base KALES19 NR-OPRF implementation.

Author: pvriel

README.md

@@ -2,7 +2,7 @@
 A Java library for the OPRF functions I programmed during my PhD.
 
 [![Project Status: Active](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
-[![Coverage](https://badgen.net/badge/coverage/95%25/green)](https://badgen.net/badge/coverage/95%25/green)
+[![Coverage](https://badgen.net/badge/coverage/98%25/green)](https://badgen.net/badge/coverage/98%25/green)
 
 ***
 
@@ -13,7 +13,8 @@ We use <a href="https://github.com/pvriel/oprf4j/packages/">GitHub packages</a>.
 ***
 
 ## Implemented OPRF protocols
-Currently, only the <a href="https://www.semanticscholar.org/paper/Private-Set-Intersection-for-Unequal-Set-Sizes-with-Kiss-Liu/ef148d510ce6fd445b73584a238f6244660efbe6">KISS17 NR-OPRF</a> is implemented.
+Currently, only the <a href="https://www.semanticscholar.org/paper/Private-Set-Intersection-for-Unequal-Set-Sizes-with-Kiss-Liu/ef148d510ce6fd445b73584a238f6244660efbe6">KISS17 NR-OPRF</a> is implemented,
+as well as the <a href="https://eprint.iacr.org/2019/517">KALES19 variant</a>.
 
 ***
 

build.gradle

@@ -4,7 +4,7 @@ plugins {
 }
 
 group 'com.github.pvriel'
-version '1.1.0'
+version '1.2.0'
 
 repositories {
     mavenLocal()

src/main/java/com/github/pvriel/oprf4j/nroprf/NROPRFProvider.java

@@ -26,7 +26,7 @@ public abstract class NROPRFProvider implements OPRFProvider {
      * @param   a0
      *          The (not-null) array of keys that are used for the active bits.
      * @param   a1
-     *          The (not-null) array of keys that are used for the inactive bits.
+     *          The array of keys that are used for the inactive bits.
      * @param   p
      *          The (not-null) prime number that is used for the group (the result of applying the PRF is always part of F_{p}).
      * @param   q

src/main/java/com/github/pvriel/oprf4j/nroprf/semihonest/KALES19/KALES19NROPRFEvaluator.java

@@ -0,0 +1,75 @@
+package com.github.pvriel.oprf4j.nroprf.semihonest.KALES19;
+
+import com.github.pvriel.mpcutils4j.array.ArrayUtils;
+import com.github.pvriel.mpcutils4j.stream.StreamUtils;
+import com.github.pvriel.oblivioustransfer4j.rrot.RandomObliviousTransferReceiver;
+import com.github.pvriel.oprf4j.nroprf.NROPRFEvaluator;
+import com.github.pvriel.oprf4j.precomputed.PrecomputedOPRFEvaluator;
+import org.apache.commons.lang3.tuple.Pair;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
+
+/**
+ * Implementation of the {@link NROPRFEvaluator} class that uses the <a href="https://eprint.iacr.org/2019/517">KALES19 variant</a>.
+ */
+public class KALES19NROPRFEvaluator extends NROPRFEvaluator implements PrecomputedOPRFEvaluator<Pair<boolean[], BigInteger[]>> {
+
+    private final RandomObliviousTransferReceiver ROTReceiver;
+    private final int bitLengthRandomValues;
+
+    /**
+     * Constructor for the {@link NROPRFEvaluator} class.
+     *
+     * @param p The (not-null) prime number that is used for the group (the result of applying the PRF is always part of F_{p}).
+     * @param q The (not-null) prime number, for which q | p - 1 holds. This prime number is used to apply mod operations with the exponents.
+     * @param ROTReceiver The (not-null) {@link RandomObliviousTransferReceiver} that is used to receive the random values.
+     * @param bitLengthRandomValues The bit length of the random values that are used to apply the PRF.
+     */
+    protected KALES19NROPRFEvaluator(BigInteger p, BigInteger q, RandomObliviousTransferReceiver ROTReceiver, int bitLengthRandomValues) {
+        super(p, q);
+        this.ROTReceiver = ROTReceiver;
+        this.bitLengthRandomValues = bitLengthRandomValues;
+    }
+
+    @Override
+    public Pair<boolean[], BigInteger[]> executeOfflinePhase(BigInteger[] elements, int bitLength, InputStream inputStream, OutputStream outputStream) throws IOException {
+        return ROTReceiver.execute(elements.length * bitLength, bitLengthRandomValues, inputStream, outputStream);
+    }
+
+    @Override
+    public BigInteger[] executeOnlinePhase(Pair<boolean[], BigInteger[]> resultOfflinePhase, BigInteger[] elements, int bitLength, InputStream inputStream, OutputStream outputStream) throws IOException {
+        boolean[] choices = resultOfflinePhase.getLeft();
+        boolean[] b = new boolean[elements.length * bitLength];
+        for (int i = 0; i < elements.length; i ++) {
+            BigInteger element = elements[i];
+            for (int j = 0; j < bitLength; j ++) b[i * bitLength + j] = (choices[i * bitLength + j] != element.testBit(j));
+        }
+        BigInteger bAsBigInteger = ArrayUtils.convertToBigInteger(b);
+        StreamUtils.writeBigIntegerToOutputStream(bAsBigInteger, outputStream);
+        outputStream.flush();
+
+        BigInteger[] r_i_j_c_i_j = resultOfflinePhase.getRight();
+        BigInteger[] R = new BigInteger[elements.length * bitLength];
+        for (int i = 0; i < elements.length; i ++) {
+            BigInteger element = elements[i];
+            for (int j = 0; j < bitLength; j ++) R[i * bitLength + j] = r_i_j_c_i_j[i * bitLength + j].xor((element.testBit(j) ? BigInteger.ONE : BigInteger.ZERO).multiply(StreamUtils.readBigIntegerFromInputStream(inputStream)));
+        }
+
+        BigInteger[] C_i = new BigInteger[elements.length];
+        for (int i = 0; i < elements.length; i ++) {
+            BigInteger exponent = BigInteger.ONE;
+            for (int j = 0; j < bitLength; j ++) exponent = exponent.multiply(R[i * bitLength + j]);
+            C_i[i] = exponent.mod(getQ());
+        }
+
+        BigInteger[] returnValue = new BigInteger[elements.length];
+        for (int i = 0; i < returnValue.length; i ++) {
+            BigInteger g_modded = StreamUtils.readBigIntegerFromInputStream(inputStream);
+            returnValue[i] = g_modded.modPow(C_i[i], getP());
+        }
+        return returnValue;
+    }
+}

src/main/java/com/github/pvriel/oprf4j/nroprf/semihonest/KALES19/KALES19NROPRFProvider.java

@@ -0,0 +1,78 @@
+package com.github.pvriel.oprf4j.nroprf.semihonest.KALES19;
+
+import com.github.pvriel.mpcutils4j.array.ArrayUtils;
+import com.github.pvriel.mpcutils4j.stream.StreamUtils;
+import com.github.pvriel.oblivioustransfer4j.srot.RandomObliviousTransferSender;
+import com.github.pvriel.oprf4j.nroprf.NROPRFProvider;
+import com.github.pvriel.oprf4j.precomputed.PrecomputedOPRFProvider;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
+import java.util.stream.IntStream;
+
+/**
+ * Implementation of the {@link NROPRFProvider} class that uses the <a href="https://eprint.iacr.org/2019/517">KALES19 variant</a>.
+ */
+public class KALES19NROPRFProvider extends NROPRFProvider implements PrecomputedOPRFProvider<BigInteger[][]> {
+
+    private final RandomObliviousTransferSender ROTSender;
+    private final int bitLengthRandomValues;
+
+    /**
+     * Constructor for the {@link NROPRFProvider} class.
+     *
+     * @param initialKey The (not-null) key that is always used as exponent for the generator, no matter the element that is being applied for the OPRF.
+     * @param a0         The (not-null) array of keys that are used for the active bits.
+     * @param a1         The (not-null) array of keys that are used for the inactive bits.
+     *                   However, this value is never used.
+     * @param p          The (not-null) prime number that is used for the group (the result of applying the PRF is always part of F_{p}).
+     * @param q          The (not-null) prime number, for which q | p - 1 holds. This prime number is used to apply mod operations with the exponents.
+     * @param g          The (not-null) generator of the group F_{p}.
+     * @param ROTSender  The (not-null) {@link RandomObliviousTransferSender} that is used to execute the random oblivious transfer protocol with.
+     * @param bitLengthRandomValues The (not-null) bit length of the random values that are used in the random oblivious transfer protocol.
+     */
+    protected KALES19NROPRFProvider(BigInteger initialKey, BigInteger[] a0, BigInteger[] a1, BigInteger p, BigInteger q,
+                                    BigInteger g, RandomObliviousTransferSender ROTSender, int bitLengthRandomValues) {
+        super(initialKey, a0, null, p, q, g);
+        this.ROTSender = ROTSender;
+        this.bitLengthRandomValues = bitLengthRandomValues;
+    }
+
+    @Override
+    public BigInteger[][] executeOfflinePhase(int amountOfValues, int bitLength, InputStream inputStream, OutputStream outputStream) throws IOException {
+        return ROTSender.execute(amountOfValues * bitLength, bitLengthRandomValues, inputStream, outputStream);
+    }
+
+    @Override
+    public void executeOnlinePhase(BigInteger[][] resultOfflinePhase, int amountOfValues, int bitLength, InputStream inputStream, OutputStream outputStream) throws IOException {
+        BigInteger bAsBigInteger = StreamUtils.readBigIntegerFromInputStream(inputStream);
+        boolean[] b = ArrayUtils.convertFromBigInteger(bAsBigInteger, amountOfValues * bitLength);
+
+        BigInteger[] xor_product = new BigInteger[amountOfValues * bitLength];
+        BigInteger[] r_i_j = new BigInteger[amountOfValues * bitLength];
+        IntStream.range(0, amountOfValues).parallel().forEach(i -> {
+            for (int j = 0; j < bitLength; j ++) {
+                int selection = b[i * bitLength + j]? 1 : 0;
+                BigInteger selectedRValue = resultOfflinePhase[i * bitLength + j][selection];
+                r_i_j[i * bitLength + j] = selectedRValue;
+                BigInteger notSelectedRValue = resultOfflinePhase[i * bitLength + j][1 - selection];
+                xor_product[i * bitLength + j] = notSelectedRValue.xor(selectedRValue.multiply(getA0()[j]));
+            }
+        });
+        for (int i = 0; i < xor_product.length; i ++) StreamUtils.writeBigIntegerToOutputStream(xor_product[i], outputStream);
+        outputStream.flush();
+
+        // TODO: performance optimization.
+        for (int i = 0; i < amountOfValues; i++) {
+            BigInteger r_inv = BigInteger.ONE;
+            for (int j = 0; j < bitLength; j++) r_inv = r_inv.multiply(r_i_j[i * bitLength + j]);
+            r_inv = r_inv.modInverse(getQ());
+
+            BigInteger g_i = getG().modPow(getInitialKey().multiply(r_inv), getP());
+            StreamUtils.writeBigIntegerToOutputStream(g_i, outputStream);
+        }
+        outputStream.flush();
+    }
+}

src/test/java/com/github/pvriel/oprf4j/nroprf/semihonest/KALES19/KALES19NROPRFTest.java

@@ -0,0 +1,66 @@
+package com.github.pvriel.oprf4j.nroprf.semihonest.KALES19;
+
+import com.github.pvriel.mpcutils4j.math.MultiplicativeGroup;
+import com.github.pvriel.oblivioustransfer4j.ot.semihonest.alsz13.ALSZ13ObliviousTransferReceiver;
+import com.github.pvriel.oblivioustransfer4j.ot.semihonest.alsz13.ALSZ13ObliviousTransferSender;
+import com.github.pvriel.oblivioustransfer4j.ote.semihonest.alsz13.ALSZ13ObliviousTransferExtensionReceiver;
+import com.github.pvriel.oblivioustransfer4j.ote.semihonest.alsz13.ALSZ13ObliviousTransferExtensionSender;
+import com.github.pvriel.oblivioustransfer4j.precomputed.semihonest.bea95.BEA95PrecomputedObliviousTransferReceiver;
+import com.github.pvriel.oblivioustransfer4j.precomputed.semihonest.bea95.BEA95PrecomputedObliviousTransferSender;
+import com.github.pvriel.oblivioustransfer4j.rot.semihonest.asharov17.ASHAROV17RandomObliviousTransferReceiver;
+import com.github.pvriel.oblivioustransfer4j.rot.semihonest.asharov17.ASHAROV17RandomObliviousTransferSender;
+import com.github.pvriel.oblivioustransfer4j.rrot.RandomObliviousTransferReceiver;
+import com.github.pvriel.oblivioustransfer4j.srot.RandomObliviousTransferSender;
+import com.github.pvriel.oprf4j.AbstractOPRFTest;
+import com.github.pvriel.oprf4j.nroprf.semihonest.KISS17.KISS17NROPRFEvaluator;
+import com.github.pvriel.oprf4j.nroprf.semihonest.KISS17.KISS17NROPRFProvider;
+import com.github.pvriel.oprf4j.oprf.OPRFEvaluator;
+import com.github.pvriel.oprf4j.oprf.OPRFProvider;
+import com.github.pvriel.prf4j.PRF;
+import com.github.pvriel.prf4j.naorreingold.NaorReingoldPRF;
+import org.apache.commons.lang3.tuple.Pair;
+import org.apache.commons.lang3.tuple.Triple;
+
+import java.math.BigInteger;
+import java.util.Arrays;
+import java.util.Random;
+
+import static com.github.pvriel.ot.semihonest.KISS17.KISS17ObliviousTransferDefaultValues.p;
+import static com.github.pvriel.ot.semihonest.KISS17.KISS17ObliviousTransferDefaultValues.q;
+
+class KALES19NROPRFTest extends AbstractOPRFTest {
+
+    private final static int BIT_LENGTH_TEST_CASES = 128;
+    private final static int AMOUNT_OF_TEST_CASES = 1000;
+    private final static Random random = new Random();
+
+    @Override
+    protected Triple<Integer, Pair<BigInteger[], BigInteger[]>, Pair<OPRFProvider, OPRFEvaluator>> setup() {
+        BigInteger g = new MultiplicativeGroup(p.getValue()).getElementOfOrder(q.getValue());
+        MultiplicativeGroup multiplicativeGroupQ = new MultiplicativeGroup(q.getValue());
+        BigInteger a0[] = multiplicativeGroupQ.getRandomElements(BIT_LENGTH_TEST_CASES);
+        BigInteger a1[] = new BigInteger[BIT_LENGTH_TEST_CASES];
+        BigInteger initialKey = BigInteger.ONE;
+        Arrays.fill(a1, BigInteger.ONE);
+        System.out.println("Generating test cases...");
+
+        ALSZ13ObliviousTransferSender baseOTSender = new ALSZ13ObliviousTransferSender(p.getValue(), q.getValue(), g);
+        ALSZ13ObliviousTransferReceiver baseOTReceiver = new ALSZ13ObliviousTransferReceiver(p.getValue(), q.getValue(), g);
+        ALSZ13ObliviousTransferExtensionSender OTeSender = new ALSZ13ObliviousTransferExtensionSender(10, baseOTReceiver);
+        ALSZ13ObliviousTransferExtensionReceiver OTeReceiver = new ALSZ13ObliviousTransferExtensionReceiver(10, baseOTSender);
+        ASHAROV17RandomObliviousTransferSender ROTSender = new ASHAROV17RandomObliviousTransferSender(10, OTeReceiver);
+        ASHAROV17RandomObliviousTransferReceiver ROTReceiver = new ASHAROV17RandomObliviousTransferReceiver(10, OTeSender);
+        KALES19NROPRFProvider provider = new KALES19NROPRFProvider(initialKey, a0, null, p.getValue(), q.getValue(), g, ROTSender, q.getValue().bitLength());
+        KALES19NROPRFEvaluator evaluator = new KALES19NROPRFEvaluator(p.getValue(), q.getValue(), ROTReceiver, q.getValue().bitLength());
+
+        BigInteger inputs[] = new BigInteger[AMOUNT_OF_TEST_CASES];
+        PRF prf = new NaorReingoldPRF(initialKey, a0, a1, p.getValue(), q.getValue(), g);
+        for (int i = 0; i < AMOUNT_OF_TEST_CASES; i++) {
+            // if (i % (Math.max(1, AMOUNT_OF_TEST_CASES / 10)) == 1) System.out.println("Generating test case " + i + " of " + AMOUNT_OF_TEST_CASES);
+            inputs[i] = new BigInteger(BIT_LENGTH_TEST_CASES, random);
+        }
+        BigInteger expectedOutputs[] = prf.compute(inputs);
+
+        return Triple.of(BIT_LENGTH_TEST_CASES, Pair.of(inputs, expectedOutputs), Pair.of(provider, evaluator));
+    }
+}

src/test/java/com/github/pvriel/oprf4j/nroprf/semihonest/KISS17/KISS17NROPRFTest.java

@@ -41,8 +41,8 @@ protected Triple<Integer, Pair<BigInteger[], BigInteger[]>, Pair<OPRFProvider, O
         ALSZ13ObliviousTransferExtensionReceiver OTeReceiver = new ALSZ13ObliviousTransferExtensionReceiver(10, baseOTSender);
         BEA95PrecomputedObliviousTransferReceiver precomputedObliviousTransferReceiver = new BEA95PrecomputedObliviousTransferReceiver(OTeReceiver);
         BEA95PrecomputedObliviousTransferSender precomputedObliviousTransferSender = new BEA95PrecomputedObliviousTransferSender(OTeSender);
-        KISS17NROPRFProvider provider = new KISS17NROPRFProvider(BIT_LENGTH_TEST_CASES, precomputedObliviousTransferSender, a0, a1, p.getValue(), q.getValue(), g);
-        KISS17NROPRFEvaluator evaluator = new KISS17NROPRFEvaluator(BIT_LENGTH_TEST_CASES, precomputedObliviousTransferReceiver, p.getValue(), q.getValue());
+        KISS17NROPRFProvider provider = new KISS17NROPRFProvider(q.getValue().bitLength(), precomputedObliviousTransferSender, a0, a1, p.getValue(), q.getValue(), g);
+        KISS17NROPRFEvaluator evaluator = new KISS17NROPRFEvaluator(q.getValue().bitLength(), precomputedObliviousTransferReceiver, p.getValue(), q.getValue());
 
         BigInteger inputs[] = new BigInteger[AMOUNT_OF_TEST_CASES];
         PRF prf = new NaorReingoldPRF(BigInteger.ONE, a1, a0, p.getValue(), q.getValue(), g);