def PRandM(r_dprime, r_prime, b, k, m, kappa, use_dabit=True):
"""
r_dprime = random secret integer in range [0, 2^(k + kappa - m) - 1]
r_prime = random secret integer in range [0, 2^m - 1]
b = array containing bits of r_prime
"""
program.curr_tape.require_bit_length(k + kappa)
from .types import sint
if program.use_edabit() and m > 1 and not const_rounds:
movs(r_dprime, sint.get_edabit(k + kappa - m, True)[0])
tmp, b[:] = sint.get_edabit(m, True)
movs(r_prime, tmp)
return
t = [[program.curr_block.new_reg('s') for j in range(2)] for i in range(m)]
t[0][1] = b[-1]
PRandInt(r_dprime, k + kappa - m)
# r_dprime is always multiplied by 2^m
if use_dabit and program.use_dabit and m > 1 and not const_rounds:
r, b[:] = zip(*(sint.get_dabit() for i in range(m)))
r = sint.bit_compose(r)
movs(r_prime, r)
return
bit(b[-1])
for i in range(1, m):
adds(t[i][0], t[i - 1][1], t[i - 1][1])
bit(b[-i - 1])
adds(t[i][1], t[i][0], b[-i - 1])
movs(r_prime, t[m - 1][1])
def __init__(self, elements=None, length=None, input_length=None):
if length:
assert isinstance(elements, sint)
if Program.prog.use_split():
x = elements.split_to_two_summands(length)
v = sbitint.carry_lookahead_adder(x[0], x[1], fewer_inv=True)
else:
prog = Program.prog
if not prog.options.ring:
# force the use of edaBits
backup = prog.use_edabit()
prog.use_edabit(True)
from Compiler.floatingpoint import BitDecFieldRaw
self.v = BitDecFieldRaw(elements,
input_length or prog.bit_length,
length, prog.security)
prog.use_edabit(backup)
return
l = int(Program.prog.options.ring)
r, r_bits = sint.get_edabit(length, size=elements.size)
c = ((elements - r) << (l - length)).reveal()
c >>= l - length
cb = [(c >> i) for i in range(length)]
x = sbitintvec.from_vec(r_bits) + sbitintvec.from_vec(cb)
v = x.v
self.v = v[:length]
elif elements is not None and not (util.is_constant(elements) and \
elements == 0):
self.v = sbits.trans(elements)
def MaskingBitsInRing(m, strict=False):
from Compiler.types import sint
if program.use_edabit():
return sint.get_edabit(m, strict)
elif program.use_dabit:
r, r_bin = zip(*(sint.get_dabit() for i in range(m)))
else:
r = [sint.get_random_bit() for i in range(m)]
r_bin = r
return sint.bit_compose(r), r_bin
def __init__(self, elements=None, length=None):
if length:
assert isinstance(elements, sint)
if Program.prog.use_split():
x = elements.split_to_two_summands(length)
v = sbitint.carry_lookahead_adder(x[0], x[1], fewer_inv=True)
else:
assert Program.prog.options.ring
l = int(Program.prog.options.ring)
r, r_bits = sint.get_edabit(length, size=elements.size)
c = ((elements - r) << (l - length)).reveal()
c >>= l - length
cb = [(c >> i) for i in range(length)]
x = sbitintvec.from_vec(r_bits) + sbitintvec.from_vec(cb)
v = x.v
self.v = v[:length]
elif elements is not None:
self.v = sbits.trans(elements)
def __init__(self, elements=None, length=None):
if length:
assert isinstance(elements, sint)
if Program.prog.use_split():
n = Program.prog.use_split()
columns = [[sbits.get_type(elements.size)()
for i in range(n)] for i in range(length)]
inst.split(n, elements, *sum(columns, []))
x = sbitint.wallace_tree_without_finish(columns, False)
v = sbitint.carry_lookahead_adder(x[0], x[1], fewer_inv=True)
else:
assert Program.prog.options.ring
l = int(Program.prog.options.ring)
r, r_bits = sint.get_edabit(length, size=elements.size)
c = ((elements - r) << (l - length)).reveal()
c >>= l - length
cb = [(c >> i) for i in range(length)]
x = sbitintvec.from_vec(r_bits) + sbitintvec.from_vec(cb)
v = x.v
self.v = v[:length]
elif elements is not None:
self.v = sbits.trans(elements)
