Home Explore Help
Sign In
iang
/
prac
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c39726c869
Branches Tags
prac
/
rdpf.hpp

rdpf.hpp 10 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309 
  1. #ifndef __RDPF_HPP__
    2. 

  2. #define __RDPF_HPP__
    3. 

  3. 

  4. #include <vector>
    5. 

  5. #include <iostream>
    6. 

  6. 

  7. #include "mpcio.hpp"
    8. 

  8. #include "coroutine.hpp"
    9. 

  9. #include "types.hpp"
    10. 

  10. #include "bitutils.hpp"
    11. 

  11. #include "dpf.hpp"
    12. 

  12. 

  13. // DPFs for oblivious random accesses to memory.  See dpf.hpp for the
    14. 

  14. // differences between the different kinds of DPFs.
    15. 

  15. 

  16. struct RDPF : public DPF {
    17. 

  17.     // The amount we have to scale the low words of the leaf values by
    18. 

  18.     // to get additive shares of a unit vector
    19. 

  19.     value_t unit_sum_inverse;
    20. 

  20.     // Additive share of the scaling value M_as such that the high words
    21. 

  21.     // of the leaf values for P0 and P1 add to M_as * e_{target}
    22. 

  22.     RegAS scaled_sum;
    23. 

  23.     // XOR share of the scaling value M_xs such that the high words
    24. 

  24.     // of the leaf values for P0 and P1 XOR to M_xs * e_{target}
    25. 

  25.     RegXS scaled_xor;
    26. 

  26.     // If we're saving the expansion, put it here
    27. 

  27.     std::vector<DPFnode> expansion;
    28. 

  28. 

  29.     RDPF() {}
    30. 

  30. 

  31.     // Construct a DPF with the given (XOR-shared) target location, and
    32. 

  32.     // of the given depth, to be used for random-access memory reads and
    33. 

  33.     // writes.  The DPF is constructed collaboratively by P0 and P1,
    34. 

  34.     // with the server P2 helping by providing correlated randomness,
    35. 

  35.     // such as SelectTriples.
    36. 

  36.     //
    37. 

  37.     // Cost:
    38. 

  38.     // (2 DPFnode + 2 bytes)*depth + 1 word communication in
    39. 

  39.     // 2*depth + 1 messages
    40. 

  40.     // (2 DPFnode + 1 byte)*depth communication from P2 to each party
    41. 

  41.     // 2^{depth+1}-2 local AES operations for P0,P1
    42. 

  42.     // 0 local AES operations for P2
    43. 

  43.     RDPF(MPCTIO &tio, yield_t &yield,
    44. 

  44.         RegXS target, nbits_t depth, bool save_expansion = false);
    45. 

  45. 

  46.     // Do we have a precomputed expansion?
    47. 

  47.     inline bool has_expansion() const { return expansion.size() > 0; }
    48. 

  48. 

  49.     // Get an element of the expansion
    50. 

  50.     inline node get_expansion(address_t index) const {
    51. 

  51.         return expansion[index];
    52. 

  52.     }
    53. 

  53. 

  54.     // Get the leaf node for the given input
    55. 

  55.     //
    56. 

  56.     // Cost: depth AES operations
    57. 

  57.     DPFnode leaf(address_t input, size_t &aes_ops) const;
    58. 

  58. 

  59.     // Expand the DPF if it's not already expanded
    60. 

  60.     void expand(size_t &aes_ops);
    61. 

  61. 

  62.     // Get the bit-shared unit vector entry from the leaf node
    63. 

  63.     inline RegBS unit_bs(DPFnode leaf) const {
    64. 

  64.         RegBS b;
    65. 

  65.         b.bshare = get_lsb(leaf);
    66. 

  66.         return b;
    67. 

  67.     }
    68. 

  68. 

  69.     // Get the additive-shared unit vector entry from the leaf node
    70. 

  70.     inline RegAS unit_as(DPFnode leaf) const {
    71. 

  71.         RegAS a;
    72. 

  72.         value_t lowword = value_t(_mm_cvtsi128_si64x(leaf));
    73. 

  73.         if (whichhalf == 1) {
    74. 

  74.             lowword = -lowword;
    75. 

  75.         }
    76. 

  76.         a.ashare = lowword * unit_sum_inverse;
    77. 

  77.         return a;
    78. 

  78.     }
    79. 

  79. 

  80.     // Get the XOR-shared scaled vector entry from the leaf ndoe
    81. 

  81.     inline RegXS scaled_xs(DPFnode leaf) const {
    82. 

  82.         RegXS x;
    83. 

  83.         value_t highword =
    84. 

  84.             value_t(_mm_cvtsi128_si64x(_mm_srli_si128(leaf,8)));
    85. 

  85.         x.xshare = highword;
    86. 

  86.         return x;
    87. 

  87.     }
    88. 

  88. 

  89.     // Get the additive-shared scaled vector entry from the leaf ndoe
    90. 

  90.     inline RegAS scaled_as(DPFnode leaf) const {
    91. 

  91.         RegAS a;
    92. 

  92.         value_t highword =
    93. 

  93.             value_t(_mm_cvtsi128_si64x(_mm_srli_si128(leaf,8)));
    94. 

  94.         if (whichhalf == 1) {
    95. 

  95.             highword = -highword;
    96. 

  96.         }
    97. 

  97.         a.ashare = highword;
    98. 

  98.         return a;
    99. 

  99.     }
    100. 

  100. 

  101. };
    102. 

  102. 

  103. // Computational peers will generate triples of RDPFs with the _same_
    104. 

  104. // random target for use in Duoram.  They will each hold a share of the
    105. 

  105. // target (neither knowing the complete target index).  They will each
    106. 

  106. // give one of the DPFs (not a matching pair) to the server, but not the
    107. 

  107. // shares of the target index.  So computational peers will hold a
    108. 

  108. // RDPFTriple (which includes both an additive and an XOR share of the
    109. 

  109. // target index), while the server will hold a RDPFPair (which does
    110. 

  110. // not).
    111. 

  111. 

  112. struct RDPFTriple {
    113. 

  113.     // The type of node triples
    114. 

  114.     using node = std::tuple<DPFnode, DPFnode, DPFnode>;
    115. 

  115. 

  116.     RegAS as_target;
    117. 

  117.     RegXS xs_target;
    118. 

  118.     RDPF dpf[3];
    119. 

  119. 

  120.     // The depth
    121. 

  121.     inline nbits_t depth() const { return dpf[0].depth(); }
    122. 

  122. 

  123.     // The seed
    124. 

  124.     inline node get_seed() const {
    125. 

  125.         return std::make_tuple(dpf[0].get_seed(), dpf[1].get_seed(),
    126. 

  126.             dpf[2].get_seed());
    127. 

  127.     }
    128. 

  128. 

  129.     // Do we have a precomputed expansion?
    130. 

  130.     inline bool has_expansion() const {
    131. 

  131.         return dpf[0].expansion.size() > 0;
    132. 

  132.     }
    133. 

  133. 

  134.     // Get an element of the expansion
    135. 

  135.     inline node get_expansion(address_t index) const {
    136. 

  136.         return std::make_tuple(dpf[0].get_expansion(index),
    137. 

  137.             dpf[1].get_expansion(index), dpf[2].get_expansion(index));
    138. 

  138.     }
    139. 

  139. 

  140.     RDPFTriple() {}
    141. 

  141. 

  142.     // Construct three RDPFs of the given depth all with the same
    143. 

  143.     // randomly generated target index.
    144. 

  144.     RDPFTriple(MPCTIO &tio, yield_t &yield,
    145. 

  145.         nbits_t depth, bool save_expansion = false);
    146. 

  146. 

  147.     // Descend the three RDPFs in lock step
    148. 

  148.     node descend(const node &parent, nbits_t parentdepth,
    149. 

  149.         bit_t whichchild, size_t &aes_ops) const;
    150. 

  150. 

  151.     // Templated versions of functions to get DPF components and outputs
    152. 

  152.     // so that the appropriate one can be selected with a template
    153. 

  153.     // parameter
    154. 

  154. 

  155.     template <typename T>
    156. 

  156.     inline T target() const;
    157. 

  157. 

  158.     template <typename T>
    159. 

  159.     inline std::tuple<T,T,T> scaled_value() const;
    160. 

  160. 

  161.     template <typename T>
    162. 

  162.     inline std::tuple<T,T,T> unit(node leaf) const;
    163. 

  163. 

  164.     template <typename T>
    165. 

  165.     inline std::tuple<T,T,T> scaled(node leaf) const;
    166. 

  166. };
    167. 

  167. 

  168. struct RDPFPair {
    169. 

  169.     // The type of node pairs
    170. 

  170.     using node = std::tuple<DPFnode, DPFnode>;
    171. 

  171. 

  172.     RDPF dpf[2];
    173. 

  173. 

  174.     RDPFPair() {}
    175. 

  175. 

  176.     // Create an RDPFPair from an RDPFTriple, keeping two of the RDPFs
    177. 

  177.     // and dropping one.  This _moves_ the dpfs from the triple to the
    178. 

  178.     // pair, so the triple will no longer be valid after using this.
    179. 

  179.     // which0 and which1 indicate which of the dpfs to keep.
    180. 

  180.     RDPFPair(RDPFTriple &&trip, int which0, int which1) {
    181. 

  181.         dpf[0] = std::move(trip.dpf[which0]);
    182. 

  182.         dpf[1] = std::move(trip.dpf[which1]);
    183. 

  183.     }
    184. 

  184. 

  185.     // The depth
    186. 

  186.     inline nbits_t depth() const { return dpf[0].depth(); }
    187. 

  187. 

  188.     // The seed
    189. 

  189.     inline node get_seed() const {
    190. 

  190.         return std::make_tuple(dpf[0].get_seed(), dpf[1].get_seed());
    191. 

  191.     }
    192. 

  192. 

  193.     // Do we have a precomputed expansion?
    194. 

  194.     inline bool has_expansion() const {
    195. 

  195.         return dpf[0].expansion.size() > 0;
    196. 

  196.     }
    197. 

  197. 

  198.     // Get an element of the expansion
    199. 

  199.     inline node get_expansion(address_t index) const {
    200. 

  200.         return std::make_tuple(dpf[0].get_expansion(index),
    201. 

  201.             dpf[1].get_expansion(index));
    202. 

  202.     }
    203. 

  203. 

  204.     // Descend the two RDPFs in lock step
    205. 

  205.     node descend(const node &parent, nbits_t parentdepth,
    206. 

  206.         bit_t whichchild, size_t &aes_ops) const;
    207. 

  207. 

  208.     // Templated versions of functions to get DPF components and outputs
    209. 

  209.     // so that the appropriate one can be selected with a template
    210. 

  210.     // parameter
    211. 

  211. 

  212.     template <typename T>
    213. 

  213.     inline std::tuple<T,T> scaled_value() const;
    214. 

  214. 

  215.     template <typename T>
    216. 

  216.     inline std::tuple<T,T> unit(node leaf) const;
    217. 

  217. 

  218.     template <typename T>
    219. 

  219.     inline std::tuple<T,T> scaled(node leaf) const;
    220. 

  220. 

  221. };
    222. 

  222. 

  223. // Streaming evaluation, to avoid taking up enough memory to store
    224. 

  224. // an entire evaluation.  T can be RDPF, RDPFPair, or RDPFTriple.
    225. 

  225. template <typename T>
    226. 

  226. class StreamEval {
    227. 

  227.     const T &rdpf;
    228. 

  228.     size_t &aes_ops;
    229. 

  229.     bool use_expansion;
    230. 

  230.     nbits_t depth;
    231. 

  231.     address_t counter_xor_offset;
    232. 

  232.     address_t indexmask;
    233. 

  233.     address_t pathindex;
    234. 

  234.     address_t nextindex;
    235. 

  235.     std::vector<typename T::node> path;
    236. 

  236. public:
    237. 

  237.     // Create a StreamEval object that will start its output at index
    238. 

  238.     // start.  It will wrap around to 0 when it hits 2^depth.  If
    239. 

  239.     // use_expansion is true, then if the DPF has been expanded, just
    240. 

  240.     // output values from that.  If use_expansion=false or if the DPF
    241. 

  241.     // has not been expanded, compute the values on the fly.  If
    242. 

  242.     // xor_offset is non-zero, then the outputs are actually
    243. 

  243.     // DPF(start XOR xor_offset)
    244. 

  244.     // DPF((start+1) XOR xor_offset)
    245. 

  245.     // DPF((start+2) XOR xor_offset)
    246. 

  246.     // etc.
    247. 

  247.     StreamEval(const T &rdpf, address_t start,
    248. 

  248.         address_t xor_offset, size_t &aes_ops,
    249. 

  249.         bool use_expansion = true);
    250. 

  250. 

  251.     // Get the next value (or tuple of values) from the evaluator
    252. 

  252.     typename T::node next();
    253. 

  253. };
    254. 

  254. 

  255. // Parallel evaluation.  This class launches a number of threads each
    256. 

  256. // running a StreamEval to evaluate a chunk of the RDPF (or RDPFPair or
    257. 

  257. // RDPFTriple), and accumulates the results within each chunk, and then
    258. 

  258. // accumulates all the chunks together.  T can be RDPF, RDPFPair, or
    259. 

  259. // RDPFTriple.
    260. 

  260. template <typename T>
    261. 

  261. struct ParallelEval {
    262. 

  262.     const T &rdpf;
    263. 

  263.     address_t start;
    264. 

  264.     address_t xor_offset;
    265. 

  265.     address_t num_evals;
    266. 

  266.     int num_threads;
    267. 

  267.     size_t &aes_ops;
    268. 

  268. 

  269.     // Create a Parallel evaluator that will evaluate the given rdpf at
    270. 

  270.     // DPF(start XOR xor_offset)
    271. 

  271.     // DPF((start+1) XOR xor_offset)
    272. 

  272.     // DPF((start+2) XOR xor_offset)
    273. 

  273.     // ...
    274. 

  274.     // DPF((start+num_evals-1) XOR xor_offset)
    275. 

  275.     // where all indices are taken mod 2^depth, and accumulate the
    276. 

  276.     // results into a single answer.
    277. 

  277.     ParallelEval(const T &rdpf, address_t start,
    278. 

  278.         address_t xor_offset, address_t num_evals,
    279. 

  279.         int num_threads, size_t &aes_ops) :
    280. 

  280.         rdpf(rdpf), start(start), xor_offset(xor_offset),
    281. 

  281.         num_evals(num_evals), num_threads(num_threads),
    282. 

  282.         aes_ops(aes_ops) {}
    283. 

  283. 

  284.     // Run the parallel evaluator.  The type V is the type of the
    285. 

  285.     // accumulator; init should be the "zero" value of the accumulator.
    286. 

  286.     // The type W (process) is a lambda type with the signature
    287. 

  287.     // (int, address_t, const T::node &) -> V
    288. 

  288.     // which will be called like this for each i from 0 to num_evals-1,
    289. 

  289.     // across num_thread threads:
    290. 

  290.     // value_i = process(t, i, DPF((start+i) XOR xor_offset))
    291. 

  291.     // t is the thread number (0 <= t < num_threads).
    292. 

  292.     // The resulting num_evals values will be combined using V's +=
    293. 

  293.     // operator, first accumulating the values within each thread
    294. 

  294.     // (starting with the init value), and then accumulating the totals
    295. 

  295.     // from each thread together (again starting with the init value):
    296. 

  296.     //
    297. 

  297.     // total = init
    298. 

  298.     // for each thread t:
    299. 

  299.     //     accum_t = init
    300. 

  300.     //     for each accum_i generated by thread t:
    301. 

  301.     //         accum_t += value_i
    302. 

  302.     //     total += accum_t
    303. 

  303.     template <typename V, typename W>
    304. 

  304.     inline V reduce(V init, W process);
    305. 

  305. };
    306. 

  306. 

  307. #include "rdpf.tcc"
    308. 

  308. 

  309. #endif
    310.