ABY icon indicating copy to clipboard operation
ABY copied to clipboard

Published 20 hours ago verified publisher icon encryptogroup

OT Threading using non-thread-safe hash functions

Open Jamie-Cui opened this issue 5 years ago • 4 comments

Hi,

I have written a test program to test AND gate, here's the program (using S_BOOL):

void test_AND_SIMD(...) {

    uint32_t bitlen = 1;
    nvals = 1;
    float local_h;
    share *s_server_h;
    share *s_client_h;
    share *s_sum_h;
    share *s_out;

    /* Default Decleration */
    ABYParty* party = new ABYParty(role, address, port, seclvl, bitlen, nthreads, mt_alg);
    std::vector<Sharing*>& sharings = party->GetSharings();
    BooleanCircuit* circ = (BooleanCircuit*) sharings[sharing]->GetCircuitBuildRoutine();

    local_h = 0;

    if(role == SERVER){
                s_server_h = circ->PutINGate(*(uint32_t*)&local_h, bitlen, SERVER);
		s_client_h = circ->PutDummyINGate(bitlen);
    }
    else{
		s_client_h = circ->PutINGate(*(uint32_t*)&local_h, bitlen, CLIENT);
		s_server_h = circ->PutDummyINGate(bitlen);
    }

    s_sum_h = circ->PutANDGate(s_server_h, s_client_h);
    s_out = circ->PutOUTGate(s_sum_h, ALL);

    party->ExecCircuit();

    uint32_t out_bitlen, out_nvals;
    uint32_t *output;
    s_out->get_clear_value_vec(&output, &out_bitlen, &out_nvals);

    for(int i=0; i<out_nvals; i++){
        if(*(float*)&output[i]!=0) {
            printf("!!!!!!!!!!!!!!!!!!!!!!!!!ERROR!!!!!!!!!!!!!!!!!!!!!!!!!\n");
            std::cin.ignore();
        }
    }

    delete s_server_h;
    delete s_client_h;
    delete s_sum_h;
    delete s_out;
    free(output);
    delete party;
}

and occasionally program will return with ERROR, and I have tried turned on DEBUGSETUP and the error may come from calculation error in IKNP-OT:

// SERVER SIDE DEBUG Info
----------------------------------
39 test
----------------------------------
OT receiver results for bitlen = 1: 
C: 11001111
R: 00001100
OT sender results for bitlen = 1: 
X0: 00001001
X1: 11001001
----------------------------------
40 test
----------------------------------
OT receiver results for bitlen = OT sender results for bitlen = 11: : 
X0: 00100101
X1: 00111101

C: 00000111
R: 10110000
!!!!!!!!!!!!!!!!!!!!!!!!!ERROR!!!!!!!!!!!!!!!!!!!!!!!!!

// CLIENT SIDE DEBUG Info
----------------------------------
39 test
----------------------------------
OT sender results for bitlen = 1: 
X0: 11001100
X1: 00001100
OT receiver results for bitlen = 1: 
C: 00011010
R: 00001001
----------------------------------
40 test
----------------------------------
OT sender results for bitlen = 1: 
X0: 10010100
X1: 10011100
OT receiver results for bitlen = 1: 
C: 00101000
R: 00101101
!!!!!!!!!!!!!!!!!!!!!!!!!ERROR!!!!!!!!!!!!!!!!!!!!!!!!!

After look deeper inside the implementation of IKNP-OT, there's a one-bit calculation error before HashValues function (located at extern/OTExtension/ot/iknp-ot-ext-rec.cpp and extern/OTExtension/ot/iknp-ot-ext-snd.cpp).

A lot of thanks, Cheers, Jamie

Jamie-Cui avatar Oct 18 '19 02:10 Jamie-Cui

About the OT Error please report the issue on https://github.com/encryptogroup/OTExtension since the error is related to the OTExtension submodule.

However, the error might be because of the float local_h; line. In C++, the value is undefined if it is not initialized (which may be a value which lsb is 1). Then your function indeed evaluates to 1 in the end.

MartKro avatar Oct 18 '19 16:10 MartKro

However, the error might be because of the float local_h; line. In C++, the value is undefined if it is not initialized (which may be a value which lsb is 1). Then your function indeed evaluates to 1 in the end.

local_h is initialized a few lines down before its first usage:

    local_h = 0;

lenerd avatar Oct 18 '19 23:10 lenerd

The problem may come from OTExtension, in baseOT.h line 62:

m_cCrypto->hash_ctr(ret, ret_len, val, val_len, ctr);

I'm not sure about the certain causes of this hashing error, but changing it to m_cCrypto->hash(ret, ret_len, val, val_len); solves the problem.

Will dig deeper into it. Thanks.

Jamie-Cui avatar Oct 28 '19 10:10 Jamie-Cui

Hi,

This error comes from a non-thread-safe hash function hash_ctr() which is implemented in ENCRYPTO_utils/crypto/crypto.cpp.

In the implementation of ABY, it creates two IKNP-OT threads passing them with the same address of an instantiated class object *m_cCrypto. Both IKNP-OT sender and IKNP-OT receiver then call the execution of baseOT with *m_cCrypto, which end up with calling m_cCrypto->hash_ctr(); in both threads.

In the native implementation of hash_ctr(), it uses the global variable sha_hash_buf as the hashing buffer, which makes it not thread-safe.

There are two possible solutions:

  1. Make hash_ctr() thread-safe, which requires making a few changes in ENCRYPTO_utils
  2. Use different Crypto instance for IKNP-OT threads (sender and reciever).

Thanks, Jamie

Jamie-Cui avatar Oct 30 '19 09:10 Jamie-Cui