Support ARM architecture (#60)

When converting between slices of bytes and uint64, we can use
unsafe casting on x86-64 architecture because the byte alignment
is guaranteed. However, on ARM architecture there is a possibility
this will cause issues. Testing on an ARM VM didn't cause problems
but it is best to provide an option without unsafe casting. This
commit adds build directives where necessary to support the two
versions. Where needed, the shared functionality remains in the
original filename (bit.go). Functions which rely on unsafe casting
are in a file appended with `_amd64.go` (`bits_amdt64.go`). 
Support without unsafe casting is in a file appended with `_gen.go`
(`bits_gen.go`). The version without unsafe casting is not as
performant.

Use `-tags=generic` if running on AMD64 and you want to test the
performance of the functions that do not rely on unsafe casting.

Author: xcapaldi

README.md

@@ -3,7 +3,7 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/optable/match)](https://goreportcard.com/report/github.com/optable/match)
 [![GoDoc](https://godoc.org/github.com/optable/match?status.svg)](https://godoc.org/github.com/optable/match)
 
-An open-source set intersection protocols library written in golang. Currently only compatible with **x86-64**.
+An open-source set intersection protocols library written in golang.
 
 The goal of the match library is to provide production level implementations of various set intersection protocols. Protocols will typically tradeoff security for performance. For example, a private set intersection (PSI) protocol provides cryptographic guarantees to participants concerning their private and non-intersecting data records, and is suitable for scenarios where participants trust each other to be honest in adhering to the protocol, but still want to protect their private data while performing the intersection operation.
 

benchmark/README.md

@@ -1,6 +1,6 @@
 # Benchmarks
 
-The following scatter plot shows the results of benchmarking match attempts using different PSI algorithms on Google Cloud n2-standard-64 [general-purpose virtual machines (VMs)](https://cloud.google.com/compute/docs/general-purpose-machines#n2_machines). For each benchmark, the sender and the receiver use the same type of VM. The plot shows runtime for various PSI algorithms when the sender and receiver have an equal number of records. The BPSI used for these experiments has a false positive rate fixed at 1e-6. All the match attempts performed have an intersection size of 50m (million). [Detailed benchmarks of the KKRT protocol can be found here](KKRT.md).
+The following scatter plot shows the results of benchmarking match attempts using different PSI algorithms on Google Cloud n2-standard-64 [general-purpose virtual machines (VMs)](https://cloud.google.com/compute/docs/general-purpose-machines#n2_machines) (x84-64 architecture). For each benchmark, the sender and the receiver use the same type of VM. The plot shows runtime for various PSI algorithms when the sender and receiver have an equal number of records. The BPSI used for these experiments has a false positive rate fixed at 1e-6. All the match attempts performed have an intersection size of 50m (million). [Detailed benchmarks of the KKRT protocol can be found here](KKRT.md).
 
 <p align="center">
   <img src="scatter_equal_sets.png"/>

internal/crypto/cipher.go

@@ -1,53 +1,10 @@
 package crypto
 
 import (
-	"crypto/aes"
-	"crypto/cipher"
-
-	"github.com/alecthomas/unsafeslice"
 	"github.com/optable/match/internal/util"
-	"github.com/twmb/murmur3"
 	"github.com/zeebo/blake3"
 )
 
-// PseudorandomCode is implemented as follows:
-// C(x) = AES(1||h(x)[:15]) ||
-//        AES(2||h(x)[:15]) ||
-//        AES(3||h(x)[:15]) ||
-//        AES(4||h(x)[:15])
-// where h() is the Murmur3 hashing function.
-// PseudorandomCode is passed the src as well as the associated hash
-// index. It also requires an AES block cipher.
-// The full pseudorandom code consists of four 16 byte encrypted AES
-// blocks that are encoded into a slice of 64 bytes. The hash function is
-// constructed with the hash index as its two seeds. It is fed the full
-// ID source. It returns two uint64s which are cast to a slice of bytes.
-// The output is shifted right to allow prepending of the block index.
-// For each block, the prepended value is changed to indicate the block
-// index (1, 2, 3, 4) before being used as the source for the AES encode.
-func PseudorandomCode(aesBlock cipher.Block, src []byte, hIdx byte) []byte {
-	// prepare destination
-	dst := make([]byte, aes.BlockSize*4)
-
-	// hash id and the hash index
-	lo, hi := murmur3.SeedSum128(uint64(hIdx), uint64(hIdx), src)
-
-	// store in scratch slice
-	s := unsafeslice.ByteSliceFromUint64Slice([]uint64{lo, hi})
-	copy(s[1:], s) // shift for prepending
-
-	// encrypt
-	s[0] = 1
-	aesBlock.Encrypt(dst[:aes.BlockSize], s)
-	s[0] = 2
-	aesBlock.Encrypt(dst[aes.BlockSize:aes.BlockSize*2], s)
-	s[0] = 3
-	aesBlock.Encrypt(dst[aes.BlockSize*2:aes.BlockSize*3], s)
-	s[0] = 4
-	aesBlock.Encrypt(dst[aes.BlockSize*3:], s)
-	return dst
-}
-
 // XorCipherWithBlake3 uses the output of Blake3 XOF as pseudorandom
 // bytes to perform a XOR cipher.
 func XorCipherWithBlake3(key []byte, ind byte, src []byte) []byte {

internal/crypto/cipher_amd64.go

@@ -0,0 +1,49 @@
+// +build amd64,!generic
+
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+
+	"github.com/alecthomas/unsafeslice"
+	"github.com/twmb/murmur3"
+)
+
+// PseudorandomCode is implemented as follows:
+// C(x) = AES(1||h(x)[:15]) ||
+//        AES(2||h(x)[:15]) ||
+//        AES(3||h(x)[:15]) ||
+//        AES(4||h(x)[:15])
+// where h() is the Murmur3 hashing function.
+// PseudorandomCode is passed the src as well as the associated hash
+// index. It also requires an AES block cipher.
+// The full pseudorandom code consists of four 16 byte encrypted AES
+// blocks that are encoded into a slice of 64 bytes. The hash function is
+// constructed with the hash index as its two seeds. It is fed the full
+// ID source. It returns two uint64s which are cast to a slice of bytes.
+// The output is shifted right to allow prepending of the block index.
+// For each block, the prepended value is changed to indicate the block
+// index (1, 2, 3, 4) before being used as the source for the AES encode.
+func PseudorandomCode(aesBlock cipher.Block, src []byte, hIdx byte) []byte {
+	// prepare destination
+	dst := make([]byte, aes.BlockSize*4)
+
+	// hash id and the hash index
+	lo, hi := murmur3.SeedSum128(uint64(hIdx), uint64(hIdx), src)
+
+	// store in scratch slice
+	s := unsafeslice.ByteSliceFromUint64Slice([]uint64{lo, hi})
+	copy(s[1:], s) // shift for prepending
+
+	// encrypt
+	s[0] = 1
+	aesBlock.Encrypt(dst[:aes.BlockSize], s)
+	s[0] = 2
+	aesBlock.Encrypt(dst[aes.BlockSize:aes.BlockSize*2], s)
+	s[0] = 3
+	aesBlock.Encrypt(dst[aes.BlockSize*2:aes.BlockSize*3], s)
+	s[0] = 4
+	aesBlock.Encrypt(dst[aes.BlockSize*3:], s)
+	return dst
+}

internal/crypto/cipher_generic.go

@@ -0,0 +1,50 @@
+// +build !amd64 generic
+
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"encoding/binary"
+
+	"github.com/twmb/murmur3"
+)
+
+// PseudorandomCode is implemented as follows:
+// C(x) = AES(1||h(x)[:15]) ||
+//        AES(2||h(x)[:15]) ||
+//        AES(3||h(x)[:15]) ||
+//        AES(4||h(x)[:15])
+// where h() is the Murmur3 hashing function.
+// PseudorandomCode is passed the src as well as the associated hash
+// index. It also requires an AES block cipher.
+// The full pseudorandom code consists of four 16 byte encrypted AES
+// blocks that are encoded into a slice of 64 bytes. The hash function is
+// constructed with the hash index as its two seeds. It is fed the full
+// ID source. It returns two uint64s which are cast to a slice of bytes.
+// The output is shifted right to allow prepending of the block index.
+// For each block, the prepended value is changed to indicate the block
+// index (1, 2, 3, 4) before being used as the source for the AES encode.
+func PseudorandomCode(aesBlock cipher.Block, src []byte, hIdx byte) []byte {
+	// prepare destination
+	dst := make([]byte, aes.BlockSize*4)
+
+	// hash id and the hash index
+	lo, hi := murmur3.SeedSum128(uint64(hIdx), uint64(hIdx), src)
+
+	// store in scratch slice - shifted for prepending later
+	s := make([]byte, 1+aes.BlockSize)
+	binary.LittleEndian.PutUint64(s[1:], lo)
+	binary.LittleEndian.PutUint64(s[9:], hi)
+
+	// encrypt
+	s[0] = 1
+	aesBlock.Encrypt(dst[:aes.BlockSize], s)
+	s[0] = 2
+	aesBlock.Encrypt(dst[aes.BlockSize:aes.BlockSize*2], s)
+	s[0] = 3
+	aesBlock.Encrypt(dst[aes.BlockSize*2:aes.BlockSize*3], s)
+	s[0] = 4
+	aesBlock.Encrypt(dst[aes.BlockSize*3:], s)
+	return dst
+}

internal/hash/hash_test.go

@@ -1,11 +1,12 @@
 package hash
 
 import (
+	"crypto/aes"
 	"crypto/rand"
+	"encoding/binary"
 	"fmt"
 	"testing"
 
-	"github.com/alecthomas/unsafeslice"
 	"github.com/twmb/murmur3"
 )
 
@@ -41,11 +42,13 @@ func BenchmarkMetro(b *testing.B) {
 	}
 }
 
-func BenchmarkMurmur316Unsafe(b *testing.B) {
+func BenchmarkMurmur316(b *testing.B) {
 	src := make([]byte, 66)
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		hi, lo := murmur3.SeedSum128(0, 2, src)
-		unsafeslice.ByteSliceFromUint64Slice([]uint64{hi, lo})
+		h := make([]byte, aes.BlockSize)
+		binary.LittleEndian.PutUint64(h, lo)
+		binary.LittleEndian.PutUint64(h[8:], hi)
 	}
 }

internal/util/bits.go

@@ -5,119 +5,10 @@ import (
 	"fmt"
 	"runtime"
 	"sync"
-
-	"github.com/alecthomas/unsafeslice"
 )
 
 var ErrByteLengthMissMatch = fmt.Errorf("provided bytes do not have the same length for bit operations")
 
-// Xor casts the first part of the byte slices (length divisible
-// by 8) into uint64 and then performs XOR on the slices of uint64.
-// The excess elements that could not be cast are XORed conventionally.
-// The whole operation is performed in place. Panic if a and dst do
-// not have the same length.
-// Only tested on x86-64.
-func Xor(dst, a []byte) {
-	if len(dst) != len(a) {
-		panic(ErrByteLengthMissMatch)
-	}
-
-	castDst := unsafeslice.Uint64SliceFromByteSlice(dst)
-	castA := unsafeslice.Uint64SliceFromByteSlice(a)
-
-	for i := range castDst {
-		castDst[i] ^= castA[i]
-	}
-
-	// deal with excess bytes which could not be cast to uint64
-	// in the conventional manner
-	for j := 0; j < len(dst)%8; j++ {
-		dst[len(dst)-j-1] ^= a[len(a)-j-1]
-	}
-}
-
-// And casts the first part of the byte slices (length divisible
-// by 8) into uint64 and then performs AND on the slices of uint64.
-// The excess elements that could not be cast are ANDed conventionally.
-// The whole operation is performed in place. Panic if a and dst do
-// not have the same length.
-// Only tested on x86-64.
-func And(dst, a []byte) {
-	if len(dst) != len(a) {
-		panic(ErrByteLengthMissMatch)
-	}
-
-	castDst := unsafeslice.Uint64SliceFromByteSlice(dst)
-	castA := unsafeslice.Uint64SliceFromByteSlice(a)
-
-	for i := range castDst {
-		castDst[i] &= castA[i]
-	}
-
-	// deal with excess bytes which could not be cast to uint64
-	// in the conventional manner
-	for j := 0; j < len(dst)%8; j++ {
-		dst[len(dst)-j-1] &= a[len(a)-j-1]
-	}
-}
-
-// DoubleXor casts the first part of the byte slices (length divisible
-// by 8) into uint64 and then performs XOR on the slices of uint64
-// (first with a and then with b). The excess elements that could not
-// be cast are XORed conventionally. The whole operation is performed
-// in place. Panic if a, b and dst do not have the same length.
-// Only tested on x86-64.
-func DoubleXor(dst, a, b []byte) {
-	if len(dst) != len(a) || len(dst) != len(b) {
-		panic(ErrByteLengthMissMatch)
-	}
-
-	castDst := unsafeslice.Uint64SliceFromByteSlice(dst)
-	castA := unsafeslice.Uint64SliceFromByteSlice(a)
-	castB := unsafeslice.Uint64SliceFromByteSlice(b)
-
-	for i := range castDst {
-		castDst[i] ^= castA[i]
-		castDst[i] ^= castB[i]
-	}
-
-	// deal with excess bytes which could not be cast to uint64
-	// in the conventional manner
-	for j := 0; j < len(dst)%8; j++ {
-		dst[len(dst)-j-1] ^= a[len(a)-j-1]
-		dst[len(dst)-j-1] ^= b[len(b)-j-1]
-	}
-}
-
-// AndXor casts the first part of the byte slices (length divisible
-// by 8) into uint64 and then performs AND on the slices of uint64
-// (with a) and then performs XOR (with b). The excess elements
-// that could not be cast are operated on conventionally. The whole
-// operation is performed in place. Panic if a, b and dst do not
-// have the same length.
-// Only tested on x86-64.
-func AndXor(dst, a, b []byte) {
-	if len(dst) != len(a) || len(dst) != len(b) {
-		panic(ErrByteLengthMissMatch)
-	}
-
-	castDst := unsafeslice.Uint64SliceFromByteSlice(dst)
-	castA := unsafeslice.Uint64SliceFromByteSlice(a)
-	castB := unsafeslice.Uint64SliceFromByteSlice(b)
-
-	for i := range castDst {
-		castDst[i] &= castA[i]
-		castDst[i] ^= castB[i]
-	}
-
-	// deal with excess bytes which could not be cast to uint64
-	// in the conventional manner
-	for j := 0; j < len(dst)%8; j++ {
-		dst[len(dst)-j-1] &= a[len(a)-j-1]
-		dst[len(dst)-j-1] ^= b[len(b)-j-1]
-	}
-}
-
 // ConcurrentBitOp performs an in-place bitwise operation, f, on each
 // byte from a with dst if they are both the same length.
 func ConcurrentBitOp(f func([]byte, []byte), dst, a []byte) {