def Norm(b, k, f, kappa, simplex_flag=False):
"""
Computes secret integer values [c] and [v_prime] st.
2^{k-1} <= c < 2^k and c = b*v_prime
"""
# For simplex, we can get rid of computing abs(b)
temp = None
if simplex_flag == False:
temp = b.less_than(0, 2 * k)
elif simplex_flag == True:
temp = cint(0)
sign = 1 - 2 * temp # 1 - 2 * [b < 0]
absolute_val = sign * b
#next 2 lines actually compute the SufOR for little indian encoding
bits = absolute_val.bit_decompose(k, kappa)[::-1]
suffixes = PreOR(bits)[::-1]
z = [0] * k
for i in range(k - 1):
z[i] = suffixes[i] - suffixes[i+1]
z[k - 1] = suffixes[k-1]
#doing complicated stuff to compute v = 2^{k-m}
acc = cint(0)
for i in range(k):
acc += two_power(k-i-1) * z[i]
part_reciprocal = absolute_val * acc
signed_acc = sign * acc
return part_reciprocal, signed_acc
def sint_cint_division(a, b, k, f, kappa):
"""
type(a) = sint, type(b) = cint
"""
theta = int(ceil(log(k/3.5) / log(2)))
two = cint(2) * two_power(f)
sign_b = cint(1) - 2 * cint(b < 0)
sign_a = sint(1) - 2 * sint(a < 0)
absolute_b = b * sign_b
absolute_a = a * sign_a
w0 = approximate_reciprocal(absolute_b, k, f, theta)
A = Array(theta, sint)
B = Array(theta, cint)
W = Array(theta, cint)
A[0] = absolute_a
B[0] = absolute_b
W[0] = w0
@for_range(1, theta)
def block(i):
A[i] = TruncPr(A[i - 1] * W[i - 1], 2*k, f, kappa)
temp = shift_two(B[i - 1] * W[i - 1], f)
# no reading and writing to the same variable in a for loop.
W[i] = two - temp
B[i] = temp
return (sign_a * sign_b) * A[theta - 1]
def cint_cint_division(a, b, k, f):
"""
Goldschmidt method implemented with
SE aproximation:
http://stackoverflow.com/questions/2661541/picking-good-first-estimates-for-goldschmidt-division
"""
# theta can be replaced with something smaller
# for safety we assume that is the same theta from previous GS method
theta = int(ceil(log(k/3.5) / log(2)))
two = cint(2) * two_power(f)
sign_b = cint(1) - 2 * cint(b < 0)
sign_a = cint(1) - 2 * cint(a < 0)
absolute_b = b * sign_b
absolute_a = a * sign_a
w0 = approximate_reciprocal(absolute_b, k, f, theta)
A = Array(theta, cint)
B = Array(theta, cint)
W = Array(theta, cint)
A[0] = absolute_a
B[0] = absolute_b
W[0] = w0
for i in range(1, theta):
A[i] = shift_two(A[i - 1] * W[i - 1], f)
B[i] = shift_two(B[i - 1] * W[i - 1], f)
W[i] = two - B[i]
return (sign_a * sign_b) * A[theta - 1]
def approximate_reciprocal(divisor, k, f, theta):
"""
returns aproximation of 1/divisor
where type(divisor) = cint
"""
def twos_complement(x):
bits = x.bit_decompose(k)[::-1]
bit_array = Array(k, cint)
bit_array.assign(bits)
twos_result = MemValue(cint(0))
@for_range(k)
def block(i):
val = twos_result.read()
val <<= 1
val += 1 - bit_array[i]
twos_result.write(val)
return twos_result.read() + 1
bit_array = Array(k, cint)
bits = divisor.bit_decompose(k)[::-1]
bit_array.assign(bits)
cnt_leading_zeros = MemValue(regint(0))
flag = MemValue(regint(0))
cnt_leading_zeros = MemValue(regint(0))
normalized_divisor = MemValue(divisor)
@for_range(k)
def block(i):
flag.write(flag.read() | bit_array[i] == 1)
@if_(flag.read() == 0)
def block():
cnt_leading_zeros.write(cnt_leading_zeros.read() + 1)
normalized_divisor.write(normalized_divisor << 1)
q = MemValue(two_power(k))
e = MemValue(twos_complement(normalized_divisor.read()))
qr = q.read()
er = e.read()
for i in range(theta):
qr = qr + shift_two(qr * er, k)
er = shift_two(er * er, k)
q = qr
res = shift_two(q, (2 * k - 2 * f - cnt_leading_zeros))
return res
def approximate_reciprocal(divisor, k, f, theta):
"""
returns aproximation of 1/divisor
where type(divisor) = cint
"""
def twos_complement(x):
bits = x.bit_decompose(k)[::-1]
bit_array = Array(k, cint)
bit_array.assign(bits)
twos_result = MemValue(cint(0))
@for_range(k)
def block(i):
val = twos_result.read()
val <<= 1
val += 1 - bit_array[i]
twos_result.write(val)
return twos_result.read() + 1
bit_array = Array(k, cint)
bits = divisor.bit_decompose(k)[::-1]
bit_array.assign(bits)
cnt_leading_zeros = MemValue(regint(0))
flag = MemValue(regint(0))
cnt_leading_zeros = MemValue(regint(0))
normalized_divisor = MemValue(divisor)
@for_range(k)
def block(i):
flag.write(flag.read() | bit_array[i] == 1)
@if_(flag.read() == 0)
def block():
cnt_leading_zeros.write(cnt_leading_zeros.read() + 1)
normalized_divisor.write(normalized_divisor << 1)
q = MemValue(two_power(k))
e = MemValue(twos_complement(normalized_divisor.read()))
qr = q.read()
er = e.read()
for i in range(theta):
qr = qr + shift_two(qr * er, k)
er = shift_two(er * er, k)
q = qr
res = shift_two(q, (2*k - 2*f - cnt_leading_zeros))
return res
def FPDiv(a, b, k, f, kappa, simplex_flag=False):
"""
Goldschmidt method as presented in Catrina10,
"""
theta = int(ceil(log(k/3.5) / log(2)))
alpha = two_power(2*f)
w = AppRcr(b, k, f, kappa, simplex_flag)
x = alpha - b * w
y = a * w
y = TruncPr(y, 2*k, f, kappa)
for i in range(theta):
y = y * (alpha + x)
x = x * x
y = TruncPr(y, 2*k, 2*f, kappa)
x = TruncPr(x, 2*k, 2*f, kappa)
y = y * (alpha + x)
y = TruncPr(y, 2*k, 2*f, kappa)
return y