def convert_shares(b: int, share: ModularInt, instr_id: int, δ: float, M: int,
G: ModularGroup, φ: PRF) -> ModularInt:
φ_prime = Get_phi_prime(instr_id, φ)
if b == 1: share = share.inv()
i_b = distributed_d_log(G, share, δ, M, φ_prime)
additive_share = (G.order - i_b) if b == 0 else i_b
additive_share = ModularInt(additive_share, G.order)
return additive_share
def test_biterate(self):
x = ModularInt(0b0000000000000000010101111, 2**8)
bits = list( biterate(x) )
self.assertEqual(len(bits), 8)
correct = [1,1,1,1,0,1,0,1]
for (correct_bit, bit) in zip(correct, bits):
self.assertEqual(correct_bit, bit)
y = ModularInt(1, 2**8)
bits = list( biterate(y) )
self.assertEqual(len(bits), 8)
correct = [1,0,0,0,0,0,0,0]
for (correct_bit, bit) in zip(correct, bits):
self.assertEqual(correct_bit, bit)
def gen(λ: int) -> SharingScheme:
"""
:param λ: Number of bits of security
:returns: Tuple of (public key, eval key 1, eval key 2)
"""
(G, e, c) = cryptosystem(λ)
n = G.divisor
g = G.generator
one_enc = enc_elgamal(G, e, 1)
c_encs = bitwise_enc(G, e, c)
one_share = tuple(
ModularInt(x, G.order) for x in additive_share(1, G.order))
c_share = tuple(ModularInt(x, G.order) for x in additive_share(c, G.order))
pk = (G, e, one_enc, c_encs)
ek_0 = (pk, one_share[0], c_share[0])
ek_1 = (pk, one_share[1], c_share[1])
φ = PRFGen(G)
return (pk, ek_0, ek_1, φ)
def test_enc(self):
(pk, ekA, ekB, _) = gen(8)
(G, e, one_enc, c_enc_bits) = pk
c = ekA[2] + ekB[2]
w = random.randrange(G.order)
(w_enc, prod_encs) = enc(pk, w)
self.assertEqual(w, dec_elgamal(G, c, w_enc))
correct_prod_bits = list(map(lambda b: w*b, biterate(ModularInt(c,G.order))))
cand_prod_bits = list(map(lambda b: dec_elgamal(G, c, b), prod_encs))
self.assertEqual(correct_prod_bits, cand_prod_bits)
def bitwise_enc(G: ModularGroup, e: ModularInt, c: int) -> List[ModularInt]:
return [enc_elgamal(G, e, c_t) for c_t in biterate(ModularInt(c, G.order))]
def _compare_bits(self, G, e, c, c_enc_bits):
correct_c_bits = list(biterate(ModularInt(c, G.order)))
self.assertEqual(len(correct_c_bits), len(c_enc_bits))
cand_c_bits = map(lambda b: dec_elgamal(G, c, b), c_enc_bits)
for (correct_bit, cand_bit) in zip(correct_c_bits, cand_c_bits):
self.assertEqual(correct_bit, cand_bit)
def test_bit_length(self):
divisors = [2, 3, 4, 5]
correct = [1, 2, 2, 3]
for (div, correct) in zip(divisors, correct):
self.assertEqual( bit_length(ModularInt(1, div)), correct )