aicis · jot2re · Jun 19, 2019 · Dec 10, 2018 · Apr 23, 2019 · Apr 24, 2019
diff --git a/core/src/main/java/dk/alexandra/fresco/lib/generic/BroadcastComputation.java b/core/src/main/java/dk/alexandra/fresco/lib/generic/BroadcastComputation.java
@@ -0,0 +1,74 @@
+package dk.alexandra.fresco.lib.generic;
+
+import dk.alexandra.fresco.framework.DRes;
+import dk.alexandra.fresco.framework.builder.Computation;
+import dk.alexandra.fresco.framework.builder.ProtocolBuilderImpl;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * Generic active broadcast validation computation.
+ *
+ * <p>Allows each party to securely broadcast a list of messages and receive the other parties'
+ * messages.</p>
+ *
+ * <p>Uses generic native protocols {@link InsecureBroadcastProtocol} and {@link
+ * BroadcastValidationProtocol}.</p>
+ */
+public class BroadcastComputation<BuilderT extends ProtocolBuilderImpl<BuilderT>> implements
+    Computation<List<byte[]>, BuilderT> {
+
+  private final List<byte[]> input;
+  private final boolean runValidation;
+
+  /**
+   * Creates new {@link BroadcastComputation}.
+   *
+   * @param input list of messages this party will broadcast
+   * @param runValidation indicates if messages received from other parties need to be validated for
+   * consistency (this can be false for instance when there are only two parties participating in
+   * the broadcast)
+   */
+  public BroadcastComputation(List<byte[]> input, boolean runValidation) {
+    this.input = input;
+    this.runValidation = runValidation;
+  }
+
+  /**
+   * Default constructor to {@link #BroadcastComputation(List, boolean)} for when a party only
+   * broadcasts a single message.
+   */
+  public BroadcastComputation(byte[] input, boolean runValidation) {
+    this(Collections.singletonList(input), runValidation);
+  }
+
+  /**
+   * Default constructor to {@link #BroadcastComputation(byte[], boolean)} for when a party only
+   * broadcasts a single message and validation is required.
+   */
+  public BroadcastComputation(byte[] input) {
+    this(input, true);
+  }
+
+  @Override
+  public DRes<List<byte[]>> buildComputation(BuilderT builder) {
+    return builder.par(par -> {
+      List<DRes<List<byte[]>>> broadcastValues = new ArrayList<>();
+      for (byte[] singleInput : input) {
+        broadcastValues.add(par.append(new InsecureBroadcastProtocol<>(singleInput)));
+      }
+      return () -> broadcastValues;
+    }).seq((seq, lst) -> {
+      List<byte[]> toValidate = lst.stream()
+          .flatMap(broadcast -> broadcast.out().stream())
+          .collect(Collectors.toList());
+      if (runValidation) {
+        seq.append(new BroadcastValidationProtocol<>(toValidate));
+      }
+      return () -> toValidate;
+    });
+  }
+
+}
diff --git a/.../natives/BroadcastValidationProtocol.java → .../generic/BroadcastValidationProtocol.java b/.../natives/BroadcastValidationProtocol.java → .../generic/BroadcastValidationProtocol.java
@@ -1,15 +1,14 @@
-package dk.alexandra.fresco.suite.spdz2k.protocols.natives;
+package dk.alexandra.fresco.lib.generic;
 
 import dk.alexandra.fresco.framework.NativeProtocol;
 import dk.alexandra.fresco.framework.network.Network;
-import dk.alexandra.fresco.suite.spdz2k.resource.SecureBroadcastUtil;
 import dk.alexandra.fresco.framework.sce.resources.ResourcePool;
 import java.util.Collections;
 import java.util.List;
 
 /**
  * Generic native protocol implementing validation of previously received broadcast. <p>Used as a
- * building block in {@link dk.alexandra.fresco.suite.spdz2k.protocols.computations.BroadcastComputation}.</p>
+ * building block in {@link BroadcastComputation}.</p>
  */
 public class BroadcastValidationProtocol<ResourcePoolT extends ResourcePool> implements
     NativeProtocol<Void, ResourcePoolT> {

diff --git a/.../computations/CoinTossingComputation.java → ...o/lib/generic/CoinTossingComputation.java b/.../computations/CoinTossingComputation.java → ...o/lib/generic/CoinTossingComputation.java
@@ -1,4 +1,4 @@
-package dk.alexandra.fresco.suite.spdz2k.protocols.computations;
+package dk.alexandra.fresco.lib.generic;
 
 import dk.alexandra.fresco.commitment.HashBasedCommitment;
 import dk.alexandra.fresco.framework.DRes;
@@ -16,26 +16,24 @@ public class CoinTossingComputation implements Computation<byte[], ProtocolBuild
 
   private final ByteSerializer<HashBasedCommitment> serializer;
   private final byte[] ownSeed;
-  private final int noOfParties;
   private final Drbg localDrbg;
 
 
   public CoinTossingComputation(byte[] ownSeed, ByteSerializer<HashBasedCommitment> serializer,
-      int noOfParties, Drbg localDrbg) {
+      Drbg localDrbg) {
     this.serializer = serializer;
     this.ownSeed = ownSeed;
-    this.noOfParties = noOfParties;
     this.localDrbg = localDrbg;
   }
 
   public CoinTossingComputation(int seedLength, ByteSerializer<HashBasedCommitment> serializer,
-      int noOfParties, Drbg localDrbg) {
-    this(generateSeed(seedLength), serializer, noOfParties, localDrbg);
+      Drbg localDrbg) {
+    this(generateSeed(seedLength), serializer, localDrbg);
   }
 
   @Override
   public DRes<byte[]> buildComputation(ProtocolBuilderNumeric builder) {
-    return builder.seq(new Spdz2kCommitmentComputation(serializer, ownSeed, noOfParties, localDrbg))
+    return builder.seq(new CommitmentComputation(serializer, ownSeed, localDrbg))
         .seq((seq, seeds) -> {
           byte[] jointSeed = new byte[ownSeed.length];
           for (byte[] seed : seeds) {

diff --git a/...utations/Spdz2kCommitmentComputation.java → ...co/lib/generic/CommitmentComputation.java b/...utations/Spdz2kCommitmentComputation.java → ...co/lib/generic/CommitmentComputation.java
@@ -1,44 +1,61 @@
-package dk.alexandra.fresco.suite.spdz2k.protocols.computations;
+package dk.alexandra.fresco.lib.generic;
 
 import dk.alexandra.fresco.commitment.HashBasedCommitment;
 import dk.alexandra.fresco.framework.DRes;
 import dk.alexandra.fresco.framework.builder.Computation;
 import dk.alexandra.fresco.framework.builder.numeric.ProtocolBuilderNumeric;
 import dk.alexandra.fresco.framework.network.serializers.ByteSerializer;
 import dk.alexandra.fresco.framework.util.Drbg;
-import dk.alexandra.fresco.suite.spdz2k.protocols.natives.InsecureBroadcastProtocol;
+import dk.alexandra.fresco.framework.util.Pair;
 import java.util.ArrayList;
 import java.util.List;
 
 /**
- * Protocol for all parties to commit to a value and open it to the other parties.
+ * Protocol for all parties to commit to a value each and open it to the other parties.
  */
-public class Spdz2kCommitmentComputation implements
+public class CommitmentComputation implements
     Computation<List<byte[]>, ProtocolBuilderNumeric> {
 
   private final ByteSerializer<HashBasedCommitment> commitmentSerializer;
   private final byte[] value;
-  private final int noOfParties;
   private final Drbg localDrbg;
 
-  public Spdz2kCommitmentComputation(ByteSerializer<HashBasedCommitment> commitmentSerializer,
-      byte[] value, int noOfParties, Drbg localDrbg) {
+  public CommitmentComputation(ByteSerializer<HashBasedCommitment> commitmentSerializer,
+      byte[] value, Drbg localDrbg) {
     this.commitmentSerializer = commitmentSerializer;
     this.value = value;
-    this.noOfParties = noOfParties;
     this.localDrbg = localDrbg;
   }
 
   @Override
   public DRes<List<byte[]>> buildComputation(ProtocolBuilderNumeric builder) {
     HashBasedCommitment ownCommitment = new HashBasedCommitment();
     byte[] ownOpening = ownCommitment.commit(localDrbg, value);
-    return builder.seq(new BroadcastComputation<>(commitmentSerializer.serialize(ownCommitment)))
+    final int noOfParties = builder.getBasicNumericContext().getNoOfParties();
+    return builder.seq(
+        seq -> {
+          if (noOfParties > 2) {
+            return new BroadcastComputation<ProtocolBuilderNumeric>(
+                commitmentSerializer.serialize(ownCommitment))
+                .buildComputation(seq);
+          } else {
+            // when there are only two parties, parties can't send mutually inconsistent messages
+            // so no extra validation is necessary
+            return seq.append(new InsecureBroadcastProtocol<>(
+                commitmentSerializer.serialize(ownCommitment)));
+          }
+        })
         .seq((seq, rawCommitments) -> {
-          DRes<List<byte[]>> openingsDRes = seq.append(new InsecureBroadcastProtocol<>(ownOpening));
+          DRes<List<byte[]>> res = seq.append(new InsecureBroadcastProtocol<>(ownOpening));
+          final Pair<DRes<List<byte[]>>, List<byte[]>> dResListPair = new Pair<>(res,
+              rawCommitments);
+          return () -> dResListPair;
+        })
+        .seq((seq, pair) -> {
           List<HashBasedCommitment> commitments = commitmentSerializer
-              .deserializeList(rawCommitments);
-          return () -> open(commitments, openingsDRes.out(), noOfParties);
+              .deserializeList(pair.getSecond());
+          List<byte[]> opened = open(commitments, pair.getFirst().out(), noOfParties);
+          return () -> opened;
         });
   }
 

diff --git a/...ls/natives/InsecureBroadcastProtocol.java → ...ib/generic/InsecureBroadcastProtocol.java b/...ls/natives/InsecureBroadcastProtocol.java → ...ib/generic/InsecureBroadcastProtocol.java
@@ -1,4 +1,4 @@
-package dk.alexandra.fresco.suite.spdz2k.protocols.natives;
+package dk.alexandra.fresco.lib.generic;
 
 import dk.alexandra.fresco.framework.NativeProtocol;
 import dk.alexandra.fresco.framework.network.Network;
@@ -7,7 +7,7 @@
 
 /**
  * Generic native protocol implementing insecure broadcast. <p>Used as a building block in {@link
- * dk.alexandra.fresco.suite.spdz2k.protocols.computations.BroadcastComputation}.</p>
+ * BroadcastComputation}.</p>
  */
 public class InsecureBroadcastProtocol<ResourcePoolT extends ResourcePool> implements
     NativeProtocol<List<byte[]>, ResourcePoolT> {

diff --git a/.../spdz2k/resource/SecureBroadcastUtil.java → ...esco/lib/generic/SecureBroadcastUtil.java b/.../spdz2k/resource/SecureBroadcastUtil.java → ...esco/lib/generic/SecureBroadcastUtil.java
@@ -1,4 +1,4 @@
-package dk.alexandra.fresco.suite.spdz2k.resource;
+package dk.alexandra.fresco.lib.generic;
 
 import dk.alexandra.fresco.framework.MaliciousException;
 import dk.alexandra.fresco.framework.network.Network;

diff --git a/core/src/test/java/dk/alexandra/fresco/commitment/TestCommitment.java b/core/src/test/java/dk/alexandra/fresco/commitment/TestCommitment.java
@@ -3,6 +3,7 @@
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertTrue;
 
 import dk.alexandra.fresco.framework.MaliciousException;
@@ -11,23 +12,25 @@
 import java.math.BigInteger;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Random;
 import org.junit.Before;
 import org.junit.Test;
 
 public class TestCommitment {
+
   HashBasedCommitment comm;
   Drbg rand;
 
   @Before
   public void setup() {
-    rand = AesCtrDrbgFactory.fromDerivedSeed((byte)0x42);
+    rand = AesCtrDrbgFactory.fromDerivedSeed((byte) 0x42);
     comm = new HashBasedCommitment();
   }
 
   /**** POSITIVE TESTS. ****/
   @Test
   public void testHonestExecution() {
-    byte[] msg = { (byte) 0x12, (byte) 0x42 };
+    byte[] msg = {(byte) 0x12, (byte) 0x42};
     byte[] openInfo = comm.commit(rand, msg);
     byte[] res = comm.open(openInfo);
     assertArrayEquals(res, msg);
@@ -43,7 +46,7 @@ public void testEmptyMessage() {
 
   @Test
   public void testSerialization() {
-    byte[] msg1 = new byte[] { 0x42 };
+    byte[] msg1 = new byte[]{0x42};
     comm.commit(rand, msg1);
     HashBasedCommitmentSerializer serializer = new HashBasedCommitmentSerializer();
     byte[] serializedComm = serializer.serialize(comm);
@@ -54,10 +57,10 @@ public void testSerialization() {
 
   @Test
   public void testListSerialization() {
-    byte[] msg1 = new byte[] { 0x42 };
+    byte[] msg1 = new byte[]{0x42};
     HashBasedCommitment comm1 = new HashBasedCommitment();
     comm1.commit(rand, msg1);
-    byte[] msg2 = new byte[] { 0x56 };
+    byte[] msg2 = new byte[]{0x56};
     HashBasedCommitment comm2 = new HashBasedCommitment();
     comm2.commit(rand, msg2);
     List<HashBasedCommitment> list = new ArrayList<>(2);
@@ -90,13 +93,13 @@ public void testIllegalInit() {
     boolean thrown = false;
     try {
       // Randomness generator must not be null
-      byte[] val = new byte[] { 0x01 };
+      byte[] val = new byte[]{0x01};
       comm = new HashBasedCommitment();
       comm.commit(null, val);
     } catch (NullPointerException e) {
       thrown = true;
     }
-    assertEquals(thrown, true);
+    assertTrue(thrown);
   }
 
   @Test
@@ -111,7 +114,7 @@ public void testAlreadyCommitted() {
       assertEquals("Already committed", e.getMessage());
       thrown = true;
     }
-    assertEquals(true, thrown);
+    assertTrue(thrown);
     // Check we can still open correctly
     String res = new String(comm.open(openInfo));
     assertEquals(firstMsg, res);
@@ -127,7 +130,7 @@ public void testNoCommitmentMade() {
       assertEquals("No commitment to open", e.getMessage());
       thrown = true;
     }
-    assertEquals(true, thrown);
+    assertTrue(thrown);
   }
 
   @Test
@@ -143,7 +146,7 @@ public void testTooSmallOpening() {
           e.getMessage());
       thrown = true;
     }
-    assertEquals(true, thrown);
+    assertTrue(thrown);
   }
 
   @Test
@@ -160,7 +163,7 @@ public void testBadOpening() {
           e.getMessage());
       thrown = true;
     }
-    assertEquals(true, thrown);
+    assertTrue(thrown);
     thrown = false;
     try {
       // Try to open using the opening info of another commitment
@@ -173,15 +176,34 @@ public void testBadOpening() {
           "The opening info does not match the commitment.", e.getMessage());
       thrown = true;
     }
-    assertEquals(true, thrown);
+    assertTrue(thrown);
+  }
+
+  @Test
+  public void testSingleBitDiffBadOpening() {
+    Random random = new Random(42);
+    byte[] bytes = new byte[32];
+    random.nextBytes(bytes);
+    byte[] opening = comm.commit(rand, bytes);
+    boolean thrown = false;
+    try {
+      // flip bit
+      opening[1] = (byte) (opening[1] ^ 1);
+      comm.open(opening);
+    } catch (MaliciousException e) {
+      assertEquals("The opening info does not match the commitment.",
+          e.getMessage());
+      thrown = true;
+    }
+    assertTrue(thrown);
   }
 
   @SuppressWarnings("unlikely-arg-type")
   @Test
   public void testNotEqual() {
-    comm.commit(rand, new byte[] { 0x42 });
-    assertFalse(comm.equals(new HashBasedCommitment()));
-    assertFalse(comm.equals("something"));
+    comm.commit(rand, new byte[]{0x42});
+    assertNotEquals(comm, new HashBasedCommitment());
+    assertNotEquals("something", comm);
   }
 
   @Test

diff --git a/core/src/test/java/dk/alexandra/fresco/lib/generic/BroadcastValidationProtocolTest.java b/core/src/test/java/dk/alexandra/fresco/lib/generic/BroadcastValidationProtocolTest.java
@@ -0,0 +1,11 @@
+package dk.alexandra.fresco.lib.generic;
+
+import org.junit.Test;
+
+public class BroadcastValidationProtocolTest {
+
+  @Test(expected = IllegalStateException.class)
+  public void testOutThrows() {
+    new BroadcastValidationProtocol(new byte[1]).out();
+  }
+}