arcis-compiler 0.9.7

A framework for writing secure multi-party computation (MPC) circuits to be executed on the Arcium network.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

use crate::{
    core::{
        actually_used_field::ActuallyUsedField,
        circuits::boolean::{boolean_value::Boolean, byte::Byte},
    },
    utils::crypto::{
        hmac::{HMAC_RescuePrime, HMAC_Sha3_256, HMAC},
        key::RESCUE_KEY_COUNT,
        rescue_desc::RescueArg,
    },
};

pub trait HKDF<const L: usize, T> {
    fn extract(&self, salt: Vec<T>, ikm: Vec<T>) -> Vec<T>;

    fn expand(&self, prk: Vec<T>, info: Vec<T>) -> [T; L];

    fn okm(&self, salt: Vec<T>, ikm: Vec<T>, info: Vec<T>) -> [T; L] {
        let prk = self.extract(salt, ikm);
        self.expand(prk, info)
    }
}

/// The Arcis HKDF based on the Rescue-Prime hash function.
/// We follow <https://datatracker.ietf.org/doc/html/rfc5869>.
/// We only support L = HashLen.
#[allow(non_camel_case_types)]
pub struct HKDF_RescuePrime<F: ActuallyUsedField, T: RescueArg<F>> {
    hmac: HMAC_RescuePrime<F, T>,
}

impl<F: ActuallyUsedField, T: RescueArg<F>> HKDF_RescuePrime<F, T> {
    pub fn new() -> Self {
        Self {
            hmac: HMAC_RescuePrime::new(),
        }
    }
}

impl<F: ActuallyUsedField, T: RescueArg<F>> HKDF<RESCUE_KEY_COUNT, T> for HKDF_RescuePrime<F, T> {
    fn extract(&self, mut salt: Vec<T>, ikm: Vec<T>) -> Vec<T> {
        if salt.is_empty() {
            salt = vec![T::from(F::ZERO); self.hmac.hasher.rate]
        }
        self.hmac.digest(salt, ikm)
    }

    fn expand(&self, prk: Vec<T>, mut info: Vec<T>) -> [T; RESCUE_KEY_COUNT] {
        // we only support L = HashLen = RESCUE_KEY_COUNT = 5, i.e. N = 1
        // message = empty string | info | 0x01
        info.push(T::from(F::ONE));
        self.hmac
            .digest(prk, info)
            .try_into()
            .unwrap_or_else(|v: Vec<T>| {
                panic!(
                    "Expected a Vec of length {} (found {})",
                    RESCUE_KEY_COUNT,
                    v.len()
                )
            })
    }
}

impl<F: ActuallyUsedField, T: RescueArg<F>> Default for HKDF_RescuePrime<F, T> {
    fn default() -> Self {
        Self::new()
    }
}

macro_rules! impl_hkdf_sha3 {
    ($t: ident, $hmac: ident) => {
        /// The Arcis HKDF based on SHA3.
        /// We follow <https://datatracker.ietf.org/doc/html/rfc5869>.
        /// We only support L <= HashLen.
        #[derive(Clone, Debug)]
        #[allow(non_camel_case_types)]
        pub struct $t {
            pub hmac: $hmac,
        }

        impl $t {
            pub fn new() -> Self {
                Self { hmac: $hmac::new() }
            }
        }

        impl<const L: usize, B: Boolean> HKDF<L, Byte<B>> for $t {
            fn extract(&self, mut salt: Vec<Byte<B>>, ikm: Vec<Byte<B>>) -> Vec<Byte<B>> {
                if salt.is_empty() {
                    salt = vec![Byte::from(0); self.hmac.hasher.digest_in_bytes()]
                }
                self.hmac.digest(salt, ikm)
            }

            fn expand(&self, prk: Vec<Byte<B>>, mut info: Vec<Byte<B>>) -> [Byte<B>; L] {
                // we only support L <= HashLen, i.e. N = 1
                assert!(
                    L <= self.hmac.hasher.digest_in_bytes(),
                    "we only support L at most {} (found {})",
                    self.hmac.hasher.digest_in_bytes(),
                    L
                );
                // message = empty string | info | 0x01
                info.push(Byte::from(1u8));
                self.hmac
                    .digest(prk, info)
                    .into_iter()
                    .take(L)
                    .collect::<Vec<Byte<B>>>()
                    .try_into()
                    .unwrap_or_else(|v: Vec<Byte<B>>| {
                        panic!("Expected a Vec of length {} (found {})", L, v.len())
                    })
            }
        }

        impl Default for $t {
            fn default() -> Self {
                Self::new()
            }
        }
    };
}

impl_hkdf_sha3!(HKDF_Sha3_256, HMAC_Sha3_256);