fss_rs/
lib.rs

1// SPDX-License-Identifier: Apache-2.0
2// Copyright (C) 2023 Yulong Ming (myl7)
3
4//! Many variable names and the LaTeX math expressions in the doc comment are from the paper _Function Secret Sharing for Mixed-Mode and Fixed-Point Secure Computation_.
5
6#![cfg_attr(not(feature = "stable"), feature(portable_simd))]
7
8use group::Group;
9
10pub mod dcf;
11pub mod dpf;
12pub mod group;
13#[cfg(feature = "prg")]
14pub mod prg;
15pub mod utils;
16
17/// Point function.
18/// Despite the name, it only ships an element of the input domain and an element of the output domain.
19/// The actual meaning of the 2 elements is determined by the context.
20///
21/// - `IN_BLEN` is the **byte** length of the size of the input domain.
22///   `$n$` or `$\lceil \log_2 |\mathbb{G}^{in}| \rceil$` (but the byte length).
23/// - `OUT_BLEN` is the **byte** length of the size of the output domain.
24///   `$\lambda$` or `$\lceil \log_2 |\mathbb{G}^{out}| \rceil$` (but the byte length).
25pub struct PointFn<const IN_BLEN: usize, const OUT_BLEN: usize, G>
26where
27    G: Group<OUT_BLEN>,
28{
29    /// `$\alpha$`, or say `x` in `y = f(x)`.
30    pub alpha: [u8; IN_BLEN],
31    /// `$\beta$`, or say `y` in `y = f(x)`.
32    pub beta: G,
33}
34
35/// Pseudorandom generator (PRG).
36///
37/// Requires `Sync` for multi-threading.
38/// We still require it for single-threading since it should be still easy to be included.
39pub trait Prg<const BLEN: usize, const BLEN_N: usize>: Sync {
40    fn gen(&self, seed: &[u8; BLEN]) -> [([[u8; BLEN]; BLEN_N], bool); 2];
41}
42
43/// `Cw`. Correclation word.
44#[derive(Clone)]
45pub struct Cw<const OUT_BLEN: usize, G>
46where
47    G: Group<OUT_BLEN>,
48{
49    pub s: [u8; OUT_BLEN],
50    pub v: G,
51    pub tl: bool,
52    pub tr: bool,
53}
54
55/// `k`.
56///
57/// `cws` and `cw_np1` are shared by the 2 parties.
58/// Only `s0s[0]` is different.
59#[derive(Clone)]
60pub struct Share<const OUT_BLEN: usize, G>
61where
62    G: Group<OUT_BLEN>,
63{
64    /// For the output of `gen`, its length is 2.
65    /// For the input of `eval`, the first one is used.
66    pub s0s: Vec<[u8; OUT_BLEN]>,
67    /// The length of `cws` must be `n = 8 * N`.
68    pub cws: Vec<Cw<OUT_BLEN, G>>,
69    /// `$CW^{(n + 1)}$`.
70    pub cw_np1: G,
71}