More than two inputs #1
Description
Dear IronMask team,
I have tried out your tool recently and it worked really well for simple gadgets!
However, I have noticed that it fails for gadgets with more than two inputs due
to an assertion in circuit.c:169 where it seems to be asserted that at most two
secret inputs are allowed. Is this a limitation of IronMask, or just a legacy check?
Here is an example of two parallel HPC3 multiplication gadgets where the
unexpected assertion is triggered:
#SHARES 2
#IN a b d e
#RANDOMS r0_0_1 p0_0_1 r1_0_1 p1_0_1
#OUT c f
tmp_ra0 = ![a0]
tmp_0 = a0 * b0
tmp_c_0_0 = ![tmp_0]
tmp_1 = b1 + r0_0_1
u0_0_1 = ![tmp_1]
tmp_2 = a0 * r0_0_1
tmp_3 = tmp_2 + p0_0_1
v0_0_1 = ![tmp_3]
tmp_4 = tmp_ra0 * u0_0_1
tmp_c_0_1 = tmp_4 + v0_0_1
tmp_ra1 = ![a1]
tmp_5 = b0 + r0_0_1
u0_1_0 = ![tmp_5]
tmp_6 = a1 * r0_0_1
tmp_7 = tmp_6 + p0_0_1
v0_1_0 = ![tmp_7]
tmp_8 = tmp_ra1 * u0_1_0
tmp_c_1_0 = tmp_8 + v0_1_0
tmp_9 = a1 * b1
tmp_c_1_1 = ![tmp_9]
c0 = tmp_c_0_0 + tmp_c_0_1
c1 = tmp_c_1_0 + tmp_c_1_1
tmp_rd0 = ![d0]
tmp_10 = d0 * e0
tmp_f_0_0 = ![tmp_10]
tmp_11 = e1 + r1_0_1
u1_0_1 = ![tmp_11]
tmp_12 = d0 * r1_0_1
tmp_13 = tmp_12 + p1_0_1
v1_0_1 = ![tmp_13]
tmp_14 = tmp_rd0 * u1_0_1
tmp_f_0_1 = tmp_14 + v1_0_1
tmp_rd1 = ![d1]
tmp_15 = e0 + r1_0_1
u1_1_0 = ![tmp_15]
tmp_16 = d1 * r1_0_1
tmp_17 = tmp_16 + p1_0_1
v1_1_0 = ![tmp_17]
tmp_18 = tmp_rd1 * u1_1_0
tmp_f_1_0 = tmp_18 + v1_1_0
tmp_19 = d1 * e1
tmp_f_1_1 = ![tmp_19]
f0 = tmp_f_0_0 + tmp_f_0_1
f1 = tmp_f_1_0 + tmp_f_1_1
Best regards,
Vedad