Version 4.0.0

.clang-format

@@ -0,0 +1,30 @@
+Language:                               Cpp
+BasedOnStyle:                           Google
+DerivePointerAlignment:                 false
+AllowShortFunctionsOnASingleLine:       Empty
+BinPackArguments:                       false
+BinPackParameters:                      false
+
+# The include rules below structures includes as
+#
+#  - STL headers (anything without an extension, tbp)
+#  - Other headers (anything that ends with .h)
+#  - External SCL headers (anything of the form <scl/...>)
+#  - Internal SCL headers (anything of the form "scl/...")
+#
+# The only exception is when a .cc file includes a header file with the same
+# name at the same path.
+
+IncludeCategories:
+  - Regex:           '^<scl/.*\.h*'
+    Priority:        4
+    SortPriority:    0
+  - Regex:           '^<.*\.h>'
+    Priority:        2
+    SortPriority:    0
+  - Regex:           '^<.*'
+    Priority:        1
+    SortPriority:    0
+  - Regex:           '^scl/.*'
+    Priority:        5
+    SortPriority:    0

.clang-tidy

@@ -0,0 +1,27 @@
+Checks: '-*,bugprone-*,performance-*,readability-*,google-global-names-in-headers,cert-dcl59-cpp,-bugprone-easily-swappable-parameters,-readability-identifier-length,-readability-magic-numbers,-readability-function-cognitive-complexity,-readability-function-size'
+
+# Enabled checks:
+# - bugprone
+# - performance
+# - readability
+# - google-global-names-in-headers
+# - cert-dcl59-cpp
+#
+# Specific disabled checks
+#
+# bugprone-easily-swappable-parameters:
+#   Doesn't make sense to exclude functions taking multiple ints in SCL.
+#
+# readability-identifier-length:
+#   Short identifiers make sense.
+#
+# readability-magic-numbers:
+#   Too strict.
+#
+# readability-function-cognitive-complexity
+#   Catch2.
+#
+# readability-function-size
+#   Catch2.
+
+AnalyzeTemporaryDtors: false

.github/workflows/Checks.yml

@@ -9,7 +9,7 @@ on:
 jobs:
   documentation:
     name: Documentation
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2
 
@@ -39,11 +39,11 @@ jobs:
       - uses: actions/checkout@v2
 
       - name: Setup
-        run: sudo apt-get install -y clang-format-12
+        run: sudo apt-get install -y clang-format
 
       - name: Check
         shell: bash
         run: |
-          find . -type f \( -iname "*.h" -o -iname "*.cc" \) -exec clang-format -n --style=Google {} \; &> checks.txt
+          find . -type f \( -iname "*.h" -o -iname "*.cc" \) -exec clang-format -n {} \; &> checks.txt
           cat checks.txt
           test ! -s checks.txt

.github/workflows/Test.yml

@@ -12,7 +12,7 @@ env:
 jobs:
   build:
     name: Coverage and Linting
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
 
     steps:
     - uses: actions/checkout@v2

CMakeLists.txt

@@ -16,7 +16,7 @@
 
 cmake_minimum_required( VERSION 3.14 )
 
-project( scl VERSION 3.0.0 DESCRIPTION "Secure Computation Library" )
+project( scl VERSION 4.0.0 DESCRIPTION "Secure Computation Library" )
 
 if(NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE Release)
@@ -35,10 +35,12 @@ set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}")
 set(CMAKE_CXX_FLAGS  "${CMAKE_CXX_FLAGS} -march=native -Wall -Wextra -pedantic -Werror -std=gnu++17")
 
 set(SCL_SOURCE_FILES
-  src/scl/prg.cc
-  src/scl/hash.cc
+  src/scl/util/str.cc
+
+  src/scl/primitives/prg.cc
+  src/scl/primitives/sha3.cc
+  src/scl/primitives/sha256.cc
 
-  src/scl/math/str.cc
   src/scl/math/mersenne61.cc
   src/scl/math/mersenne127.cc
 
@@ -87,8 +89,9 @@ if(CMAKE_BUILD_TYPE MATCHES "Debug")
   set(SCL_TEST_SOURCE_FILES
     test/scl/main.cc
 
-    test/scl/test_hash.cc
-    test/scl/test_prg.cc
+    test/scl/primitives/test_prg.cc
+    test/scl/primitives/test_sha3.cc
+    test/scl/primitives/test_sha256.cc
 
     test/scl/gf7.cc
     test/scl/math/test_mersenne61.cc
@@ -102,6 +105,7 @@ if(CMAKE_BUILD_TYPE MATCHES "Debug")
     test/scl/ss/test_additive.cc
     test/scl/ss/test_poly.cc
     test/scl/ss/test_shamir.cc
+    test/scl/ss/test_feldman.cc
 
     test/scl/net/util.cc
     test/scl/net/test_config.cc

README.md

@@ -62,3 +62,15 @@ inspiration.
 SCL uses Doxygen for documentation. Run `./scripts/build_documentation.sh` to
 generate the documentation. This is placed in the `doc/` folder. Documentation
 uses `doxygen`, so make sure that's installed.
+
+# Citing
+
+I'd greatly appreciate any work that uses SCL include the below bibtex entry
+
+```
+@misc{secure-computation-library,
+    author = {Anders Dalskov},        
+    title = {{SCL (Secure Computation Library)---utility library for prototyping MPC applications}},
+    howpublished = {\url{https://github.com/anderspkd/secure-computation-library}},
+}
+```

RELEASE.txt

@@ -1,3 +1,14 @@
+4.0: Shamir, Feldman, SHA-256
+- Refactor Shamir to allow caching of Lagrange coefficients
+- Add support for Feldman Secret Sharing
+- Add support for SHA-256
+- Add bibtex blob for citing SCL
+- Refactor interface for hash functions
+- Refactor interface for Shamir
+- bugs:
+  - Fix negation of 0 in Secp256k1::Field and Secp256k1::Order
+  - Make serialization and deserialization of curve points behave more sanely
+
 3.0: More features, build changes
 - Add method for returning a point as a pair of affine coordinates
 - Add method to check if a channel has data available

examples/01_primitives.cc

@@ -42,5 +42,5 @@ int main() {
 
   /* The DigestToString can be used to print a hex representation of a digest.
    */
-  std::cout << scl::DigestToString(digest) << "\n";
+  std::cout << scl::details::DigestToString(digest) << "\n";
 }

examples/02_finite_fields.cc

@@ -18,10 +18,10 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-#include <scl/math.h>
-
 #include <iostream>
 
+#include <scl/math.h>
+
 int main() {
   /* This defines a "Finite Field" with space for at least 32 bits of
    * computation. At the moment, SCL supports two primes: One that is 61 bits
@@ -67,7 +67,7 @@ int main() {
   std::cout << a << " ?= " << b << ": " << (a == b) << "\n";
   std::cout << a << " ?= " << a << ": " << (a == a) << "\n";
 
-  scl::PRG prg;
+  auto prg = scl::PRG::Create();
 
   /* Using a PRG (see the PRG example), we can generate random field elements.
    */

examples/03_secret_sharing.cc

@@ -18,16 +18,17 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-#include <scl/math.h>
-#include <scl/secret_sharing.h>
-
 #include <iostream>
 #include <stdexcept>
 
+#include <scl/math.h>
+#include <scl/secret_sharing.h>
+
 int main() {
   using Fp = scl::Fp<32>;
   using Vec = scl::Vec<Fp>;
-  scl::PRG prg;
+
+  auto prg = scl::PRG::Create();
 
   /* We can easily create an additive secret sharing of some secret value:
    */
@@ -46,8 +47,8 @@ int main() {
    * correction. Lets see error detection at work first
    */
 
-  scl::details::ShamirSSFactory<Fp> factory(
-      1, prg, scl::details::SecurityLevel::CORRECT);
+  auto factory =
+      scl::ShamirSSFactory<Fp>::Create(1, prg, scl::SecurityLevel::CORRECT);
   /* We create 4 shamir shares with a threshold of 1.
    */
   auto shamir_shares = factory.Share(secret);
@@ -56,17 +57,15 @@ int main() {
   /* Of course, these can be reconstructed. The second parameter is the
    * threshold. This performs reconstruction with error detection.
    */
-  auto recon = factory.GetInterpolator();
   auto shamir_reconstructed =
-      recon.Reconstruct(shamir_shares, scl::details::SecurityLevel::DETECT);
+      factory.Recover(shamir_shares, scl::SecurityLevel::DETECT);
   std::cout << shamir_reconstructed << "\n";
 
   /* If we introduce an error, then reconstruction fails
    */
   shamir_shares[2] = Fp(123);
   try {
-    std::cout << recon.Reconstruct(shamir_shares,
-                                   scl::details::SecurityLevel::DETECT)
+    std::cout << factory.Recover(shamir_shares, scl::SecurityLevel::DETECT)
               << "\n";
   } catch (std::logic_error& e) {
     std::cout << e.what() << "\n";
@@ -75,7 +74,7 @@ int main() {
   /* On the other hand, we can use the robust reconstruction since the threshold
    * is low enough. I.e., because 4 >= 3*1 + 1.
    */
-  auto r = recon.Reconstruct(shamir_shares);
+  auto r = factory.Recover(shamir_shares);
   std::cout << r << "\n";
 
   /* With a bit of extra work, we can even learn which share had the error.
@@ -104,7 +103,7 @@ int main() {
    */
   shamir_shares[1] = Fp(22);
   try {
-    recon.Reconstruct(shamir_shares);
+    factory.Recover(shamir_shares);
   } catch (std::logic_error& e) {
     std::cout << e.what() << "\n";
   }

examples/04_networking.cc

@@ -18,11 +18,10 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-#include <scl/scl.h>
-
 #include <iostream>
 
-#include "scl/net/tcp_channel.h"
+#include <scl/net/tcp_channel.h>
+#include <scl/scl.h>
 
 scl::NetworkConfig RunServer(int n) {
   scl::DiscoveryServer server(n);
@@ -67,7 +66,7 @@ int main(int argc, char** argv) {
 
   auto network = scl::Network::Create<scl::TcpChannel>(config);
 
-  for (std::size_t i = 0; i < 3; ++i) {
+  for (std::size_t i = 0; i < (std::size_t)n; ++i) {
     // similar to the TCP channel example, send our ID to everyone:
     network.Party(i)->Send(config.Id());
     unsigned received_id;

include/scl/math/ec.h

@@ -26,7 +26,7 @@
 #include "scl/math/ec_ops.h"
 #include "scl/math/ff.h"
 #include "scl/math/number.h"
-#include "scl/prg.h"
+#include "scl/primitives/prg.h"
 
 namespace scl {
 
@@ -44,6 +44,11 @@ class EC {
    */
   using Field = FF<typename Curve::Field>;
 
+  /**
+   * @brief A large sub-group of this curve.
+   */
+  using Order = FF<typename Curve::Order>;
+
   /**
    * @brief The size of a curve point in bytes.
    * @param compressed
@@ -62,7 +67,9 @@ class EC {
   /**
    * @brief A string indicating which curve this is.
    */
-  constexpr static const char* Name() { return Curve::kName; };
+  constexpr static const char* Name() {
+    return Curve::kName;
+  };
 
   /**
    * @brief Get the generator of this curve.
@@ -96,7 +103,9 @@ class EC {
   /**
    * @brief Create a new point equal to the point at infinity.
    */
-  explicit constexpr EC() { details::CurveSetPointAtInfinity<Curve>(mValue); };
+  explicit constexpr EC() {
+    details::CurveSetPointAtInfinity<Curve>(mValue);
+  };
 
   /**
    * @brief Add another EC point to this.
@@ -173,7 +182,7 @@ class EC {
    * @param scalar the scalar
    * @return this.
    */
-  EC& operator*=(const FF<typename Curve::Order>& scalar) {
+  EC& operator*=(const Order& scalar) {
     details::CurveScalarMultiply<Curve>(mValue, scalar);
     return *this;
   };
@@ -195,8 +204,7 @@ class EC {
    * @param scalar the scalar
    * @return the point multiplied with the scalar.
    */
-  friend EC operator*(const EC& point,
-                      const FF<typename Curve::Order>& scalar) {
+  friend EC operator*(const EC& point, const Order& scalar) {
     EC copy(point);
     return copy *= scalar;
   };

include/scl/math/ec_ops.h

@@ -56,7 +56,8 @@ void CurveSetGenerator(typename C::ValueType& out);
  * @param y the y coordinate
  */
 template <typename C>
-void CurveSetAffine(typename C::ValueType& out, const FF<typename C::Field>& x,
+void CurveSetAffine(typename C::ValueType& out,
+                    const FF<typename C::Field>& x,
                     const FF<typename C::Field>& y);
 
 /**
@@ -139,7 +140,8 @@ void CurveFromBytes(typename C::ValueType& out, const unsigned char* src);
  * @param compress whether to compress the point
  */
 template <typename C>
-void CurveToBytes(unsigned char* dest, const typename C::ValueType& in,
+void CurveToBytes(unsigned char* dest,
+                  const typename C::ValueType& in,
                   bool compress);
 
 /**