TinyLib

Since I wanted to learn Go and also to understand a bit better Yao’s garbled circuit and try to use them in practice, I ended up creating a wrapper in Golang around the TinyGarble CLI tool, to allow easier usage of it. (Easier for me at least.)

TinyGarble Wrapper

This wrapper consists in a library allowing to use the basic features of TinyGarble in your program through two methods:

func YaoServer(data string, port int)

allows to use TinyGarble with server argument on the given port.

The client can be used with

func YaoClient(data string, addr string, port int)

Both methods requires that the TinyGarble path, circuit path and number of clock cycles needed by the circuit were first setted using

func SetCircuit(tiPath string, ciPath string, clCycles int)

Other features

I also implemented some other features, which are not just wrapping around TinyGarble. For example if you want to, you can use the AES circuits provided with TinyGarble to perform AES CBC or AES CTR encryption using the following methods, for CBC mode:

func AESCBC(data string, addr string, port int, iv string) ([]string, string)

where the data may be any hexadecimal string representing the data to be encrypted. As of now their must be at least 128 bits of data. The address and port should be the IP and port of the AESServer. This methods uses ciphertext stealing to avoid the need for padding. And for CTR mode :

func AESCTR(data string, addr string, port int, iv string) ([]string, string)

where the data may be any hexadecimal string of any length. CTR mode doesn’t requires any padding. The address and port should be those of the AESServer. In order to be able to run those client function, a server should be listening on the same ports at each step. The following function allows to run a server which will stop after a given number of rounds:

func AESServer(key string, startingPort int, rounds int)

The starting port is incremented each time a new block is to be encrypted, so it should be in a range where the next ports are free. As of now, the wrapper is not yet able to establish a TCP session and then to dynamically choose which port he uses for the next block encryption. This may be a useful future extension.

Warning: in any real setup, you want to absolutely avoid using CTR mode with MPC, since it would be completely broken because of the very way one may trigger an IV reuse. (In my current setup, Eve can simply provide the same IV as Bob along with any plaintext she want to and so will be able to break Bob’s encrypted data, if she intercepted it.) On the other hand, CBC should be fine since it doesn’t expose the plaintext directly (the AES process is applied to the plaintext, unlike CTR mode).