arcium-primitives 0.4.2

Arcium primitives
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

use itertools::izip;
use num_traits::identities::{One, Zero};

use crate::{
    algebra::field::{binary::Gf2_128, Bit, FieldExtension, SubfieldElement},
    correlated_randomness::dabits::{DaBit, DaBits, OpenDaBit, OpenDaBits},
    errors::PrimitiveError,
    sharing::{Reconstructible, VerifiableWith},
    types::{HeapArray, PeerIndex, Positive},
};
// ---------------
// |   Opening   |
// ---------------

impl<F: FieldExtension> Reconstructible for DaBit<F> {
    type Value = (Bit, SubfieldElement<F>);
    type Opening = OpenDaBit<F>;

    /// Open the daBit towards another peer.
    fn open_to(&self, peer_index: PeerIndex) -> Result<Self::Opening, PrimitiveError> {
        let opened_bit = self.bit.open_to(peer_index)?;

        Ok(OpenDaBit {
            opened_bit,
            opened_field: self.field.open_to(peer_index)?,
        })
    }

    /// Open the daBit towards all other peers.
    fn open_to_all_others(&self) -> impl ExactSizeIterator<Item = Self::Opening> {
        (0..self.field.get_macs().len())
            .map(|peer_index| self.open_to(peer_index).expect("Opening should not fail"))
    }

    /// Reconstruct a secret from openings coming from all other parties.
    fn reconstruct(&self, openings: Vec<Self::Opening>) -> Result<Self::Value, PrimitiveError> {
        let (bit_openings, field_openings): (Vec<_>, Vec<_>) = openings
            .iter()
            .map(|dabit_opening| (dabit_opening.bit(), dabit_opening.field()))
            .unzip();

        if field_openings.len() != self.field.get_macs().len() {
            return Err(PrimitiveError::InvalidSize(
                self.field.get_macs().len(),
                field_openings.len(),
            ));
        }

        let field = self.field.reconstruct(field_openings)?;
        let bit = self.bit.reconstruct(bit_openings)?;

        Ok((bit, field))
    }
}

impl<F: FieldExtension> VerifiableWith for DaBit<F> {
    type VerificationData = ();

    /// Verify openings from all peers.
    fn verify_with(&self, openings: Vec<Self::Opening>, _data: ()) -> Result<(), PrimitiveError> {
        let (bit, field) = self.reconstruct(openings)?;

        // Check that the bit has the same value as the field element
        if field == SubfieldElement::<F>::one() {
            if bit != SubfieldElement::<Gf2_128>::one() {
                return Err(PrimitiveError::WrongCorrelation(
                    "daBit bit does not match the field element.".to_string(),
                ));
            }
        } else if field == SubfieldElement::<F>::zero() {
            if bit != SubfieldElement::<Gf2_128>::zero() {
                return Err(PrimitiveError::WrongCorrelation(
                    "daBit bit does not match the field element.".to_string(),
                ));
            }
        } else {
            return Err(PrimitiveError::WrongCorrelation(
                "daBit field element is not 0 or 1.".to_string(),
            ));
        }
        Ok(())
    }
}

impl<F: FieldExtension, N: Positive> Reconstructible for DaBits<F, N> {
    type Opening = OpenDaBits<F, N>;
    type Value = HeapArray<(Bit, SubfieldElement<F>), N>;

    /// Open the share towards another peer.
    fn open_to(&self, peer_index: PeerIndex) -> Result<Self::Opening, PrimitiveError> {
        Ok(OpenDaBits {
            opened_bits: self.bits.open_to(peer_index)?,
            opened_field_shares: self.field_shares.open_to(peer_index)?,
        })
    }

    /// Open the share towards all other peers. Returns an iterator with either one opening for
    /// each peer or a single opening for all peers.
    fn open_to_all_others(&self) -> impl ExactSizeIterator<Item = Self::Opening> {
        izip!(
            self.bits.open_to_all_others(),
            self.field_shares.open_to_all_others()
        )
        .map(|(opened_bits, opened_field_shares)| OpenDaBits {
            opened_bits,
            opened_field_shares,
        })
    }

    /// Reconstruct a secret from openings coming from all other parties.
    fn reconstruct(&self, openings: Vec<Self::Opening>) -> Result<Self::Value, PrimitiveError> {
        let (bit_openings, field_openings): (Vec<_>, Vec<_>) = openings
            .into_iter()
            .map(|dabit_opening| (dabit_opening.opened_bits, dabit_opening.opened_field_shares))
            .unzip();
        let bits = self.bits.reconstruct(bit_openings)?;
        let field_shares = self.field_shares.reconstruct(field_openings)?;

        Ok(HeapArray::from_iter(izip!(
            bits.into_iter(),
            field_shares.into_iter()
        )))
    }
}

impl<F: FieldExtension, N: Positive> VerifiableWith for DaBits<F, N> {
    type VerificationData = ();

    /// Verify openings from all peers.
    fn verify_with(&self, openings: Vec<Self::Opening>, _data: ()) -> Result<(), PrimitiveError> {
        let openings = self.reconstruct(openings)?;

        for (bit, field) in openings {
            // Check that the bit has the same value as the field element
            if field == SubfieldElement::<F>::one() {
                if bit != SubfieldElement::<Gf2_128>::one() {
                    return Err(PrimitiveError::WrongCorrelation(
                        "daBit bit does not match the field element.".to_string(),
                    ));
                }
            } else if field == SubfieldElement::<F>::zero() {
                if bit != SubfieldElement::<Gf2_128>::zero() {
                    return Err(PrimitiveError::WrongCorrelation(
                        "daBit bit does not match the field element.".to_string(),
                    ));
                }
            } else {
                return Err(PrimitiveError::WrongCorrelation(
                    "daBit field element is not 0 or 1.".to_string(),
                ));
            }
        }

        Ok(())
    }
}