Probabilistic truncation warning.

data61 · Oct 8, 2024 · 3319206 · 3319206
1 parent 20dfe63
commit 3319206
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/Compiler/floatingpoint.py b/Compiler/floatingpoint.py
@@ -532,6 +532,8 @@ def TruncPr(a, k, m, signed=True):
 def TruncPrRing(a, k, m, signed=True):
     if m == 0:
         return a
+    prog = program.Program.prog
+    prog.trunc_pr_warning()
     n_ring = int(program.Program.prog.options.ring)
     comparison.require_ring_size(k, 'truncation')
     if k == n_ring:
@@ -552,7 +554,6 @@ def TruncPrRing(a, k, m, signed=True):
             trunc_pr(res, a, k, m)
         else:
             # extra bit to mask overflow
-            prog = program.Program.prog
             prog.curr_tape.require_bit_length(1)
             if prog.use_edabit() or prog.use_split() > 2:
                 lower = sint.get_random_int(m)
@@ -579,6 +580,7 @@ def TruncPrField(a, k, m):
     if m == 0:
         return a
 
+    program.Program.prog.trunc_pr_warning()
     b = two_power(k-1) + a
     r_prime, r_dprime = types.sint(), types.sint()
     comparison.PRandM(r_dprime, r_prime, [types.sint() for i in range(m)],

diff --git a/Compiler/program.py b/Compiler/program.py
@@ -231,6 +231,7 @@ def __init__(self, args, options=defaults, name=None):
             self.options.cisc = not self.options.optimize_hard
         self.use_tape_calls = True
         self.force_cisc_tape = False
+        self.have_warned_trunc_pr = False
 
         Program.prog = self
         from . import comparison, instructions, instructions_base, types
@@ -653,6 +654,14 @@ def use_trunc_pr(self):
     def use_trunc_pr(self, change):
         self._use_trunc_pr = change
 
+    def trunc_pr_warning(self):
+        if not self.have_warned_trunc_pr:
+            print("WARNING: Probabilistic truncation leaks some information, "
+                  "see https://eprint.iacr.org/2024/1127 for discussion. "
+                  "Use 'sfix.round_nearest = True' to deactivate this for "
+                  "fixed-point operations.")
+        self.have_warned_trunc_pr = True
+
     def use_edabit(self, change=None):
         """Setting whether to use edaBits for non-linear
         functionality (default: false).