new version

CMakeLists.txt

@@ -16,7 +16,7 @@
 
 cmake_minimum_required( VERSION 3.14 )
 
-project( scl VERSION 6.2.0 DESCRIPTION "Secure Computation Library" )
+project( scl VERSION 0.7.0 DESCRIPTION "Secure Computation Library" )
 
 if(NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE Release)
@@ -64,7 +64,7 @@ if(WITH_EC MATCHES ON)
     src/scl/math/ops_gmp_ff.cc
     src/scl/math/secp256k1_field.cc
     src/scl/math/secp256k1_curve.cc
-    src/scl/math/secp256k1_order.cc
+    src/scl/math/secp256k1_scalar.cc
     src/scl/math/number.cc)
 endif()
 
@@ -102,6 +102,7 @@ if(CMAKE_BUILD_TYPE MATCHES "Debug")
     test/scl/util/test_sha256.cc
     test/scl/util/test_ecdsa.cc
     test/scl/util/test_cmdline.cc
+    test/scl/util/test_merkle.cc
 
     test/scl/gf7.cc
     test/scl/math/test_mersenne61.cc
@@ -137,7 +138,9 @@ if(CMAKE_BUILD_TYPE MATCHES "Debug")
     test/scl/simulation/test_result.cc
     test/scl/simulation/test_measurement.cc
     test/scl/simulation/test_mem_channel_buffer.cc
+    test/scl/simulation/test_channel.cc
     test/scl/simulation/test_env.cc
+    test/scl/simulation/test_manager.cc
 
     test/scl/serialization/test_serializer.cc)
 

RELEASE.txt

@@ -1,14 +1,30 @@
-6.2.0: More functionality for Number
+0.7.0:
+- Exponentiation for field elements
+- Various bug fixes. Especially in the simulation code
+- Change versioning. Make all releases start with 0 (to mark them as pre-release).
+- Merkle tree hashing.
+- Make it possible to hash anything which has a Serializer specialization.
+- Vec::ScalarMultiply now allows multiplying a Vec of curve points with a
+  scalar. Same for Mat.
+- Make it possible to prematurely terminate a party in a simulation.
+- Introduce a "Manager" class that contains the parameters of a simulation.
+- Rename EC::Order to EC::ScalarField.
+- Introduce a function for acquiring the order of a field.
+- Make utility functions in ECDSA public.
+- Various optimizations for the elliptic curve code.
+- Simplify the measurement class.
+
+0.6.2: More functionality for Number
 - Add modulo operator to Number.
 - Add some mathematical functions that operate on numbers.
 - Make Number serializable; add Serializer specialization.
 - Add a simple command-line argument parser.
 
-6.1.0: Extend serialization functionality
+0.6.1: Extend serialization functionality
 - Make Write methods return the number of bytes written.
 - Make it possible to serialize vectors with arbitrary content.
 
-6.0.0: Improvements to serialization and Channels.
+0.6.0: Improvements to serialization and Channels.
 - Added a Serializer type that can be specialized in order to specify how
   various objects are converted to bytes.
 - Added a Packet type that allows reading and writing almost arbitrary objects,
@@ -17,37 +33,33 @@
   Packets. Remove old Send/Recv overloads.
 - Remove proto::ProtocolEnvironment.
 
-5.3.0: ECDSA
+0.5.3: ECDSA
 - Added functionality for creating ECDSA signatures.
 
-5.2.0: Protocol environment extensions
+0.5.2: Protocol environment extensions
 - Make it possible to create "checkpoints" through the protocol environment
   clock.
 - fix a bug that prevented the documentation from being buildt
 - Rename ProtocolEnvironment to Env, and introduce a typedef for backwards
   compatability.
 
-5.1.2: Style changes
+0.5.1: Style changes
 - Change naming style of private field members.
-
-5.1.1: Bug fixes and simplifications
 - Simplifed the NextToRun logic because a greedy strategy too often results in
   rollbacks.
 - Fixed a bug in the Rollback logic where WriteOps weren't rolled back
   correctly.
-
-5.1: Vec-Mat multiplication
 - Add a Vec Mat to Vec multiplication function to Mat
 - Minor refactoring of test_mat.cc
 
-5.0: Simulation
+0.5.0: Simulation
 - Added a new module for simulating protocol executions under different network
   conditions.
 - Refactored layout with respect to namespaces. details no longer exists, and
   the different modules have gotten their own namespace.
 - Up test coverage to 100%. Minor refactoring to the actions.
 
-4.0: Shamir, Feldman, SHA-256
+0.4.0: Shamir, Feldman, SHA-256
 - Refactor Shamir to allow caching of Lagrange coefficients
 - Add support for Feldman Secret Sharing
 - Add support for SHA-256
@@ -58,7 +70,7 @@
   - Fix negation of 0 in Secp256k1::Field and Secp256k1::Order
   - Make serialization and deserialization of curve points behave more sanely
 
-3.0: More features, build changes
+0.3.0: More features, build changes
 - Add method for returning a point as a pair of affine coordinates
 - Add method to check if a channel has data available
 - Allow sending and receiving STL vectors without specifying the size
@@ -72,12 +84,12 @@
   - disable actions for master branch
   - add clang-tidy action
 
-2.1: More Finite Fields
+0.2.1: More Finite Fields
 - Provide a FF implementation for computations modulo the order of Secp256k1
 - Extend EC with support for scalar multiplications with scalars from a finite
   field of size the order of a subgroup.
 
-2.0: Elliptic curves and finite field refactoring
+0.2.0: Elliptic curves and finite field refactoring
 - Make it simpler to define new finite fields
 - Include optional (but enabled by default) support for elliptic curves
   - Implement secp256k1
@@ -87,13 +99,13 @@
 - Rename FF<Bits> to Fp<Bits>.
 - Move class FF into scl namespace.
 
-1.1: Refactoring of finite field internals
+0.1.1: Refactoring of finite field internals
 - Finite field operations are now defined by individual specializations of
   templated functions
 - Remove DEFINE_FINITE_FIELD macro
 - Move Mersenne61 and Mersenne127 definitions into ff.h
 
-1.0: Initial public version of SCL.
+0.1.0: Initial public version of SCL.
 - Features:
   - Math:
     - Finite Field class with two instantiations based on Mersenne primes

include/scl/math/curves/secp256k1.h

@@ -57,7 +57,7 @@ struct Secp256k1 {
   /**
    * @brief Finite field modulo a Secp256k1 prime order sub-group.
    */
-  struct Order {
+  struct Scalar {
     /**
      * @brief Internal type of elements.
      */

include/scl/math/ec.h

@@ -47,7 +47,7 @@ class EC final : Add<EC<Curve>>, Eq<EC<Curve>>, Print<EC<Curve>> {
   /**
    * @brief A large sub-group of this curve.
    */
-  using Order = FF<typename Curve::Order>;
+  using ScalarField = FF<typename Curve::Scalar>;
 
   /**
    * @brief The size of a curve point in bytes.
@@ -165,7 +165,7 @@ class EC final : Add<EC<Curve>>, Eq<EC<Curve>>, Print<EC<Curve>> {
    * @param scalar the scalar
    * @return this.
    */
-  EC& operator*=(const Order& scalar) {
+  EC& operator*=(const ScalarField& scalar) {
     CurveScalarMultiply<Curve>(m_value, scalar);
     return *this;
   }
@@ -187,7 +187,7 @@ class EC final : Add<EC<Curve>>, Eq<EC<Curve>>, Print<EC<Curve>> {
    * @param scalar the scalar
    * @return the point multiplied with the scalar.
    */
-  friend EC operator*(const EC& point, const Order& scalar) {
+  friend EC operator*(const EC& point, const ScalarField& scalar) {
     EC copy(point);
     return copy *= scalar;
   }
@@ -208,10 +208,9 @@ class EC final : Add<EC<Curve>>, Eq<EC<Curve>>, Print<EC<Curve>> {
    * @param scalar the scalar
    * @return the point multiplied with the scalar.
    */
-  friend EC operator*(const FF<typename Curve::Order>& scalar,
-                      const EC& point) {
+  friend EC operator*(const ScalarField& scalar, const EC& point) {
     return point * scalar;
-  }
+  }  // LCOV_EXCL_LINE
 
   /**
    * @brief Negate this point.
@@ -229,30 +228,30 @@ class EC final : Add<EC<Curve>>, Eq<EC<Curve>>, Print<EC<Curve>> {
    */
   bool Equal(const EC& other) const {
     return CurveEqual<Curve>(m_value, other.m_value);
-  }
+  }  // LCOV_EXCL_LINE
 
   /**
    * @brief Check if this point is equal to the point at inifity.
    * @return true if this point is equal to the point at inifity.
    */
   bool PointAtInfinity() const {
     return CurveIsPointAtInfinity<Curve>(m_value);
-  }
+  }  // LCOV_EXCL_LINE
 
   /**
    * @brief Return this point as a pair of affine coordinates.
    * @return this point as a pair of affine coordinates.
    */
   std::array<Field, 2> ToAffine() const {
     return CurveToAffine<Curve>(m_value);
-  }
+  }  // LCOV_EXCL_LINE
 
   /**
    * @brief Output this point as a string.
    */
   std::string ToString() const {
     return CurveToString<Curve>(m_value);
-  }
+  }  // LCOV_EXCL_LINE
 
   /**
    * @brief Write this point to a buffer.
@@ -261,7 +260,7 @@ class EC final : Add<EC<Curve>>, Eq<EC<Curve>>, Print<EC<Curve>> {
    */
   void Write(unsigned char* dest, bool compress = true) const {
     CurveToBytes<Curve>(dest, m_value, compress);
-  }
+  }  // LCOV_EXCL_LINE
 
  private:
   typename Curve::ValueType m_value;

include/scl/math/ec_ops.h

@@ -110,7 +110,7 @@ void CurveScalarMultiply(typename C::ValueType& out, const Number& scalar);
  */
 template <typename C>
 void CurveScalarMultiply(typename C::ValueType& out,
-                         const FF<typename C::Order>& scalar);
+                         const FF<typename C::Scalar>& scalar);
 
 /**
  * @brief Check if two elliptic curve points are equal.

include/scl/math/ff.h

@@ -255,6 +255,36 @@ class FF final : Add<FF<Field>>,
   friend class FFAccess;
 };
 
+/**
+ * @brief Returns the order of a finite field.
+ */
+template <typename F>
+Number Order();
+
+/**
+ * @brief Raise an element to a power.
+ * @param base the base.
+ * @param exp the exponent.
+ * @return \p base raised to the \p exp th power.
+ */
+template <typename T>
+FF<T> Exp(const FF<T>& base, std::size_t exp) {
+  if (exp == 0) {
+    return FF<T>::One();
+  }
+
+  const auto n = sizeof(std::size_t) * 8 - __builtin_clzll(exp);
+  FF r = FF<T>::One();
+  for (std::size_t i = n; i-- > 0;) {
+    r *= r;
+    if (((exp >> i) & 1) == 1) {
+      r *= base;
+    }
+  }
+
+  return r;
+}
+
 }  // namespace scl::math
 
 #endif  // SCL_MATH_FF_H

include/scl/math/ff_ops.h

@@ -23,6 +23,8 @@
 #include <string>
 #include <type_traits>
 
+#include "scl/math/number.h"
+
 namespace scl::math {
 
 /**

include/scl/math/lagrange.h

@@ -52,8 +52,7 @@ namespace scl::math {
  * @see https://en.wikipedia.org/wiki/Lagrange_polynomial
  */
 template <typename T>
-Vec<T> ComputeLagrangeBasis(const math::Vec<T>& nodes, int x) {
-  const auto _x = T{x};
+Vec<T> ComputeLagrangeBasis(const math::Vec<T>& nodes, const T& x) {
   const auto n = nodes.Size();
   std::vector<T> b;
   b.reserve(n);
@@ -63,14 +62,25 @@ Vec<T> ComputeLagrangeBasis(const math::Vec<T>& nodes, int x) {
     for (std::size_t j = 0; j < n; ++j) {
       if (i != j) {
         const auto xj = nodes[j];
-        ell *= (_x - xj) / (xi - xj);
+        ell *= (x - xj) / (xi - xj);
       }
     }
     b.emplace_back(ell);
   }
   return b;
 }
 
+/**
+ * @brief Computes a lagrange basis for a set of nodes.
+ * @param nodes the set of nodes.
+ * @param x the evaluation point x.
+ * @see ComputeLagrangeBasis
+ */
+template <typename T>
+Vec<T> ComputeLagrangeBasis(const math::Vec<T>& nodes, int x) {
+  return ComputeLagrangeBasis(nodes, T{x});
+}
+
 }  // namespace scl::math
 
 #endif  // SCL_MATH_LAGRANGE_H

include/scl/math/mat.h

@@ -332,7 +332,10 @@ class Mat : Print<Mat<Elem>> {
    * @param scalar the scalar
    * @return this scaled by \p scalar.
    */
-  Mat ScalarMultiply(const Elem& scalar) const {
+  template <
+      typename Scalar,
+      std::enable_if_t<util::HasOperatorMul<Elem, Scalar>::value, bool> = true>
+  Mat ScalarMultiply(const Scalar& scalar) const {
     Mat copy(m_rows, m_cols, m_values);
     return copy.ScalarMultiplyInPlace(scalar);
   }
@@ -342,7 +345,10 @@ class Mat : Print<Mat<Elem>> {
    * @param scalar the scalar
    * @return this scaled by \p scalar.
    */
-  Mat& ScalarMultiplyInPlace(const Elem& scalar) {
+  template <
+      typename Scalar,
+      std::enable_if_t<util::HasOperatorMul<Elem, Scalar>::value, bool> = true>
+  Mat& ScalarMultiplyInPlace(const Scalar& scalar) {
     for (auto& v : m_values) {
       v *= scalar;
     }