-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
55de94f
commit cab0973
Showing
60 changed files
with
6,980,307 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
.DS_Store | ||
.idea |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,27 @@ | ||
# circuits | ||
A collection of Bristol format circuit files | ||
# N-for-1 Auth's collection of circuits | ||
|
||
When we develop N-for-1 Auth ([ePrint 2021/342](https://eprint.iacr.org/2021/342)), many circuit files that we need were unavailable. | ||
|
||
This repository contains the circuits that we synthesize or assemble using existing works. | ||
|
||
## Methods | ||
|
||
To synthesize circuits, we leverage the DFF library from [TinyGarble](https://github.com/esonghori/TinyGarble) and scripts from [SCALE-MAMBA](https://github.com/KULeuven-COSIC/SCALE-MAMBA/tree/master/Circuits). The synthesizing is done with the Synopsys tools thanks to UC Berkeley's subscription. | ||
|
||
To assemble circuits, we use base circuits from [Nigel Smart](https://homes.esat.kuleuven.be/~nsmart/MPC/) and [Matteo Campanelli](https://github.com/matteocam/sha256-circuit). We want to highlight the latter's SHA256 circuit: [Steven Goldfeder](http://stevengoldfeder.com/) discovered that previous methods to synthesize SHA256 circuits are suboptimal, and special tricks are needed to force the synthesizer to use a simple adder. | ||
The assembly is done using [EMP-toolkit](https://github.com/emp-toolkit/emp-tool), which has a powerful plaintext engine for making circuit files. | ||
|
||
## Summary | ||
|
||
A collection of Bristol format circuit files related to TLS-in-SMPC. | ||
|
||
- **[\[key-derivation\]](./key-derivation):** Circuits for key derivation in TLS | ||
- **[\[aes\]](./aes):** Circuits for AES | ||
- **[\[gcm\]](./gcm):** Circuits for computing GCM power shares | ||
- **[\[sha256\]](./sha256):** Circuits for multi-block SHA256 | ||
- **[\[generator\]](./generator):** Program that assembles these circuits | ||
|
||
## Regulatory issue | ||
This repository is not subject to the U.S. Export Administration Regulation (EAR) because it is publicly available; notifications to U.S. Bureau of Industry and Security (BIS) and National Security Agency (NSA) have been sent. | ||
|
||
For more information about this regulatory issue, see [this post](https://www.eff.org/deeplinks/2019/08/us-export-controls-and-published-encryption-source-code-explained) by Electronic Frontier Foundation (EFF). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# AES circuits | ||
|
||
This directory contains a full AES circuit (same as the one commonly available) and a version of AES where the key schedule is separate. | ||
|
||
| Filename | Description | Number of AND gates | | ||
| ----------- | ----------- | ----------- | | ||
| aes128_full.txt | Full AES circuit | 6400 | | ||
| aes128_key_schedule.txt | Part of AES circuit: Key scheduling | 1280 | | ||
| aes128.txt | Part of AES circuit: Post key-scheduling | 5120 | | ||
|
||
## Syntax | ||
|
||
### aes128_full.txt | ||
|
||
- **Alice's Input:** 256 bits. | ||
* First 128 bits belong to the key. | ||
* Second 128 bits belong to the plaintext. | ||
* Remark: this differs from the well-known `AES-non-expanded.txt` circuit. | ||
- **Output:** 128 bits. | ||
|
||
### aes128_key_schedule.txt | ||
|
||
- **Alice's Input:** 128 bits, the key. | ||
- **Output:** 1408 bits, 11 round keys for 10 rounds-AES. | ||
|
||
### aes128.txt | ||
|
||
- **Alice's Input:** 1408 bits, the round keys. | ||
- **Bob's Input:** 128 bits, the plaintext. | ||
- **Output:** 128 bits. | ||
|
||
## Synthesis | ||
|
||
The subdirectory [synthesis](./synthesis) provides more information on how these circuits are made. | ||
|
||
## Warning: Endianness and byte-ordering | ||
|
||
When integrating the circuits with some other protocols (e.g., TLS-in-SMPC), we often need to rematch the endianness and byte-ordering. We did not have a magical way to do this (but seems to be highly possible). | ||
|
||
We recommend, nevertheless, to match the endianness and byte-ordering by trying different inputs, from all-zero to completely random. This method has helped us match the representation with wolfssl. |
Oops, something went wrong.