PRF based label generation.

markkurossi · Apr 8, 2020 · 8c513c7 · 8c513c7
1 parent 8759bd1
commit 8c513c7
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 49 deletions.
diff --git a/README.md b/README.md
@@ -345,6 +345,7 @@ Circuit: #gates=6717340 (XOR=4787324 XNOR=108545 AND=1821471 OR=0 INV=0)
 Labels by value in protocol, garbler, and evaluator:
 
 ```
+Circuit: #gates=6717340 (XOR=4787324 XNOR=108545 AND=1821471 OR=0 INV=0)
 ┏━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━┳━━━━━━━┓
 ┃ Op     ┃         Time ┃      % ┃  Xfer ┃
 ┣━━━━━━━━╋━━━━━━━━━━━━━━╋━━━━━━━━╋━━━━━━━┫
@@ -360,6 +361,7 @@ Labels by value in protocol, garbler, and evaluator:
 Gate wires by value in garbler:
 
 ```
+Circuit: #gates=6717340 (XOR=4787324 XNOR=108545 AND=1821471 OR=0 INV=0)
 ┏━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━┳━━━━━━━┓
 ┃ Op     ┃         Time ┃      % ┃  Xfer ┃
 ┣━━━━━━━━╋━━━━━━━━━━━━━━╋━━━━━━━━╋━━━━━━━┫
@@ -411,12 +413,12 @@ Circuit: #gates=5972956 (XOR=4315452 XNOR=53761 AND=1603743 OR=0 INV=0)
 ┏━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━┳━━━━━━━┓
 ┃ Op     ┃         Time ┃      % ┃  Xfer ┃
 ┣━━━━━━━━╋━━━━━━━━━━━━━━╋━━━━━━━━╋━━━━━━━┫
-┃ Wait   ┃  820.73261ms ┃ 41.67% ┃       ┃
-┃ Recv   ┃ 749.691218ms ┃ 38.06% ┃ 126MB ┃
-┃ Inputs ┃ 226.025987ms ┃ 11.47% ┃  41kB ┃
-┃ Eval   ┃ 173.069098ms ┃  8.79% ┃       ┃
-┃ Result ┃    212.406µs ┃  0.01% ┃   1kB ┃
-┃ Total  ┃ 1.969731319s ┃        ┃       ┃
+┃ Wait   ┃ 700.031233ms ┃ 38.57% ┃       ┃
+┃ Recv   ┃ 706.339086ms ┃ 38.92% ┃ 126MB ┃
+┃ Inputs ┃ 233.615365ms ┃ 12.87% ┃  41kB ┃
+┃ Eval   ┃  174.84741ms ┃  9.63% ┃       ┃
+┃ Result ┃    215.733µs ┃  0.01% ┃   1kB ┃
+┃ Total  ┃ 1.815048827s ┃        ┃       ┃
 ┗━━━━━━━━┻━━━━━━━━━━━━━━┻━━━━━━━━┻━━━━━━━┛
 ```
 

diff --git a/compiler/ssa/streamer.go b/compiler/ssa/streamer.go
@@ -219,26 +219,22 @@ func (prog *Program) StreamCircuit(params *utils.Params) error {
 			if false {
 				circ.Dump()
 			}
-			if true {
-				fmt.Printf("%05d: - garble %d gates\n", idx, circ.NumGates)
-
-				var inputIDs []circuit.Wire
-				for _, in := range flat {
-					inputIDs = append(inputIDs, circuit.Wire(in.ID))
-				}
+			var inputIDs []circuit.Wire
+			for _, in := range flat {
+				inputIDs = append(inputIDs, circuit.Wire(in.ID))
+			}
 
-				start := time.Now()
-				err := circ.GarbleStream(key[:], r, inputIDs)
-				if err != nil {
-					return err
-				}
-				dt := time.Now().Sub(start)
-				elapsed := time.Now().UnixNano() - start.UnixNano()
-				elapsed /= 1000000000
-				if elapsed > 0 {
-					fmt.Printf("%05d: - garbled %d gates/s (%s)\n",
-						idx, int64(circ.NumGates)/elapsed, dt)
-				}
+			start := time.Now()
+			err := circ.GarbleStream(key[:], r, inputIDs)
+			if err != nil {
+				return err
+			}
+			dt := time.Now().Sub(start)
+			elapsed := float64(time.Now().UnixNano() - start.UnixNano())
+			elapsed /= 1000000000
+			if elapsed > 0 {
+				fmt.Printf("%05d: - garbled %10.0f gates/s (%s)\n",
+					idx, float64(circ.NumGates)/elapsed, dt)
 			}
 			numGates += uint64(circ.NumGates)
 			numNonXOR += uint64(circ.Stats[circuit.AND])

diff --git a/ot/rsa.go b/ot/rsa.go
@@ -9,6 +9,8 @@
 package ot
 
 import (
+	"crypto/aes"
+	"crypto/cipher"
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/binary"
@@ -21,8 +23,8 @@ import (
 )
 
 const (
-	BlockSize  = 16
-	BlockCount = 1024
+	PRFBlockSize  = 16
+	PRFBlockCount = 256
 )
 
 type LabelType int
@@ -34,39 +36,51 @@ const (
 )
 
 const (
-	labelGenerator = LabelRandom
+	labelGenerator = LabelPRF
 )
 
-var labelC = make(chan Label)
+var (
+	prfCounter uint64
+	prfKey     [16]byte
+	prfBuffer  [PRFBlockSize * PRFBlockCount]byte
+	prfBlock   int
+	prfCipher  cipher.Block
+)
 
-func prf() {
-	var counter uint64 = 1
-	buf := make([]byte, BlockSize*BlockCount)
-	rand.Read(buf)
+func prf() Label {
 
-	for {
-		for i := 0; i < BlockCount; i++ {
-			binary.BigEndian.PutUint64(buf[i*BlockSize:], counter)
-			counter++
-		}
+	if prfBlock >= PRFBlockCount {
+		prfBlock = 0
+		prfCounter++
 
-		for i := 0; i < BlockCount; i++ {
-			var label Label
-			var data LabelData
+		var buf [PRFBlockSize]byte
+		binary.BigEndian.PutUint64(buf[:], prfCounter)
 
-			copy(data[:], buf[i*BlockSize:i*BlockSize+BlockSize])
-			label.SetBytes(data)
-			labelC <- label
+		for b := 0; b < PRFBlockCount; b++ {
+			for i := 0; i < PRFBlockSize; i++ {
+				prfBuffer[b*PRFBlockSize+i] ^= buf[i]
+			}
 		}
+		prfCipher.Encrypt(prfBuffer[:], prfBuffer[:])
 	}
+
+	var label Label
+	label.InitFromData(prfBuffer[prfBlock*PRFBlockSize:])
+	prfBlock++
+
+	return label
 }
 
 func init() {
-	if labelGenerator == LabelPRF {
-		for i := 0; i < 10; i++ {
-			go prf()
-		}
+	rand.Read(prfKey[:])
+	rand.Read(prfBuffer[:])
+
+	var err error
+	prfCipher, err = aes.NewCipher(prfKey[:])
+	if err != nil {
+		panic(err)
 	}
+	prfBlock = PRFBlockCount
 }
 
 func RandomData(size int) ([]byte, error) {
@@ -106,7 +120,7 @@ func NewLabel(rand io.Reader) (Label, error) {
 		return label, nil
 
 	case LabelPRF:
-		return <-labelC, nil
+		return prf(), nil
 
 	case LabelZero:
 		var l Label
@@ -170,6 +184,11 @@ func (l *Label) SetBytes(data LabelData) {
 	l.d1 = binary.BigEndian.Uint64(data[8:16])
 }
 
+func (l *Label) InitFromData(data []byte) {
+	l.d0 = binary.BigEndian.Uint64(data[0:8])
+	l.d1 = binary.BigEndian.Uint64(data[8:16])
+}
+
 type Wire struct {
 	L0 Label
 	L1 Label

diff --git a/rsa32.csv b/rsa32.csv
@@ -0,0 +1,11 @@
+Version,Time,Total Gates,Non-XOR Gates
+0,14.238416532,7366376,4220265
+1,10.45587699,7366376,2155565
+2,8.78036308,6822632,1935789
+3,8.428656584,6769820,1874720
+4,7.919823862,6717340,1821471
+5,6.452876989,6717340,1821471
+6,5.714601305,6717340,1821471
+7,3.189555391,6717340,1821471
+8,2.317192831,5972956,1603743
+9,1.815048827,5972956,1603743