myl7/fss 1.1.0
Function secret sharing (FSS) primitives including distributed point/comparison function (DPF/DCF)
Loading...
Searching...
No Matches
Classes | Enumerations
dcf.cuh File Reference

2-party distributed comparison function (DCF). More...

#include <cuda_runtime.h>
#include <type_traits>
#include <cstddef>
#include <cassert>
#include <omp.h>
#include <fss/group.cuh>
#include <fss/prg.cuh>
#include <fss/util.cuh>

Go to the source code of this file.

Classes

class  fss::Dcf< in_bits, Group, Prg, In, pred, par_depth >
 2-party DCF scheme. More...
 
struct  fss::Dcf< in_bits, Group, Prg, In, pred, par_depth >::Cw
 Correction word. More...
 

Enumerations

enum class  fss::DcfPred { kLt , kGt }
 Comparison predicate. More...
 

Detailed Description

2-party distributed comparison function (DCF).

Copyright
Apache License, Version 2.0. Copyright (C) 2026 Yulong Ming i@myl.nosp@m.7.or.nosp@m.g.
Author
Yulong Ming i@myl.nosp@m.7.or.nosp@m.g

The scheme is from the paper, Function Secret Sharing for Mixed-Mode and Fixed-Point Secure Computation (1: the published version).

Definitions

Comparison function: for the input domain \(\sG_{in} = \{0, 1\}^n\), the output domain \((\sG_{out}, +)\) that is a group, \(a \in \sG_{in}\), and \(b \in \sG_{out}\), a comparison function \(f^<_{a, b}\) is a function that for any input \(x\), the output \(y\) has \(y = b\) only when \(x < a\), otherwise \(y = 0\).

DCF: for the input domain \(\sG_{in} = \{0, 1\}^n\), the output domain \((\sG_{out}, +)\) that is a group, \(a \in \sG_{in}\), \(b \in \sG_{out}\), and a security parameter \(\lambda\), 2-party DCF is a scheme consisting of the methods:

  • Key generation: \(Gen(1^\lambda, f^<_{a, b}) \rightarrow (k_0, k_1)\).
  • Evaluation: \(Eval(k_i, x) \rightarrow y_{i,x}\) for any \(i \in \{0, 1\}\) and any \(x \in \sG_{in}\).

That satisfies:

  • Correctness: \(y_{0, x} + y_{1, x} = b\) only when \(x < a\), otherwise \(y_{0, x} + y_{1, x} = 0\).
  • Privacy: Neither \(k_0\) nor \(k_1\) reveals any information about \(a\) or \(b\). Formally speaking, there exists a probabilistic polynomial time (PPT) simulator \(Sim\) that can generate output computationally indistinguishable from any strict subset of the keys output by \(Gen\).

Similarly, we have \(f^>_{a, b}\) and DCF for it.

Implementation Details

We fix the output domain size at 16B and always set the last word's LSB to 0, corresponding to \(\lambda = 127\). See Groupable for more details.

We limit the max input domain bit size to 128. This is enough for most applications and allows us to represent the input as an integer.

References

  1. Elette Boyle, Nishanth Chandran, Niv Gilboa, Divya Gupta, Yuval Ishai, Nishant Kumar, Mayank Rathee: Function Secret Sharing for Mixed-Mode and Fixed-Point Secure Computation. EUROCRYPT (2) 2021: 871-900. https://doi.org/10.1007/978-3-030-77886-6_30.

Enumeration Type Documentation

◆ DcfPred

enum class fss::DcfPred
strong

Comparison predicate.

For the input domain \(\sG_{in} = \{0, 1\}^n\) as bits and \(x, a \in \sG_{in}\), \(x < a\) is defined as that the unsigned integer represented by \(x\) is less than that represented by \(a\), i.e., comparison starts from the most significant bit (MSB).

Enumerator
kLt 

\(y = b\) when \(x < a\)

kGt 

\(y = b\) when \(x > a\)