myl7/fss 1.1.0
Function secret sharing (FSS) primitives including distributed point/comparison function (DPF/DCF)
Loading...
Searching...
No Matches
Classes
dpf.cuh File Reference

2-party distributed point function (DPF). More...

#include <cuda_runtime.h>
#include <type_traits>
#include <cstddef>
#include <cassert>
#include <omp.h>
#include <fss/group.cuh>
#include <fss/prg.cuh>
#include <fss/util.cuh>

Go to the source code of this file.

Classes

class  fss::Dpf< in_bits, Group, Prg, In, par_depth >
 2-party DPF scheme. More...
 
struct  fss::Dpf< in_bits, Group, Prg, In, par_depth >::Cw
 Correction word. More...
 

Detailed Description

2-party distributed point function (DPF).

Copyright
Apache License, Version 2.0. Copyright (C) 2026 Yulong Ming i@myl.nosp@m.7.or.nosp@m.g.
Author
Yulong Ming i@myl.nosp@m.7.or.nosp@m.g

The scheme is from the paper, Function Secret Sharing: Improvements and Extensions (1: the published version).

Definitions

Point function: for the input domain \(\sG_{in} = \{0, 1\}^n\), the output domain \((\sG_{out}, +)\) that is a group, \(a \in \sG_{in}\), and \(b \in \sG_{out}\), a point function \(f_{a, b}\) is a function that for any input \(x\), the output \(y\) has \(y = b\) only when \(x = a\), otherwise \(y = 0\).

DPF: for the input domain \(\sG_{in} = \{0, 1\}^n\), the output domain \((\sG_{out}, +)\) that is a group, \(a \in \sG_{in}\), \(b \in \sG_{out}\), and a security parameter \(\lambda\), 2-party DPF is a scheme consisting of the methods:

  • Key generation: \(Gen(1^\lambda, f_{a, b}) \rightarrow (k_0, k_1)\).
  • Evaluation: \(Eval(k_i, x) \rightarrow y_{i,x}\) for any \(i \in \{0, 1\}\) and any \(x \in \sG_{in}\).

That satisfies:

  • Correctness: \(y_{0, x} + y_{1, x} = b\) only when \(x = a\), otherwise \(y_{0, x} + y_{1, x} = 0\).
  • Privacy: Neither \(k_0\) nor \(k_1\) reveals any information about \(a\) or \(b\). Formally speaking, there exists a probabilistic polynomial time (PPT) simulator \(Sim\) that can generate output computationally indistinguishable from any strict subset of the keys output by \(Gen\).

Implementation Details

We fix the output domain size at 16B and always set the last word's LSB to 0, corresponding to \(\lambda = 127\). See Groupable for more details.

We limit the max input domain bit size to 128. This is enough for most applications and allows us to represent the input as an integer.

References

  1. Elette Boyle, Niv Gilboa, Yuval Ishai: Function Secret Sharing: Improvements and Extensions. CCS 2016: 1292-1303. https://doi.org/10.1145/2976749.2978429.