Главная Обзор Помощь
Вход
iang
/
prac
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 3c86beb097
Ветки Метки
prac
/
rdpf.hpp

rdpf.hpp 8.1 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261 
  1. #ifndef __RDPF_HPP__
    2. 

  2. #define __RDPF_HPP__
    3. 

  3. 

  4. #include <vector>
    5. 

  5. #include <iostream>
    6. 

  6. 

  7. #include "mpcio.hpp"
    8. 

  8. #include "coroutine.hpp"
    9. 

  9. #include "types.hpp"
    10. 

  10. #include "bitutils.hpp"
    11. 

  11. #include "dpf.hpp"
    12. 

  12. 

  13. // DPFs for oblivious random accesses to memory.  See dpf.hpp for the
    14. 

  14. // differences between the different kinds of DPFs.
    15. 

  15. 

  16. struct RDPF : public DPF {
    17. 

  17.     // The amount we have to scale the low words of the leaf values by
    18. 

  18.     // to get additive shares of a unit vector
    19. 

  19.     value_t unit_sum_inverse;
    20. 

  20.     // Additive share of the scaling value M_as such that the high words
    21. 

  21.     // of the leaf values for P0 and P1 add to M_as * e_{target}
    22. 

  22.     RegAS scaled_sum;
    23. 

  23.     // XOR share of the scaling value M_xs such that the high words
    24. 

  24.     // of the leaf values for P0 and P1 XOR to M_xs * e_{target}
    25. 

  25.     RegXS scaled_xor;
    26. 

  26.     // If we're saving the expansion, put it here
    27. 

  27.     std::vector<DPFnode> expansion;
    28. 

  28. 

  29.     RDPF() {}
    30. 

  30. 

  31.     // Construct a DPF with the given (XOR-shared) target location, and
    32. 

  32.     // of the given depth, to be used for random-access memory reads and
    33. 

  33.     // writes.  The DPF is constructed collaboratively by P0 and P1,
    34. 

  34.     // with the server P2 helping by providing correlated randomness,
    35. 

  35.     // such as SelectTriples.
    36. 

  36.     //
    37. 

  37.     // Cost:
    38. 

  38.     // (2 DPFnode + 2 bytes)*depth + 1 word communication in
    39. 

  39.     // 2*depth + 1 messages
    40. 

  40.     // (2 DPFnode + 1 byte)*depth communication from P2 to each party
    41. 

  41.     // 2^{depth+1}-2 local AES operations for P0,P1
    42. 

  42.     // 0 local AES operations for P2
    43. 

  43.     RDPF(MPCTIO &tio, yield_t &yield,
    44. 

  44.         RegXS target, nbits_t depth, bool save_expansion = false);
    45. 

  45. 

  46.     // The number of bytes it will take to store this RDPF
    47. 

  47.     size_t size() const;
    48. 

  48. 

  49.     // The number of bytes it will take to store a RDPF of the given
    50. 

  50.     // depth
    51. 

  51.     static size_t size(nbits_t depth);
    52. 

  52. 

  53.     // Do we have a precomputed expansion?
    54. 

  54.     inline bool has_expansion() const { return expansion.size() > 0; }
    55. 

  55. 

  56.     // Get an element of the expansion
    57. 

  57.     inline node get_expansion(address_t index) const {
    58. 

  58.         return expansion[index];
    59. 

  59.     }
    60. 

  60. 

  61.     // Get the leaf node for the given input
    62. 

  62.     //
    63. 

  63.     // Cost: depth AES operations
    64. 

  64.     DPFnode leaf(address_t input, size_t &aes_ops) const;
    65. 

  65. 

  66.     // Expand the DPF if it's not already expanded
    67. 

  67.     void expand(size_t &aes_ops);
    68. 

  68. 

  69.     // Get the bit-shared unit vector entry from the leaf node
    70. 

  70.     inline RegBS unit_bs(DPFnode leaf) const {
    71. 

  71.         RegBS b;
    72. 

  72.         b.bshare = get_lsb(leaf);
    73. 

  73.         return b;
    74. 

  74.     }
    75. 

  75. 

  76.     // Get the additive-shared unit vector entry from the leaf node
    77. 

  77.     inline RegAS unit_as(DPFnode leaf) const {
    78. 

  78.         RegAS a;
    79. 

  79.         value_t lowword = value_t(_mm_cvtsi128_si64x(leaf));
    80. 

  80.         if (whichhalf == 1) {
    81. 

  81.             lowword = -lowword;
    82. 

  82.         }
    83. 

  83.         a.ashare = lowword * unit_sum_inverse;
    84. 

  84.         return a;
    85. 

  85.     }
    86. 

  86. 

  87.     // Get the XOR-shared scaled vector entry from the leaf ndoe
    88. 

  88.     inline RegXS scaled_xs(DPFnode leaf) const {
    89. 

  89.         RegXS x;
    90. 

  90.         value_t highword =
    91. 

  91.             value_t(_mm_cvtsi128_si64x(_mm_srli_si128(leaf,8)));
    92. 

  92.         x.xshare = highword;
    93. 

  93.         return x;
    94. 

  94.     }
    95. 

  95. 

  96.     // Get the additive-shared scaled vector entry from the leaf ndoe
    97. 

  97.     inline RegAS scaled_as(DPFnode leaf) const {
    98. 

  98.         RegAS a;
    99. 

  99.         value_t highword =
    100. 

  100.             value_t(_mm_cvtsi128_si64x(_mm_srli_si128(leaf,8)));
    101. 

  101.         if (whichhalf == 1) {
    102. 

  102.             highword = -highword;
    103. 

  103.         }
    104. 

  104.         a.ashare = highword;
    105. 

  105.         return a;
    106. 

  106.     }
    107. 

  107. 

  108. };
    109. 

  109. 

  110. // Computational peers will generate triples of RDPFs with the _same_
    111. 

  111. // random target for use in Duoram.  They will each hold a share of the
    112. 

  112. // target (neither knowing the complete target index).  They will each
    113. 

  113. // give one of the DPFs (not a matching pair) to the server, but not the
    114. 

  114. // shares of the target index.  So computational peers will hold a
    115. 

  115. // RDPFTriple (which includes both an additive and an XOR share of the
    116. 

  116. // target index), while the server will hold a RDPFPair (which does
    117. 

  117. // not).
    118. 

  118. 

  119. struct RDPFTriple {
    120. 

  120.     // The type of node triples
    121. 

  121.     using node = std::tuple<DPFnode, DPFnode, DPFnode>;
    122. 

  122. 

  123.     RegAS as_target;
    124. 

  124.     RegXS xs_target;
    125. 

  125.     RDPF dpf[3];
    126. 

  126. 

  127.     // The depth
    128. 

  128.     inline nbits_t depth() const { return dpf[0].depth(); }
    129. 

  129. 

  130.     // The seed
    131. 

  131.     inline node get_seed() const {
    132. 

  132.         return std::make_tuple(dpf[0].get_seed(), dpf[1].get_seed(),
    133. 

  133.             dpf[2].get_seed());
    134. 

  134.     }
    135. 

  135. 

  136.     // Do we have a precomputed expansion?
    137. 

  137.     inline bool has_expansion() const {
    138. 

  138.         return dpf[0].expansion.size() > 0;
    139. 

  139.     }
    140. 

  140. 

  141.     // Get an element of the expansion
    142. 

  142.     inline node get_expansion(address_t index) const {
    143. 

  143.         return std::make_tuple(dpf[0].get_expansion(index),
    144. 

  144.             dpf[1].get_expansion(index), dpf[2].get_expansion(index));
    145. 

  145.     }
    146. 

  146. 

  147.     RDPFTriple() {}
    148. 

  148. 

  149.     // Construct three RDPFs of the given depth all with the same
    150. 

  150.     // randomly generated target index.
    151. 

  151.     RDPFTriple(MPCTIO &tio, yield_t &yield,
    152. 

  152.         nbits_t depth, bool save_expansion = false);
    153. 

  153. 

  154.     // Descend the three RDPFs in lock step
    155. 

  155.     node descend(const node &parent, nbits_t parentdepth,
    156. 

  156.         bit_t whichchild, size_t &aes_ops) const;
    157. 

  157. 

  158.     // Templated versions of functions to get DPF components and outputs
    159. 

  159.     // so that the appropriate one can be selected with a template
    160. 

  160.     // parameter
    161. 

  161. 

  162.     template <typename T>
    163. 

  163.     inline std::tuple<T,T,T> scaled_value() const;
    164. 

  164. 

  165.     template <typename T>
    166. 

  166.     inline std::tuple<T,T,T> unit(node leaf) const;
    167. 

  167. 

  168.     template <typename T>
    169. 

  169.     inline std::tuple<T,T,T> scaled(node leaf) const;
    170. 

  170. };
    171. 

  171. 

  172. struct RDPFPair {
    173. 

  173.     // The type of node pairs
    174. 

  174.     using node = std::tuple<DPFnode, DPFnode>;
    175. 

  175. 

  176.     RDPF dpf[2];
    177. 

  177. 

  178.     RDPFPair() {}
    179. 

  179. 

  180.     // Create an RDPFPair from an RDPFTriple, keeping two of the RDPFs
    181. 

  181.     // and dropping one.  This _moves_ the dpfs from the triple to the
    182. 

  182.     // pair, so the triple will no longer be valid after using this.
    183. 

  183.     // which0 and which1 indicate which of the dpfs to keep.
    184. 

  184.     RDPFPair(RDPFTriple &&trip, int which0, int which1) {
    185. 

  185.         dpf[0] = std::move(trip.dpf[which0]);
    186. 

  186.         dpf[1] = std::move(trip.dpf[which1]);
    187. 

  187.     }
    188. 

  188. 

  189.     // The depth
    190. 

  190.     inline nbits_t depth() const { return dpf[0].depth(); }
    191. 

  191. 

  192.     // The seed
    193. 

  193.     inline node get_seed() const {
    194. 

  194.         return std::make_tuple(dpf[0].get_seed(), dpf[1].get_seed());
    195. 

  195.     }
    196. 

  196. 

  197.     // Do we have a precomputed expansion?
    198. 

  198.     inline bool has_expansion() const {
    199. 

  199.         return dpf[0].expansion.size() > 0;
    200. 

  200.     }
    201. 

  201. 

  202.     // Get an element of the expansion
    203. 

  203.     inline node get_expansion(address_t index) const {
    204. 

  204.         return std::make_tuple(dpf[0].get_expansion(index),
    205. 

  205.             dpf[1].get_expansion(index));
    206. 

  206.     }
    207. 

  207. 

  208.     // Descend the two RDPFs in lock step
    209. 

  209.     node descend(const node &parent, nbits_t parentdepth,
    210. 

  210.         bit_t whichchild, size_t &aes_ops) const;
    211. 

  211. 

  212.     // Templated versions of functions to get DPF components and outputs
    213. 

  213.     // so that the appropriate one can be selected with a template
    214. 

  214.     // parameter
    215. 

  215. 

  216.     template <typename T>
    217. 

  217.     inline std::tuple<T,T> scaled_value() const;
    218. 

  218. 

  219.     template <typename T>
    220. 

  220.     inline std::tuple<T,T> unit(node leaf) const;
    221. 

  221. 

  222.     template <typename T>
    223. 

  223.     inline std::tuple<T,T> scaled(node leaf) const;
    224. 

  224. 

  225. };
    226. 

  226. 

  227. // Streaming evaluation, to avoid taking up enough memory to store
    228. 

  228. // an entire evaluation.  T can be RDPF, RDPFPair, or RDPFTriple.
    229. 

  229. template <typename T>
    230. 

  230. class StreamEval {
    231. 

  231.     const T &rdpf;
    232. 

  232.     size_t &aes_ops;
    233. 

  233.     bool use_expansion;
    234. 

  234.     nbits_t depth;
    235. 

  235.     address_t counter_xor_offset;
    236. 

  236.     address_t indexmask;
    237. 

  237.     address_t pathindex;
    238. 

  238.     address_t nextindex;
    239. 

  239.     std::vector<typename T::node> path;
    240. 

  240. public:
    241. 

  241.     // Create a StreamEval object that will start its output at index
    242. 

  242.     // start.  It will wrap around to 0 when it hits 2^depth.  If
    243. 

  243.     // use_expansion is true, then if the DPF has been expanded, just
    244. 

  244.     // output values from that.  If use_expansion=false or if the DPF
    245. 

  245.     // has not been expanded, compute the values on the fly.  If
    246. 

  246.     // xor_offset is non-zero, then the outputs are actually
    247. 

  247.     // DPF(start XOR xor_offset)
    248. 

  248.     // DPF((start+1) XOR xor_offset)
    249. 

  249.     // DPF((start+2) XOR xor_offset)
    250. 

  250.     // etc.
    251. 

  251.     StreamEval(const T &rdpf, address_t start,
    252. 

  252.         address_t xor_offset, size_t &aes_ops,
    253. 

  253.         bool use_expansion = true);
    254. 

  254. 

  255.     // Get the next value (or tuple of values) from the evaluator
    256. 

  256.     typename T::node next();
    257. 

  257. };
    258. 

  258. 

  259. #include "rdpf.tcc"
    260. 

  260. 

  261. #endif
    262.