123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 |
- package protocols;
- import communication.Communication;
- import crypto.Crypto;
- import crypto.PRF;
- import crypto.PRG;
- import exceptions.NoSuchPartyException;
- import exceptions.SSCOTException;
- import oram.Forest;
- import oram.Metadata;
- import util.Util;
- public class SSCOT extends Protocol {
- public SSCOT(Communication con1, Communication con2) {
- super(con1, con2);
- }
- public void runE(PreData predata, byte[][] m, byte[][] a) {
- // step 1
- int n = m.length;
- int l = m[0].length * 8;
- byte[][] x = predata.sscot_r;
- byte[][] e = new byte[n][];
- byte[][] v = new byte[n][];
- PRF F_k = new PRF(Crypto.secParam);
- F_k.init(predata.sscot_k);
- PRF F_kprime = new PRF(Crypto.secParam);
- F_kprime.init(predata.sscot_kprime);
- PRG G = new PRG(l);
- for (int i = 0; i < n; i++) {
- for (int j = 0; j < a[i].length; j++)
- x[i][j] = (byte) (predata.sscot_r[i][j] ^ a[i][j]);
- e[i] = Util.xor(G.compute(F_k.compute(x[i])), m[i]);
- v[i] = F_kprime.compute(x[i]);
- }
- con2.write(e);
- con2.write(v);
- }
- public void runD(PreData predata, byte[][] b) {
- // step 2
- int n = b.length;
- byte[][] y = predata.sscot_r;
- byte[][] p = new byte[n][];
- byte[][] w = new byte[n][];
- PRF F_k = new PRF(Crypto.secParam);
- F_k.init(predata.sscot_k);
- PRF F_kprime = new PRF(Crypto.secParam);
- F_kprime.init(predata.sscot_kprime);
- for (int i = 0; i < n; i++) {
- for (int j = 0; j < b[i].length; j++)
- y[i][j] = (byte) (predata.sscot_r[i][j] ^ b[i][j]);
- p[i] = F_k.compute(y[i]);
- w[i] = F_kprime.compute(y[i]);
- }
- con2.write(p);
- con2.write(w);
- }
- public OutSSCOT runC() {
- // step 1
- byte[][] e = con1.readObject();
- byte[][] v = con1.readObject();
- // step 2
- byte[][] p = con2.readObject();
- byte[][] w = con2.readObject();
- // step 3
- int n = e.length;
- int l = e[0].length * 8;
- PRG G = new PRG(l);
- OutSSCOT output = null;
- int invariant = 0;
- for (int i = 0; i < n; i++) {
- if (Util.equal(v[i], w[i])) {
- byte[] m = Util.xor(e[i], G.compute(p[i]));
- output = new OutSSCOT(i, m);
- invariant++;
- }
- }
- if (invariant != 1)
- throw new SSCOTException("Invariant error: " + invariant);
- return output;
- }
- @Override
- public void run(Party party, Metadata md, Forest forest) {
- for (int j = 0; j < 100; j++) {
- int n = 100;
- int A = 32;
- int FN = 5;
- byte[][] m = new byte[n][A];
- byte[][] a = new byte[n][FN];
- byte[][] b = new byte[n][FN];
- for (int i = 0; i < n; i++) {
- Crypto.sr.nextBytes(m[i]);
- Crypto.sr.nextBytes(a[i]);
- Crypto.sr.nextBytes(b[i]);
- while (Util.equal(a[i], b[i]))
- Crypto.sr.nextBytes(b[i]);
- }
- int index = Crypto.sr.nextInt(n);
- b[index] = a[index].clone();
- PreData predata = new PreData();
- PreSSCOT presscot = new PreSSCOT(con1, con2);
- if (party == Party.Eddie) {
- con1.write(b);
- con2.write(m);
- con2.write(index);
- presscot.runE(predata, n);
- runE(predata, m, a);
- } else if (party == Party.Debbie) {
- b = con1.readObject();
- presscot.runD(predata);
- runD(predata, b);
- } else if (party == Party.Charlie) {
- m = con1.readObject();
- index = con1.readObject();
- presscot.runC();
- OutSSCOT output = runC();
- if (output.t == index && Util.equal(output.m_t, m[index]))
- System.out.println("SSCOT test passed");
- else
- System.err.println("SSCOT test failed");
- } else {
- throw new NoSuchPartyException(party + "");
- }
- }
- }
- }
|