arbitrary base.

configure.ac

@@ -50,7 +50,7 @@ AC_ARG_ENABLE(debug,
 
 AC_DEFINE([ERROR],  [16], [log inverse of the error probability, default: 16.])
 AC_DEFINE([FB_BASE], [8], [log of precomputed base for group operation, default: 8.])
-AC_DEFINE([SS_BASE], [1], [log of secret shares representation, default: 1.])
+AC_DEFINE([SS_BASE], [2], [log of secret shares representation, default: 1.])
 
 AC_OUTPUT([Makefile
            src/Makefile

src/ddlog.h

@@ -1,9 +1,10 @@
 #pragma once
 
+#include "config.h"
 #include <stdint.h>
 #include <gmp.h>
 
-#define strip_size 16
+#define strip_size (ERROR)
 #define halfstrip_size ((strip_size)/2)
 
 extern uint32_t lookup[256];

src/elgamal.c

@@ -13,7 +13,7 @@ void elgamal_keygen(elgamal_key_t rop)
   mpz_set_ui(rop->pk, 2);
 
   //  mpz_urandomm(rop->sk, _rstate, q);
-  mpz_urandomb(rop->sk, _rstate, 160);
+  mpz_urandomb(rop->sk, _rstate, SK_SIZE);
   mpz_powm(rop->pk, rop->pk, rop->sk, p);
 }
 

src/hss.c

@@ -11,7 +11,7 @@ void ssl1_init(ssl1_t s)
 {
   ELGAMAL_CIPHER(init, s->w);
 
-  for (size_t t = 0; t < 160; t++) {
+  for (size_t t = 0; t < SK_BLOCKS; t++) {
     ELGAMAL_CIPHER(init, s->cw[t]);
   }
 }
@@ -20,27 +20,33 @@ void ssl1_clear(ssl1_t s)
 {
   ELGAMAL_CIPHER(clear, s->w);
 
-  for (size_t t = 0; t < 160; t++) {
+  for (size_t t = 0; t < SK_BLOCKS; t++) {
     ELGAMAL_CIPHER(clear, s->cw[t]);
   }
 }
 
+
+
 void ssl1_share(ssl1_t r1, ssl1_t r2, const mpz_t v, const elgamal_key_t key)
 {
-  mpz_t zero;
-  mpz_init_set_ui(zero, 0);
+  mpz_t q, r, x;
+
+  mpz_init_set(q, key->sk);
+  mpz_inits(r, x, NULL);
 
   elgamal_encrypt_shares(r1->w, r2->w, key, v);
 
-  for (size_t t = 0; t < 160; t++) {
-    if (mpz_tstbit(key->sk, 159-t)) {
-      elgamal_encrypt_shares(r1->cw[t], r2->cw[t], key, v);
-    } else {
-      elgamal_encrypt_shares(r1->cw[t], r2->cw[t], key, zero);
-    }
+  for (size_t t = 0; t < SK_BLOCKS; t++) {
+    mpz_fdiv_r_2exp(r, q, SS_BASE);
+    mpz_fdiv_q_2exp(q, q, SS_BASE);
+    mpz_mul(x, v, r);
+    /* do it in reverse so that when computing it's just incremental */
+    elgamal_encrypt_shares(r1->cw[SK_BLOCKS - 1 - t],
+                           r2->cw[SK_BLOCKS - 1 - t],
+                           key, x);
   }
 
-  mpz_clear(zero);
+  mpz_clears(q, r, x, NULL);
 }
 
 void ssl1_open(mpz_t rop, const ssl1_t r1, const ssl1_t r2, const elgamal_key_t key)

src/hss.h

@@ -5,6 +5,9 @@
 
 #include "elgamal.h"
 
+#define SK_SIZE   160
+#define SK_BLOCKS ((SK_SIZE)/(SS_BASE))
+
 void hss_init();
 void hss_del();
 
@@ -15,7 +18,7 @@ void hss_del();
 
 typedef struct ssl1 {
   elgamal_cipher_t w;
-  elgamal_cipher_t cw[160];
+  elgamal_cipher_t cw[SK_BLOCKS];
 } ssl1_t[1];
 
 

src/rms.c

@@ -52,8 +52,8 @@ void hss_mul(ssl2_t rop, const ssl1_t sl1, const ssl2_t sl2)
   rop->x = mul_single(sl1->w, sl2->x, sl2->cx);
 
   mpz_set_ui(rop->cx, 0);
-  for (size_t t = 0; t < 160; t++) {
-    mpz_mul_2exp(rop->cx, rop->cx, 1);
+  for (size_t t = 0; t < SK_BLOCKS; t++) {
+    mpz_mul_2exp(rop->cx, rop->cx, SS_BASE);
     converted = mul_single(sl1->cw[t], sl2->x, sl2->cx);
     mpz_add_ui(rop->cx, rop->cx, converted);
   }
@@ -99,8 +99,8 @@ int main()
 
   mpz_urandomb(y, _rstate, 1);
   mpz_urandomb(x, _rstate, 1);
-  /* mpz_set_ui(x, 1); */
-  /* mpz_set_ui(y, 1); */
+  mpz_set_ui(x, 1);
+  mpz_set_ui(y, 1);
 
   ssl2_share(s1, s2, x, key->sk);
   ssl2_open(test, s1, s2);
@@ -111,6 +111,8 @@ int main()
   ssl1_open(test, r1, r2, key);
   assert(!mpz_cmp_ui(test, mpz_cmp_ui(y, 0) ? 2 : 1));
 
+
+
   for (int i = 0; i <  (int) 1e2; i++) {
     hss_mul(t1, r1, s1);
     hss_mul(t2, r2, s2);

src/rms.h

@@ -1,12 +1,8 @@
 #pragma once
+#include "config.h"
+
 #include <stdint.h>
 
 #include <gmp.h>
 
 #include "entropy.h"
-
-
-//#define ssl2_init(s) mpz_init2(s, 192)
-//#define ssl2_del(s) mpz_clear(s)
-
-//void fbprecompute(ssl1_t *pb);