Mascot preprocessing #214
Mascot preprocessing #214
Conversation
tools/mascot/pom.xml
Outdated
| <descriptorRefs> | ||
| <descriptorRef>jar-with-dependencies</descriptorRef> | ||
| </descriptorRefs> | ||
| <finalName>fresco-tools-mascot</finalName> |
There was a problem hiding this comment.
Do we package mascot - why?
There was a problem hiding this comment.
Whoops that was a copy and paste. Gone now.
| //import java.util.List; | ||
| //import java.util.stream.Stream; | ||
| // | ||
| //// TODO this class is sad |
| */ | ||
| @Override | ||
| public void send(int partyId, byte[] data) { | ||
| throw new UnsupportedOperationException("Broadcast network can only send to all"); |
There was a problem hiding this comment.
This looks more like a proxy than a decorator
| // for each value we will have two sub-factors for each other party | ||
| List<List<FieldElement>> subFactors = new ArrayList<>(); | ||
|
|
||
| // TODO parallelize |
There was a problem hiding this comment.
Is this still a TODO or irellevant now?
There was a problem hiding this comment.
This is a performance improvement for the > 2 party case. I will remove the TODO and make an improve performance issue instead where this can go as a subtask.
There was a problem hiding this comment.
In general: really cool!!! :D
I would like to see mascot removed from spdz though, as it is really just a different data supplier. Also, it would be awesome if mascot could store the preprocessed data on file. If we only have the option of generating new data on the fly, then we kinda loose the whole idea of the preprocessing concept. So creating an option/class for serializing to disk and either use the same format as the current static approach (SpdzStorageDataSupplier) or change that supplier to accomodate a faster/better way (optimal solution - since we currently are using crappy IO and inefficient ObjectStreams - we want NIO instead I think).
| * digest serves as the commitment itself and the opening is the randomness and | ||
| * the message committed to. | ||
| * | ||
| * @author jot2re |
There was a problem hiding this comment.
We decided at some point that all author tags be removed. Some are still remaining, but I guess we should be consistent on new files
There was a problem hiding this comment.
I have removed all author tags from the OT package.
| import java.math.BigInteger; | ||
| import java.security.MessageDigest; | ||
|
|
||
| public interface NumericResourcePool extends ResourcePool { |
There was a problem hiding this comment.
Interface missing javadoc. Which might help for me in understanding exactly what it is. In my world, resource pools are specific to protocol suites, and I don't think all numeric protocol suites needs access to e.g. a hash algorithm?
| STATIC; // Use data already present on the machine it's running on. | ||
| DUMMY, // Use a dummy approach (e.g. always the same data) | ||
| MASCOT, // Use the Mascot preprocessing | ||
| STATIC // Use data already present on the machine it's running on. |
There was a problem hiding this comment.
We should not have Mascot as a possibility here. It belongs within the mascot project only.
| @@ -111,7 +112,7 @@ public SpdzMacCheckProtocol(SecureRandom rand, MessageDigest digest, SpdzStorage | |||
| } | |||
| deltaSum = deltaSum.mod(modulus); | |||
| if (!deltaSum.equals(BigInteger.ZERO)) { | |||
| throw new MPCException( | |||
| throw new MaliciousException( | |||
There was a problem hiding this comment.
Great! - while I remember: The other runtime exceptions in this class should also be malicious. This requires a few tests to be altered from what they expect.
There was a problem hiding this comment.
Wait, the other exceptions I'm talking about are not present until the spdz-test-coverage PR is merged in. Whichever PR get's merged last, should correct that then :)
| private int maxBitLength; | ||
| private int batchSize; | ||
|
|
||
| public static SpdzMascotDataSupplier createTestSupplier( |
There was a problem hiding this comment.
Do we want this in the "production" code?
| List<Integer> ports = new ArrayList<>(noOfParties); | ||
| for (int i = 1; i <= noOfParties; i++) { | ||
| ports.add(9000 + i * (noOfParties - 1)); | ||
| } | ||
|
|
||
| int maxBitLength; |
There was a problem hiding this comment.
The 150 doesn't matter for other preprocessing types. Just make it 128 if this is required by MASCOT
There was a problem hiding this comment.
The bitlength has relation to the size of modulus but also needs to be aligned to 8.
Let us fix the mim test and then see
|
|
||
| @Test | ||
| public void testMimcWithMascot() { | ||
| // TODO This fails (most likely because |
There was a problem hiding this comment.
Is this todo still valid?
| * @param macShare this party's share of the mac | ||
| * @throws MaliciousException if mac-check fails | ||
| */ | ||
| public void check(FieldElement opened, FieldElement macKeyShare, FieldElement macShare) { |
There was a problem hiding this comment.
Mostly out of curiosity: do we do MAC checks for just a single field element? Seems like it should be possible to pool multiple together and do the check on a sum.
There was a problem hiding this comment.
Yep, but the batching happens outside of this class (in ElementGeneration.check for instance).
|
|
||
| <dependency> | ||
| <groupId>dk.alexandra.fresco</groupId> | ||
| <artifactId>mascot</artifactId> |
There was a problem hiding this comment.
I do not agree that the online spdz should depend on mascot. Cause it doesn't :) - mascot effectively just provides a different SpdzDataSupplier, and all tests on that should be done within mascot. The same was done with the (now removed) fuelstation where a REST data supplier was created and used only within that project. So I suggest moving the mascot supplier to mascot.
There was a problem hiding this comment.
There are three options:
- Mascot depending on spdz
- Spdz depending on mascot
- new spdz offline maven project
1 is your suggestion, and implies that mascot should be seen as a subprotocol of spdz
2 is the current solution
3 is the correct, but cumbersome solution
The plan is to keep mascot pure, therefore we went with 2. Which also eliminates the potential jar hell at the end of that choice.
| @@ -0,0 +1,161 @@ | |||
| package dk.alexandra.fresco.suite.spdz.storage; | |||
There was a problem hiding this comment.
As mentioned in the spdz POM file comment, this class should be located within the mascot project.
|
@Rhaea I definitely think we should aim for MVP, and not extend this PR to include offline storage possibilities. And I fail to see the reason to put implementations of offline storage into the framework. There are serialization strategies available so anyone can do their own storage. |
| // Retrieve the random preprocessed message | ||
| byte[] randomMessage = randomMessages.get(offset).toByteArray(); | ||
| // Use the random message as the seed to a PRG | ||
| Drbg currentPrg = new AesCtrDrbg(randomMessage); |
There was a problem hiding this comment.
See comment on optimization on the Sender side.
There was a problem hiding this comment.
See comment on Sender side.
| * @param choiceBit | ||
| * The actual choice bit of the receiver | ||
| */ | ||
| private void sendSwitchBit(Boolean choiceBit) { |
There was a problem hiding this comment.
Is there a reason choiceBit should not be a primitive type boolean instead of an object Boolean?
| * Choice-bit. False for message 0, true for message 1. | ||
| * @return The serialized message from the OT | ||
| */ | ||
| public byte[] receive(Boolean choiceBit) { |
There was a problem hiding this comment.
Is there a reason choiceBit should not be a primitive type boolean instead of an object Boolean?
| private final int batchSize; | ||
|
|
||
| /** | ||
| * Constructs a new OT protocol and constructs the internal sender and receiver |
There was a problem hiding this comment.
This is not right, these objects are created in the send and receive methods. Possibly the java doc is updated?
| // the value itself. | ||
| // Size of an int is always 4 bytes in java | ||
| ByteBuffer indexBuffer = ByteBuffer | ||
| .allocate(4 + input.get(0).getSize() * 8); |
There was a problem hiding this comment.
I think this should be .allocate(4 + input.get(0).getSize() / 8);
There was a problem hiding this comment.
... possibly even .allocate((Integer.SIZE + input.get(0).getSize()) / 8); to make the code more readable (and make the comment above redundant).
There was a problem hiding this comment.
Actually, I think you missed some parenthesis. Nevermind, I will fix it before merge.
| * @return A random messages generated using a PRG | ||
| */ | ||
| private StrictBitVector computeRandomMessage(StrictBitVector seed, int sizeOfMessage) { | ||
| Drbg rand = new AesCtrDrbg(seed.toByteArray()); |
There was a problem hiding this comment.
As mentioned other places this should just be taken directly from the seed if the length allows it. And otherwise should be the result of applying a hash function not a freshly seeded DRBG.
| */ | ||
| public void send(Ot ot) { | ||
| if (sent == true) { | ||
| throw new IllegalStateException("Seed OTs have already been sent."); |
There was a problem hiding this comment.
Would it be possible/reasonable to just hand the ot object to the constructor and do the sending/receiving at construction? This way there would be no reason to handle these exceptions.
There was a problem hiding this comment.
Maybe. The problem is that OT is asymmetric and thus one party must call send when the other calls receive and vice versa. Thus the constructor would also need the IDs from the OT functionality to do this properly. Furthermore this also requires the RotList to ALWAYS do OT in both directions. Something we might not want to do in general (MASCOT does it, but if we make 2PC protocols, we don't need it).
There was a problem hiding this comment.
Also I am not too keen on doing too much network interaction in constructors, both in regards to testing, but also in regards to usage.
There was a problem hiding this comment.
Ok, I guess you know better than I what problems it would cause :). However, at least then we should add to the documentation of these methods that they should only be called once/only called after send/recieve. Also, it would be nice to have getter methods for the sent/receive flags so you can test if the methods are safe to call.
Btw, we do network stuff in many constructors in, e.g., MASCOT, I do not see that as a problem.
There was a problem hiding this comment.
Added documentation in commit 0515efa
I have not added gettter and setter methods since they are currently not needed and thus adding these would mean that we also had to test methods. In general I don't think it is a good idea to add dead code.
Regarding the network stuff: I personally prefer light constructors, in particular when we are at the primitive level (which I consider OT to be). The reason being that otherwise we must ensure that both parties are at the same place in the protocol at the same time, at the specific place where an object is constructed, not when it is necessary used.
There was a problem hiding this comment.
Just the docs changed is fine by me.
About the constructor, I think in this case this implementation does make sense to me. As you say, you may not always both send and receive. So you cant just do both at construction (unless you pass extra parameters to the constructor or something, which would probably just be a mess anyway).
| * vectors. | ||
| */ | ||
| public class Transpose { | ||
|
|
There was a problem hiding this comment.
For a utility class like this that is only intended to have static methods it is a good idea to add an empty private contructor so it is not instantiated by mistake. Like so:
private Tranpose() {
}
| * Superclass containing the common methods for the sender and | ||
| * receiver parties of correlated OT with errors. | ||
| */ | ||
| public class CoteShared { |
There was a problem hiding this comment.
I am not a huge fan of these *Shared super classes. It seems to me they are mainly used to hold common parameters and utility methods which could just as well be held in a separate helper class (basically the resourcepool).
At least, I think they should be made abstract as only their subclasses are intended to be instantiated.
(This comment goes for essentially all the classes with the Shared suffix).
There was a problem hiding this comment.
I have already removed the getter methods so that they now only contain common methods in order to avoid code-copy between the sender and receiver, while still keeping an object oriented approach.
I have now also made them abstract in commit faa7e12
|
I think I have been through everything, and will not be adding more comments. I think I am pretty much ready to merge once the last few bits are done. Good job guys 👍 |
|
Btw. Note to self: let's try not to do a PR this huge ever again. |
Introduces MASCOT (https://eprint.iacr.org/2016/505.pdf) protocol for the SPDZ offline phase and an OT-extension protocol (https://eprint.iacr.org/2015/546). Also implements several useful sub-protocols, including base OT (www.pinkas.net/PAPERS/effot.ps), actively-secure broadcast, coin-tossing, and commitments.