Work a bit on signatures

This commit is contained in:
Théophile Bastian 2017-08-20 14:05:12 +02:00
parent d4c10896b2
commit ff65bbbcb8
2 changed files with 38 additions and 2 deletions

View file

@ -7,3 +7,10 @@
\newcommand{\clsl}{\ll_0} \newcommand{\clsl}{\ll_0}
\newcommand{\clsr}{\gg_{0, \text{l}}} \newcommand{\clsr}{\gg_{0, \text{l}}}
\newcommand{\casr}{\gg_{0, \text{a}}} \newcommand{\casr}{\gg_{0, \text{a}}}
\newcommand{\xor}{\oplus}
%\newcommand{\path}[1]{\texttt{#1}}
\newcommand{\sigconst}[1]{\mathcal{SC}_{#1}}
\newcommand{\sigop}{\mathfrak{h}}

View file

@ -8,6 +8,7 @@
\usepackage{indentfirst} \usepackage{indentfirst}
\usepackage{enumerate} \usepackage{enumerate}
\usepackage{caption} \usepackage{caption}
\usepackage{algorithmicx}
\usepackage[backend=biber,style=trad-alpha]{biblatex} \usepackage[backend=biber,style=trad-alpha]{biblatex}
\usepackage[left=2cm,right=2cm,top=2cm,bottom=2cm]{geometry} \usepackage[left=2cm,right=2cm,top=2cm,bottom=2cm]{geometry}
@ -60,6 +61,8 @@
\tableofcontents \tableofcontents
\todo{Talk of the repo, somewhere}
\pagebreak \pagebreak
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@ -239,7 +242,7 @@ three main parts.
\paragraph{Signatures.} The initial idea to make the computation fast is to \paragraph{Signatures.} The initial idea to make the computation fast is to
aggregate the inner data of a gate --- be it a leaf gate or a group --- in a aggregate the inner data of a gate --- be it a leaf gate or a group --- in a
kind of hash, a 32 bits unsigned integer. This approach is directly inspired kind of hash, a 64 bits unsigned integer. This approach is directly inspired
from what was done in fl, back at Intel. This hash must be easy to compute, from what was done in fl, back at Intel. This hash must be easy to compute,
and must be based only on the structure of the graph --- that is, must be and must be based only on the structure of the graph --- that is, must be
entirely oblivious of the labels given, the order in which the circuit is entirely oblivious of the labels given, the order in which the circuit is
@ -274,7 +277,33 @@ this problem, that uses the specificities of the graph to be a little faster.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Signatures} \section{Signatures}
\todo{}
The signature is computed as a simple hash of the element, and is defined for
every type of expression and circuit. It could probably be enhanced with a bit
more work to cover more uniformly the hash space, but no collision was observed
on the examples tested.
\paragraph{Signature constants.} Signature constants are used all around the
signing process, and is a 5-tuple $\sigconst{} = (a, x_l, x_h, d_l, d_h)$ of 32
bits unsigned numbers. All of $x_l$, $x_h$, $d_l$ and $d_h$ are picked as prime
numbers between $10^8$ and $10^9$ (which just fits in a 32 bits unsigned
integer); while $a$ is a random integer uniformly picked between $2^{16}$ and
$2^{32}$. These constants are generated by a small python script,
\path{util/primegen/pickPrimes.py}.
Those constants are used to produce a 64 bits unsigned value out of another 64
bits unsigned value, called $v$ thereafter, through an operator $\sigop$,
computed as follows.
\begin{algorithmic}
\Function{$\sigop$}{$\sigconst{}, v$}
\State{} $out1 \gets (v + a) \cdot x_l$
\State{} $v_h \gets (v \lsr 32) \xor (out1 \lsr 32)$
\State{} $low \gets out1 \,\%\, d_l$
\State{} $high \gets \left((v_h + a) \cdot x_h \right) \%\, d_h$
\State{} \Return{} $low + 2^{32} \cdot high$
\EndFunction{}
\end{algorithmic}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Group equality} \section{Group equality}