feat: Add Rep3 compatible garbled circuit implementations and conversion methods for a2y, y2a, b2y, y2b, a2y2b, and b2y2a.

Cargo.toml

@@ -66,6 +66,7 @@ serde_json = "1.0"
 serde_yaml = "0.9.27"
 sha2 = "0.10"
 sha3 = "0.10.8"
+subtle = "2.6"
 thiserror = "1.0.59"
 tokio = { version = "1.34.0", features = [
     "rt",

deny.toml

@@ -281,7 +281,12 @@ unknown-git = "deny"
 # if not specified. If it is specified but empty, no registries are allowed.
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
 # List of URLs for allowed Git repositories
-allow-git = ["https://github.com/noir-lang/noir", "https://github.com/jfecher/chumsky"]
+allow-git = [
+    "https://github.com/noir-lang/noir",
+    "https://github.com/jfecher/chumsky",
+    "https://github.com/GaloisInc/swanky",
+    "https://github.com/GaloisInc/ff",
+]
 
 [sources.allow-org]
 # 1 or more github.com organizations to allow git sources for

mpc-core/Cargo.toml

@@ -21,14 +21,18 @@ ark-ff = { workspace = true }
 ark-serialize = { workspace = true }
 bytes = { workspace = true }
 eyre = { workspace = true }
+fancy-garbling = { git = "https://github.com/GaloisInc/swanky", rev = "586a6ba1efdb531542668d6b0afe5cacc302d434" }
 itertools = { workspace = true }
 mpc-net = { version = "0.1.2", path = "../mpc-net" }
 num-bigint = { workspace = true }
 num-traits = { workspace = true }
 rand = { workspace = true }
 rand_chacha = { workspace = true }
 rayon = { workspace = true }
+scuttlebutt = { git = "https://github.com/GaloisInc/swanky", rev = "586a6ba1efdb531542668d6b0afe5cacc302d434" }
+subtle = { workspace = true }
 serde = { workspace = true }
+sha3 = { workspace = true }
 tokio = { workspace = true }
 tracing.workspace = true
 

mpc-core/src/protocols/rep3.rs

@@ -12,6 +12,7 @@ pub mod network;
 pub mod pointshare;
 pub mod poly;
 pub mod rngs;
+pub mod yao;
 
 use std::marker::PhantomData;
 

mpc-core/src/protocols/rep3/binary.rs

@@ -146,7 +146,7 @@ pub fn shift_l_public_by_shared<F: PrimeField, N: Rep3Network>(
             (shared.a.clone() >> i) & BigUint::one(),
             (shared.b.clone() >> i) & BigUint::one(),
         );
-        individual_bit_shares.push(conversion::b2a_consume(bit, context)?);
+        individual_bit_shares.push(conversion::b2a(&bit, context)?);
     }
     // v_i = 2^2^i * <b_i> + 1 - <b_i>
     let mut vs: Vec<_> = individual_bit_shares

mpc-core/src/protocols/rep3/detail.rs

@@ -74,19 +74,14 @@ fn low_depth_sub_p_cmux<F: PrimeField, N: Rep3Network>(
 ) -> IoResult<Rep3BigUintShare<F>> {
     let original_bitlen = bitlen - 1; // before the potential overflow after an addition
     let mask = (BigUint::from(1u64) << original_bitlen) - BigUint::one();
-    let x_msb = x >> original_bitlen;
+    let mut y = low_depth_binary_sub_p::<F, N>(x, io_context, bitlen)?;
     let x = x & &mask;
-    let mut y = low_depth_binary_sub_p::<F, N>(&x, io_context, bitlen)?;
     let y_msb = &y >> (bitlen);
     y &= &mask;
 
     // Spread the ov share to the whole biguint
-    let ov_a = (x_msb.a.iter_u64_digits().next().unwrap_or_default()
-        ^ y_msb.a.iter_u64_digits().next().unwrap_or_default())
-        & 1;
-    let ov_b = (x_msb.b.iter_u64_digits().next().unwrap_or_default()
-        ^ y_msb.b.iter_u64_digits().next().unwrap_or_default())
-        & 1;
+    let ov_a = y_msb.a.iter_u64_digits().next().unwrap_or_default() & 1;
+    let ov_b = y_msb.b.iter_u64_digits().next().unwrap_or_default() & 1;
 
     let ov_a = if ov_a == 1 {
         mask.to_owned()

mpc-core/src/protocols/rep3/rngs.rs

@@ -2,11 +2,13 @@
 //!
 //! This module contains implementations of rep3 rngs
 
+use super::{id::PartyID, yao::GCUtils};
 use crate::RngType;
 use ark_ec::CurveGroup;
 use ark_ff::{One, PrimeField};
+use fancy_garbling::WireMod2;
 use num_bigint::BigUint;
-use rand::{Rng, RngCore, SeedableRng};
+use rand::{distributions::Standard, prelude::Distribution, Rng, RngCore, SeedableRng};
 use rayon::prelude::*;
 
 #[derive(Debug)]
@@ -38,6 +40,39 @@ impl Rep3CorrelatedRng {
             bitcomp2,
         }
     }
+
+    /// Generate a value that is equal on all three parties
+    pub fn generate_shared<T>(&mut self, id: PartyID) -> T
+    where
+        Standard: Distribution<T>,
+    {
+        match id {
+            PartyID::ID0 => self.bitcomp1.rng2.gen(),
+            PartyID::ID1 => self.bitcomp1.rng2.gen(),
+            PartyID::ID2 => self.bitcomp1.rng1.gen(),
+        }
+    }
+
+    /// Generate a value that is equal on all two garbler parties
+    pub fn generate_garbler_randomness<T>(&mut self, id: PartyID) -> T
+    where
+        Standard: Distribution<T>,
+    {
+        match id {
+            PartyID::ID0 => panic!("Garbler should not be PartyID::ID0"),
+            PartyID::ID1 => self.rand.rng1.gen(),
+            PartyID::ID2 => self.rand.rng2.gen(),
+        }
+    }
+
+    /// Generate a random delta that is equal for the two garblers
+    pub fn generate_random_garbler_delta(&mut self, id: PartyID) -> Option<WireMod2> {
+        match id {
+            PartyID::ID0 => None,
+            PartyID::ID1 => Some(GCUtils::random_delta(&mut self.rand.rng1)),
+            PartyID::ID2 => Some(GCUtils::random_delta(&mut self.rand.rng2)),
+        }
+    }
 }
 
 #[derive(Debug)]
@@ -118,6 +153,22 @@ impl Rep3Rand {
         (a & &mask, b & mask)
     }
 
+    /// Generate a random [`BigUint`] with given `bitlen` from rng1
+    pub fn random_biguint_rng1(&mut self, bitlen: usize) -> BigUint {
+        let limbsize = bitlen.div_ceil(8);
+        let val = BigUint::new((0..limbsize).map(|_| self.rng1.gen()).collect());
+        let mask = (BigUint::from(1u32) << bitlen) - BigUint::one();
+        val & &mask
+    }
+
+    /// Generate a random [`BigUint`] with given `bitlen` from rng2
+    pub fn random_biguint_rng2(&mut self, bitlen: usize) -> BigUint {
+        let limbsize = bitlen.div_ceil(8);
+        let val = BigUint::new((0..limbsize).map(|_| self.rng2.gen()).collect());
+        let mask = (BigUint::from(1u32) << bitlen) - BigUint::one();
+        val & &mask
+    }
+
     /// Generate a seed from each rng
     pub fn random_seeds(&mut self) -> ([u8; crate::SEED_SIZE], [u8; crate::SEED_SIZE]) {
         let seed1 = self.rng1.gen();