It turns out you can just use bitwise operators ^ & on __m128i

You don't need to explicitly call _mm_and_si128, etc.

This makes the computations on DPFnodes much more readable

mpcio.cpp

@@ -485,9 +485,7 @@ AndTriple MPCTIO::andtriple()
         arc4random_buf(&Z0, sizeof(Z0));
         arc4random_buf(&X1, sizeof(X1));
         arc4random_buf(&Y1, sizeof(Y1));
-        Z1 = _mm_xor_si128(
-            _mm_xor_si128(_mm_and_si128(X0, Y1), _mm_and_si128(X1, Y0)),
-            Z0);
+        Z1 = ((X0 & Y1) ^ (X1 & Y0)) ^ Z0;
         AndTriple T0, T1;
         T0 = std::make_tuple(X0, Y0, Z0);
         T1 = std::make_tuple(X1, Y1, Z1);

mpcops.cpp

@@ -217,9 +217,9 @@ void mpc_reconstruct_choice(MPCTIO &tio, yield_t &yield,
     // Compute XOR shares of f & (x ^ y)
     auto [X, Y, Z] = tio.andtriple();
 
-    DPFnode blind_f = _mm_xor_si128(fext, X);
-    DPFnode d = _mm_xor_si128(x, y);
-    DPFnode blind_d = _mm_xor_si128(d, Y);
+    DPFnode blind_f = fext ^ X;
+    DPFnode d = x ^ y;
+    DPFnode blind_d = d ^ Y;
 
     // Send the blinded values
     tio.queue_peer(&blind_f, sizeof(blind_f));
@@ -233,13 +233,9 @@ void mpc_reconstruct_choice(MPCTIO &tio, yield_t &yield,
     tio.recv_peer(&peer_blind_d, sizeof(peer_blind_d));
 
     // Compute _our share_ of f ? x : y = (f & (x ^ y))^x
-    DPFnode zshare = _mm_xor_si128(
-        _mm_xor_si128(
-            _mm_xor_si128(
-                _mm_and_si128(fext, peer_blind_d),
-                _mm_and_si128(Y, peer_blind_f)),
-            _mm_and_si128(fext, d)),
-        _mm_xor_si128(Z, x));
+    DPFnode zshare =
+            (fext & peer_blind_d) ^ (Y & peer_blind_f) ^
+            (fext & d) ^ (Z ^ x);
 
     // Now exchange shares
     tio.queue_peer(&zshare, sizeof(zshare));
@@ -249,5 +245,5 @@ void mpc_reconstruct_choice(MPCTIO &tio, yield_t &yield,
     DPFnode peer_zshare;
     tio.recv_peer(&peer_zshare, sizeof(peer_zshare));
 
-    z = _mm_xor_si128(zshare, peer_zshare);
+    z = zshare ^ peer_zshare;
 }

prg.hpp

@@ -19,7 +19,7 @@ static inline void prg(__m128i &out, __m128i seed, bool whichchild,
     __m128i in = set_lsb(seed, whichchild);
     __m128i mid;
     AES_ECB_encrypt(mid, set_lsb(seed, whichchild), prgkey.k, op_counter);
-    out = _mm_xor_si128(mid, in);
+    out = mid ^ in;
 }
 
 // Compute both children of node seed
@@ -31,8 +31,8 @@ static inline void prgboth(__m128i &left, __m128i &right, __m128i seed,
     __m128i mid0, mid1;
     AES_ECB_encrypt(mid0, set_lsb(seed, 0), prgkey.k, op_counter);
     AES_ECB_encrypt(mid1, set_lsb(seed, 1), prgkey.k, op_counter);
-    left = _mm_xor_si128(mid0, in0);
-    right = _mm_xor_si128(mid1, in1);
+    left = mid0 ^ in0;
+    right = mid1 ^ in1;
 }
 
 #endif

rdpf.cpp

@@ -90,8 +90,8 @@ RDPF::RDPF(MPCTIO &tio, yield_t &yield,
             for(size_t i=0;i<curlevel_size;++i) {
                 DPFnode lchild, rchild;
                 prgboth(lchild, rchild, curlevel[i], aesops);
-                L = _mm_xor_si128(L, lchild);
-                R = _mm_xor_si128(R, rchild);
+                L = (L ^ lchild);
+                R = (R ^ rchild);
                 if (nextlevel) {
                     nextlevel[2*i] = lchild;
                     nextlevel[2*i+1] = rchild;
@@ -142,7 +142,7 @@ RDPF::RDPF(MPCTIO &tio, yield_t &yield,
         // = 1 because everything cancels out except player (for which
         // one player is 0 and the other is 1).
 
-        bool our_parity_bit = get_lsb(_mm_xor_si128(L,R)) ^ !!player;
+        bool our_parity_bit = get_lsb(L ^ R) ^ !!player;
         DPFnode our_parity = lsb128_mask[our_parity_bit];
 
         DPFnode CW;
@@ -159,12 +159,12 @@ RDPF::RDPF(MPCTIO &tio, yield_t &yield,
         coroutines.emplace_back(
             [&](yield_t &yield) {
                 mpc_reconstruct_choice(tio, yield, CW, bs_choice,
-                    _mm_xor_si128(R,our_parity), L);
+                    (R ^ our_parity), L);
             });
         run_coroutines(yield, coroutines);
         bool parity_bit = our_parity_bit ^ peer_parity_bit;
         cfbits |= (size_t(parity_bit)<<level);
-        DPFnode CWR = _mm_xor_si128(CW,lsb128_mask[parity_bit]);
+        DPFnode CWR = CW ^ lsb128_mask[parity_bit];
         if (player < 2) {
             if (level < depth-1) {
                 for(size_t i=0;i<curlevel_size;++i) {