How to transform `RSSVectorSmallType` to `RSSVectorMyType`?

Question

How to transform `RSSVectorSmallType` to `RSSVectorMyType`?

WeiViming opened this issue 3 years ago · 7 comments

Hello, @snwagh . FALCON is a nice code! Thank you for your work! Recently, I want to find a way to transform RSSVectorSmallType (is a bit vector on Z_67) to RSSVectorMyType (bit vector on Z_L). But I have not idea yet. Do you have any advice? Thanks.

Answer 1 · 2021-09-07T12:02:13.000Z

Thank you, if I understand correctly, ignoring the vectorization, you want a way to convert a single bit (shared modulo 67) to a single bit (shared modulo L)? Such a method is not implemented in the codebase yet. A daBit is the cryptographic primitive that you would need. For starters, you can assume access to precomputed conversions and then use the Beaver's randomization trick: given [b]_67 and using [b']_67 and [b']_L you can open c = b ⊕ b' modulo 67 and then compute c ⊕ b' modulo L.

Answer 2 · 2021-09-07T13:48:35.000Z

Great! Yes, your understanding is correct. The Beaver's trick is helpful! Thank you for your advice. Can this trick be vectorized? Actually, I want to compute A=BC, where [A]_L, [B]_67, [C]_L. This is why I need to find a way to transform [b]_67 into [b]_L.

Answer 3 · 2021-09-07T13:53:40.000Z

Maybe the Select Shares protocol can help me with this computation. Right? :)

Answer 4 · 2021-09-07T17:42:17.000Z

The trick can be vectorized so extends without any additional lower level implementation.

About the A=BC computation, the Select Shares protocol is a good reference as it has a lot of the relevant code but it performs a slightly different computation. First, elements of B are boolean shares (note that elements of Z_67 and Z_2 are both stored using the smallType datatype using 8 bits) whereas in your case they are sharing over Z_67. And second, the functionality is reversed in the sense that A=C if B=0 and A=0 if B=1; so the functionality is more like A=(1-B)C. With these differences, especially the first, the code will give you incorrect results if used directly.

Answer 5 · 2021-09-08T07:57:42.000Z

Yes, I see the comment on SS functionality.
As you say, the SS functionality is more like A=(1-B)C. If I consider B is a bit sharing over Z_2, how can I convert [B]_2 to [\neg B]_2 in secret share form? Is the Falcon codebase implement or not? In this way, I can compute A=BC by using SS, where [B]_2. Isn't it? :)

Update: I have finished this computation in this way. Really thanks for your help!

Answer 6 · 2021-09-08T12:33:17.000Z

Two things

if B is indeed boolean sharing i.e., shares of either 0 or 1 (but using the smallType datatype) then [\neg B]_2 is a simple local computation and can be realized as 1 XOR B, i.e., flipping one bit share locally (if B has shares B_0, B_1 B_2, then locally changing B_0 to B_0 ^ 1). This should be withing the codebase and yes you can compute A=BC combining these two.
in case B is shares of bit but over Z_67, you'll need something on the conversion I talked about in my previous computation and the rest of the code on these lines.

Answer 7 · 2021-09-08T12:50:16.000Z

Thank you very much! :)