Oblivious Transfer with the OT interface. Changed the default OT

to CO OT.
markkurossi · Feb 19, 2023 · c3085ba · c3085ba
1 parent a5229e9
commit c3085ba
Show file tree

Hide file tree

Showing 10 changed files with 138 additions and 189 deletions.
diff --git a/apps/garbled/main.go b/apps/garbled/main.go
@@ -1,7 +1,7 @@
 //
 // main.go
 //
-// Copyright (c) 2019-2022 Markku Rossi
+// Copyright (c) 2019-2023 Markku Rossi
 //
 // All rights reserved.
 //
@@ -25,6 +25,7 @@ import (
 	"github.com/markkurossi/mpc/circuit"
 	"github.com/markkurossi/mpc/compiler"
 	"github.com/markkurossi/mpc/compiler/utils"
+	"github.com/markkurossi/mpc/ot"
 	"github.com/markkurossi/mpc/p2p"
 )
 
@@ -130,11 +131,14 @@ func main() {
 		return
 	}
 
+	//oti := ot.NewRSA(2048)
+	oti := ot.NewCO()
+
 	if *stream {
 		if *evaluator {
-			err = streamEvaluatorMode(params, inputFlag, len(*cpuprofile) > 0)
+			err = streamEvaluatorMode(oti, inputFlag, len(*cpuprofile) > 0)
 		} else {
-			err = streamGarblerMode(params, inputFlag, flag.Args())
+			err = streamGarblerMode(params, oti, inputFlag, flag.Args())
 		}
 		memProfile(*memprofile)
 		if err != nil {
@@ -289,14 +293,14 @@ func main() {
 			fmt.Printf("%s\n", err)
 			os.Exit(1)
 		}
-		err = evaluatorMode(circ, input, len(*cpuprofile) > 0)
+		err = evaluatorMode(oti, circ, input, len(*cpuprofile) > 0)
 	} else {
 		input, err = circ.Inputs[0].Parse(inputFlag)
 		if err != nil {
 			fmt.Printf("%s\n", err)
 			os.Exit(1)
 		}
-		err = garblerMode(circ, input)
+		err = garblerMode(oti, circ, input)
 	}
 	if err != nil {
 		log.Fatal(err)
@@ -321,7 +325,8 @@ func memProfile(file string) {
 	}
 }
 
-func evaluatorMode(circ *circuit.Circuit, input *big.Int, once bool) error {
+func evaluatorMode(oti ot.OT, circ *circuit.Circuit, input *big.Int,
+	once bool) error {
 	ln, err := net.Listen("tcp", port)
 	if err != nil {
 		return err
@@ -336,7 +341,7 @@ func evaluatorMode(circ *circuit.Circuit, input *big.Int, once bool) error {
 		fmt.Printf("New connection from %s\n", nc.RemoteAddr())
 
 		conn := p2p.NewConn(nc)
-		result, err := circuit.Evaluator(conn, circ, input, verbose)
+		result, err := circuit.Evaluator(conn, oti, circ, input, verbose)
 		conn.Close()
 
 		if err != nil && err != io.EOF {
@@ -350,15 +355,15 @@ func evaluatorMode(circ *circuit.Circuit, input *big.Int, once bool) error {
 	}
 }
 
-func garblerMode(circ *circuit.Circuit, input *big.Int) error {
+func garblerMode(oti ot.OT, circ *circuit.Circuit, input *big.Int) error {
 	nc, err := net.Dial("tcp", port)
 	if err != nil {
 		return err
 	}
 	conn := p2p.NewConn(nc)
 	defer conn.Close()
 
-	result, err := circuit.Garbler(conn, circ, input, verbose)
+	result, err := circuit.Garbler(conn, oti, circ, input, verbose)
 	if err != nil {
 		return err
 	}

diff --git a/apps/garbled/streaming.go b/apps/garbled/streaming.go
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2020-2021 Markku Rossi
+// Copyright (c) 2020-2023 Markku Rossi
 //
 // All rights reserved.
 //
@@ -15,10 +15,11 @@ import (
 	"github.com/markkurossi/mpc/circuit"
 	"github.com/markkurossi/mpc/compiler"
 	"github.com/markkurossi/mpc/compiler/utils"
+	"github.com/markkurossi/mpc/ot"
 	"github.com/markkurossi/mpc/p2p"
 )
 
-func streamEvaluatorMode(params *utils.Params, input input, once bool) error {
+func streamEvaluatorMode(oti ot.OT, input input, once bool) error {
 	ln, err := net.Listen("tcp", port)
 	if err != nil {
 		return err
@@ -33,7 +34,8 @@ func streamEvaluatorMode(params *utils.Params, input input, once bool) error {
 		fmt.Printf("New connection from %s\n", nc.RemoteAddr())
 
 		conn := p2p.NewConn(nc)
-		outputs, result, err := circuit.StreamEvaluator(conn, input, verbose)
+		outputs, result, err := circuit.StreamEvaluator(conn, oti, input,
+			verbose)
 		conn.Close()
 
 		if err != nil && err != io.EOF {
@@ -47,7 +49,9 @@ func streamEvaluatorMode(params *utils.Params, input input, once bool) error {
 	}
 }
 
-func streamGarblerMode(params *utils.Params, input input, args []string) error {
+func streamGarblerMode(params *utils.Params, oti ot.OT, input input,
+	args []string) error {
+
 	if len(args) != 1 || !strings.HasSuffix(args[0], ".mpcl") {
 		return fmt.Errorf("streaming mode takes single MPCL file")
 	}
@@ -59,7 +63,7 @@ func streamGarblerMode(params *utils.Params, input input, args []string) error {
 	defer conn.Close()
 
 	outputs, result, err := compiler.New(params).StreamFile(
-		conn, args[0], input)
+		conn, oti, args[0], input)
 	if err != nil {
 		return err
 	}

diff --git a/benchmarks.md b/benchmarks.md
@@ -208,6 +208,22 @@ Circuit: #gates=5539148 (XOR=3996414 XNOR=48825 AND=1493909 OR=0 INV=0) #w=55393
 └────────┴──────────────┴────────┴──────┘
 ```
 
+CO OT:
+
+```
+Circuit: #gates=5539117 (XOR=3996381 XNOR=48824 AND=1493910 OR=1 INV=1 xor=4045205 !xor=1493912 levels=1604812 width=8259) #w=5539277
+┌────────┬──────────────┬────────┬──────┐
+│ Op     │         Time │      % │ Xfer │
+├────────┼──────────────┼────────┼──────┤
+│ Wait   │ 544.037201ms │ 69.10% │      │
+│ Recv   │ 119.178002ms │ 15.14% │ 69MB │
+│ Inputs │   5.523428ms │  0.70% │  3kB │
+│ Eval   │  118.35074ms │ 15.03% │      │
+│ Result │    241.858µs │  0.03% │  1kB │
+│ Total  │ 787.331229ms │        │ 69MB │
+└────────┴──────────────┴────────┴──────┘
+```
+
 ## Ed25519 signature computation
 
 The first signature computation without SHA-512:
@@ -453,6 +469,22 @@ Parallel garbling/write:
 └─────────────┴─────────────────┴────────┴───────┘
 ```
 
+CO OT:
+
+```
+┌─────────────┬─────────────────┬────────┬──────┐
+│ Op          │            Time │      % │ Xfer │
+├─────────────┼─────────────────┼────────┼──────┤
+│ Compile     │    2.192778168s │  2.82% │      │
+│ Init        │      2.127053ms │  0.00% │   0B │
+│ OT Init     │        10.404µs │  0.00% │   0B │
+│ Peer Inputs │     86.187868ms │  0.11% │ 74kB │
+│ Garble      │ 1m15.571077934s │ 97.07% │ 15GB │
+│ Result      │       338.085µs │  0.00% │ 55kB │
+│ Total       │ 1m17.852519512s │        │ 15GB │
+└─────────────┴─────────────────┴────────┴──────┘
+```
+
 
 ## RSA signature computation
 

diff --git a/circuit/evaluator.go b/circuit/evaluator.go
@@ -9,7 +9,6 @@
 package circuit
 
 import (
-	"crypto/rsa"
 	"fmt"
 	"math/big"
 
@@ -22,8 +21,8 @@ var (
 )
 
 // Evaluator runs the evaluator on the P2P network.
-func Evaluator(conn *p2p.Conn, circ *Circuit, inputs *big.Int, verbose bool) (
-	[]*big.Int, error) {
+func Evaluator(conn *p2p.Conn, oti ot.OT, circ *Circuit, inputs *big.Int,
+	verbose bool) ([]*big.Int, error) {
 
 	timing := NewTiming()
 
@@ -82,19 +81,7 @@ func Evaluator(conn *p2p.Conn, circ *Circuit, inputs *big.Int, verbose bool) (
 	}
 
 	// Init oblivious transfer.
-	pubN, err := conn.ReceiveData()
-	if err != nil {
-		return nil, err
-	}
-	pubE, err := conn.ReceiveUint32()
-	if err != nil {
-		return nil, err
-	}
-	pub := &rsa.PublicKey{
-		N: big.NewInt(0).SetBytes(pubN),
-		E: pubE,
-	}
-	receiver, err := ot.NewReceiver(pub)
+	err = oti.InitReceiver(conn)
 	if err != nil {
 		return nil, err
 	}
@@ -105,16 +92,26 @@ func Evaluator(conn *p2p.Conn, circ *Circuit, inputs *big.Int, verbose bool) (
 	if verbose {
 		fmt.Printf(" - Querying our inputs...\n")
 	}
+	if err := conn.SendUint32(OpOT); err != nil {
+		return nil, err
+	}
+	// Wire offset.
+	if err := conn.SendUint32(circ.Inputs[0].Size); err != nil {
+		return nil, err
+	}
+	// Wire count.
+	if err := conn.SendUint32(circ.Inputs[1].Size); err != nil {
+		return nil, err
+	}
+	conn.Flush()
+	flags := make([]bool, circ.Inputs[1].Size)
 	for i := 0; i < circ.Inputs[1].Size; i++ {
-		if err := conn.SendUint32(OpOT); err != nil {
-			return nil, err
+		if inputs.Bit(i) == 1 {
+			flags[i] = true
 		}
-		n, err := conn.Receive(receiver, uint(circ.Inputs[0].Size+i),
-			inputs.Bit(i))
-		if err != nil {
-			return nil, err
-		}
-		wires[Wire(circ.Inputs[0].Size+i)].SetBytes(n)
+	}
+	if err := oti.Receive(flags, wires[circ.Inputs[0].Size:]); err != nil {
+		return nil, err
 	}
 	xfer := conn.Stats.Sub(ioStats)
 	ioStats = conn.Stats

diff --git a/circuit/garbler.go b/circuit/garbler.go
@@ -1,7 +1,7 @@
 //
 // garbler.go
 //
-// Copyright (c) 2019-2021 Markku Rossi
+// Copyright (c) 2019-2023 Markku Rossi
 //
 // All rights reserved.
 //
@@ -44,8 +44,8 @@ func (s FileSize) String() string {
 }
 
 // Garbler runs the garbler on the P2P network.
-func Garbler(conn *p2p.Conn, circ *Circuit, inputs *big.Int, verbose bool) (
-	[]*big.Int, error) {
+func Garbler(conn *p2p.Conn, oti ot.OT, circ *Circuit, inputs *big.Int,
+	verbose bool) ([]*big.Int, error) {
 
 	timing := NewTiming()
 	if verbose {
@@ -120,22 +120,10 @@ func Garbler(conn *p2p.Conn, circ *Circuit, inputs *big.Int, verbose bool) (
 	}
 
 	// Init oblivious transfer.
-	sender, err := ot.NewSender(2048)
+	err = oti.InitSender(conn)
 	if err != nil {
 		return nil, err
 	}
-
-	// Send our public key.
-	pub := sender.PublicKey()
-	data := pub.N.Bytes()
-	if err := conn.SendData(data); err != nil {
-		return nil, err
-	}
-	if err := conn.SendUint32(pub.E); err != nil {
-		return nil, err
-	}
-	conn.Flush()
-
 	ioStats = conn.Stats.Sub(ioStats)
 	timing.Sample("OT Init", []string{FileSize(ioStats.Sum()).String()})
 
@@ -161,52 +149,24 @@ func Garbler(conn *p2p.Conn, circ *Circuit, inputs *big.Int, verbose bool) (
 
 		switch op {
 		case OpOT:
-			bit, err := conn.ReceiveUint32()
+			offset, err := conn.ReceiveUint32()
 			if err != nil {
 				return nil, err
 			}
-			if !allowedOTs[bit] {
-				return nil, fmt.Errorf("peer can't OT wire %d", bit)
-			}
-			allowedOTs[bit] = false
-
-			wire := garbled.Wires[bit]
-
-			var m0Buf, m1Buf ot.LabelData
-			m0Data := wire.L0.Bytes(&m0Buf)
-			m1Data := wire.L1.Bytes(&m1Buf)
-
-			xfer, err := sender.NewTransfer(m0Data, m1Data)
+			count, err := conn.ReceiveUint32()
 			if err != nil {
 				return nil, err
 			}
-
-			x0, x1 := xfer.RandomMessages()
-			if err := conn.SendData(x0); err != nil {
-				return nil, err
-			}
-			if err := conn.SendData(x1); err != nil {
-				return nil, err
+			for i := 0; i < count; i++ {
+				if !allowedOTs[offset+i] {
+					return nil, fmt.Errorf("peer can't OT wire %d", offset+i)
+				}
+				allowedOTs[offset+i] = false
 			}
-			conn.Flush()
-
-			v, err := conn.ReceiveData()
+			err = oti.Send(garbled.Wires[offset : offset+count])
 			if err != nil {
 				return nil, err
 			}
-			xfer.ReceiveV(v)
-
-			m0p, m1p, err := xfer.Messages()
-			if err != nil {
-				return nil, err
-			}
-			if err := conn.SendData(m0p); err != nil {
-				return nil, err
-			}
-			if err := conn.SendData(m1p); err != nil {
-				return nil, err
-			}
-			conn.Flush()
 			lastOT = time.Now()
 
 		case OpResult: