Skip to content

Commit

Permalink
Align XofTurboShake128 with VDAF-13
Browse files Browse the repository at this point in the history 
* Bump seed size for XofTurboShake128 to 32 bytes
* Allow variable length seeds for compatibility with IDPF.
* Make the dst length prefix 2 bytes
  • Loading branch information
@cjpatton
cjpatton committed Dec 16, 2024
1 parent 053ad53 commit 50a1ae3
Show file tree
Hide file tree
Showing 20 changed files with 411 additions and 389 deletions.
10 changes: 5 additions & 5 deletions benches/cycle_counts.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ fn prio2_shard_and_prepare_1000() -> Prio2PrepareShare {
prio2_shard_and_prepare(1000)
}

fn prio3_client_count() -> Vec<Prio3InputShare<Field64, 16>> {
fn prio3_client_count() -> Vec<Prio3InputShare<Field64, 32>> {
let prio3 = Prio3::new_count(2).unwrap();
let measurement = true;
let nonce = [0; 16];
Expand All @@ -115,7 +115,7 @@ fn prio3_client_count() -> Vec<Prio3InputShare<Field64, 16>> {
.1
}

fn prio3_client_histogram_10() -> Vec<Prio3InputShare<Field128, 16>> {
fn prio3_client_histogram_10() -> Vec<Prio3InputShare<Field128, 32>> {
let prio3 = Prio3::new_histogram(2, 10, 3).unwrap();
let measurement = 9;
let nonce = [0; 16];
Expand All @@ -125,7 +125,7 @@ fn prio3_client_histogram_10() -> Vec<Prio3InputShare<Field128, 16>> {
.1
}

fn prio3_client_sum_32() -> Vec<Prio3InputShare<Field64, 16>> {
fn prio3_client_sum_32() -> Vec<Prio3InputShare<Field64, 32>> {
let bits = 16;
let prio3 = Prio3::new_sum(2, (1 << bits) - 1).unwrap();
let measurement = 1337;
Expand All @@ -136,7 +136,7 @@ fn prio3_client_sum_32() -> Vec<Prio3InputShare<Field64, 16>> {
.1
}

fn prio3_client_count_vec_1000() -> Vec<Prio3InputShare<Field128, 16>> {
fn prio3_client_count_vec_1000() -> Vec<Prio3InputShare<Field128, 32>> {
let len = 1000;
let prio3 = Prio3::new_sum_vec(2, 1, len, 31).unwrap();
let measurement = vec![0; len];
Expand All @@ -148,7 +148,7 @@ fn prio3_client_count_vec_1000() -> Vec<Prio3InputShare<Field128, 16>> {
}

#[cfg(feature = "multithreaded")]
fn prio3_client_count_vec_multithreaded_1000() -> Vec<Prio3InputShare<Field128, 16>> {
fn prio3_client_count_vec_multithreaded_1000() -> Vec<Prio3InputShare<Field128, 32>> {
let len = 1000;
let prio3 = Prio3::new_sum_vec_multithreaded(2, 1, len, 31).unwrap();
let measurement = vec![0; len];
Expand Down
38 changes: 19 additions & 19 deletions benches/speed_tests.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ fn prio3(c: &mut Criterion) {
let vdaf = Prio3::new_count(num_shares).unwrap();
let measurement = black_box(true);
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) = vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
vdaf.prepare_init(
Expand Down Expand Up @@ -217,7 +217,7 @@ fn prio3(c: &mut Criterion) {
let vdaf = Prio3::new_sum(num_shares, max_measurement).unwrap();
let measurement = max_measurement;
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) = vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
vdaf.prepare_init(
Expand Down Expand Up @@ -287,7 +287,7 @@ fn prio3(c: &mut Criterion) {
.map(|i| i & 1)
.collect::<Vec<_>>();
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) = vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
vdaf.prepare_init(
Expand Down Expand Up @@ -323,7 +323,7 @@ fn prio3(c: &mut Criterion) {
.map(|i| i & 1)
.collect::<Vec<_>>();
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) =
vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
Expand Down Expand Up @@ -416,7 +416,7 @@ fn prio3(c: &mut Criterion) {
let vdaf = Prio3::new_histogram(num_shares, *input_length, *chunk_length).unwrap();
let measurement = black_box(0);
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) = vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
vdaf.prepare_init(
Expand Down Expand Up @@ -458,7 +458,7 @@ fn prio3(c: &mut Criterion) {
.unwrap();
let measurement = black_box(0);
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) =
vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
Expand Down Expand Up @@ -492,7 +492,7 @@ fn prio3(c: &mut Criterion) {
BenchmarkId::new("serial", dimension),
&dimension,
|b, dimension| {
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F15, _, _>, _, 16> =
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F15, _, _>, _, 32> =
Prio3::new_fixedpoint_boundedl2_vec_sum(num_shares, *dimension).unwrap();
let mut measurement = vec![FP16_ZERO; *dimension];
measurement[0] = FP16_HALF;
Expand All @@ -509,7 +509,7 @@ fn prio3(c: &mut Criterion) {
BenchmarkId::new("parallel", dimension),
&dimension,
|b, dimension| {
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F15, _, _>, _, 16> =
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F15, _, _>, _, 32> =
Prio3::new_fixedpoint_boundedl2_vec_sum_multithreaded(
num_shares, *dimension,
)
Expand All @@ -530,12 +530,12 @@ fn prio3(c: &mut Criterion) {
BenchmarkId::new("series", dimension),
&dimension,
|b, dimension| {
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F15, _, _>, _, 16> =
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F15, _, _>, _, 32> =
Prio3::new_fixedpoint_boundedl2_vec_sum(num_shares, *dimension).unwrap();
let mut measurement = vec![FP16_ZERO; *dimension];
measurement[0] = FP16_HALF;
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) =
vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
Expand All @@ -561,15 +561,15 @@ fn prio3(c: &mut Criterion) {
BenchmarkId::new("parallel", dimension),
&dimension,
|b, dimension| {
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F15, _, _>, _, 16> =
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F15, _, _>, _, 32> =
Prio3::new_fixedpoint_boundedl2_vec_sum_multithreaded(
num_shares, *dimension,
)
.unwrap();
let mut measurement = vec![FP16_ZERO; *dimension];
measurement[0] = FP16_HALF;
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) =
vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
Expand All @@ -596,7 +596,7 @@ fn prio3(c: &mut Criterion) {
BenchmarkId::new("serial", dimension),
&dimension,
|b, dimension| {
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F31, _, _>, _, 16> =
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F31, _, _>, _, 32> =
Prio3::new_fixedpoint_boundedl2_vec_sum(num_shares, *dimension).unwrap();
let mut measurement = vec![FP32_ZERO; *dimension];
measurement[0] = FP32_HALF;
Expand All @@ -613,7 +613,7 @@ fn prio3(c: &mut Criterion) {
BenchmarkId::new("parallel", dimension),
&dimension,
|b, dimension| {
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F31, _, _>, _, 16> =
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F31, _, _>, _, 32> =
Prio3::new_fixedpoint_boundedl2_vec_sum_multithreaded(
num_shares, *dimension,
)
Expand All @@ -634,12 +634,12 @@ fn prio3(c: &mut Criterion) {
BenchmarkId::new("series", dimension),
&dimension,
|b, dimension| {
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F31, _, _>, _, 16> =
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F31, _, _>, _, 32> =
Prio3::new_fixedpoint_boundedl2_vec_sum(num_shares, *dimension).unwrap();
let mut measurement = vec![FP32_ZERO; *dimension];
measurement[0] = FP32_HALF;
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) =
vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
Expand All @@ -665,15 +665,15 @@ fn prio3(c: &mut Criterion) {
BenchmarkId::new("parallel", dimension),
&dimension,
|b, dimension| {
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F31, _, _>, _, 16> =
let vdaf: Prio3<FixedPointBoundedL2VecSum<I1F31, _, _>, _, 32> =
Prio3::new_fixedpoint_boundedl2_vec_sum_multithreaded(
num_shares, *dimension,
)
.unwrap();
let mut measurement = vec![FP32_ZERO; *dimension];
measurement[0] = FP32_HALF;
let nonce = black_box([0u8; 16]);
let verify_key = black_box([0u8; 16]);
let verify_key = black_box([0u8; 32]);
let (public_share, input_shares) =
vdaf.shard(b"", &measurement, &nonce).unwrap();
b.iter(|| {
Expand Down Expand Up @@ -799,7 +799,7 @@ fn poplar1(c: &mut Criterion) {
group.bench_with_input(BenchmarkId::from_parameter(size), size, |b, &size| {
let vdaf = Poplar1::new_turboshake128(size);
let mut rng = StdRng::seed_from_u64(RNG_SEED);
let verify_key: [u8; 16] = rng.gen();
let verify_key: [u8; 32] = rng.gen();
let nonce: [u8; 16] = rng.gen();

// Parameters are chosen to match Chris Wood's experimental setup:
Expand Down
20 changes: 10 additions & 10 deletions src/dp/distributions.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,15 +391,15 @@ mod tests {
DiscreteGaussian::new(Ratio::<BigUint>::from_integer(BigUint::from(5u8))).unwrap();

// check samples are consistent
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let samples: Vec<i8> = (0..10)
.map(|_| i8::try_from(sampler.sample(&mut rng)).unwrap())
.collect();
let samples1: Vec<i8> = (0..10)
.map(|_| i8::try_from(sampler.sample(&mut rng)).unwrap())
.collect();
assert_eq!(samples, vec![0, -3, -2, 3, 2, -1, -5, 4, -7, -5]);
assert_eq!(samples1, vec![2, 7, -8, -3, 1, -3, -3, 6, -3, -1]);
assert_eq!(samples, [10, 7, 2, 1, -1, -2, -1, 3, -3, -1]);
assert_eq!(samples1, [3, 6, 3, -7, -8, -1, 2, -4, -11, -4]);
}

#[test]
Expand All @@ -410,7 +410,7 @@ mod tests {
// sample from a manually created distribution
let sampler1 =
DiscreteGaussian::new(Ratio::<BigUint>::from_integer(BigUint::from(4u8))).unwrap();
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let samples1: Vec<i8> = (0..10)
.map(|_| i8::try_from(sampler1.sample(&mut rng)).unwrap())
.collect();
Expand All @@ -422,7 +422,7 @@ mod tests {
let sampler2 = zcdp
.create_distribution(Ratio::<BigUint>::from_integer(1u8.into()))
.unwrap();
let mut rng2 = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng2 = SeedStreamTurboShake128::from_seed([0u8; 32]);
let samples2: Vec<i8> = (0..10)
.map(|_| i8::try_from(sampler2.sample(&mut rng2)).unwrap())
.collect();
Expand Down Expand Up @@ -570,7 +570,7 @@ mod tests {
.unwrap();

// collect that number of samples
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([1u8; 32]);
let samples: Vec<BigInt> = (1..n_samples)
.map(|_| {
sample_discrete_gaussian(&Ratio::<BigUint>::from_integer(sigma.clone()), &mut rng)
Expand Down Expand Up @@ -604,7 +604,7 @@ mod tests {
#[test]
fn empirical_test_gauss() {
[100, 2000, 20000].iter().for_each(|p| {
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let sampler = || {
sample_discrete_gaussian(
&Ratio::<BigUint>::from_integer((*p).to_biguint().unwrap()),
Expand All @@ -626,7 +626,7 @@ mod tests {
#[test]
fn empirical_test_bernoulli_mean() {
[2u8, 5u8, 7u8, 9u8].iter().for_each(|p| {
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let sampler = || {
if sample_bernoulli(
&Ratio::<BigUint>::new(BigUint::one(), (*p).into()),
Expand All @@ -650,7 +650,7 @@ mod tests {
#[test]
fn empirical_test_geometric_mean() {
[2u8, 5u8, 7u8, 9u8].iter().for_each(|p| {
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let sampler = || {
sample_geometric_exp(
&Ratio::<BigUint>::new(BigUint::one(), (*p).into()),
Expand All @@ -673,7 +673,7 @@ mod tests {
#[test]
fn empirical_test_laplace_mean() {
[2u8, 5u8, 7u8, 9u8].iter().for_each(|p| {
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 16]);
let mut rng = SeedStreamTurboShake128::from_seed([0u8; 32]);
let sampler = || {
sample_discrete_laplace(
&Ratio::<BigUint>::new(BigUint::one(), (*p).into()),
Expand Down
Loading

0 comments on commit 50a1ae3

Please sign in to comment.