Virtual Machine¶

Calling compile.py outputs the computation in a format specific to MP-SPDZ. This includes a schedule file and one or several bytecode files. The schedule file can be found at Programs/Schedules/<progname>.sch. It contains the names of all bytecode files found in Programs/Bytecode and the maximum number of parallel threads. Each bytecode file represents the complete computation of one thread, also called tape. The computation of the main thread is always Programs/Bytecode/<progname>-0.bc when compiled by the compiler.

Schedule File¶

The schedule file is as follows in ASCII text:

<maximum number of threads>
<number of bytecode files>
<bytecode name>:<no of instructions>[ <bytecode name>:<no of instructions>...]
1 0
0
<compilation command line>
<domain requirements>
opts: <potential optimizations>

Domain requirements and potential optimizations are related to Non-linear Computation. Domain requirements is one of the following:

lgp:<length>: minimum prime length
p:<prime>: exact prime
R:<length>: exact power of two

Potential optimizations is a any combination of trunc_pr (probabilistic truncation), edabit (edaBits), and split (share splitting). Presence indicates that they would change the compiled bytecode if used. This is used to indicate available optimizations when running a virtual machine.

For example, ./compile.py tutorial generates the following schedule file:

1
1
tutorial-0:19444
1 0
0
./compile.py tutorial
lgp:106
opts: edabit trunc_pr split

This says that program has only one thread running one bytecode file, which is stored in tutorial-0.bc and has 19444 instructions. It requires a prime of length 106, and all protocol optimizations could potentially be used. The length 106 is composed as follows: assuming 64-bit integers, the difference used for comparison is a 65-bit integer, to which 40 bits are added for statistical masking, resulting in a 105 bits, and it takes a 106-bit prime to able to contain all 105-bit numbers.

Bytecode¶

The bytecode is made up of 32-bit units in big-endian byte order. Every unit represents an instruction code (possibly including vector size), register number, or immediate value.

For example, adding the secret integers in registers 1 and 2 and then storing the result at register 0 leads to the following bytecode (in hexadecimal representation):

00 00 00 21  00 00 00 00  00 00 00 01  00 00 00 02

This is because 0x021 is the code of secret integer addition. The debugging output (compile.py -a <prefix>) looks as follows:

adds s0, s1, s2 # <instruction number>

There is also a vectorized addition. Adding 10 secret integers in registers 10-19 and 20-29 and then storing the result in registers 0-9 is represented as follows in bytecode:

00 00 28 21  00 00 00 00  00 00 00 0a  00 00 00 14

This is because the vector size is stored in the upper 22 bits of the first 32-bit unit (instruction codes are up to 10 bits long), and 0x28 equals 40 or 10 shifted by two bits. In the debugging output the vectorized addition looks as follows:

vadds 10, s0, s10, s20 # <instruction number>

Finally, some instructions have a variable number of arguments to accommodate any number of parallel operations. For these, the first argument usually indicates the number of arguments yet to come. For example, multiplying the secret integers in registers 2 and 3 as well as registers 4 and 5 and the storing the two results in registers 0 and 1 results in the following bytecode:

00 00 00 a6  00 00 00 06  00 00 00 00  00 00 00 02
00 00 00 03  00 00 00 01  00 00 00 04  00 00 00 05

and the following debugging output:

muls 6, s0, s2, s3, s1, s4, s5 # <instruction number>

Note that calling instructions in high-level code never is done with the explicit number of arguments. Instead, this is derived from number of function arguments. The example above would this simply be called as follows:

muls(s0, s2, s3, s1, s4, s5)

Memory size indication¶

By default, the compiler adds memory read instructions such as ldms at the end of the main bytecode file to indicate the memory size. This is to make sure that even when using memory with run-time addresses, the virtual machine is aware of the memory sizes.

Instructions¶

The following table list all instructions except the ones for \(\mathrm{GF}(2^n)\) computation, untested ones, and those considered obsolete.

Name	Code
`CISC`	0x0	Meta instruction for emulation
`LDI`	0x1	Assign (constant) immediate value to clear register (vector)
`LDSI`	0x2	Assign (constant) immediate value to secret register (vector)
`LDMC`	0x3	Assign clear memory value(s) to clear register (vector) by immediate address
`LDMS`	0x4	Assign secret memory value(s) to secret register (vector) by immediate address
`STMC`	0x5	Assign clear register (vector) to clear memory value(s) by immediate address
`STMS`	0x6	Assign secret register (vector) to secret memory value(s) by immediate address
`LDMCI`	0x7	Assign clear memory value(s) to clear register (vector) by register address
`LDMSI`	0x8	Assign secret memory value(s) to secret register (vector) by register address
`STMCI`	0x9	Assign clear register (vector) to clear memory value(s) by register address
`STMSI`	0xa	Assign secret register (vector) to secret memory value(s) by register address
`MOVC`	0xb	Copy clear register (vector)
`MOVS`	0xc	Copy secret register (vector)
`LDTN`	0x10	Store the number of the current thread in clear integer register
`LDARG`	0x11	Store the argument passed to the current thread in clear integer register
`REQBL`	0x12	Requirement on computation modulus
`STARG`	0x13	Copy clear integer register to the thread argument
`TIME`	0x14	Output time since start of computation
`START`	0x15	Start timer
`STOP`	0x16	Stop timer
`USE`	0x17	Offline data usage
`USE_INP`	0x18	Input usage
`RUN_TAPE`	0x19	Start tape/bytecode file in another thread
`JOIN_TAPE`	0x1a	Join thread
`CRASH`	0x1b	Crash runtime if the value in the register is not zero
`USE_PREP`	0x1c	Custom preprocessed data usage
`USE_MATMUL`	0x1f	Matrix multiplication usage
`ADDC`	0x20	Clear addition
`ADDS`	0x21	Secret addition
`ADDM`	0x22	Mixed addition
`ADDCI`	0x23	Addition of clear register (vector) and (constant) immediate value
`ADDSI`	0x24	Addition of secret register (vector) and (constant) immediate value
`SUBC`	0x25	Clear subtraction
`SUBS`	0x26	Secret subtraction
`SUBML`	0x27	Subtract clear from secret value
`SUBMR`	0x28	Subtract secret from clear value
`SUBCI`	0x29	Subtraction of (constant) immediate value from clear register (vector)
`SUBSI`	0x2a	Subtraction of (constant) immediate value from secret register (vector)
`SUBCFI`	0x2b	Subtraction of clear register (vector) from (constant) immediate value
`SUBSFI`	0x2c	Subtraction of secret register (vector) from (constant) immediate value
`PREFIXSUMS`	0x2d	Prefix sum
`PICKS`	0x2e	Extract part of vector
`CONCATS`	0x2f	Concatenate vectors
`MULC`	0x30	Clear multiplication
`MULM`	0x31	Multiply secret and clear value
`MULCI`	0x32	Multiplication of clear register (vector) and (constant) immediate value
`MULSI`	0x33	Multiplication of secret register (vector) and (constant) immediate value
`DIVC`	0x34	Clear division
`DIVCI`	0x35	Division of secret register (vector) and (constant) immediate value
`MODC`	0x36	Clear modular reduction
`MODCI`	0x37	Modular reduction of clear register (vector) and (constant) immediate value
`LEGENDREC`	0x38	Clear Legendre symbol computation (a/p) over prime p (the computation modulus)
`DIGESTC`	0x39	Clear truncated hash computation
`INV2M`	0x3a	Inverse of power of two modulo prime (the computation modulus)
`FLOORDIVC`	0x3b	Clear integer floor division
`TRIPLE`	0x50	Store fresh random triple(s) in secret register (vectors)
`BIT`	0x51	Store fresh random triple(s) in secret register (vectors)
`SQUARE`	0x52	Store fresh random square(s) in secret register (vectors)
`INV`	0x53	Store fresh random inverse(s) in secret register (vectors)
`INPUTMASK`	0x56	Store fresh random input mask(s) in secret register (vector) and clear register (vector) of the relevant player
`PREP`	0x57	Store custom preprocessed data in secret register (vectors)
`DABIT`	0x58	Store fresh random daBit(s) in secret register (vectors)
`EDABIT`	0x59	Store fresh random loose edaBit(s) in secret register (vectors)
`SEDABIT`	0x5a	Store fresh random strict edaBit(s) in secret register (vectors)
`RANDOMS`	0x5b	Store fresh length-restricted random shares(s) in secret register (vectors)
`INPUTMASKREG`	0x5c	Store fresh random input mask(s) in secret register (vector) and clear register (vector) of the relevant player
`RANDOMFULLS`	0x5d	Store share(s) of a fresh secret random element in secret register (vectors)
`READSOCKETC`	0x63	Read a variable number of clear values in internal representation from socket for a specified client id and store them in clear registers
`READSOCKETS`	0x64	Read a variable number of secret shares (potentially with MAC) from a socket for a client id and store them in registers
`WRITESOCKETS`	0x66	Write a variable number of secret shares (potentially with MAC) from registers into a socket for a specified client id
`READSOCKETINT`	0x69	Read a variable number of 32-bit integers from socket for a specified client id and store them in clear integer registers
`WRITESOCKETSHARE`	0x6b	Write a variable number of shares (without MACs) from secret registers into socket for a specified client id
`LISTEN`	0x6c	Open a server socket on a party-specific port number and listen for client connections (non-blocking)
`ACCEPTCLIENTCONNECTION`	0x6d	Wait for a connection at the given port and write socket handle to clear integer register
`CLOSECLIENTCONNECTION`	0x6e	Close connection to client
`INITCLIENTCONNECTION`	0x6f	Initialize connection
`ANDC`	0x70	Logical AND of clear (vector) registers
`XORC`	0x71	Logical XOR of clear (vector) registers
`ORC`	0x72	Logical OR of clear (vector) registers
`ANDCI`	0x73	Logical AND of clear register (vector) and (constant) immediate value
`XORCI`	0x74	Logical XOR of clear register (vector) and (constant) immediate value
`ORCI`	0x75	Logical OR of clear register (vector) and (constant) immediate value
`NOTC`	0x76	Clear logical NOT of a constant number of bits of clear (vector) register
`SHLC`	0x80	Bitwise left shift of clear register (vector)
`SHRC`	0x81	Bitwise right shift of clear register (vector)
`SHLCI`	0x82	Bitwise left shift of clear register (vector) by (constant) immediate value
`SHRCI`	0x83	Bitwise right shift of clear register (vector) by (constant) immediate value
`SHRSI`	0x84	Bitwise right shift of secret register (vector) by (constant) immediate value
`JMP`	0x90	Unconditional relative jump in the bytecode (compile-time parameter)
`JMPNZ`	0x91	Conditional relative jump in the bytecode
`JMPEQZ`	0x92	Conditional relative jump in the bytecode
`EQZC`	0x93	Clear integer zero test
`LTZC`	0x94	Clear integer less than zero test
`LTC`	0x95	Clear integer less-than comparison
`GTC`	0x96	Clear integer greater-than comparison
`EQC`	0x97	Clear integer equality test
`JMPI`	0x98	Unconditional relative jump in the bytecode (run-time parameter)
`BITDECINT`	0x99	Clear integer bit decomposition
`LDINT`	0x9a	Store (constant) immediate value in clear integer register (vector)
`ADDINT`	0x9b	Clear integer register (vector) addition
`SUBINT`	0x9c	Clear integer register (vector) subtraction
`MULINT`	0x9d	Clear integer register (element-wise vector) multiplication
`DIVINT`	0x9e	Clear integer register (element-wise vector) division with floor rounding
`PRINTINT`	0x9f	Output clear integer register
`OPEN`	0xa5	Reveal secret registers (vectors) to clear registers (vectors)
`MULS`	0xa6	(Element-wise) multiplication of secret registers (vectors)
`MULRS`	0xa7	Constant-vector multiplication of secret registers
`DOTPRODS`	0xa8	Dot product of secret registers (vectors)
`TRUNC_PR`	0xa9	Probabilistic truncation if supported by the protocol
`MATMULS`	0xaa	Secret matrix multiplication from registers
`MATMULSM`	0xab	Secret matrix multiplication reading directly from memory
`CONV2DS`	0xac	Secret 2D convolution
`PRIVATEOUTPUT`	0xad	Private output to cint
`CHECK`	0xaf	Force MAC check in current thread and all idle thread if current thread is the main thread
`PRINTREG`	0xb1	Debugging output of clear register (vector)
`RAND`	0xb2	Store insecure random value of specified length in clear integer register (vector)
`PRINTREGPLAIN`	0xb3	Output clear register
`PRINTCHR`	0xb4	Output a single byte
`PRINTSTR`	0xb5	Output four bytes
`PUBINPUT`	0xb6	Store public input in clear register (vector)
`PRINTFLOATPLAIN`	0xbc	Output floating-number from clear registers
`WRITEFILESHARE`	0xbd	Write shares to `Persistence/Transactions-P<playerno>.data` (appending at the end)
`READFILESHARE`	0xbe	Read shares from `Persistence/Transactions-P<playerno>.data`
`CONDPRINTSTR`	0xbf	Conditionally output four bytes
`CONVINT`	0xc0	Convert clear integer register (vector) to clear register (vector)
`CONVMODP`	0xc1	Convert clear integer register (vector) to clear register (vector)
`LDMINT`	0xca	Assign clear integer memory value(s) to clear integer register (vector) by immediate address
`STMINT`	0xcb	Assign clear integer register (vector) to clear integer memory value(s) by immediate address
`LDMINTI`	0xcc	Assign clear integer memory value(s) to clear integer register (vector) by register address
`STMINTI`	0xcd	Assign clear integer register (vector) to clear integer memory value(s) by register address
`PUSHINT`	0xce	Pushes clear integer register to the thread-local stack
`POPINT`	0xcf	Pops from the thread-local stack to clear integer register
`MOVINT`	0xd0	Copy clear integer register (vector)
`INCINT`	0xd1	Create incremental clear integer vector
`SHUFFLE`	0xd2	Randomly shuffles clear integer vector with public randomness
`PRINTFLOATPREC`	0xe0	Set number of digits after decimal point for `print_float_plain`
`CONDPRINTPLAIN`	0xe1	Conditionally output clear register (with precision)
`NPLAYERS`	0xe2	Store number of players in clear integer register
`THRESHOLD`	0xe3	Store maximal number of corrupt players in clear integer register
`PLAYERID`	0xe4	Store current player number in clear integer register
`USE_EDABIT`	0xe5	edaBit usage
`INTOUTPUT`	0xe6	Binary integer output
`FLOATOUTPUT`	0xe7	Binary floating-point output
`FIXINPUT`	0xe8	Binary fixed-point input
`ACTIVE`	0xe9	Indicate whether program is compatible with malicious-security protocols
`PRINTREGPLAINS`	0xea	Output secret register
`CMDLINEARG`	0xeb	Load command-line argument
`INPUTMIXED`	0xf2	Store private input in secret registers (vectors)
`INPUTMIXEDREG`	0xf3	Store private input in secret registers (vectors)
`RAWINPUT`	0xf4	Store private input in secret registers (vectors)
`INPUTPERSONAL`	0xf5	Private input from cint
`SENDPERSONAL`	0xf6	Private input from cint
`SECSHUFFLE`	0xfa	Secure shuffling
`GENSECSHUFFLE`	0xfb	Generate secure shuffle to bit used several times
`APPLYSHUFFLE`	0xfc	Generate secure shuffle to bit used several times
`DELSHUFFLE`	0xfd	Delete secure shuffle
`INVPERM`	0xfe	Calculate the inverse permutation of a secret permutation
`GMULBITC`	0x136	Clear modular reduction
`GMULBITM`	0x137	Modular reduction of clear register (vector) and (constant) immediate value
`XORS`	0x200	Bitwise XOR of secret bit register vectors
`XORM`	0x201	Bitwise XOR of single secret and clear bit registers
`ANDRS`	0x202	Constant-vector AND of secret bit registers
`BITDECS`	0x203	Secret bit register decomposition
`BITCOMS`	0x204	Secret bit register decomposition
`CONVSINT`	0x205	Copy clear integer register to secret bit register
`LDBITS`	0x20a	Store immediate in secret bit register
`ANDS`	0x20b	Bitwise AND of secret bit register vector
`TRANS`	0x20c	Secret bit register vector transpose
`BITB`	0x20d	Copy fresh secret random bit to secret bit register
`ANDM`	0x20e	Bitwise AND of single secret and clear bit registers
`NOTS`	0x20f	Bitwise NOT of secret register vector
`XORCBI`	0x210	Bitwise XOR of single clear bit register and immediate
`BITDECC`	0x211	Clear bit register decomposition
`NOTCB`	0x212	Bitwise NOT of secret register vector
`CONVCINT`	0x213	Copy clear integer register to clear bit register
`REVEAL`	0x214	Reveal secret bit register vectors and copy result to clear bit register vectors
`LDMCB`	0x217	Copy clear bit memory cell with compile-time address to clear bit register
`STMCB`	0x218	Copy clear bit register to clear bit memory cell with compile-time address
`XORCB`	0x219	Bitwise XOR of two single clear bit registers
`ADDCB`	0x21a	Integer addition two single clear bit registers
`ADDCBI`	0x21b	Integer addition single clear bit register and immediate
`MULCBI`	0x21c	Integer multiplication single clear bit register and immediate
`SHRCBI`	0x21d	Right shift of clear bit register by immediate
`SHLCBI`	0x21e	Left shift of clear bit register by immediate
`CONVCINTVEC`	0x21f	Copy clear register vector by bit to clear bit register vectors
`PRINTREGSIGNED`	0x220	Signed output of clear bit register
`PRINTREGB`	0x221	Debug output of clear bit register
`PRINTREGPLAINB`	0x222	Output clear bit register
`PRINTFLOATPLAINB`	0x223	Output floating-number from clear bit registers
`CONDPRINTSTRB`	0x224	Conditionally output four bytes
`CONVCBIT`	0x230	Copy clear bit register to clear integer register
`CONVCBITVEC`	0x231	Copy clear bit register vector to clear register by bit
`LDMSB`	0x240	Copy secret bit memory cell with compile-time address to secret bit register
`STMSB`	0x241	Copy secret bit register to secret bit memory cell with compile-time address
`LDMSBI`	0x242	Copy secret bit memory cell with run-time address to secret bit register
`STMSBI`	0x243	Copy secret bit register to secret bit memory cell with run-time address
`MOVSB`	0x244	Copy secret bit register
`INPUTB`	0x246	Copy private input to secret bit register vectors
`INPUTBVEC`	0x247	Copy private input to secret bit registers bit by bit
`SPLIT`	0x248	Local share conversion
`CONVCBIT2S`	0x249	Copy clear bit register vector to secret bit register vector
`ANDRSVEC`	0x24a	Constant-vector AND of secret bit registers (vectorized version)
`LDMCBI`	0x258	Copy clear bit memory cell with run-time address to clear bit register
`STMCBI`	0x259	Copy clear bit register to clear bit memory cell with run-time address

Compiler.instructions module¶

This module contains all instruction types for arithmetic computation and general control of the virtual machine such as control flow.

The parameter descriptions refer to the instruction arguments in the right order.

class Compiler.instructions.acceptclientconnection(*args, **kwargs)[source]¶

Wait for a connection at the given port and write socket handle to clear integer register.

Param: client id destination (regint)
Param: port number (regint)

class Compiler.instructions.active(*args, **kwargs)[source]¶

Indicate whether program is compatible with malicious-security protocols.

Param: 0 for no, 1 for yes

class Compiler.instructions.addc(*args, **kwargs)[source]¶

Clear addition.

Param: result (cint)
Param: summand (cint)
Param: summand (cint)

class Compiler.instructions.addci(*args, **kwargs)[source]¶

Addition of clear register (vector) and (constant) immediate value.

Param: result (cint)
Param: summand (cint)
Param: summand (int)

class Compiler.instructions.addint(*args, **kwargs)[source]¶

Clear integer register (vector) addition.

Param: result (regint)
Param: summand (regint)
Param: summand (regint)

op(b, /)¶: Same as a + b.

class Compiler.instructions.addm(*args, **kwargs)[source]¶

Mixed addition.

Param: result (sint)
Param: summand (sint)
Param: summand (cint)

class Compiler.instructions.adds(*args, **kwargs)[source]¶

Secret addition.

Param: result (sint)
Param: summand (sint)
Param: summand (sint)

class Compiler.instructions.addsi(*args, **kwargs)[source]¶

Addition of secret register (vector) and (constant) immediate value.

Param: result (cint)
Param: summand (cint)
Param: summand (int)

class Compiler.instructions.andc(*args, **kwargs)[source]¶

Logical AND of clear (vector) registers.

Param: result (cint)
Param: operand (cint)
Param: operand (cint)

class Compiler.instructions.andci(*args, **kwargs)[source]¶

Logical AND of clear register (vector) and (constant) immediate value.

Param: result (cint)
Param: operand (cint)
Param: operand (int)

class Compiler.instructions.applyshuffle(*args, **kwargs)[source]¶

Generate secure shuffle to bit used several times.

Param: destination (sint)
Param: source (sint)
Param: number of elements to be treated as one (int)
Param: handle (regint)
Param: reverse (0/1)

class Compiler.instructions.asm_open(*args, **kwargs)[source]¶

Reveal secret registers (vectors) to clear registers (vectors).

Param: number of argument to follow (odd number)
Param: check after opening (0/1)
Param: destination (cint)
Param: source (sint)
Param: (repeat the last two)…

class Compiler.instructions.bit(*args, **kwargs)[source]¶

Store fresh random triple(s) in secret register (vectors).

Param: destination (sint)

class Compiler.instructions.bitdecint(*args, **kwargs)[source]¶

Clear integer bit decomposition.

Param: number of arguments to follow / number of bits minus one (int)
Param: source (regint)
Param: destination for least significant bit (regint)
Param: (destination for one bit higher)…

class Compiler.instructions.check(*args, **kwargs)[source]¶: Force MAC check in current thread and all idle thread if current thread is the main thread.

class Compiler.instructions.cisc[source]¶

Meta instruction for emulation. This instruction is only generated when using -K with compile.py. The header looks as follows:

Param: number of arguments after name plus one
Param: name (16 bytes, zero-padded)

Currently, the following names are supported:

LTZ

Less than zero.

param: number of arguments in this unit (must be 6)
param: vector size
param: result (sint)
param: input (sint)
param: bit length
param: (ignored)
param: (repeat)…

Trunc

Truncation.

param: number of arguments in this unit (must be 8)
param: vector size
param: result (sint)
param: input (sint)
param: bit length
param: number of bits to truncate
param: (ignored)
param: 0 for unsigned or 1 for signed
param: (repeat)…

FPDiv

Fixed-point division. Division by zero results in zero without error.

param: number of arguments in this unit (must be at least 7)
param: vector size
param: result (sint)
param: dividend (sint)
param: divisor (sint)
param: (ignored)
param: fixed-point precision
param: (repeat)…

exp2_fx

Fixed-point power of two.

param: number of arguments in this unit (must be at least 6)
param: vector size
param: result (sint)
param: exponent (sint)
param: (ignored)
param: fixed-point precision
param: (repeat)…

log2_fx

Fixed-point logarithm with base 2.

param: number of arguments in this unit (must be at least 6)
param: vector size
param: result (sint)
param: input (sint)
param: (ignored)
param: fixed-point precision
param: (repeat)…

class Compiler.instructions.closeclientconnection(*args, **kwargs)[source]¶

Close connection to client.

Param: client id (regint)

class Compiler.instructions.cmdlinearg(*args, **kwargs)[source]¶

Load command-line argument.

Param: dest (regint)
Param: index (regint)

class Compiler.instructions.concats(*args)[source]¶

Concatenate vectors.

Param: result (sint)
Param: start offset (int)
Param: input (sint)
Param: (repeat from offset)…

class Compiler.instructions.cond_print_plain(*args, **kwargs)[source]¶

Conditionally output clear register (with precision). Outputs \(x \cdot 2^p\) where \(p\) is the precision.

Param: condition (cint, no output if zero)
Param: source (cint)
Param: precision (cint)

class Compiler.instructions.cond_print_str(cond, val)[source]¶

Conditionally output four bytes.

Param: condition (cint, no output if zero)
Param: four bytes (int)

class Compiler.instructions.conv2ds(*args, **kwargs)[source]¶

Secret 2D convolution.

Param: number of arguments to follow (int)
Param: result (sint vector in row-first order)
Param: inputs (sint vector in row-first order)
Param: weights (sint vector in row-first order)
Param: output height (int)
Param: output width (int)
Param: input height (int)
Param: input width (int)
Param: weight height (int)
Param: weight width (int)
Param: stride height (int)
Param: stride width (int)
Param: number of channels (int)
Param: padding height (int)
Param: padding width (int)
Param: batch size (int)
Param: repeat from result…

class Compiler.instructions.convint(*args, **kwargs)[source]¶

Convert clear integer register (vector) to clear register (vector).

Param: destination (cint)
Param: source (regint)

class Compiler.instructions.convmodp(*args, **kwargs)[source]¶

Convert clear integer register (vector) to clear register (vector). If the bit length is zero, the unsigned conversion is used, otherwise signed conversion is used. This makes a difference when computing modulo a prime \(p\). Signed conversion of \(p-1\) results in -1 while signed conversion results in \((p-1) \mod 2^{64}\).

Param: destination (regint)
Param: source (cint)
Param: bit length (int)

class Compiler.instructions.crash(*args, **kwargs)[source]¶

Crash runtime if the value in the register is not zero.

Param: Crash condition (regint)

class Compiler.instructions.dabit(*args, **kwargs)[source]¶

Store fresh random daBit(s) in secret register (vectors).

Param: arithmetic part (sint)
Param: binary part (sbit)

class Compiler.instructions.delshuffle(*args, **kwargs)[source]¶

Delete secure shuffle.

Param: handle (regint)

class Compiler.instructions.digestc(*args, **kwargs)[source]¶

Clear truncated hash computation.

Param: result (cint)
Param: input (cint)
Param: byte length of hash value used (int)

class Compiler.instructions.divc(*args, **kwargs)[source]¶

Clear division.

Param: result (cint)
Param: dividend (cint)
Param: divisor (cint)

class Compiler.instructions.divci(*args, **kwargs)[source]¶

Division of secret register (vector) and (constant) immediate value.

Param: result (cint)
Param: dividend (cint)
Param: divisor (int)

class Compiler.instructions.divint(*args, **kwargs)[source]¶

Clear integer register (element-wise vector) division with floor rounding.

Param: result (regint)
Param: dividend (regint)
Param: divisor (regint)

op(b, /)¶: Same as a // b.

class Compiler.instructions.dotprods(*args)[source]¶

Dot product of secret registers (vectors). Note that the vectorized version works element-wise.

Param: number of arguments to follow (int)
Param: twice the dot product length plus two (I know…)
Param: result (sint)
Param: first factor (sint)
Param: first factor (sint)
Param: second factor (sint)
Param: second factor (sint)
Param: (remaining factors)…
Param: (repeat from dot product length)…

get_def()[source]¶: Return the set of registers that are written to in this instruction.

get_used()[source]¶: Return the set of registers that are read in this instruction.

class Compiler.instructions.edabit(*args, **kwargs)[source]¶

Store fresh random loose edaBit(s) in secret register (vectors). The length is the first argument minus one.

Param: number of arguments to follow / number of bits plus two (int)
Param: arithmetic (sint)
Param: binary (sbit)
Param: (binary)…

class Compiler.instructions.eqc(*args, **kwargs)[source]¶

Clear integer equality test. The result is 1 if the operands are equal and 0 otherwise.

Param: destination (regint)
Param: first operand (regint)
Param: second operand (regint)

op(b, /)¶: Same as a == b.

class Compiler.instructions.eqzc(*args, **kwargs)[source]¶

Clear integer zero test. The result is 1 for true and 0 for false.

Param: destination (regint)
Param: operand (regint)

class Compiler.instructions.fixinput(*args, **kwargs)[source]¶

Binary fixed-point input.

Param: player (int)
Param: destination (cint)
Param: exponent (int, for float/double) / byte length (1/8, for integer)
Param: input type (0: 64-bit integer, 1: float, 2: double)

class Compiler.instructions.floatoutput(*args, **kwargs)[source]¶

Binary floating-point output.

Param: player (int)
Param: significand (cint)
Param: exponent (cint)
Param: zero bit (cint)
Param: sign bit (cint)

class Compiler.instructions.floordivc(*args, **kwargs)[source]¶

Clear integer floor division.

Param: result (cint)
Param: dividend (cint)
Param: divisor (cint)

class Compiler.instructions.gensecshuffle(*args, **kwargs)[source]¶

Generate secure shuffle to bit used several times.

Param: destination (regint)
Param: size (int)

class Compiler.instructions.gtc(*args, **kwargs)[source]¶

Clear integer greater-than comparison. The result is 1 if the first operand is greater and 0 otherwise.

Param: destination (regint)
Param: first operand (regint)
Param: second operand (regint)

op(b, /)¶: Same as a > b.

class Compiler.instructions.incint(*args, **kwargs)[source]¶

Create incremental clear integer vector. For example, vector size 10, base 1, increment 2, repeat 3, and wrap 2 produces the following:

(1, 1, 1, 3, 3, 3, 1, 1, 1, 3)

This is because the first number is always the base, every number is repeated repeat times, after which increment is added, and after wrap increments the number returns to base.

Param: destination (regint)
Param: base (non-vector regint)
Param: increment (int)
Param: repeat (int)
Param: wrap (int)

class Compiler.instructions.initclientconnection(*args, **kwargs)[source]¶

Initialize connection.

Param: client id destination (regint)
Param: port number (regint)
Param: my client id (regint)
Param: hostname (variable string)

class Compiler.instructions.inputfix(*args, **kwargs)[source]¶

class Compiler.instructions.inputfloat(*args, **kwargs)[source]¶

class Compiler.instructions.inputmask(*args, **kwargs)[source]¶

Store fresh random input mask(s) in secret register (vector) and clear register (vector) of the relevant player.

Param: mask (sint)
Param: mask (cint, player only)
Param: player (int)

class Compiler.instructions.inputmaskreg(*args, **kwargs)[source]¶

Store fresh random input mask(s) in secret register (vector) and clear register (vector) of the relevant player.

Param: mask (sint)
Param: mask (cint, player only)
Param: player (regint)

class Compiler.instructions.inputmixed(name, *args)[source]¶

Store private input in secret registers (vectors). The input is read as integer or floating-point number and the latter is then converted to the internal representation using the given precision. This instruction uses compile-time player numbers.

Param: number of arguments to follow (int)
Param: type (0: integer, 1: fixed-point, 2: floating-point)
Param: destination (sint)
Param: destination (sint, only for floating-point)
Param: destination (sint, only for floating-point)
Param: destination (sint, only for floating-point)
Param: fixed-point precision or precision of floating-point significand (int, not with integer)
Param: input player (int)
Param: (repeat from type parameter)…

class Compiler.instructions.inputmixedreg(*args)[source]¶

Store private input in secret registers (vectors). The input is read as integer or floating-point number and the latter is then converted to the internal representation using the given precision. This instruction uses run-time player numbers.

Param: number of arguments to follow (int)
Param: type (0: integer, 1: fixed-point, 2: floating-point)
Param: destination (sint)
Param: destination (sint, only for floating-point)
Param: destination (sint, only for floating-point)
Param: destination (sint, only for floating-point)
Param: fixed-point precision or precision of floating-point significand (int, not with integer)
Param: input player (regint)
Param: (repeat from type parameter)…

class Compiler.instructions.inputpersonal(*args)[source]¶

Private input from cint.

Param: vector size (int)
Param: player (int)
Param: destination (sint)
Param: source (cint)
Param: (repeat from vector size)…

class Compiler.instructions.intoutput(*args, **kwargs)[source]¶

Binary integer output.

Param: player (int)
Param: regint

class Compiler.instructions.inv2m(*args, **kwargs)[source]¶

Inverse of power of two modulo prime (the computation modulus).

Param: result (cint)
Param: exponent (int)

class Compiler.instructions.inverse(*args, **kwargs)[source]¶

Store fresh random inverse(s) in secret register (vectors).

Param: value (sint)
Param: inverse (sint)

class Compiler.instructions.inverse_permutation(*args, **kwargs)[source]¶

Calculate the inverse permutation of a secret permutation.

Param: destination (sint)
Param: source (sint)

class Compiler.instructions.jmp(*args, **kwargs)[source]¶

Unconditional relative jump in the bytecode (compile-time parameter). The parameter is added to the regular jump of one after every instruction. This means that a jump of 0 results in a no-op while a jump of -1 results in an infinite loop.

Param: number of instructions (int)

class Compiler.instructions.jmpeqz(*args, **kwargs)[source]¶

Conditional relative jump in the bytecode. The parameter is added to the regular jump of one after every instruction. This means that a jump of 0 results in a no-op while a jump of -1 results in an infinite loop.

Param: condition (regint, only jump if zero)
Param: number of instructions (int)

class Compiler.instructions.jmpi(*args, **kwargs)[source]¶

Unconditional relative jump in the bytecode (run-time parameter). The parameter is added to the regular jump of one after every instruction. This means that a jump of 0 results in a no-op while a jump of -1 results in an infinite loop.

Param: number of instructions (regint)

class Compiler.instructions.jmpnz(*args, **kwargs)[source]¶

Conditional relative jump in the bytecode. The parameter is added to the regular jump of one after every instruction. This means that a jump of 0 results in a no-op while a jump of -1 results in an infinite loop.

Param: condition (regint, only jump if not zero)
Param: number of instructions (int)

class Compiler.instructions.join_tape(*args, **kwargs)[source]¶

Join thread.

Param: virtual machine thread number (int)

class Compiler.instructions.ldarg(*args, **kwargs)[source]¶

Store the argument passed to the current thread in clear integer register.

Param: destination (regint)

class Compiler.instructions.ldi(*args, **kwargs)[source]¶

Assign (constant) immediate value to clear register (vector).

Param: destination (cint)
Param: value (int)

class Compiler.instructions.ldint(*args, **kwargs)[source]¶

Store (constant) immediate value in clear integer register (vector).

Param: destination (regint)
Param: immediate (int)

class Compiler.instructions.ldmc(*args, **kwargs)[source]¶

Assign clear memory value(s) to clear register (vector) by immediate address. The vectorized version starts at the base address and then iterates the memory address.

Param: destination (cint)
Param: memory address base (int)

class Compiler.instructions.ldmci(*args, **kwargs)[source]¶

Assign clear memory value(s) to clear register (vector) by register address. The vectorized version starts at the base address and then iterates the memory address.

Param: destination (cint)
Param: memory address base (regint)

direct¶: alias of Compiler.instructions.ldmc

class Compiler.instructions.ldmint(*args, **kwargs)[source]¶

Assign clear integer memory value(s) to clear integer register (vector) by immediate address. The vectorized version starts at the base address and then iterates the memory address.

Param: destination (regint)
Param: memory address base (int)

class Compiler.instructions.ldminti(*args, **kwargs)[source]¶

Assign clear integer memory value(s) to clear integer register (vector) by register address. The vectorized version starts at the base address and then iterates the memory address.

Param: destination (regint)
Param: memory address base (regint)

direct¶: alias of Compiler.instructions.ldmint

class Compiler.instructions.ldms(*args, **kwargs)[source]¶

Assign secret memory value(s) to secret register (vector) by immediate address. The vectorized version starts at the base address and then iterates the memory address.

Param: destination (sint)
Param: memory address base (int)

class Compiler.instructions.ldmsi(*args, **kwargs)[source]¶

Assign secret memory value(s) to secret register (vector) by register address. The vectorized version starts at the base address and then iterates the memory address.

Param: destination (sint)
Param: memory address base (regint)

direct¶: alias of Compiler.instructions.ldms

class Compiler.instructions.ldsi(*args, **kwargs)[source]¶

Assign (constant) immediate value to secret register (vector).

Param: destination (sint)
Param: value (int)

class Compiler.instructions.ldtn(*args, **kwargs)[source]¶

Store the number of the current thread in clear integer register.

Param: destination (regint)

class Compiler.instructions.legendrec(*args, **kwargs)[source]¶

Clear Legendre symbol computation (a/p) over prime p (the computation modulus).

Param: result (cint)
Param: a (int)

class Compiler.instructions.listen(*args, **kwargs)[source]¶

Open a server socket on a party-specific port number and listen for client connections (non-blocking).

Param: port number (regint)

class Compiler.instructions.ltc(*args, **kwargs)[source]¶

Clear integer less-than comparison. The result is 1 if the first operand is less and 0 otherwise.

Param: destination (regint)
Param: first operand (regint)
Param: second operand (regint)

op(b, /)¶: Same as a < b.

class Compiler.instructions.ltzc(*args, **kwargs)[source]¶

Clear integer less than zero test. The result is 1 for true and 0 for false.

Param: destination (regint)
Param: operand (regint)

class Compiler.instructions.matmuls(*args, **kwargs)[source]¶

Secret matrix multiplication from registers. All matrices are represented as vectors in row-first order.

Param: result (sint vector)
Param: first factor (sint vector)
Param: second factor (sint vector)
Param: number of rows in first factor and result (int)
Param: number of columns in first factor and rows in second factor (int)
Param: number of columns in second factor and result (int)

class Compiler.instructions.matmulsm(*args, **kwargs)[source]¶

Secret matrix multiplication reading directly from memory.

Param: result (sint vector in row-first order)
Param: base address of first factor (regint value)
Param: base address of second factor (regint value)
Param: number of rows in first factor and result (int)
Param: number of columns in first factor and rows in second factor (int)
Param: number of columns in second factor and result (int)
Param: rows of first factor to use (regint vector, length as number of rows in first factor)
Param: columns of first factor to use (regint vector, length below)
Param: rows of second factor to use (regint vector, length below)
Param: columns of second factor to use (regint vector, length below)
Param: number of columns of first / rows of second factor to use (int)
Param: number of columns of second factor to use (int)

class Compiler.instructions.modc(*args, **kwargs)[source]¶

Clear modular reduction.

Param: result (cint)
Param: dividend (cint)
Param: divisor (cint)

class Compiler.instructions.modci(*args, **kwargs)[source]¶

Modular reduction of clear register (vector) and (constant) immediate value.

Param: result (cint)
Param: dividend (cint)
Param: divisor (int)

class Compiler.instructions.movc(*args, **kwargs)[source]¶

Copy clear register (vector).

Param: destination (cint)
Param: source (cint)

class Compiler.instructions.movint(*args, **kwargs)[source]¶

Copy clear integer register (vector).

Param: destination (regint)
Param: source (regint)

class Compiler.instructions.movs(*args, **kwargs)[source]¶

Copy secret register (vector).

Param: destination (cint)
Param: source (cint)

class Compiler.instructions.mulc(*args, **kwargs)[source]¶

Clear multiplication.

Param: result (cint)
Param: factor (cint)
Param: factor (cint)

class Compiler.instructions.mulci(*args, **kwargs)[source]¶

Multiplication of clear register (vector) and (constant) immediate value.

Param: result (cint)
Param: factor (cint)
Param: factor (int)

class Compiler.instructions.mulint(*args, **kwargs)[source]¶

Clear integer register (element-wise vector) multiplication.

Param: result (regint)
Param: factor (regint)
Param: factor (regint)

op(b, /)¶: Same as a * b.

class Compiler.instructions.mulm(*args, **kwargs)[source]¶

Multiply secret and clear value.

Param: result (sint)
Param: factor (sint)
Param: factor (cint)

class Compiler.instructions.mulrs(res, x, y)[source]¶

Constant-vector multiplication of secret registers.

Param: number of arguments to follow (multiple of four)
Param: vector size (int)
Param: result (sint)
Param: vector factor (sint)
Param: constant factor (sint)
Param: (repeat the last four)…

get_def()[source]¶: Return the set of registers that are written to in this instruction.

get_used()[source]¶: Return the set of registers that are read in this instruction.

class Compiler.instructions.muls(*args, **kwargs)[source]¶

(Element-wise) multiplication of secret registers (vectors).

Param: number of arguments to follow (multiple of four)
Param: vector size (int)
Param: result (sint)
Param: factor (sint)
Param: factor (sint)
Param: (repeat the last four)…

class Compiler.instructions.mulsi(*args, **kwargs)[source]¶

Multiplication of secret register (vector) and (constant) immediate value.

Param: result (sint)
Param: factor (sint)
Param: factor (int)

class Compiler.instructions.notc(*args, **kwargs)[source]¶

Clear logical NOT of a constant number of bits of clear (vector) register.

Param: result (cint)
Param: operand (cint)
Param: bit length (int)

class Compiler.instructions.nplayers(*args, **kwargs)[source]¶

Store number of players in clear integer register.

Param: destination (regint)

class Compiler.instructions.orc(*args, **kwargs)[source]¶

Logical OR of clear (vector) registers.

Param: result (cint)
Param: operand (cint)
Param: operand (cint)

class Compiler.instructions.orci(*args, **kwargs)[source]¶

Logical OR of clear register (vector) and (constant) immediate value.

Param: result (cint)
Param: operand (cint)
Param: operand (int)

class Compiler.instructions.personal_base(*args)[source]¶

class Compiler.instructions.picks(*args)[source]¶

Extract part of vector.

Param: result (sint)
Param: input (sint)
Param: start offset (int)
Param: step

class Compiler.instructions.playerid(*args, **kwargs)[source]¶

Store current player number in clear integer register.

Param: destination (regint)

class Compiler.instructions.popint(*args, **kwargs)[source]¶

Pops from the thread-local stack to clear integer register. Considered obsolete.

Param: destination (regint)

class Compiler.instructions.prefixsums(*args, **kwargs)[source]¶

Prefix sum.

Param: result (sint)
Param: input (sint)

class Compiler.instructions.prep(*args, **kwargs)[source]¶

Store custom preprocessed data in secret register (vectors).

Param: number of arguments to follow (int)
Param: tag (16 bytes / 4 units, cut off at first zero byte)
Param: destination (sint)
Param: (repeat destination)…

class Compiler.instructions.print_char(ch)[source]¶

Output a single byte.

Param: byte (int)

class Compiler.instructions.print_char4(val)[source]¶

Output four bytes.

Param: four bytes (int)

class Compiler.instructions.print_float_plain(*args, **kwargs)[source]¶

Output floating-number from clear registers.

Param: significand (cint)
Param: exponent (cint)
Param: zero bit (cint, zero output if bit is one)
Param: sign bit (cint, negative output if bit is one)
Param: NaN (cint, regular number if zero)

class Compiler.instructions.print_float_prec(*args, **kwargs)[source]¶

Set number of digits after decimal point for print_float_plain.

Param: number of digits (int)

class Compiler.instructions.print_int(*args, **kwargs)[source]¶

Output clear integer register.

Param: source (regint)

class Compiler.instructions.print_reg(reg, comment='')[source]¶

Debugging output of clear register (vector).

Param: source (cint)
Param: comment (4 bytes / 1 unit)

class Compiler.instructions.print_reg_plain(*args, **kwargs)[source]¶

Output clear register.

Param: source (cint)

class Compiler.instructions.print_reg_plains(*args, **kwargs)[source]¶

Output secret register.

Param: source (sint)

class Compiler.instructions.privateoutput(*args)[source]¶

Private output to cint.

Param: vector size (int)
Param: player (int)
Param: destination (cint)
Param: source (sint)
Param: (repeat from vector size)…

class Compiler.instructions.pubinput(*args, **kwargs)[source]¶

Store public input in clear register (vector).

Param: destination (cint)

class Compiler.instructions.pushint(*args, **kwargs)[source]¶

Pushes clear integer register to the thread-local stack. Considered obsolete.

Param: source (regint)

class Compiler.instructions.rand(*args, **kwargs)[source]¶

Store insecure random value of specified length in clear integer register (vector).

Param: destination (regint)
Param: length (regint)

class Compiler.instructions.randomfulls(*args, **kwargs)[source]¶

Store share(s) of a fresh secret random element in secret register (vectors).

Param: destination (sint)

class Compiler.instructions.randoms(*args, **kwargs)[source]¶

Store fresh length-restricted random shares(s) in secret register (vectors). This is only implemented for protocols that also implement local share conversion with split.

Param: destination (sint)
Param: length (int)

class Compiler.instructions.rawinput(*args, **kwargs)[source]¶

Store private input in secret registers (vectors). The input is read in the internal binary format according to the protocol.

Param: number of arguments to follow (multiple of two)
Param: player number (int)
Param: destination (sint)

class Compiler.instructions.readsharesfromfile(*args, **kwargs)[source]¶

Read shares from Persistence/Transactions-P<playerno>.data.

Param: number of arguments to follow / number of shares plus two (int)
Param: starting position in number of shares from beginning (regint)
Param: destination for final position, -1 for eof reached, or -2 for file not found (regint)
Param: destination for share (sint)
Param: (repeat from destination for share)…

class Compiler.instructions.readsocketc(*args, **kwargs)[source]¶

Read a variable number of clear values in internal representation from socket for a specified client id and store them in clear registers.

Param: number of arguments to follow / number of inputs minus one (int)
Param: client id (regint)
Param: vector size (int)
Param: destination (cint)
Param: (repeat destination)…

class Compiler.instructions.readsocketint(*args, **kwargs)[source]¶

Read a variable number of 32-bit integers from socket for a specified client id and store them in clear integer registers.

Param: number of arguments to follow / number of inputs minus one (int)
Param: client id (regint)
Param: vector size (int)
Param: destination (regint)
Param: (repeat destination)…

class Compiler.instructions.readsockets(*args, **kwargs)[source]¶

Read a variable number of secret shares (potentially with MAC) from a socket for a client id and store them in registers. If the protocol uses MACs, the client should be different for every party.

Param: client id (regint)
Param: vector size (int)
Param: source (sint)
Param: (repeat source)…

class Compiler.instructions.reqbl(*args, **kwargs)[source]¶

Requirement on computation modulus. Minimal bit length of prime if positive, minus exact bit length of power of two if negative.

Param: requirement (int)

class Compiler.instructions.run_tape(*args, **kwargs)[source]¶

Start tape/bytecode file in another thread.

Param: number of arguments to follow (multiple of three)
Param: virtual machine thread number (int)
Param: tape number (int)
Param: tape argument (int)
Param: (repeat the last three)…

class Compiler.instructions.secshuffle(*args, **kwargs)[source]¶

Secure shuffling.

Param: destination (sint)
Param: source (sint)

class Compiler.instructions.sedabit(*args, **kwargs)[source]¶

Store fresh random strict edaBit(s) in secret register (vectors). The length is the first argument minus one.

Param: number of arguments to follow / number of bits plus two (int)
Param: arithmetic (sint)
Param: binary (sbit)
Param: (binary)…

class Compiler.instructions.sendpersonal(*args)[source]¶

Private input from cint.

Param: vector size (int)
Param: destination player (int)
Param: destination (cint)
Param: source player (int)
Param: source (cint)
Param: (repeat from vector size)…

class Compiler.instructions.shlc(*args, **kwargs)[source]¶

Bitwise left shift of clear register (vector).

Param: result (cint)
Param: first operand (cint)
Param: second operand (cint)

class Compiler.instructions.shlci(*args, **kwargs)[source]¶

Bitwise left shift of clear register (vector) by (constant) immediate value.

Param: result (cint)
Param: first operand (cint)
Param: second operand (int)

class Compiler.instructions.shrc(*args, **kwargs)[source]¶

Bitwise right shift of clear register (vector).

Param: result (cint)
Param: first operand (cint)
Param: second operand (cint)

class Compiler.instructions.shrci(*args, **kwargs)[source]¶

Bitwise right shift of clear register (vector) by (constant) immediate value.

Param: result (cint)
Param: first operand (cint)
Param: second operand (int)

class Compiler.instructions.shrsi(*args, **kwargs)[source]¶

Bitwise right shift of secret register (vector) by (constant) immediate value. This only makes sense in connection with protocols allowing local share conversion (i.e., based on additive secret sharing modulo a power of two). Moreover, the result is not a secret sharing of the right shift of the secret value but needs to be corrected using the overflow. This is explained by Dalskov et al. in the appendix.

Param: result (sint)
Param: first operand (sint)
Param: second operand (int)

class Compiler.instructions.shuffle(*args, **kwargs)[source]¶

Randomly shuffles clear integer vector with public randomness.

Param: destination (regint)
Param: source (regint)

class Compiler.instructions.shuffle_base(*args, **kwargs)[source]¶

class Compiler.instructions.square(*args, **kwargs)[source]¶

Store fresh random square(s) in secret register (vectors).

Param: value (sint)
Param: square (sint)

class Compiler.instructions.starg(*args, **kwargs)[source]¶

Copy clear integer register to the thread argument.

Param: source (regint)

class Compiler.instructions.start(*args, **kwargs)[source]¶

Start timer.

Param: timer number (int)

class Compiler.instructions.stmc(*args, **kwargs)[source]¶

Assign clear register (vector) to clear memory value(s) by immediate address. The vectorized version starts at the base address and then iterates the memory address.

Param: source (cint)
Param: memory address base (int)

class Compiler.instructions.stmci(*args, **kwargs)[source]¶

Assign clear register (vector) to clear memory value(s) by register address. The vectorized version starts at the base address and then iterates the memory address.

Param: source (cint)
Param: memory address base (regint)

direct¶: alias of Compiler.instructions.stmc

class Compiler.instructions.stmint(*args, **kwargs)[source]¶

Assign clear integer register (vector) to clear integer memory value(s) by immediate address. The vectorized version starts at the base address and then iterates the memory address.

Param: source (regint)
Param: memory address base (int)

class Compiler.instructions.stminti(*args, **kwargs)[source]¶

Assign clear integer register (vector) to clear integer memory value(s) by register address. The vectorized version starts at the base address and then iterates the memory address.

Param: source (regint)
Param: memory address base (regint)

direct¶: alias of Compiler.instructions.stmint

class Compiler.instructions.stms(*args, **kwargs)[source]¶

Assign secret register (vector) to secret memory value(s) by immediate address. The vectorized version starts at the base address and then iterates the memory address.

Param: source (sint)
Param: memory address base (int)

class Compiler.instructions.stmsi(*args, **kwargs)[source]¶

Assign secret register (vector) to secret memory value(s) by register address. The vectorized version starts at the base address and then iterates the memory address.

Param: source (sint)
Param: memory address base (regint)

direct¶: alias of Compiler.instructions.stms

class Compiler.instructions.stop(*args, **kwargs)[source]¶

Stop timer.

Param: timer number (int)

class Compiler.instructions.subc(*args, **kwargs)[source]¶

Clear subtraction.

Param: result (cint)
Param: first operand (cint)
Param: second operand (cint)

class Compiler.instructions.subcfi(*args, **kwargs)[source]¶

Subtraction of clear register (vector) from (constant) immediate value.

Param: result (cint)
Param: first operand (int)
Param: second operand (cint)

class Compiler.instructions.subci(*args, **kwargs)[source]¶

Subtraction of (constant) immediate value from clear register (vector).

Param: result (cint)
Param: first operand (cint)
Param: second operand (int)

class Compiler.instructions.subint(*args, **kwargs)[source]¶

Clear integer register (vector) subtraction.

Param: result (regint)
Param: first operand (regint)
Param: second operand (regint)

op(b, /)¶: Same as a - b.

class Compiler.instructions.subml(*args, **kwargs)[source]¶

Subtract clear from secret value.

Param: result (sint)
Param: first operand (sint)
Param: second operand (cint)

class Compiler.instructions.submr(*args, **kwargs)[source]¶

Subtract secret from clear value.

Param: result (sint)
Param: first operand (cint)
Param: second operand (sint)

class Compiler.instructions.subs(*args, **kwargs)[source]¶

Secret subtraction.

Param: result (sint)
Param: first operand (sint)
Param: second operand (sint)

class Compiler.instructions.subsfi(*args, **kwargs)[source]¶

Subtraction of secret register (vector) from (constant) immediate value.

Param: result (sint)
Param: first operand (int)
Param: second operand (sint)

class Compiler.instructions.subsi(*args, **kwargs)[source]¶

Subtraction of (constant) immediate value from secret register (vector).

Param: result (sint)
Param: first operand (sint)
Param: second operand (int)

class Compiler.instructions.threshold(*args, **kwargs)[source]¶

Store maximal number of corrupt players in clear integer register.

Param: destination (regint)

class Compiler.instructions.time(*args, **kwargs)[source]¶: Output time since start of computation.

class Compiler.instructions.triple(*args, **kwargs)[source]¶

Store fresh random triple(s) in secret register (vectors).

Param: factor (sint)
Param: factor (sint)
Param: product (sint)

class Compiler.instructions.trunc_pr(*args, **kwargs)[source]¶

Probabilistic truncation if supported by the protocol.

Param: number of arguments to follow (multiple of four)
Param: destination (sint)
Param: source (sint)
Param: bit length of source (int)
Param: number of bits to truncate (int)

class Compiler.instructions.use(*args, **kwargs)[source]¶

Offline data usage. Necessary to avoid reusage while using preprocessing from files. Also used to multithreading for expensive preprocessing.

Param: domain (0: integer, 1: \(\mathrm{GF}(2^n)\), 2: bit)
Param: type (0: triple, 1: square, 2: bit, 3: inverse, 6: daBit)
Param: number (int, -1 for unknown)

class Compiler.instructions.use_edabit(*args, **kwargs)[source]¶

edaBit usage. Necessary to avoid reusage while using preprocessing from files. Also used to multithreading for expensive preprocessing.

Param: loose/strict (0/1)
Param: length (int)
Param: number (int, -1 for unknown)

class Compiler.instructions.use_inp(*args, **kwargs)[source]¶

Input usage. Necessary to avoid reusage while using preprocessing from files.

Param: domain (0: integer, 1: \(\mathrm{GF}(2^n)\), 2: bit)
Param: input player (int)
Param: number (int, -1 for unknown)

class Compiler.instructions.use_matmul(*args, **kwargs)[source]¶

Matrix multiplication usage. Used for multithreading of preprocessing.

Param: number of left-hand rows (int)
Param: number of left-hand columns/right-hand rows (int)
Param: number of right-hand columns (int)
Param: number (int, -1 for unknown)

class Compiler.instructions.use_prep(*args, **kwargs)[source]¶

Custom preprocessed data usage.

Param: tag (16 bytes / 4 units, cut off at first zero byte)
Param: number of items to use (int, -1 for unknown)

class Compiler.instructions.writesharestofile(*args, **kwargs)[source]¶

Write shares to Persistence/Transactions-P<playerno>.data (appending at the end).

Param: number of arguments to follow / number of shares plus one (int)
Param: position (regint, -1 for appending)
Param: source (sint)
Param: (repeat from source)…

class Compiler.instructions.writesockets(*args, **kwargs)[source]¶

Write a variable number of secret shares (potentially with MAC) from registers into a socket for a specified client id. If the protocol uses MACs, the client should be different for every party.

Param: number of arguments to follow
Param: client id (regint)
Param: message type (must be 0)
Param: vector size (int)
Param: source (sint)
Param: (repeat source)…

class Compiler.instructions.writesocketshare(*args, **kwargs)[source]¶

Write a variable number of shares (without MACs) from secret registers into socket for a specified client id.

Param: client id (regint)
Param: message type (must be 0)
Param: vector size (int)
Param: source (sint)
Param: (repeat source)…

class Compiler.instructions.xorc(*args, **kwargs)[source]¶

Logical XOR of clear (vector) registers.

Param: result (cint)
Param: operand (cint)
Param: operand (cint)

class Compiler.instructions.xorci(*args, **kwargs)[source]¶

Logical XOR of clear register (vector) and (constant) immediate value.

Param: result (cint)
Param: operand (cint)
Param: operand (int)

Compiler.GC.instructions module¶

This module constrains instructions for binary circuits. Unlike arithmetic instructions, they generally do not use the vector size in the instruction code field. Instead the number of bits affected is given as an extra argument. Also note that a register holds 64 values instead of just one as is the case for arithmetic instructions. Therefore, an instruction for 65-128 bits will affect two registers etc. Similarly, a memory cell holds 64 bits.

class Compiler.GC.instructions.BinaryCiscable(*args, **kwargs)[source]¶

class Compiler.GC.instructions.addcb(*args, **kwargs)[source]¶

Integer addition two single clear bit registers.

Param: result (cbit)
Param: summand (cbit)
Param: summand (cbit)

class Compiler.GC.instructions.addcbi(*args, **kwargs)[source]¶

Integer addition single clear bit register and immediate.

Param: result (cbit)
Param: summand (cbit)
Param: summand (int)

class Compiler.GC.instructions.andm(*args, **kwargs)[source]¶

Bitwise AND of single secret and clear bit registers.

Param: number of bits (less or equal 64)
Param: result (sbit)
Param: operand (sbit)
Param: operand (cbit)

class Compiler.GC.instructions.andrs(*args, **kwargs)[source]¶

Constant-vector AND of secret bit registers.

Param: number of arguments to follow (multiple of four)
Param: number of bits (int)
Param: result vector (sbit)
Param: vector operand (sbit)
Param: single operand (sbit)
Param: (repeat from number of bits)…

class Compiler.GC.instructions.andrsvec(*args, **kwargs)[source]¶

Constant-vector AND of secret bit registers (vectorized version).

Param: total number of arguments to follow (int)
Param: number of arguments to follow for one operation / operation vector size plus three (int)
Param: vector size (int)
Param: result vector (sbit)
Param: (repeat)…
Param: constant operand (sbits)
Param: vector operand
Param: (repeat)…
Param: (repeat from number of arguments to follow for one operation)…

class Compiler.GC.instructions.ands(*args, **kwargs)[source]¶

Bitwise AND of secret bit register vector.

Param: number of arguments to follow (multiple of four)
Param: number of bits (int)
Param: result (sbit)
Param: operand (sbit)
Param: operand (sbit)
Param: (repeat from number of bits)…

class Compiler.GC.instructions.bitb(*args, **kwargs)[source]¶

Copy fresh secret random bit to secret bit register.

Param: destination (sbit)

class Compiler.GC.instructions.bitcoms(*args, **kwargs)[source]¶

Secret bit register decomposition.

Param: number of arguments to follow / number of bits plus one (int)
Param: destination (sbit)
Param: source for least significant bit (sbit)
Param: (source for one bit higher)…

class Compiler.GC.instructions.bitdecc(*args, **kwargs)[source]¶

Clear bit register decomposition.

Param: number of arguments to follow / number of bits plus one (int)
Param: source (sbit)
Param: destination for least significant bit (sbit)
Param: (destination for one bit higher)…

class Compiler.GC.instructions.bitdecs(*args, **kwargs)[source]¶

Secret bit register decomposition.

Param: number of arguments to follow / number of bits plus one (int)
Param: source (sbit)
Param: destination for least significant bit (sbit)
Param: (destination for one bit higher)…

class Compiler.GC.instructions.cond_print_strb(cond, val)[source]¶

Conditionally output four bytes.

Param: condition (cbit, no output if zero)
Param: four bytes (int)

class Compiler.GC.instructions.convcbit(*args, **kwargs)[source]¶

Copy clear bit register to clear integer register.

Param: destination (regint)
Param: source (cbit)

class Compiler.GC.instructions.convcbit2s(*args, **kwargs)[source]¶

Copy clear bit register vector to secret bit register vector.

Param: number of bits (int)
Param: destination (sbit)
Param: source (cbit)

class Compiler.GC.instructions.convcbitvec(*args, **kwargs)[source]¶

Copy clear bit register vector to clear register by bit. This means that every element of the destination register vector will hold one bit.

Param: number of bits / vector length (int)
Param: destination (regint)
Param: source (cbit)

class Compiler.GC.instructions.convcint(*args, **kwargs)[source]¶

Copy clear integer register to clear bit register.

Param: number of bits (int)
Param: destination (cbit)
Param: source (regint)

class Compiler.GC.instructions.convcintvec(*args, **kwargs)[source]¶

Copy clear register vector by bit to clear bit register vectors. This means that the first destination will hold the least significant bits of all inputs etc.

Param: number of arguments to follow / number of bits plus one (int)
Param: source (cint)
Param: destination for least significant bits (sbit)
Param: (destination for bits one step higher)…

class Compiler.GC.instructions.convsint(*args, **kwargs)[source]¶

Copy clear integer register to secret bit register.

Param: number of bits (int)
Param: destination (sbit)
Param: source (regint)

class Compiler.GC.instructions.inputb(*args, **kwargs)[source]¶

Copy private input to secret bit register vectors. The input is read as floating-point number, multiplied by a power of two, and then rounded to an integer.

Param: number of arguments to follow (multiple of four)
Param: player number (int)
Param: number of bits in output (int)
Param: exponent to power of two factor (int)
Param: destination (sbit)

class Compiler.GC.instructions.inputbvec(*args, **kwargs)[source]¶

Copy private input to secret bit registers bit by bit. The input is read as floating-point number, multiplied by a power of two, rounded to an integer, and then decomposed into bits.

Param: total number of arguments to follow (int)
Param: number of arguments to follow for one input / number of bits plus three (int)
Param: exponent to power of two factor (int)
Param: player number (int)
Param: destination for least significant bit (sbit)
Param: (destination for one bit higher)…
Param: (repeat from number of arguments to follow for one input)…

class Compiler.GC.instructions.ldbits(*args, **kwargs)[source]¶

Store immediate in secret bit register.

Param: destination (sbit)
Param: number of bits (int)
Param: immediate (int)

class Compiler.GC.instructions.ldmcb(*args, **kwargs)[source]¶

Copy clear bit memory cell with compile-time address to clear bit register.

Param: destination (cbit)
Param: memory address (int)

class Compiler.GC.instructions.ldmcbi(*args, **kwargs)[source]¶

Copy clear bit memory cell with run-time address to clear bit register.

Param: destination (cbit)
Param: memory address (regint)

direct¶: alias of Compiler.GC.instructions.ldmcb

class Compiler.GC.instructions.ldmsb(*args, **kwargs)[source]¶

Copy secret bit memory cell with compile-time address to secret bit register.

Param: destination (sbit)
Param: memory address (int)

class Compiler.GC.instructions.ldmsbi(*args, **kwargs)[source]¶

Copy secret bit memory cell with run-time address to secret bit register.

Param: destination (sbit)
Param: memory address (regint)

direct¶: alias of Compiler.GC.instructions.ldmsb

class Compiler.GC.instructions.movsb(*args, **kwargs)[source]¶

Copy secret bit register.

Param: destination (sbit)
Param: source (sbit)

class Compiler.GC.instructions.mulcbi(*args, **kwargs)[source]¶

Integer multiplication single clear bit register and immediate.

Param: result (cbit)
Param: factor (cbit)
Param: factor (int)

class Compiler.GC.instructions.notcb(*args, **kwargs)[source]¶

Bitwise NOT of secret register vector.

Param: number of bits
Param: result (cbit)
Param: operand (cbit)

class Compiler.GC.instructions.nots(*args, **kwargs)[source]¶

Bitwise NOT of secret register vector.

Param: number of bits (less or equal 64)
Param: result (sbit)
Param: operand (sbit)

class Compiler.GC.instructions.print_float_plainb(*args, **kwargs)[source]¶

Output floating-number from clear bit registers.

Param: significand (cbit)
Param: exponent (cbit)
Param: zero bit (cbit, zero output if bit is one)
Param: sign bit (cbit, negative output if bit is one)
Param: NaN (cbit, regular number if zero)

class Compiler.GC.instructions.print_reg_plainb(*args, **kwargs)[source]¶

Output clear bit register.

Param: source (cbit)

class Compiler.GC.instructions.print_reg_signed(*args, **kwargs)[source]¶

Signed output of clear bit register.

Param: bit length (int)
Param: source (cbit)

class Compiler.GC.instructions.print_regb(reg, comment='')[source]¶

Debug output of clear bit register.

Param: source (cbit)
Param: comment (4 bytes / 1 unit)

class Compiler.GC.instructions.reveal(*args, **kwargs)[source]¶

Reveal secret bit register vectors and copy result to clear bit register vectors.

Param: number of arguments to follow (multiple of three)
Param: number of bits (int)
Param: destination (cbit)
Param: source (sbit)
Param: (repeat from number of bits)…

class Compiler.GC.instructions.shlcbi(*args, **kwargs)[source]¶

Left shift of clear bit register by immediate.

Param: destination (cbit)
Param: source (cbit)
Param: number of bits to shift (int)

class Compiler.GC.instructions.shrcbi(*args, **kwargs)[source]¶

Right shift of clear bit register by immediate.

Param: destination (cbit)
Param: source (cbit)
Param: number of bits to shift (int)

class Compiler.GC.instructions.split(*args, **kwargs)[source]¶

Local share conversion. This instruction use the vector length in the instruction code field.

Param: number of arguments to follow (number of bits times number of additive shares plus one)
Param: source (sint)
Param: first share of least significant bit
Param: second share of least significant bit
Param: (remaining share of least significant bit)…
Param: (repeat from first share for bit one step higher)…

class Compiler.GC.instructions.stmcb(*args, **kwargs)[source]¶

Copy clear bit register to clear bit memory cell with compile-time address.

Param: source (cbit)
Param: memory address (int)

class Compiler.GC.instructions.stmcbi(*args, **kwargs)[source]¶

Copy clear bit register to clear bit memory cell with run-time address.

Param: source (cbit)
Param: memory address (regint)

direct¶: alias of Compiler.GC.instructions.stmcb

class Compiler.GC.instructions.stmsb(*args, **kwargs)[source]¶

Copy secret bit register to secret bit memory cell with compile-time address.

Param: source (sbit)
Param: memory address (int)

class Compiler.GC.instructions.stmsbi(*args, **kwargs)[source]¶

Copy secret bit register to secret bit memory cell with run-time address.

Param: source (sbit)
Param: memory address (regint)

direct¶: alias of Compiler.GC.instructions.stmsb

class Compiler.GC.instructions.trans(*args, **kwargs)[source]¶

Secret bit register vector transpose. The first destination vector will contain the least significant bits of all source vectors etc.

Param: number of arguments to follow (int)
Param: number of outputs (int)
Param: destination for least significant bits (sbit)
Param: (destination for bits one step higher)…
Param: source (sbit)
Param: (source)…

class Compiler.GC.instructions.xorcb(*args, **kwargs)[source]¶

Bitwise XOR of two single clear bit registers.

Param: result (cbit)
Param: operand (cbit)
Param: operand (cbit)

class Compiler.GC.instructions.xorcbi(*args, **kwargs)[source]¶

Bitwise XOR of single clear bit register and immediate.

Param: result (cbit)
Param: operand (cbit)
Param: immediate (int)

class Compiler.GC.instructions.xorm(*args, **kwargs)[source]¶

Bitwise XOR of single secret and clear bit registers.

Param: number of bits (less or equal 64)
Param: result (sbit)
Param: operand (sbit)
Param: operand (cbit)

class Compiler.GC.instructions.xors(*args, **kwargs)[source]¶

Bitwise XOR of secret bit register vectors.

Param: number of arguments to follow (multiple of four)
Param: number of bits (int)
Param: result (sbit)
Param: operand (sbit)
Param: operand (sbit)
Param: (repeat from number of bits)…