
-	    assert(rand_b2[0] == rand_b[0]);
-	    assert(rand_b2[1] == rand_b[1]);
-		assert(gamma_b2[0] == gamma_b[0]);
-	    assert(gamma_b2[1] == gamma_b[1]);
-		assert(bit_b2 == bit_b);
- 	#endif
-
-	uint8_t blinded_bit, blinded_bit_read;
-	blinded_bit = bit ^ bit_b;
-
-	__m128i blinded_L = L ^ R ^ rand_b;
-	__m128i blinded_L_read; 
-
-
-	struct BlindsCW
-	{
-		__m128i blinded_message;
-		uint8_t blinded_bit;
-	};
-
-	BlindsCW blinds_sent, blinds_recv;
-
-	blinds_sent.blinded_bit = blinded_bit;
-	blinds_sent.blinded_message = blinded_L;
-
- 
- 
- 	boost::asio::write(sout, boost::asio::buffer(&blinds_sent, sizeof(blinds_sent)));
-	boost::asio::read(sout, boost::asio::buffer(&blinds_recv, sizeof(blinds_recv)));
-	
-	blinded_bit_read = blinds_recv.blinded_bit;
-	blinded_L_read   =  blinds_recv.blinded_message;
-
-	__m128i out_ = R ^ gamma_b;//_mm_setzero_si128;
-
-	if(bit)
-	{
-	 out_ ^= (L ^ R ^ blinded_L_read);
-	}
-	if(blinded_bit_read)
-	{
-	 out_ ^= rand_b;
-	}
-
-	__m128i out_reconstruction; 
-	boost::asio::write(sout, boost::asio::buffer(&out_, sizeof(out_)));
-	boost::asio::read(sout, boost::asio::buffer(&out_reconstruction, sizeof(out_reconstruction)));
-	out_reconstruction = out_ ^ out_reconstruction;
-	
-	CW = out_reconstruction;
-	
-	#ifdef DEBUG
-		uint8_t bit_reconstruction; 
-		boost::asio::write(sout, boost::asio::buffer(&bit, sizeof(bit)));
-		boost::asio::read(sout, boost::asio::buffer(&bit_reconstruction, sizeof(bit_reconstruction)));
-		bit_reconstruction = bit ^ bit_reconstruction;
-
-		__m128i L_reconstruction; 
-		boost::asio::write(sout, boost::asio::buffer(&L, sizeof(L)));
-		boost::asio::read(sout, boost::asio::buffer(&L_reconstruction, sizeof(L_reconstruction)));
-		L_reconstruction = L ^ L_reconstruction;
-
-		__m128i R_reconstruction; 
-		boost::asio::write(sout, boost::asio::buffer(&R, sizeof(R)));
-		boost::asio::read(sout, boost::asio::buffer(&R_reconstruction, sizeof(R_reconstruction)));
-		R_reconstruction = R ^ R_reconstruction;
-
-	 	__m128i CW_debug;
-
-		if(bit_reconstruction != 0)
-		{
-		  CW_debug = L_reconstruction;
-		}
-		else
-		{
-		  CW_debug = R_reconstruction;
-		}
-
-		assert(CW_debug[0] == CW[0]);
-		assert(CW_debug[1] == CW[1]);
-	#endif
-	
-}
-
-
-template<typename node_t, typename prgkey_t>
-static inline void traverse(const prgkey_t & prgkey, const node_t & seed,	node_t s[2])
-{	
-	dpf::PRG(prgkey, clear_lsb(seed, 0b11), s, 2);
-} // dpf::expand
-
-
-inline void evalfull_mpc(const size_t& nodes_per_leaf, const size_t& depth, const size_t& nbits, const size_t& nodes_in_interval, 
-							 const AES_KEY& prgkey,  uint8_t target_share[64], std::vector<socket_t>& socketsPb, std::vector<socket_t>& socketsP2,
-							 const size_t from, const size_t to, __m128i * output, int8_t * _t, __m128i& final_correction_word, bool party, size_t socket_no = 0)
-{
-
-	
-	__m128i root;
-	
-	arc4random_buf(&root, sizeof(root));
-    
-    root =	set_lsb(root, party);
-
-	const size_t from_node = std::floor(static_cast<double>(from) / nodes_per_leaf);
-
-	__m128i * s[2] = {
-	    reinterpret_cast<__m128i *>(output) + nodes_in_interval * (nodes_per_leaf - 1),
-	    s[0] + nodes_in_interval / 2
-	};
-	
-	int8_t * t[2] = { _t, _t + nodes_in_interval / 2};
-
-	int curlayer = depth % 2;
-
-	s[curlayer][0] = root;
-	t[curlayer][0] = get_lsb(root, 0b01);
-	
-	__m128i * CW = (__m128i *) std::aligned_alloc(sizeof(__m256i), depth * sizeof(__m128i));
-
-	for (size_t layer = 0; layer < depth; ++layer)
-	{
-		#ifdef VERBOSE	
-			printf("layer = %zu\n", layer);
-		#endif
-		curlayer = 1-curlayer;
-
-		size_t i=0, j=0;
-		auto nextbit = (from_node >> (nbits-layer-1)) & 1;
-		size_t nodes_in_prev_layer = std::ceil(static_cast<double>(nodes_in_interval) / (1ULL << (depth-layer)));
-		size_t nodes_in_cur_layer = std::ceil(static_cast<double>(nodes_in_interval) / (1ULL << (depth-layer-1)));
-
-	
-		__m128i L =  _mm_setzero_si128();
-		__m128i R =  _mm_setzero_si128();
-		
-		for (i = nextbit, j = nextbit; j < nodes_in_prev_layer-1; ++j, i+=2)
-		{
-			traverse(prgkey, s[1-curlayer][j], &s[curlayer][i]);
-			L ^= s[curlayer][i];
-			R ^= s[curlayer][i+1];
-		}
-		
-		if (nodes_in_prev_layer > j)
-		{
-			if (i < nodes_in_cur_layer - 1) 
-			{
-				traverse(prgkey, s[1-curlayer][j], &s[curlayer][i]);
-				L ^= s[curlayer][i];
-				R ^= s[curlayer][i+1];
-			}
-		}
-
-		compute_CW(socketsPb[socket_no], socketsP2[socket_no], L,  R, target_share[layer], CW[layer]);
-
-		uint8_t advice_L = get_lsb(L) ^ target_share[layer];
-	 	uint8_t advice_R = get_lsb(R) ^ target_share[layer];
-
-	 	uint8_t cwt_L, cwt_R;
-	 
-	 	uint8_t advice[2];
-	 	uint8_t cwts[2];	
-        
-	 	advice[0] = advice_L;
-	 	advice[1] = advice_R;
-	 	
-	 	boost::asio::write(socketsPb[socket_no+1], boost::asio::buffer(&advice, sizeof(advice)));
-	 	boost::asio::read(socketsPb[socket_no+1], boost::asio::buffer(&cwts, sizeof(cwts)));
-		
-		cwt_L = cwts[0];
-		cwt_R = cwts[1];
-
-		cwt_L = cwt_L ^ advice_L ^ 1;
-	 	cwt_R = cwt_R ^ advice_R;	 	
- 
-		for(size_t j = 0; j < nodes_in_prev_layer; ++j)
-		{	
-			t[curlayer][2*j] 	 = get_lsb(s[curlayer][2*j]) ^ (cwt_L & t[1-curlayer][j]);
-			s[curlayer][2*j] 	 = clear_lsb(xor_if(s[curlayer][2*j], CW[layer], !t[1-curlayer][j]), 0b11);
-			t[curlayer][(2*j)+1] = get_lsb(s[curlayer][(2*j)+1]) ^ (cwt_R & t[1-curlayer][j]);
-			s[curlayer][(2*j)+1] = clear_lsb(xor_if(s[curlayer][(2*j)+1], CW[layer], !t[1-curlayer][j]), 0b11);
-		}
-	}
-
-		
-	__m128i Gamma  =  _mm_setzero_si128();
-	 
-	for (size_t i = 0; i < to + 1; ++i)
-	{
-	  Gamma[0] += output[i][0];
-	  Gamma[1] += output[i][1];
-	}
-		
-	if(party) 
-	{
-	  Gamma[0] = -Gamma[0];
-	  Gamma[1] = -Gamma[1];
-	}
-	
-	boost::asio::write(socketsPb[socket_no + 3], boost::asio::buffer(&Gamma, sizeof(Gamma)));
- 	boost::asio::read(socketsPb[socket_no + 3], boost::asio::buffer(&final_correction_word, sizeof(final_correction_word)));
-
- 	final_correction_word = final_correction_word + Gamma;
-
-} // dpf::__evalinterval