def server_1(self, args):
gc.disable()
s = list(utils.get_random(0, 1, self.k))
m = len(self.args)
if m <= state.config.symmetric_security_parameter:
# IKNP03 does not make sense if m <= symmetric_security_parameter
# Use the subot directly then.
self.subot.forward()
self.subot(self.args)
return None
self.subot(s)
tmp = [utils.value2bits(res, m) for res in self.subot.get_results()]
Q = zip(*tmp) # transpose tmp
del tmp
si = utils.bits2value(s)
q = [utils.bits2value(j) for j in Q]
cost_results.CostSystem.costs["theoretical"]["setup"]["accumulated"](
Send=2 *
utils.bit2byte(state.config.symmetric_security_parameter) * m)
gc.enable()
return (((xj0 ^ self.H(j, qj)).binary(),
(xj1 ^ self.H(j, qj ^ si)).binary())
for (j, qj), (xj0, xj1) in zip(enumerate(q), self.args))
def client_1(self, args):
self.args = utils.nogen(self.args)
gc.disable()
def otlist(r, T):
r = utils.bits2value(r)
for i in xrange(self.k):
ti = utils.bits2value(ithrow(T, i))
yield (ti, ti ^ r)
m = len(self.args)
if m <= state.config.symmetric_security_parameter:
# IKNP03 does not make sense if m <= symmetric_security_parameter
# Use the subot directly then.
self.subot.forward()
self.subot(self.args)
self.results = self.subot.get_results()
return None
#self.T = T = [list(utils.get_random(0, 1, self.k)) for i in xrange(m)]
l = (1 << self.k) - 1
self.T = T = [
utils.value2bits(mpz(utils.rand.randint(0, l)), self.k)
for i in xrange(m)
]
self.subot(otlist(self.args, T))
return tuple()
def Garbled_Signed_receive(src, dst, bitlen, dim, signed, force_bitlen=None, force_signed=None):
if isserver():
val, signed = _receive(src, dst)
val = value2bits(val, bitlen)
zv = Garbled.get_zero_value(src.gid)
val = bits2value(perm2plain(val, zv))
new = Unsigned(val=val, bitlen=bitlen)
_set_dst(src, dst, new)
else:
_just_receive(src, dst, bitlen, dim, signed)
def Garbled_Unsigned_receive(src, dst, bitlen, dim, signed, force_bitlen=None, force_signed=None):
if isserver():
val, signed = _receive(src, dst)
val = value2bits(val, bitlen)
zv = permbits(Garbled.get_zero_value(src.gid))
if signed:
warnings.warn("Loosing Signedness", UserWarningRepeated)
val = abs(bits2value(perm2plain(val, zv)))
else:
val = bits2value(perm2plain(val, zv))
new = Unsigned(val=val, bitlen=bitlen)
_set_dst(src, dst, new)
else:
_just_receive(src, dst, bitlen, dim, signed)
def eval(self, inputs):
"""Evaluate circuit on plain inputs"""
assert len(inputs) == len(self.inputs()), \
"#inputs must match #inputs of circuit"
u = self.num_input_bits()
k = self.num_gates()
wire_values = [None for i in xrange(u + k)] # values of wires
# assign inputs
input_desc = self.inputs()
k = 0
for ix, i in enumerate(inputs): # for each input i
v = i
l, desc = input_desc[ix]
state.log.debug("%s:", desc)
wire_values[k:k + l] = value2bits(mpz(v), l)
k += l
# evaluate gates
state.log.debug("Evaluating gates:")
for gx, g in enumerate(self.next_gate()): # for each gate
g_ins, g_tab = g
# determine index into gate table
tab_idx = 0
for i in g_ins:
tab_idx <<= 1
tab_idx |= wire_values[i]
# evaluate gate
lookup_idx = (1 << len(g_ins)) - tab_idx - 1
val = (g_tab & (1 << lookup_idx)) >> lookup_idx
wire_values[u + gx] = val
state.log.debug("%d: %s %s @ %d => %d", u + gx, g_ins, bin(g_tab),
tab_idx, val)
# read outputs
output_values = []
for out, desc, type_ in self.outputs():
trans_out = map(lambda x: wire_values[x], out)
o_val = bits2value(trans_out)
output_values.append(o_val)
return output_values
def PaillierVec_GarbledVec_send(src, dst, source_bitlen, source_dim, signed, force_bitlen=None, force_signed=None):
if force_bitlen and (force_signed or (signed and not force_signed == False)):
raise NotImplementedError("forcing bitlen on signeds is not supported now")
if force_bitlen is not None:
diff = source_bitlen - force_bitlen
source_bitlen = force_bitlen
else:
diff = 0
p = partyAttribute
if not isserver():
raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense")
# number of maximal bits in content
overallbitlen = _dimtimes(source_dim) * source_bitlen
# we have asymmetric_security_parameter bits to pack into, but need symmetric_security_parameter bits to blind
cpc = state.config.asymmetric_security_parameter - state.config.symmetric_security_parameter - 1
chunksize = cpc / source_bitlen
chunkpayloadbits = chunksize * source_bitlen
chunks = (overallbitlen - 1) / chunkpayloadbits + 1
lastchunksize = overallbitlen % chunkpayloadbits
Homomorphic = tasty.types.Homomorphic
HomomorphicVec = tasty.types.HomomorphicVec
if lastchunksize:
chunksizes = (chunks - 1) * (chunkpayloadbits, ) + (lastchunksize, )
else:
chunksizes = chunks * (chunkpayloadbits, )
if state.precompute:
if lastchunksize:
masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter) - 1, chunks - 1)) + (mpz(rand.randint(0, 2**(lastchunksize + state.config.symmetric_security_parameter) - 1)),)
else:
masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter)- 1, chunks))
if force_signed is not None:
signed = force_signed
# generate Mask values
umasks = nogen(Unsigned(val=v, bitlen=l + state.config.symmetric_security_parameter) for v, l in zip(masks, chunksizes))
# homomorphically encrypt masks
hmasks = tuple(tasty.types.Homomorphic(val=mask, signed=False) for mask in umasks)
state.active_party.push_tmpval(hmasks)
# garble first chunkpayloadbits of the masks (manual construction of garbled! Voodoo!)
mgms = []
for mask, chunksize in zip(masks, chunksizes):
state.passive_party._tmp_ = Garbled(bitlen=chunksize, signed=False, val=p)
zv = Garbled.get_zero_value(state.passive_party._tmp_.gid)
state.passive_party._tmp_[:] = plain2garbled(value2bits(mask & (1<<chunksize) - 1, chunksize), zv, state.R)
mgms.append(state.passive_party._tmp_)
state.passive_party.push_tmpval(mgms)
#raise NotImplementedError("COSTS")
# _sendcost(chunks * chunksize[0]
# send garbled masks to client
_send(mgms)
# precompute the first chunkpayloadbits for the garbled masked value
mgvs = []
for chunksize in chunksizes:
mgv = Garbled(bitlen=chunksize, passive=True, val=p, signed=False)
state.passive_party.push_tmpattr(mgv)
mgvs.append(mgv)
# precompute the unmasking and unpacking
rets = []
for mgv, mgm, chunksize in zip(mgvs, mgms, chunksizes):
ret = mgv.unpack(mgm, source_bitlen, chunksize, signed)
state.passive_party.push_tmpattr(ret)
rets.extend(ret)
rets.reverse() # packing works exactly in the oposite direction then unpacking, so reverse here to get original result back
vec = GarbledVec(bitlen=source_bitlen, dim=source_dim, val=rets)
# save shadow copy of resulting GarbledVec
_set_dst(src, dst, vec)
else: # online phase
assert signed == src.signed(), "the analyzer disagrees with the typesystems signedness"
if force_signed is not None:
signed = force_signed
if not isserver():
raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense")
# Pack the values with respecting the force_signed and force_bitlen
hmasks = state.active_party.pop_tmpval()
if force_signed is not None: # we must change it to the forced sign
origsigned = src.signed()
src._signed = force_signed
for i in src:
i._signed = force_signed
packed, _, _ = src.pack(-(state.config.symmetric_security_parameter + 1), force_bitlen=force_bitlen)
if force_signed is not None: # no change in the source, so revert changes done before pack()
src._signed = origsigned
for i in src:
i._signed = origsigned
assert len(packed) == len(hmasks), "packing error (%d packed chunks, but %d expected (%r, %r))"%(len(packed), len(hmasks), hmasks, packed)
# mask the packed values
for i, j in zip(packed, hmasks):
i += j
# send packed values to client
_send(packed)
# retrive garbled masks from tmpval-stack
mgms = state.passive_party.pop_tmpval()
# passive part for generation of garbled masked values
mgvs = []
for chunksize in chunksizes:
state.passive_party._tmp_ = state.passive_party.pop_tmpattr()
state.passive_party._tmp_ = Garbled(val=p, bitlen=chunksize, passive=True, signed=False)
mgvs.append(state.passive_party._tmp_)
# passive part of unblinding and unpacking
# rets = []
for mgm, mgv, chunksize in zip(mgms, mgvs, chunksizes):
state.passive_party._tmp_ = state.passive_party.pop_tmpattr()
def Paillier_Garbled_send(src, dst, bitlen, dim, signed, force_bitlen=None, force_signed=None):
if force_bitlen is not None:
diff = bitlen - force_bitlen
bitlen = force_bitlen
else:
diff = 0
masklen = bitlen + state.config.symmetric_security_parameter #
p = partyAttribute
if not isserver():
raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense")
if state.precompute:
if force_signed is not None:
signed = force_signed
if signed:
mask = Unsigned(val=rand.randint(2**bitlen - 1, 2**masklen - 1), bitlen=masklen)
# generate the Homomorphic blinding mask and store
else:
mask = Unsigned(val=rand.randint(0, 2**masklen - 1), bitlen=masklen)
hmask = tasty.types.Homomorphic(val=mask, signed=False)
state.active_party.push_tmpattr(hmask)
# Generate the Garbled Blinding Mask
mgm = Garbled(bitlen=bitlen, signed=False, val=p)
mgm.plainmask = mask # save the mask to be able to access it in online phase
state.passive_party.push_tmpattr(mgm) # save the new Garbled
zv = Garbled.get_zero_value(mgm.gid)
mgm[:] = plain2garbled(value2bits(mask.get_value() & ((1<<bitlen) - 1), bitlen), zv, state.R)
_sendcost(state.config.symmetric_security_parameter * bitlen)
_send(mgm)
# Precompute the garbled for the masked plain value
mgv = Garbled(bitlen=bitlen, passive=True, val=p, signed=False)
state.passive_party.push_tmpattr(mgv)
# prepare the addition circuit to remove the mask
ret = mgv.dropmsb_sub(mgm)
# save shadow copy of resulting Garbled
_set_dst(src, dst, ret)
ret.set_bit_length(bitlen)
ret._signed = False # avoid warning here
else:
assert signed == src.signed(), "the analyzer disagrees with the typesystems signedness"
if force_signed is not None:
signed = force_signed
hmask = state.active_party.pop_tmpattr()
mgm = state.passive_party.pop_tmpattr()
state.passive_party._tmp_ = state.passive_party.pop_tmpattr()
# blind the homomorphic and send to other party
hval = src + hmask
hval._bit_length -= diff # force_bitlen
_sendcost(state.config.asymmetric_security_parameter * 2)
_send(hval)
# help to encrypt the masked value into Garbled
state.passive_party._tmp_ = Garbled(bitlen=masklen + 1, passive=True, val=p, signed=signed)
# help removing the mask
ret = state.passive_party._tmp_.dropmsb_sub(mgm)
# tasty calculates theoretical worst case bitlengths. Since we know better,
# we can safely overwrite that
_set_dst(src, dst, ret)
ret.set_bit_length(bitlen)
ret._signed = hval.signed()