QoL improvements

Author: Ruteri

blind-auction/ibf.go

@@ -80,9 +80,9 @@ func ChunkToElement(data [IBFChunkSize]byte) *big.Int {
 
 // ElementToChunk converts a field element back to a chunk, preserving leading zeros.
 func ElementToChunk(el *big.Int) [IBFChunkSize]byte {
-    var data [IBFChunkSize]byte
-    el.FillBytes(data[:])
-    return data
+	var data [IBFChunkSize]byte
+	el.FillBytes(data[:])
+	return data
 }
 
 // InsertChunk adds a chunk to the IBF using field addition in AuctionFieldOrder.
@@ -218,19 +218,19 @@ func (v *IBFVector) Recover() ([][IBFChunkSize]byte, error) {
 
 // Bytes serializes the IBF to a byte slice.
 func (v *IBFVector) Bytes() []byte {
-       res := binary.BigEndian.AppendUint32([]byte{}, uint32(len(v.Chunks)))
-       res = binary.BigEndian.AppendUint32(res, uint32(len(v.Chunks[0])))
-       for level := range v.Chunks {
-               for chunk := range v.Chunks[level] {
-                       res = append(res, v.Chunks[level][chunk][:]...)
-               }
-       }
-
-       for level := range v.Counters {
-               for i := range v.Counters[level] {
-                       res = binary.BigEndian.AppendUint64(res, v.Counters[level][i])
-               }
-       }
-
-       return res
+	res := binary.BigEndian.AppendUint32([]byte{}, uint32(len(v.Chunks)))
+	res = binary.BigEndian.AppendUint32(res, uint32(len(v.Chunks[0])))
+	for level := range v.Chunks {
+		for chunk := range v.Chunks[level] {
+			res = append(res, v.Chunks[level][chunk][:]...)
+		}
+	}
+
+	for level := range v.Counters {
+		for i := range v.Counters[level] {
+			res = binary.BigEndian.AppendUint64(res, v.Counters[level][i])
+		}
+	}
+
+	return res
 }

blind-auction/ibf_test.go

@@ -74,7 +74,6 @@ func TestIBFUnion(t *testing.T) {
 	ibf1els := ibf1.EncodeAsFieldElements()
 	ibf2els := ibf2.EncodeAsFieldElements()
 
-
 	// Combine the IBFs
 	combined := ibf1els
 	for i := range ibf2els {

crypto/doc.go

@@ -13,18 +13,18 @@
 // protocol implementations.
 // Note: not all cryptographic operations are constant-time (in particular field and polynomial math)
 //
-// Field Operations
+// # Field Operations
 //
 // The package supports operations in two finite fields:
 //   - MessageFieldOrder: A 513-bit field for encoding 512-bit message chunks
 //   - AuctionFieldOrder: A 384-bit field for auction-related operations
 //
-// Secret Sharing
+// # Secret Sharing
 //
 // Polynomial-based secret sharing is implemented using Neville interpolation,
 // allowing efficient reconstruction of secrets from threshold shares.
 //
-// Key Management
+// # Key Management
 //
 // The package provides Ed25519 for signing operations and X25519 for key exchange.
 // All keys include helper methods for serialization and comparison.

crypto/fields.go

@@ -26,12 +26,12 @@ func FieldAddInplace(l *big.Int, r *big.Int, fieldOrder *big.Int) *big.Int {
 	l.Add(l, r)
 	l.Mod(l, fieldOrder)
 	/*
-	for l.Cmp(fieldOrder) > 1 {
-		l = l.Sub(l, fieldOrder)
-	}
-	for l.Sign() < 0 {
-		l = l.Add(l, fieldOrder)
-	}
+		for l.Cmp(fieldOrder) > 1 {
+			l = l.Sub(l, fieldOrder)
+		}
+		for l.Sign() < 0 {
+			l = l.Add(l, fieldOrder)
+		}
 	*/
 	return l
 }
@@ -43,11 +43,11 @@ func FieldSubInplace(l *big.Int, r *big.Int, fieldOrder *big.Int) *big.Int {
 	l.Sub(l, r)
 	l.Mod(l, fieldOrder)
 	/*
-	for l.Sign() < 0 {
-		l.Add(l, fieldOrder)
-	}
-	for l.Cmp(fieldOrder) > 1 {
-		l.Sub(l, fieldOrder)
-	}*/
+		for l.Sign() < 0 {
+			l.Add(l, fieldOrder)
+		}
+		for l.Cmp(fieldOrder) > 1 {
+			l.Sub(l, fieldOrder)
+		}*/
 	return l
 }

crypto/polynomials.go

@@ -39,7 +39,7 @@ func NevilleInterpolation(xs []*big.Int, ys []*big.Int, x *big.Int, fieldOrder *
 			ps[i].Denom().Mul(ps[i].Denom(), dm.Sub(xs[i], xs[i+k]))
 		}
 	}
-	
+
 	// Convert rational result to field element: (num * denom^-1) mod fieldOrder
 	result := new(big.Int).Set(ps[0].Num())
 	denomInv := new(big.Int).ModInverse(ps[0].Denom(), fieldOrder)
@@ -52,7 +52,7 @@ func NevilleInterpolation(xs []*big.Int, ys []*big.Int, x *big.Int, fieldOrder *
 
 // DeriveBlindingVector deterministically generates a vector of blinding elements from shared secrets for the given round.
 func DeriveBlindingVector(sharedSecrets []SharedKey, round uint32, nEls int32, fieldOrder *big.Int) []*big.Int {
-	bytesPerElement := (fieldOrder.BitLen()+7)/8
+	bytesPerElement := (fieldOrder.BitLen() + 7) / 8
 	srcBytesBuf := make([]byte, int(nEls)*bytesPerElement)
 	dstBytesBuf := make([]byte, int(nEls)*bytesPerElement)
 	elBuf := make([]big.Int, nEls)
@@ -63,23 +63,24 @@ func DeriveBlindingVector(sharedSecrets []SharedKey, round uint32, nEls int32, f
 
 	// Assumes all shared secrets are the same length
 	roundKeyBuf := make([]byte, 4+len(sharedSecrets[0]))
-	binary.BigEndian.PutUint32(roundKeyBuf[:4], uint32(round)) 
+	binary.BigEndian.PutUint32(roundKeyBuf[:4], uint32(round))
 
 	workingEl := big.NewInt(0)
 
 	for _, sharedSecret := range sharedSecrets {
 		copy(roundKeyBuf[4:], sharedSecret)
 		roundSharedKey := sha3.Sum256(roundKeyBuf)
 
-		block, err := aes.NewCipher(roundSharedKey[:])
+		// 128 bit AES
+		block, err := aes.NewCipher(roundSharedKey[:16])
 		if err != nil {
 			panic(err.Error())
 		}
 
 		block.Encrypt(dstBytesBuf, srcBytesBuf)
 
 		for i := 0; i < int(nEls); i++ {
-			workingEl.SetBytes(dstBytesBuf[i*bytesPerElement:(i+1)*bytesPerElement])
+			workingEl.SetBytes(dstBytesBuf[i*bytesPerElement : (i+1)*bytesPerElement])
 			FieldAddInplace(res[i], workingEl, fieldOrder)
 		}
 	}

crypto/polynomials_test.go

@@ -1,8 +1,8 @@
 package crypto
 
 import (
-	"math/big"
 	"crypto/rand"
+	"math/big"
 	unsafe_rand "math/rand"
 	"testing"
 
@@ -145,5 +145,3 @@ func TestServerStreams(t *testing.T) {
 
 	require.Zero(t, NevilleInterpolation(bigOneTwoThree[:2], []*big.Int{s0Vector[0], s1Vector[0]}, big.NewInt(0), MessageFieldOrder).Cmp(m0))
 }
-
-

protocol/doc.go

@@ -23,23 +23,23 @@
 // # Core Protocol Flow
 //
 // 1. Message Preparation (Client):
-//    - Client determines if it won a slot in the previous round's auction
-//    - Encodes message and auction data as field elements
-//    - Creates polynomial shares using Shamir secret sharing (degree t-1 for t threshold)
-//    - Blinds each share with server-specific one-time pads
+//   - Client determines if it won a slot in the previous round's auction
+//   - Encodes message and auction data as field elements
+//   - Creates polynomial shares using Shamir secret sharing (degree t-1 for t threshold)
+//   - Blinds each share with server-specific one-time pads
 //
 // 2. Aggregation:
-//    - Aggregators sum client shares in the finite field
-//    - Multiple aggregation levels can reduce bandwidth hierarchically
+//   - Aggregators sum client shares in the finite field
+//   - Multiple aggregation levels can reduce bandwidth hierarchically
 //
 // 3. Partial Decryption (Server):
-//    - Each server removes its blinding factors from the aggregate
-//    - Creates a partial decryption share
+//   - Each server removes its blinding factors from the aggregate
+//   - Creates a partial decryption share
 //
 // 4. Reconstruction (Leader Server):
-//    - Collects partial decryptions from at least t servers
-//    - Uses polynomial interpolation to recover original messages
-//    - Decodes auction IBF to determine next round's winners
+//   - Collects partial decryptions from at least t servers
+//   - Uses polynomial interpolation to recover original messages
+//   - Decodes auction IBF to determine next round's winners
 //
 // # Cryptographic Primitives (also see crypto package)
 //
@@ -71,5 +71,4 @@
 //   - Privacy: Preserved as long as fewer than t servers collude
 //   - Anonymity: Unlinkability between rounds via fresh blinding
 //   - Availability: System operates with any t-of-n servers
-//
 package protocol

protocol/interfaces.go

@@ -13,7 +13,7 @@ type Client interface {
 	// PrepareMessage creates secret-shared messages for the current round.
 	// Returns one message per server containing the client's share.
 	PrepareMessage(ctx context.Context, round int,
-		previousRoundOutput *ServerRoundData,
+		previousRoundOutput *RoundBroadcast,
 		message []byte,
 		auctionData *blind_auction.AuctionData) ([]*ClientRoundMessage, bool, error)
 }
@@ -41,7 +41,7 @@ type Server interface {
 
 	// UnblindPartialMessages combines partial decryptions from threshold servers
 	// to produce the final broadcast containing messages and auction results.
-	UnblindPartialMessages(msgs []*ServerPartialDecryptionMessage) (*ServerRoundData, error)
+	UnblindPartialMessages(msgs []*ServerPartialDecryptionMessage) (*RoundBroadcast, error)
 }
 
 // ADCNetConfig provides configuration parameters for ADCNet components.
@@ -68,6 +68,10 @@ type ADCNetConfig struct {
 	RoundsPerWindow uint32
 }
 
+func AuctionSlotsForConfig(c *ADCNetConfig) uint32 {
+	return 2 * blind_auction.IBFVectorSize(c.AuctionSlots)
+}
+
 // AuctionResult indicates whether a client won an auction slot.
 type AuctionResult struct {
 	// ShouldSend indicates if the client won a slot.

protocol/messages.go

@@ -61,18 +61,20 @@ func (s *Signed[T]) Recover() (*T, crypto.PublicKey, error) {
 	return s.Object, s.PublicKey, nil
 }
 
+type ServerID int32
+
 // ClientRoundMessage contains a client's secret share for one server.
 type ClientRoundMessage struct {
 	RoundNumber   int
-	ServerID      int32
+	ServerID      ServerID
 	AuctionVector []*big.Int
 	MessageVector []*big.Int
 }
 
 // AggregatedClientMessages contains summed shares from multiple clients.
 type AggregatedClientMessages struct {
 	RoundNumber   int
-	ServerID      int32
+	ServerID      ServerID
 	AuctionVector []*big.Int
 	MessageVector []*big.Int
 	UserPKs       []crypto.PublicKey
@@ -113,15 +115,15 @@ func (m *AggregatedClientMessages) UnionInplace(o *AggregatedClientMessages) *Ag
 
 // ServerPartialDecryptionMessage contains a server's unblinded share for threshold reconstruction.
 type ServerPartialDecryptionMessage struct {
-	ServerID          int32
+	ServerID          ServerID
 	OriginalAggregate *AggregatedClientMessages
 	UserPKs           []crypto.PublicKey
 	AuctionVector     []*big.Int
 	MessageVector     []*big.Int
 }
 
-// ServerRoundData contains the final reconstructed broadcast for a round.
-type ServerRoundData struct {
+// RoundBroadcast contains the final reconstructed broadcast for a round.
+type RoundBroadcast struct {
 	RoundNumber   int
 	AuctionVector *blind_auction.IBFVector
 	MessageVector []byte

protocol/protocol_test.go

@@ -25,13 +25,13 @@ func TestSecretSharingClient(t *testing.T) {
 	config := &ADCNetConfig{
 		AuctionSlots:      10,
 		MessageSize:       3,
-		MinServers: 2,
+		MinServers:        2,
 		MessageFieldOrder: crypto.MessageFieldOrder,
 	}
 
 	c := &ClientMessager{
 		Config:        config,
-		SharedSecrets: map[int32]crypto.SharedKey{1: sharedSecret("c1s1"), 2: sharedSecret("c1s2"), 3: sharedSecret("c1s3")},
+		SharedSecrets: map[ServerID]crypto.SharedKey{1: sharedSecret("c1s1"), 2: sharedSecret("c1s2"), 3: sharedSecret("c1s3")},
 	}
 
 	auctionIBF := blind_auction.NewIBFVector(config.AuctionSlots)
@@ -72,7 +72,7 @@ func TestE2E(t *testing.T) {
 		AuctionSlots:      10,
 		MessageSize:       3,
 		MessageFieldOrder: crypto.MessageFieldOrder,
-		MinServers: 2,
+		MinServers:        2,
 	}
 
 	// client1PK, client1SK, _ := crypto.GenerateKeyPair()
@@ -82,7 +82,7 @@ func TestE2E(t *testing.T) {
 	for s := range servers {
 		servers[s] = &ServerMessager{
 			Config:        config,
-			ServerID:      int32(s + 1),
+			ServerID:      ServerID(s + 1),
 			SharedSecrets: make(map[string]crypto.SharedKey),
 		}
 	}
@@ -93,7 +93,7 @@ func TestE2E(t *testing.T) {
 	for c := range clients {
 		clients[c] = &ClientMessager{
 			Config:        config,
-			SharedSecrets: make(map[int32]crypto.SharedKey),
+			SharedSecrets: make(map[ServerID]crypto.SharedKey),
 		}
 		var pubkey crypto.PublicKey
 		pubkey, clientKeys[c], _ = crypto.GenerateKeyPair()
@@ -106,7 +106,7 @@ func TestE2E(t *testing.T) {
 		}
 	}
 
-	previousRoundOutput := &ServerRoundData{
+	previousRoundOutput := &RoundBroadcast{
 		RoundNumber:   1,
 		AuctionVector: blind_auction.NewIBFVector(config.AuctionSlots),
 		MessageVector: []byte{},
@@ -145,10 +145,10 @@ func TestE2E(t *testing.T) {
 	require.Len(t, talkingClients, 2)
 
 	agg := &AggregatorMessager{Config: config}
-	aggregatedMessages, err := agg.AggregateClientMessages(2, clientMsgs, clientPubkeys)
+	aggregatedMessages, err := agg.AggregateClientMessages(2, nil, clientMsgs, clientPubkeys)
 	require.NoError(t, err)
 	require.Len(t, aggregatedMessages, 3) // one message per server
-	aggregatedMessagesPerServer := make(map[int32]*AggregatedClientMessages, 3)
+	aggregatedMessagesPerServer := make(map[ServerID]*AggregatedClientMessages, 3)
 	for _, msg := range aggregatedMessages {
 		aggregatedMessagesPerServer[msg.ServerID] = msg
 	}
@@ -221,7 +221,7 @@ func BenchmarkUnblindAggregate(b *testing.B) {
 							AuctionSlots:      10,
 							MessageSize:       uint32(msgVectorSlots),
 							MessageFieldOrder: fieldOrder,
-							MinServers: 2,
+							MinServers:        2,
 						},
 						ServerID:      1,
 						SharedSecrets: sharedSecrets,
@@ -272,22 +272,22 @@ func BenchmarkUnblindMessages(b *testing.B) {
 		userPKs[i] = pubkey
 	}
 
-			for _, msgVectorSlots := range msgSizeBenches {
-	for _, nServers := range nServerBenches {
-		for _, nClients := range nClientBenches {
+	for _, msgVectorSlots := range msgSizeBenches {
+		for _, nServers := range nServerBenches {
+			for _, nClients := range nClientBenches {
 				b.Run(fmt.Sprintf("Unblind partial messages servers-%d-clients-%d-msg-%d-field-%d", nServers, nClients, msgVectorSlots, fieldOrder.BitLen()), func(b *testing.B) {
 
 					config := &ADCNetConfig{
 						AuctionSlots:      10,
 						MessageSize:       uint32(msgVectorSlots),
 						MessageFieldOrder: fieldOrder,
-						MinServers: uint32(nServers),
+						MinServers:        uint32(nServers),
 					}
 
 					pdm := make([]*ServerPartialDecryptionMessage, nServers)
 					for i := range pdm {
 						pdm[i] = &ServerPartialDecryptionMessage{
-							ServerID:          int32(i + 1),
+							ServerID:          ServerID(i + 1),
 							OriginalAggregate: &AggregatedClientMessages{RoundNumber: 1},
 							UserPKs:           userPKs[:nClients],
 							AuctionVector:     []*big.Int{},