implementation.tex

\section{Implementation}


\subsection{Runtime}

Operations on ring tensors are implemented using the \texttt{ndarray} Rust crate on
\texttt{Wrapping<u64>} and \texttt{Wrapping<u128>} scalars. Computations are executed
asynchronously via the \texttt{tokio} Rust crate by spawning a task for each operations.


\subsection{AES based PRG}
\label{sec:aes}

To efficiently sample a large batch of random bits, we use an AES-based PRG. We can produce $n \cdot 128$ random bits by calling $\mathsf{AES}_k(0), \cdots, \mathsf{AES}_k(n-1)$ with a $128$ bit key $k$.
Since AES works on $128$ bit blocks, the integer counters $0, \cdots, (n-1)$
are encoded using Little Endian format. In case one wants to retrieve a
number of $\ell$ random bits which is non-divisible by $128$, the last
$128 - \ell$ bits are discarded.

This method of generating
randomness is used in other well-known MPC libraries, such as MP-SPDZ
\cite{CCS:Keller20}, SCALE-MAMBA \cite{SCALE} or Swanky \cite{url-swanky}.
Security proofs for using fixed key AES in various MPC protocols were given
in \cite{SP:GKWY20}.

The PRNG wrapper we have built can be found in \textsf{rust/src/prng.rs} and
it is based on \cite{url-cargo-aes}.  We set the \textsf{AES} crate to
compile with special SSE3 CPU instructions whenever possible.
The PRNG key $k$ is generated using a call to \textsf{randombytes\_into}
from the Sodium Oxide rust crate \cite{url-sodiumoxide}.


% \import{key-distribution}{infra.tex}