Remove prss changes

Cargo.toml

@@ -53,7 +53,7 @@ tokio-util = { version = "0.7.4", optional = true }
 tower = { version = "0.4.13", optional = true }
 tower-http = { version = "0.3.4", optional = true, features = ["trace"] }
 # disable debug traces and below for release builds and keep everything for debug build
-tracing = { version = "0.1.37", features = ["max_level_trace", "release_max_level_debug"] }
+tracing = { version = "0.1.37", features = ["max_level_trace", "release_max_level_info"] }
 tracing-subscriber = { version = "0.3.16", optional = true, features = ["env-filter"] }
 x25519-dalek = "2.0.0-pre.1"
 

benches/oneshot/ipa.rs

@@ -7,7 +7,7 @@ use std::time::Instant;
 
 #[tokio::main(flavor = "multi_thread", worker_threads = 3)]
 async fn main() -> Result<(), Error> {
-    const BATCHSIZE: usize = 5000;
+    const BATCHSIZE: usize = 100;
     const MAX_TRIGGER_VALUE: u128 = 5;
     const PER_USER_CAP: u32 = 3;
     const MAX_BREAKDOWN_KEY: u128 = 4;

src/protocol/mod.rs

@@ -5,12 +5,8 @@ pub mod context;
 pub mod ipa;
 pub mod malicious;
 pub mod modulus_conversion;
-#[cfg(feature = "no-prss")]
-pub mod no_prss;
 pub mod prss;
 pub mod sort;
-#[cfg(not(feature = "no-prss"))]
-pub mod use_prss;
 
 use crate::error::Error;
 use std::fmt::Debug;

src/protocol/prss.rs

@@ -1,17 +1,20 @@
-#[cfg(feature = "no-prss")]
-pub use super::no_prss::{Generator, GeneratorFactory, KeyExchange, SharedRandomness};
-#[cfg(not(feature = "no-prss"))]
-pub use super::use_prss::{Generator, GeneratorFactory, KeyExchange, SharedRandomness};
-
 use super::Step;
+use crate::ff::Field;
 use crate::rand::{CryptoRng, RngCore};
+use crate::secret_sharing::replicated::semi_honest::AdditiveShare as Replicated;
 use crate::sync::{Arc, Mutex};
 
+use aes::{
+    cipher::{generic_array::GenericArray, BlockEncrypt, KeyInit},
+    Aes256,
+};
+use hkdf::Hkdf;
+use sha2::Sha256;
 use std::{collections::HashMap, fmt::Debug};
 #[cfg(debug_assertions)]
 use std::{collections::HashSet, fmt::Formatter};
 
-use x25519_dalek::PublicKey;
+use x25519_dalek::{EphemeralSecret, PublicKey};
 
 /// Keeps track of all indices used to generate shared randomness inside `IndexedSharedRandomness`.
 /// Any two indices provided to `IndexesSharedRandomness::generate_values` must be unique.
@@ -59,6 +62,78 @@ impl Debug for UsedSet {
     }
 }
 
+pub trait SharedRandomness {
+    /// Generate two random values, one that is known to the left helper
+    /// and one that is known to the right helper.
+    #[must_use]
+    fn generate_values<I: Into<u128>>(&self, index: I) -> (u128, u128);
+
+    /// Generate two random field values, one that is known to the left helper
+    /// and one that is known to the right helper.
+    #[must_use]
+    fn generate_fields<F: Field, I: Into<u128>>(&self, index: I) -> (F, F) {
+        let (l, r) = self.generate_values(index);
+        (F::from(l), F::from(r))
+    }
+
+    ///
+    /// Generate a replicated secret sharing of a random value, which none
+    /// of the helpers knows. This is an implementation of the functionality 2.1 `F_rand`
+    /// described on page 5 of the paper:
+    /// "Efficient Bit-Decomposition and Modulus Conversion Protocols with an Honest Majority"
+    /// by Ryo Kikuchi, Dai Ikarashi, Takahiro Matsuda, Koki Hamada, and Koji Chida
+    /// <https://eprint.iacr.org/2018/387.pdf>
+    ///
+    #[must_use]
+    fn generate_replicated<F: Field, I: Into<u128>>(&self, index: I) -> Replicated<F> {
+        let (l, r) = self.generate_fields(index);
+        Replicated::new(l, r)
+    }
+
+    /// Generate an additive share of zero.
+    /// Each party generates two values, one that is shared with the party to their left,
+    /// one with the party to their right.  If all entities add their left share
+    /// and subtract their right value, each share will be added once (as a left share)
+    /// and subtracted once (as a right share), resulting in values that sum to zero.
+    #[must_use]
+    fn zero_u128<I: Into<u128>>(&self, index: I) -> u128 {
+        let (l, r) = self.generate_values(index);
+        l.wrapping_sub(r)
+    }
+
+    /// Generate an XOR share of zero.
+    #[must_use]
+    fn zero_xor<I: Into<u128>>(&self, index: I) -> u128 {
+        let (l, r) = self.generate_values(index);
+        l ^ r
+    }
+
+    /// Generate an additive shares of a random value.
+    /// This is like `zero_u128`, except that the values are added.
+    /// The result is that each random value is added twice.  Note that thanks to
+    /// using a wrapping add, the result won't be even because the high bit will
+    /// wrap around and populate the low bit.
+    #[must_use]
+    fn random_u128<I: Into<u128>>(&self, index: I) -> u128 {
+        let (l, r) = self.generate_values(index);
+        l.wrapping_add(r)
+    }
+
+    /// Generate additive shares of zero in a field.
+    #[must_use]
+    fn zero<F: Field, I: Into<u128>>(&self, index: I) -> F {
+        let (l, r): (F, F) = self.generate_fields(index);
+        l - r
+    }
+
+    /// Generate additive shares of a random field value.
+    #[must_use]
+    fn random<F: Field, I: Into<u128>>(&self, index: I) -> F {
+        let (l, r): (F, F) = self.generate_fields(index);
+        l + r
+    }
+}
+
 /// A participant in a 2-of-N replicated secret sharing.
 /// Pseudorandom Secret-Sharing has many applications to the 3-party, replicated secret sharing scheme
 /// You can read about it in the seminal paper:
@@ -255,6 +330,70 @@ impl EndpointSetup {
     }
 }
 
+/// The key exchange component of a participant.
+pub struct KeyExchange {
+    sk: EphemeralSecret,
+}
+
+impl KeyExchange {
+    pub fn new<R: RngCore + CryptoRng>(r: &mut R) -> Self {
+        Self {
+            sk: EphemeralSecret::new(r),
+        }
+    }
+
+    #[must_use]
+    pub fn public_key(&self) -> PublicKey {
+        PublicKey::from(&self.sk)
+    }
+
+    #[must_use]
+    pub fn key_exchange(self, pk: &PublicKey) -> GeneratorFactory {
+        debug_assert_ne!(pk, &self.public_key(), "self key exchange detected");
+        let secret = self.sk.diffie_hellman(pk);
+        let kdf = Hkdf::<Sha256>::new(None, secret.as_bytes());
+        GeneratorFactory { kdf }
+    }
+}
+
+/// This intermediate object exists so that multiple generators can be constructed,
+/// with each one dedicated to one purpose.
+pub struct GeneratorFactory {
+    kdf: Hkdf<Sha256>,
+}
+
+impl GeneratorFactory {
+    /// Create a new generator using the provided context string.
+    #[allow(clippy::missing_panics_doc)] // Panic should be impossible.
+    #[must_use]
+    pub fn generator(&self, context: &[u8]) -> Generator {
+        let mut k = GenericArray::default();
+        self.kdf.expand(context, &mut k).unwrap();
+        Generator {
+            cipher: Aes256::new(&k),
+        }
+    }
+}
+
+/// The basic generator.  This generates values based on an arbitrary index.
+#[derive(Debug, Clone)]
+pub struct Generator {
+    cipher: Aes256,
+}
+
+impl Generator {
+    /// Generate the value at the given index.
+    /// This uses the MMO^{\pi} function described in <https://eprint.iacr.org/2019/074>.
+    #[must_use]
+    pub fn generate(&self, index: u128) -> u128 {
+        let mut buf = index.to_le_bytes();
+        self.cipher
+            .encrypt_block(GenericArray::from_mut_slice(&mut buf));
+
+        u128::from_le_bytes(buf) ^ index
+    }
+}
+
 #[cfg(all(test, not(feature = "shuttle")))]
 pub mod test {
     use super::{Generator, KeyExchange, SequentialSharedRandomness};