Home Explore Help
Sign In
maker
/
hss
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Working rms multiplication for cx too.

Michele Orrù 7 years ago
parent
49bb7a6da6
commit
76bd283be1
4 changed files with 119 additions and 84 deletions
Split View Show Diff Stats
  1. 37 19
      src/elgamal.c
  2. 15 5
      src/elgamal.h
  3. 7 6
      src/hss.c
  4. 60 54
      src/rms.c

+ 37 - 19
src/elgamal.c
View File 

@@ -7,44 +7,62 @@
 
 #include "hss.h"
 
 
 
-elgamal_key_t elgamal_keygen()
 
+void elgamal_key_init(elgamal_key_t rop)
 
 {
 
-  elgamal_key_t rop;
 
-  mpz_init(rop.sk);
 
-  mpz_init_set_ui(rop.pk, 2);
 
+  mpz_init(rop->sk);
 
+  mpz_init_set_ui(rop->pk, 2);
 
 
-  mpz_urandomm(rop.sk, _rstate, q);
 
-  mpz_powm(rop.pk, rop.pk, rop.sk, p);
 
-  return rop;
 
+  //  mpz_urandomm(rop->sk, _rstate, q);
 
+  mpz_urandomb(rop->sk, _rstate, 160);
 
+  mpz_powm(rop->pk, rop->pk, rop->sk, p);
 
 }
 
 
-elgamal_cipher_t elgamal_encrypt(elgamal_key_t k, const mpz_t m)
 
+void elgamal_key_clear(elgamal_key_t key)
 
+{
 
+  mpz_clears(key->sk, key->pk, NULL);
 
+}
 
+
 
+
 
+void elgamal_encrypt(elgamal_cipher_t rop, const elgamal_key_t k, const mpz_t m)
 
 {
 
   mpz_t x;
 
-  elgamal_cipher_t rop;
 
 
   mpz_init(x);
 
   mpz_urandomm(x, _rstate, q);
 
 
-  mpz_init_set_ui(rop.c1, 2);
 
-  mpz_powm(rop.c1, rop.c1, x, p);
 
+  mpz_set_ui(rop->c1, 2);
 
+  mpz_powm(rop->c1, rop->c1, x, p);
 
 
-  mpz_init_set(rop.c2, k.pk);
 
-  mpz_powm(rop.c2, rop.c2, x, p);
 
+  mpz_set(rop->c2, k->pk);
 
+  mpz_powm(rop->c2, rop->c2, x, p);
 
   mpz_set_ui(x, 2);
 
   mpz_powm(x, x, m, p);
 
-  mpz_mul(rop.c2, rop.c2, x);
 
-  mpz_mod(rop.c2, rop.c2, p);
 
+  mpz_mul(rop->c2, rop->c2, x);
 
+  mpz_mod(rop->c2, rop->c2, p);
 
 
   mpz_clear(x);
 
-  return rop;
 
 }
 
 
 
-void elgamal_decrypt(mpz_t rop, elgamal_key_t k, elgamal_cipher_t c)
 
+void elgamal_decrypt(mpz_t rop, const elgamal_key_t k, const elgamal_cipher_t c)
 
 {
 
-  mpz_powm(rop, c.c1, k.sk, p);
 
+  mpz_powm(rop, c->c1, k->sk, p);
 
   mpz_invert(rop, rop, p);
 
-  mpz_mul(rop, rop, c.c2);
 
+  mpz_mul(rop, rop, c->c2);
 
   mpz_mod(rop, rop, p);
 
 }
 
+
 
+void elgamal_cipher_init(elgamal_cipher_t rop)
 
+{
 
+  mpz_inits(rop->c1, rop->c2, NULL);
 
+}
 
+void elgamal_cipher_set(elgamal_cipher_t rop, const elgamal_cipher_t op1)
 
+{
 
+  mpz_set(rop->c1, op1->c1);
 
+  mpz_set(rop->c2, op1->c2);
 
+}
 
+
 
+void elgamal_cipher_clear(elgamal_cipher_t op)
 
+{
 
+  mpz_clears(op->c1, op->c2, NULL);
 
+}

+ 15 - 5
src/elgamal.h
View File 

@@ -8,13 +8,23 @@
 
 typedef struct elgamal_key {
 
   mpz_t sk;
 
   mpz_t pk;
 
-} elgamal_key_t;
 
+} elgamal_key_t[1];
 
 
 typedef struct elgamal_cipher {
 
   mpz_t c1;
 
   mpz_t c2;
 
-} elgamal_cipher_t;
 
+} elgamal_cipher_t[1];
 
 
-elgamal_key_t elgamal_keygen();
 
-elgamal_cipher_t elgamal_encrypt(elgamal_key_t k, const mpz_t m);
 
-void elgamal_decrypt(mpz_t rop, elgamal_key_t k, elgamal_cipher_t c);
 
+void elgamal_encrypt(elgamal_cipher_t c, const elgamal_key_t k, const mpz_t m);
 
+void elgamal_decrypt(mpz_t rop, const elgamal_key_t k, const elgamal_cipher_t c);
 
+
 
+void elgamal_key_init(elgamal_key_t key);
 
+void elgamal_key_clear(elgamal_key_t key);
 
+
 
+void elgamal_cipher_init(elgamal_cipher_t op);
 
+void elgamal_cipher_set(elgamal_cipher_t rop, const elgamal_cipher_t op1);
 
+void elgamal_cipher_clear(elgamal_cipher_t op);
 
+
 
+#define elgamal_encrypt_shares(share1, share2, key, plaintext) \
 
+  elgamal_encrypt(share1, key, plaintext);                     \
 
+  elgamal_cipher_set(share2, share1)

+ 7 - 6
src/hss.c
View File 

@@ -34,18 +34,19 @@ void hss_del()
 
 
 void ssl1_init(ssl1_t s)
 
 {
 
-  /* mpz_init(s->w); */
 
-  /* for (size_t t = 0; t < 160; t++) { */
 
-  /*   mpz_init(s->cw[t]); */
 
-  /* } */
 
+  elgamal_cipher_init(s->w);
 
+
 
+  for (size_t t = 0; t < 160; t++) {
 
+    elgamal_cipher_init(s->cw[t]);
 
+  }
 
 }
 
 
 void ssl1_clear(ssl1_t s)
 
 {
 
-  mpz_clears(s->w.c1, s->w.c2, NULL);
 
+  elgamal_cipher_clear(s->w);
 
 
   for (size_t t = 0; t < 160; t++) {
 
-    mpz_clears(s->cw[t].c1, s->cw[t].c2, NULL);
 
+    elgamal_cipher_clear(s->cw[t]);
 
   }
 
 }

+ 60 - 54
src/rms.c
View File 

@@ -16,10 +16,10 @@
 
 /** this function is only for testing purposes. */
 
 void ssl2_share(ssl2_t s1, ssl2_t s2, const mpz_t v, const mpz_t sk)
 
 {
 
-  mpz_rrandomb(s1->x, _rstate, 192);
 
+  mpz_urandomb(s1->x, _rstate, 192);
 
   mpz_add(s2->x, v, s1->x);
 
 
-  mpz_rrandomb(s1->cx, _rstate, 192);
 
+  mpz_urandomb(s1->cx, _rstate, 192);
 
   mpz_mul(s2->cx, sk, v);
 
   mpz_add(s2->cx, s2->cx, s1->cx);
 
 }
 
@@ -27,7 +27,6 @@ void ssl2_share(ssl2_t s1, ssl2_t s2, const mpz_t v, const mpz_t sk)
 
 
 void ssl2_merge(mpz_t rop, const ssl2_t s1, const ssl2_t s2)
 
 {
 
-
 
   mpz_sub(rop, s2->x, s1->x);
 
   mpz_abs(rop, rop);
 
 }
 
@@ -38,25 +37,16 @@ void ssl1_share(ssl1_t r1, ssl1_t r2, const mpz_t v, const elgamal_key_t key)
 
   mpz_t zero;
 
   mpz_init_set_ui(zero, 0);
 
 
-  r1->w = elgamal_encrypt(key, v);
 
+  elgamal_encrypt_shares(r1->w, r2->w, key, v);
 
   for (size_t t = 0; t < 160; t++) {
 
-    if (mpz_tstbit(key.sk, t)) {
 
-      r1->cw[t] = elgamal_encrypt(key, v);
 
+    if (mpz_tstbit(key->sk, t)) {
 
+      elgamal_encrypt_shares(r1->cw[t], r2->cw[t], key, v);
 
     } else {
 
-      r1->cw[t] = elgamal_encrypt(key, zero);
 
+      elgamal_encrypt_shares(r1->cw[t], r2->cw[t], key, zero);
 
     }
 
   }
 
 
-  mpz_set(r2->w.c1, r1->w.c1);
 
-  mpz_set(r2->w.c2, r1->w.c2);
 
-  //r2->w = elgamal_encrypt(key, v);
 
-  for (size_t t = 0; t < 160; t++) {
 
-    if (mpz_tstbit(key.sk, t)) {
 
-      r2->cw[t] = elgamal_encrypt(key, v);
 
-    } else {
 
-      r2->cw[t] = elgamal_encrypt(key, zero);
 
-    }
 
-  }
 
+  mpz_clear(zero);
 
 }
 
 
 void ssl1_merge(mpz_t rop, const ssl1_t r1, const ssl1_t r2, const elgamal_key_t key)
 
@@ -92,24 +82,44 @@ uint32_t naif_convert(mpz_t n)
 
   return i;
 
 }
 
 
-elgamal_key_t key;
 
-
 
-void hss_mul(ssl2_t rop, const ssl1_t sl1, const ssl2_t sl2)
 
+static inline
 
+uint32_t __mul_single(mpz_t op1,
 
+                      mpz_t op2,
 
+                      const mpz_t c1,
 
+                      const mpz_t c2,
 
+                      const mpz_t x,
 
+                      const mpz_t cx)
 
 {
 
-  mpz_t tmp;
 
-  mpz_init(tmp);
 
 
-  mpz_powm(tmp, sl1->w.c1, sl2->cx, p);
 
-  mpz_invert(tmp, tmp, p);
 
+  mpz_powm(op1, c1, cx, p);
 
+  mpz_invert(op1, op1, p);
 
 
-  mpz_powm(rop->x, sl1->w.c2, sl2->x, p);
 
-  mpz_mul(rop->x, rop->x, tmp);
 
-  mpz_mod(rop->x, rop->x, p);
 
+  mpz_powm(op2, c2, x, p);
 
+  mpz_mul(op2, op2, op1);
 
+  mpz_mod(op2, op2, p);
 
+  return naif_convert(op2);
 
+}
 
 
-  const uint32_t converted = naif_convert(rop->x);
 
+void hss_mul(ssl2_t rop, const ssl1_t sl1, const ssl2_t sl2)
 
+{
 
+  mpz_t op1, op2;
 
+  uint32_t converted;
 
+  mpz_inits(op1, op2, NULL);
 
+
 
+  converted = __mul_single(op1, op2,
 
+                           sl1->w->c1, sl1->w->c2, sl2->x, sl2->cx);
 
   mpz_set_ui(rop->x, converted);
 
 
-  mpz_clear(tmp);
 
+  mpz_set_ui(rop->cx, 0);
 
+  for (ssize_t t = 159; t >= 0; t--) {
 
+    converted = __mul_single(op1, op2,
 
+                             sl1->cw[t]->c1, sl1->cw[t]->c2, sl2->x, sl2->cx);
 
+    mpz_add_ui(rop->cx, rop->cx, converted);
 
+    mpz_mul_2exp(rop->cx, rop->cx, 1);
 
+  }
 
+  mpz_div_2exp(rop->cx, rop->cx, 1);
 
+
 
+  mpz_clears(op1, op2, NULL);
 
 }
 
 
 int main()
 
@@ -121,19 +131,11 @@ int main()
 
   mpz_t test;
 
   mpz_init(test);
 
 
-  mpz_t x;
 
-  mpz_t y;
 
-  mpz_inits(x, y, NULL);
 
-
 
-  uint64_t expected;
 
-
 
-  /* test elgamal */
 
-  key = elgamal_keygen();
 
-  mpz_urandomb(x, _rstate, 128);
 
-  //elgamal_cipher_t c = elgamal_encrypt(key, x);
 
-  //elgamal_decrypt(test, key, c);
 
-  //assert(!mpz_cmp(x, test));
 
+  mpz_t x, y, xy;
 
+  mpz_inits(x, y, xy, NULL);
 
 
+  elgamal_key_t key;
 
+  elgamal_key_init(key);
 
 
   ssl1_t r1, r2;
 
   ssl2_t s1, s2;
 
@@ -150,32 +152,36 @@ int main()
 
   INIT_TIMEIT();
 
   for (int i = 0; i <  (int) 1e1; i++) {
 
 
-    mpz_rrandomb(x, _rstate, 1);
 
     mpz_urandomb(y, _rstate, 1);
 
-    //mpz_set_ui(x, 0);
 
-    //mpz_set_ui(y, 1);
 
+    mpz_urandomb(x, _rstate, 1);
 
+    /* mpz_set_ui(x, 1); */
 
+    /* mpz_set_ui(y, 1); */
 
 
-    ssl2_share(s1, s2, x, key.sk);
 
+    ssl2_share(s1, s2, x, key->sk);
 
     ssl2_merge(test, s1, s2);
 
     assert(!mpz_cmp(test, x));
 
 
     ssl1_share(r1, r2, y, key);
 
     ssl1_merge(test, r1, r2, key);
 
-    expected = mpz_cmp_ui(x, 0) && mpz_cmp_ui(y, 0) ? 2 : 1;
 
-    assert(!mpz_cmp_ui(test, expected));
 
+    assert(!mpz_cmp_ui(test, mpz_cmp_ui(y, 0) ? 2 : 1));
 
 
     START_TIMEIT();
 
     hss_mul(t1, r1, s1);
 
     END_TIMEIT();
 
-    hss_mul(t2, r2, s2);
 
-    //gmp_printf("resulting shares: %Zx %Zx\n", t1->x, t2->x);
 
-    //gmp_printf("x, y: %Zx %Zx\n", x, y);
 
+     hss_mul(t2, r2, s2);
 
+#ifndef NDEBUG
 
+    gmp_printf("%Zx %Zx\n", x, y);
 
+    gmp_printf("%Zx %Zx\n", s1->x, s2->x);
 
+#endif
 
 
+    mpz_mul(xy, x, y);
 
     ssl2_merge(test, t2, t1);
 
-    //gmp_printf("result: %Zx\n", test);
 
-    expected = (!mpz_cmp_ui(x, 0) || !mpz_cmp_ui(y, 0)) ? 0 : 1;
 
-    assert(!mpz_cmp_ui(test, expected));
 
+    assert(!mpz_cmp(test, xy));
 
 
+    mpz_sub(test, t2->cx, t1->cx);
 
+    mpz_abs(test, test);
 
+    assert(((!mpz_cmp_ui(xy, 1) && !mpz_cmp(test, key->sk))) ||
 
+           ((!mpz_cmp_ui(xy, 0)) && !mpz_cmp_ui(test, 0)));
 
   }
 
 
   printf(TIMEIT_FORMAT "\n", GET_TIMEIT());
 
@@ -187,7 +193,7 @@ int main()
 
   ssl2_clear(t2);
 
 
   mpz_clears(x, y, NULL);
 
-  mpz_clears(key.sk, key.pk, NULL);
 
+  elgamal_key_clear(key);
 
   hss_del();
 
   return 0;
 
 }