Merge pull request #75 from cryspen/jonas/and-triples

AND triple generation

atlas-spec/mpc-engine/Cargo.toml

@@ -11,3 +11,5 @@ p256.workspace = true
 hmac.workspace = true
 hacspec-chacha20poly1305.workspace = true
 hacspec_lib.workspace = true
+serde_json.workspace = true
+serde = { workspace = true, features = ["derive"] }

atlas-spec/mpc-engine/examples/run_mpc.rs

@@ -12,10 +12,12 @@ fn build_circuit() -> Circuit {
             WiredGate::Input(0),  // Gate 0
             WiredGate::Input(1),  // Gate 1
             WiredGate::Input(2),  // Gate 2
-            WiredGate::And(0, 1), // Gate 3
-            WiredGate::And(3, 2), // Gate 4
+            WiredGate::Input(3),  // Gate 3
+            WiredGate::And(0, 1), // Gate 4
+            WiredGate::And(2, 3), // Gate 5
+            WiredGate::Xor(4, 5), // Gate 6
         ],
-        output_gates: vec![4],
+        output_gates: vec![6],
     }
 }
 fn main() {
@@ -36,13 +38,13 @@ fn main() {
         let c = circuit.clone();
         let party_join_handle = thread::spawn(move || {
             let mut rng = rand::thread_rng();
-            let mut bytes = vec![0u8; u16::MAX.try_into().unwrap()];
+            let mut bytes = vec![0u8; 100 * usize::from(u16::MAX)];
             rng.fill_bytes(&mut bytes);
             let rng = Randomness::new(bytes);
             let log_enabled = channel_config.id == 1;
             let mut p = mpc_engine::party::Party::new(channel_config, &c, log_enabled, rng);
 
-            let _ = p.run();
+            let _ = p.run(false);
         });
         party_join_handles.push(party_join_handle);
     }

atlas-spec/mpc-engine/src/circuit.rs

@@ -65,6 +65,8 @@
 //!
 //!
 
+use crate::STATISTICAL_SECURITY;
+
 /// Data type to uniquely identify gate output wires.
 pub type WireIndex = usize;
 
@@ -304,4 +306,44 @@ impl Circuit {
         }
         Ok(output_packed)
     }
+
+    /// Returns the number of gates (i.e. the size) of the circuit.
+    pub fn num_gates(&self) -> usize {
+        self.gates.len()
+    }
+
+    /// Computes the required bucket size for leaky AND triple combination.
+    pub fn and_bucket_size(&self) -> usize {
+        (STATISTICAL_SECURITY as u32 / self.num_gates().ilog2())
+            .try_into()
+            .unwrap()
+    }
+
+    /// Returns the number of AND gates in the circuit.
+    pub fn num_and_gates(&self) -> usize {
+        self.gates
+            .iter()
+            .filter(|gate| matches!(gate, WiredGate::And(_, _)))
+            .count()
+    }
+    /// Computes the total number of share authentications that will be necessary
+    /// to evaluate this circuit using the MPC protocol, excluding malicious security overhead.
+    pub fn share_authentication_cost(&self) -> usize {
+        let mut result: usize = 0;
+
+        for party_input_width in self.input_widths.iter() {
+            result += party_input_width;
+        }
+
+        let num_and_gates = self
+            .gates
+            .iter()
+            .filter(|gate| matches!(gate, WiredGate::And(_, _)))
+            .count();
+
+        result += num_and_gates;
+        result += num_and_gates * 3 * self.and_bucket_size();
+
+        result
+    }
 }

atlas-spec/mpc-engine/src/lib.rs

@@ -34,7 +34,7 @@ pub enum Error {
     /// Failed to deserialize an authenticated bit
     InvalidSerialization,
     /// A malicious security check has failed
-    CheckFailed,
+    CheckFailed(String),
     /// Error from the curve implementation
     CurveError,
     /// Error from the AEAD

atlas-spec/mpc-engine/src/messages.rs

@@ -45,6 +45,12 @@ pub enum MessagePayload {
     SubChannel(Sender<SubMessage>, Receiver<SubMessage>),
     /// A bit mac for validity checking
     Mac(Mac),
+    /// Values sent over to other parties in the half-AND protocol
+    HalfAndHashes(bool, bool),
+    /// Value exchanged during leaky AND-triple check
+    LeakyAndU(Mac),
+    /// A two-party bit reveal message
+    BitReveal(bool, Mac),
     /// A garbled AND gate, to be sent to the evaluator
     GarbledAnd(Vec<u8>, Vec<u8>, Vec<u8>, Vec<u8>),
     /// A MAC on a wire mask share