diff --git a/Compiler/floatingpoint.py b/Compiler/floatingpoint.py index e38185aee..8468df0e2 100644 --- a/Compiler/floatingpoint.py +++ b/Compiler/floatingpoint.py @@ -532,6 +532,8 @@ def TruncPr(a, k, m, signed=True): def TruncPrRing(a, k, m, signed=True): if m == 0: return a + prog = program.Program.prog + prog.trunc_pr_warning() n_ring = int(program.Program.prog.options.ring) comparison.require_ring_size(k, 'truncation') if k == n_ring: @@ -552,7 +554,6 @@ def TruncPrRing(a, k, m, signed=True): trunc_pr(res, a, k, m) else: # extra bit to mask overflow - prog = program.Program.prog prog.curr_tape.require_bit_length(1) if prog.use_edabit() or prog.use_split() > 2: lower = sint.get_random_int(m) @@ -579,6 +580,7 @@ def TruncPrField(a, k, m): if m == 0: return a + program.Program.prog.trunc_pr_warning() b = two_power(k-1) + a r_prime, r_dprime = types.sint(), types.sint() comparison.PRandM(r_dprime, r_prime, [types.sint() for i in range(m)], diff --git a/Compiler/program.py b/Compiler/program.py index a29b6ec93..a837fee68 100644 --- a/Compiler/program.py +++ b/Compiler/program.py @@ -231,6 +231,7 @@ def __init__(self, args, options=defaults, name=None): self.options.cisc = not self.options.optimize_hard self.use_tape_calls = True self.force_cisc_tape = False + self.have_warned_trunc_pr = False Program.prog = self from . import comparison, instructions, instructions_base, types @@ -653,6 +654,14 @@ def use_trunc_pr(self): def use_trunc_pr(self, change): self._use_trunc_pr = change + def trunc_pr_warning(self): + if not self.have_warned_trunc_pr: + print("WARNING: Probabilistic truncation leaks some information, " + "see https://eprint.iacr.org/2024/1127 for discussion. " + "Use 'sfix.round_nearest = True' to deactivate this for " + "fixed-point operations.") + self.have_warned_trunc_pr = True + def use_edabit(self, change=None): """Setting whether to use edaBits for non-linear functionality (default: false).