How to transform `RSSVectorSmallType` to `RSSVectorMyType`?

[WeiViming]

Hello, @snwagh . FALCON is a nice code! Thank you for your work! Recently, I want to find a way to transform RSSVectorSmallType (is a bit vector on Z_67) to RSSVectorMyType (bit vector on Z_L). But I have not idea yet. Do you have any advice? Thanks.

[snwagh]

Thank you, if I understand correctly, ignoring the vectorization, you want a way to convert a single bit (shared modulo 67) to a single bit (shared modulo L)? Such a method is not implemented in the codebase yet. A daBit is the cryptographic primitive that you would need. For starters, you can assume access to precomputed conversions and then use the Beaver's randomization trick: given [b]_67 and using [b']_67 and [b']_L you can open c = b ⊕ b' modulo 67 and then compute c ⊕ b' modulo L.

[WeiViming]

Great! Yes, your understanding is correct. The Beaver's trick is helpful! Thank you for your advice. Can this trick be vectorized? Actually, I want to compute A=BC, where [A]_L, [B]_67, [C]_L. This is why I need to find a way to transform [b]_67 into [b]_L.

[WeiViming]

Maybe the Select Shares protocol can help me with this computation. Right? :)

[snwagh]

The trick can be vectorized so extends without any additional lower level implementation.

About the A=BC computation, the Select Shares protocol is a good reference as it has a lot of the relevant code but it performs a slightly different computation. First, elements of B are boolean shares (note that elements of Z_67 and Z_2 are both stored using the smallType datatype using 8 bits) whereas in your case they are sharing over Z_67. And second, the functionality is reversed in the sense that A=C if B=0 and A=0 if B=1; so the functionality is more like A=(1-B)C. With these differences, especially the first, the code will give you incorrect results if used directly.

[WeiViming]

Yes, I see the comment on SS functionality. As you say, the SS functionality is more like A=(1-B)C. If I consider B is a bit sharing over Z_2, how can I convert [B]_2 to [\neg B]_2 in secret share form? Is the Falcon codebase implement or not? In this way, I can compute A=BC by using SS, where [B]_2. Isn't it? :)

Update: I have finished this computation in this way. Really thanks for your help!

[snwagh]

Two things

• if B is indeed boolean sharing i.e., shares of either 0 or 1 (but using the smallType datatype) then [\neg B]_2 is a simple local computation and can be realized as 1 XOR B, i.e., flipping one bit share locally (if B has shares B_0, B_1 B_2, then locally changing B_0 to B_0 ^ 1). This should be withing the codebase and yes you can compute A=BC combining these two.
• in case B is shares of bit but over Z_67, you'll need something on the conversion I talked about in my previous computation and the rest of the code on these lines.

[WeiViming]

Thank you very much! :)