Mascot preprocessing

core/src/main/java/dk/alexandra/fresco/commitment/HashBasedCommitment.java

@@ -0,0 +1,97 @@
+package dk.alexandra.fresco.commitment;
+
+import dk.alexandra.fresco.framework.MaliciousException;
+import dk.alexandra.fresco.framework.util.Drbg;
+import dk.alexandra.fresco.framework.util.ExceptionConverter;
+import java.security.MessageDigest;
+import java.util.Arrays;
+
+/**
+ * Class representing a hash-based commitment. Secure assuming that SHA-256 is a
+ * random oracle. An instantiated object represents a commitment by itself and
+ * does <b>not</b> contain any secret information. An object gets instantiated
+ * by calling the commit command. <br/>
+ * The scheme itself is based on the ROM folklore scheme where the message to
+ * commit to is concatenated with a random string and then hashed. The hash
+ * digest serves as the commitment itself and the opening is the randomness and
+ * the message committed to.
+ *
+ * @author jot2re
+ */
+public class HashBasedCommitment {
+
+  private static final String HASH_ALGORITHM = "SHA-256";
+  /**
+   * The length of the hash digest along with the randomness used.
+   */
+  public static final int DIGEST_LENGTH = 32; // 256 / 8 bytes
+  /**
+   * The actual value representing the commitment.
+   */
+  byte[] commitmentVal = null;
+  private final MessageDigest digest;
+
+  /**
+   * Constructs a new commitment, not yet committed to any value.
+   */
+  public HashBasedCommitment() {
+    digest = ExceptionConverter.safe(
+        () -> MessageDigest.getInstance(HASH_ALGORITHM),
+        "Missing secure, hash function which is dependent in this library");
+  }
+
+  /**
+   * Initializes the commitment to commit to a specific value and returns the opening information.
+   *
+   * @param rand
+   *          A cryptographically secure randomness generator.
+   * @param value
+   *          The element to commit to.
+   * @return The opening information needed to open the commitment.
+   */
+  public byte[] commit(Drbg rand, byte[] value) {
+    if (commitmentVal != null) {
+      throw new IllegalStateException("Already committed");
+    }
+    // Sample a sufficient amount of random bits
+    byte[] randomness = new byte[DIGEST_LENGTH];
+    rand.nextBytes(randomness);
+    // Construct an array to contain the bytes to hash
+    byte[] openingInfo = new byte[value.length + randomness.length];
+    System.arraycopy(value, 0, openingInfo, 0, value.length);
+    System.arraycopy(randomness, 0, openingInfo, value.length,
+        randomness.length);
+    commitmentVal = digest.digest(openingInfo);
+    return openingInfo;
+  }
+
+  /**
+   * Opens a committed object using information returned from the {@code commit} command.
+   *
+   * @param openingInfo
+   *          The data needed to open this given commitment.
+   * @return The value that was committed to.
+   */
+  public byte[] open(byte[] openingInfo) {
+    if (commitmentVal == null) {
+      throw new IllegalStateException("No commitment to open");
+    }
+    if (openingInfo.length < DIGEST_LENGTH) {
+      throw new MaliciousException(
+          "The opening info is too small to be a commitment.");
+    }
+    // Hash the opening info and verify that it matches the value stored in
+    // "commitmentValue"
+    byte[] digestValue = digest.digest(openingInfo);
+    if (Arrays.equals(digestValue, commitmentVal)) {
+      // Extract the randomness and the value committed to from the openingInfo
+      // The value comes first
+      byte[] value = new byte[openingInfo.length - DIGEST_LENGTH];
+      System.arraycopy(openingInfo, 0, value, 0,
+          openingInfo.length - DIGEST_LENGTH);
+      return value;
+    } else {
+      throw new MaliciousException("The opening info does not match the commitment.");
+    }
+  }
+}

core/src/main/java/dk/alexandra/fresco/commitment/HashBasedCommitmentSerializer.java

@@ -0,0 +1,62 @@
+package dk.alexandra.fresco.commitment;
+
+import dk.alexandra.fresco.framework.network.serializers.ByteSerializer;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class HashBasedCommitmentSerializer implements ByteSerializer<HashBasedCommitment> {
+
+  @Override
+  public byte[] serialize(HashBasedCommitment comm) {
+    return comm.commitmentVal;
+  }
+
+  @Override
+  public byte[] serialize(List<HashBasedCommitment> elements) {
+    if (elements.isEmpty()) {
+      return new byte[] {};
+    }
+    // A serialized commitment only consists of its internal digest
+    byte[] commList = new byte[elements.size() * HashBasedCommitment.DIGEST_LENGTH];
+    // Ensure all field elements are in the same field and have same bit length
+    for (int i = 0; i < elements.size(); i++) {
+      System.arraycopy(elements.get(i).commitmentVal, 0, commList,
+          i * HashBasedCommitment.DIGEST_LENGTH, HashBasedCommitment.DIGEST_LENGTH);
+    }
+    return commList;
+  }
+
+  @Override
+  public HashBasedCommitment deserialize(byte[] data) {
+    if (data.length != HashBasedCommitment.DIGEST_LENGTH) {
+      throw new IllegalArgumentException(
+          "The length of the byte array to deserialize is wrong.");
+    }
+    HashBasedCommitment comm = new HashBasedCommitment();
+    comm.commitmentVal = data.clone();
+    return comm;
+  }
+
+  @Override
+  public List<HashBasedCommitment> deserializeList(byte[] data) {
+    if (data.length % HashBasedCommitment.DIGEST_LENGTH != 0) {
+      throw new IllegalArgumentException(
+          "The length of the byte array to deserialize is wrong.");
+    }
+    if (data.length == 0) {
+      return new ArrayList<>();
+    }
+    // A serialized commitment only consists of its internal digest
+    List<HashBasedCommitment> res = new ArrayList<>(data.length / HashBasedCommitment.DIGEST_LENGTH);
+    for (int i = 0; i < data.length / HashBasedCommitment.DIGEST_LENGTH; i++) {
+      HashBasedCommitment comm = new HashBasedCommitment();
+      byte[] commVal = new byte[HashBasedCommitment.DIGEST_LENGTH];
+      System.arraycopy(data, i * HashBasedCommitment.DIGEST_LENGTH,
+          commVal, 0, HashBasedCommitment.DIGEST_LENGTH);
+      comm.commitmentVal = commVal;
+      res.add(comm);
+    }
+    return res;
+  }
+}

core/src/main/java/dk/alexandra/fresco/framework/MaliciousException.java

@@ -0,0 +1,9 @@
+package dk.alexandra.fresco.framework;
+
+public class MaliciousException extends MPCException {
+
+  public MaliciousException(String message) {
+    super(message);
+  }
+
+}

core/src/main/java/dk/alexandra/fresco/framework/builder/numeric/DefaultPreprocessedValues.java

@@ -34,9 +34,7 @@ public DRes<List<DRes<SInt>>> getExponentiationPipe(int pipeLength) {
           List<DRes<SInt>> values = new ArrayList<>(state.value);
           values.add(seq.numeric().mult(last, r));
           return () -> new IterationState(state.round + 1, values);
-        }).seq((seq, state) -> {
-      return () -> state.value;
-    });
+        }).seq((seq, state) -> () -> state.value);
   }
 
   private static final class IterationState {

core/src/main/java/dk/alexandra/fresco/framework/builder/numeric/NumericResourcePool.java

@@ -0,0 +1,46 @@
+package dk.alexandra.fresco.framework.builder.numeric;
+
+import dk.alexandra.fresco.framework.network.serializers.ByteSerializer;
+import dk.alexandra.fresco.framework.sce.resources.ResourcePool;
+import java.math.BigInteger;
+import java.security.MessageDigest;
+
+public interface NumericResourcePool extends ResourcePool {
+
+  /**
+   * Gets the modulus.
+   *
+   * @return modulus
+   */
+  BigInteger getModulus();
+
+  /**
+   * Gets a serializer for big integer that is aligned with the current system settings in this
+   * invocation - hence byte length of big integer.
+   *
+   * @return the serializer
+   */
+  ByteSerializer<BigInteger> getSerializer();
+
+  /**
+   * Gets the message digest for this protocol suite invocation.
+   *
+   * @return the message digest
+   */
+  MessageDigest getMessageDigest();
+
+  /**
+   * Takes a unsigned BigInteger and converts it (reasonable) to a signed version.
+   *
+   * @param b the unsigned BigInteger
+   * @return the signed BigInteger
+   */
+  default BigInteger convertRepresentation(BigInteger b) {
+    BigInteger modulus = getModulus();
+    BigInteger actual = b.mod(modulus);
+    if (actual.compareTo(modulus.divide(BigInteger.valueOf(2))) > 0) {
+      actual = actual.subtract(modulus);
+    }
+    return actual;
+  }
+}

core/src/main/java/dk/alexandra/fresco/framework/network/serializers/BigIntegerWithFixedLengthSerializer.java

@@ -1,35 +1,65 @@
 package dk.alexandra.fresco.framework.network.serializers;
 
 import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * Serializes {@link BigInteger} to byte arrays using knowledge about the length
  * of the BigInteger.
  */
-public class BigIntegerWithFixedLengthSerializer implements BigIntegerSerializer {
+public class BigIntegerWithFixedLengthSerializer implements ByteSerializer<BigInteger> {
 
   private int byteLength;
 
+  /**
+   * Creates a new instance that adhere to the interface.
+   *
+   * @param byteLength the amount of bytes inteded to be serialized
+   */
+  public BigIntegerWithFixedLengthSerializer(int byteLength) {
+    this.byteLength = byteLength;
+  }
+
   @Override
-  public byte[] toBytes(BigInteger bigInteger) {
+  public byte[] serialize(BigInteger obj) {
     byte[] bytes = new byte[byteLength];
-    byte[] bb = bigInteger.toByteArray();
-    System.arraycopy(bb, 0, bytes, byteLength - bb.length, bb.length);
+    return produceBytes(obj, bytes, 0);
+  }
+
+  @Override
+  public BigInteger deserialize(byte[] data) {
+    return new BigInteger(data);
+  }
+
+  @Override
+  public byte[] serialize(List<BigInteger> objs) {
+    byte[] bytes = new byte[byteLength * objs.size()];
+    int offset = 0;
+    for (BigInteger bigInteger : objs) {
+      produceBytes(bigInteger, bytes, offset);
+      offset += byteLength;
+    }
     return bytes;
   }
 
   @Override
-  public BigInteger toBigInteger(byte[] bytes) {
-    return new BigInteger(bytes);
+  public List<BigInteger> deserializeList(byte[] data) {
+    int offset = 0;
+    List<BigInteger> result = new ArrayList<>();
+    while (offset < data.length) {
+      byte[] subArray = new byte[byteLength];
+      System.arraycopy(data, offset, subArray, 0, byteLength);
+      result.add(new BigInteger(subArray));
+      offset += byteLength;
+    }
+    return result;
   }
 
-  /**
-   * Creates a new instance that adhere to the interface.
-   *
-   * @param byteLength the amount of bytes inteded to be serialized
-   */
-  public BigIntegerWithFixedLengthSerializer(int byteLength) {
-    this.byteLength = byteLength;
+  private byte[] produceBytes(BigInteger bigInteger, byte[] bytes, int offset) {
+    byte[] bb = bigInteger.toByteArray();
+    System.arraycopy(bb, 0, bytes, byteLength - bb.length + offset, bb.length);
+    return bytes;
   }
 
 }

core/src/main/java/dk/alexandra/fresco/framework/network/serializers/ByteSerializer.java

@@ -0,0 +1,47 @@
+package dk.alexandra.fresco.framework.network.serializers;
+
+import java.util.List;
+
+/**
+ * A generic serializer, allows serialization and deserialization of elements with the
+ * corresponding type, T.
+ *
+ * @param <T> the type to serialize.
+ */
+public interface ByteSerializer<T> {
+
+  /**
+   * Converts an element of type T to an array of bytes
+   *
+   * @param object the object to convert
+   * @return the resulting byte array
+   */
+  byte[] serialize(T object);
+
+  /**
+   * Converts a list of elements of type T to an array of bytes
+   *
+   * @param objects the objects to convert
+   * @return the resulting byte array
+   */
+  byte[] serialize(List<T> objects);
+
+
+  /**
+   * Reads an element of type T from a byte array.
+   *
+   * @param bytes the data
+   * @return the converted element.
+   */
+  T deserialize(byte[] bytes);
+
+
+  /**
+   * Reads a list of elements of type T from a byte array.
+   *
+   * @param bytes the data
+   * @return the converted elements.
+   */
+  List<T> deserializeList(byte[] bytes);
+
+}