def main(tv):
yield declareReturnNop(tv, Zp)
x, y, z = tv.shamir_share([1, 2, 3], Zp, input)
product = x * y * z
opened_product = yield tv.open(product)
print "Product:", opened_product.value
tv.shutdown()
def main(tv):
yield declareReturnNop(tv, Zp)
a, b, c = tv.shamir_share([1, 2, 3], Zp, input1)
x, y, z = tv.shamir_share([1, 2, 3], Zq, input2)
d = yield tv.open(tv.mul(tv.mul(a, b), c))
w = yield tv.open(tv.mul(tv.mul(x, y), z))
def check(result, field, expected):
if result == expected:
print "%s: %s (correct)" % (field, result.value)
else:
print "%s: %s (incorrect, expected %d)" % (field, result.value,
expected)
check(d, "Zp", Zp(base - 1) * Zp(base - 2) * Zp(base - 3))
check(w, "Zq", Zq(base + 1) * Zq(base + 2) * Zq(base + 3))
tv.shutdown()
def main(rt):
global tv
tv = rt
T = load_tableau(tv.options.tableau)
k = tv.options.security_parameter
l = tv.options.bit_length
m = len(T) - 1
n = len(T[0]) - 1
N = m + n
if N % 4 == 0: N += 1
p = 1 + N * (1 + (N**2) % 4 + 4 * (2**(l + k + 1) / N))
while not is_prime(p):
p += 4 * N
Zp = GF(p)
yield declareReturnNop(tv, Zp)
for i in xrange(len(T)):
for j in xrange(len(T[0])):
T[i][j] = Share(tv, Zp, Zp(T[i][j]))
w = Zp(2)**((p - 1) / N) # lucky choice 2
w_powers = [Zp(1)]
for _ in xrange(N - 1):
w_powers.append(w_powers[-1] * w)
basis = [Share(tv, Zp, w_powers[-(i + n)]) for i in xrange(m)]
cobasis = [Share(tv, Zp, w_powers[-j]) for j in xrange(n)]
iter = 0
prev_pivot = Share(tv, Zp, Zp(1))
print "%d Termination?..." % iter
min, p_col_index = int_minimal(T[-1][:-1])
while (yield tv.open(min < 0)):
iter += 1
print "%d Determining pivot..." % iter
p_col = [tv.in_prod(T[i][:-1], p_col_index) for i in xrange(m + 1)]
constraints = [(T[i][-1] + (p_col[i] <= 0), p_col[i])
for i in xrange(m)]
(_, pivot), p_row_index = frac_minimal(constraints)
print "%d Updating tableau..." % iter
# swap basis entries
minplus = map(operator.neg, p_row_index) + p_col_index
row_col_ind = tv.in_prod(basis + cobasis, minplus)
h = tv.scalar_mul(row_col_ind, minplus)
for i in xrange(m):
basis[i] -= h[i]
for j in xrange(n):
cobasis[j] -= h[m + j]
# T[i,j] = T[i,j]*p/p' - (C[i]/p' - p_row_index[i])*(R[j] + p * p_col_index[j])
prev_p_inv = ~prev_pivot
p_col = tv.scalar_mul(prev_p_inv, p_col)
for i in xrange(m):
p_col[i] -= p_row_index[i]
p_row = [
tv.in_prod([T[i][j] for i in xrange(m)], p_row_index)
for j in xrange(n + 1)
]
delta_row = tv.scalar_mul(prev_pivot, p_col_index)
for j in xrange(n):
p_row[j] += delta_row[j]
T = tv.gauss(T, pivot * prev_p_inv, p_col, p_row)
prev_pivot = pivot
print "%d Termination?..." % iter
min, p_col_index = int_minimal(T[-1][:-1])
print "Termination..."
max = yield tv.open(T[-1][-1])
cd = yield tv.open(prev_pivot)
print " max(f) = %d / %d" % (max.value, cd.value)
print "Computing solution..."
solution = [0] * n
for i in xrange(m):
x_powers = pow_list(T[i][-1] * ~Zp(N), basis[i], N)
for j in xrange(n):
coefs = [w_powers[(j * k) % N] for k in xrange(N)]
solution[j] += tv.lin_comb(coefs, x_powers)
solution = yield map(tv.open, solution)
print "Computing dual solution..."
dual_solution = [0] * m
for j in xrange(n):
x_powers = pow_list(T[-1][j] * ~Zp(N), cobasis[j], N)
for i in xrange(m):
coefs = [w_powers[((n + i) * k) % N] for k in xrange(N)]
dual_solution[i] += tv.lin_comb(coefs, x_powers)
dual_solution = yield map(tv.open, dual_solution)
file = open(os.path.join("data", certificate_filename), "w")
file.write('# tableau = \n' + options.tableau + '\n')
file.write('# modulus = \n' + str(p) + '\n')
file.write('# bit-length = \n' + str(tv.options.bit_length) + '\n')
file.write('# security param = \n' + str(tv.options.security_parameter) +
'\n')
file.write('# threshold = \n' + str(tv.threshold) + '\n')
file.write('# common divisor = \n' + str(cd.value) + '\n')
file.write('# Solution = \n')
for j in xrange(len(solution)):
file.write(str(solution[j].value) + '\t')
file.write('\n')
file.write('# Dual Solution = \n')
for i in xrange(len(dual_solution)):
file.write(str(dual_solution[i].value) + '\t')
file.write('\n')
file.close()
tv.shutdown()
def run(runtime):
yield declareReturnNop(runtime, runtime.Zp)
global config
npoints = int(config.get("main", "npoints"))
ninputters = int(config.get("main", "ninputters"))
perblock = int(config.get("main", "perblock"))
nblocks = (npoints + perblock - 1) / perblock
print "Welcome"
shs = vc_read_additive_shares(runtime, runtime.Zp, "input",
range(1, ninputters + 1))
ds = []
es = []
vs = []
rs = []
for i in xrange(nblocks):
print "Block", i
vc_start(runtime, "block", "block" + str(i))
shcur, rndcur = vc_import_additive_shares(runtime, shs,
4 * i * perblock,
4 * perblock, i, nblocks)
vc_declare_block(runtime, shcur, rndcur, "input")
dsm = None
esm = None
vsm = None
for j in xrange(perblock):
#print "Point", j
d, e, v = inner(runtime, shcur[4 * j + 0], shcur[4 * j + 1],
shcur[4 * j + 2], shcur[4 * j + 3])
if j == 0: # TODO: clean this up
dsm = d
esm = e
vsm = v
else:
dsm = dsm + d
esm = esm + e
vsm = vsm + v
rndi = VcShare.random(runtime)
vc_declare_block(runtime, [dsm, esm, vsm], rndi, "output")
ds.append(dsm)
es.append(esm)
vs.append(vsm)
rs.append(rndi)
d = sum([di.sh for di in ds])
e = sum([ei.sh for ei in es])
v = sum([vi.sh for vi in vs])
r = sum([
ri.sh for ri in rs
]) # TODO: we have to rely on the specific shape of the randomness here...
vc_start(runtime, "fin", "fin")
dv, ev, vv = map(lambda x: VcShare.from_share(runtime, x), [d, e, v])
rndcur = VcShare.from_share(runtime, r)
vc_declare_block(runtime, [dv, ev, vv], rndcur, "input")
chi = fin(runtime, dv, ev, vv)
chis = chi.ensure_single(runtime)
chio = yield chis.open()
chio = runtime.get_value(chio)
print "Final result: chi statistic=", chio, ", p-value=", 1 - chi2.cdf(
chio, 1)
vc_output_open(
runtime,
vc_declare_block(runtime, [chis], VcShare.random(runtime), "output"))
print "Done."
def main(runtime):
tv = runtime
# This is the value we will use in the protocol.
millions = rand.randint(1, 200)
print "I am Millionaire %d and I am worth %d millions." \
% (tv.id, millions)
# For the comparison protocol to work, we need a sufficiently
# large field modulus.
k = tv.options.security_parameter
l = tv.options.bit_length
ln = len(tv.players).bit_length()
Zp = GF(find_prime(2**(l + k + ln + 1), blum=True))
yield declareReturnNop(tv, Zp)
# We must secret share our input with the other parties. They
# will do the same and we end up with three variables
m1, m2, m3 = tv.shamir_share([1, 2, 3], Zp, millions)
# Now that everybody has secret shared their inputs we can
# compare them. We compare the worth of the first millionaire
# with the two others, and compare those two millionaires with
# each other.
m1_ge_m2 = m1 >= m2
m1_ge_m3 = m1 >= m3
m2_ge_m3 = m2 >= m3
# The results are secret shared, so we must open them before
# we can do anything usefull with them.
open_m1_ge_m2 = tv.open(m1_ge_m2)
open_m1_ge_m3 = tv.open(m1_ge_m3)
open_m2_ge_m3 = tv.open(m2_ge_m3)
# We will now gather the results.
m1_ge_m2, m1_ge_m3, m2_ge_m3 = yield open_m1_ge_m2, open_m1_ge_m3, open_m2_ge_m3
# We can establish the correct order of Millionaires 2 and 3.
if m2_ge_m3:
comparison = [3, 2]
else:
comparison = [2, 3]
# We only have to insert Millionaire 1 in the correct spot.
if m1_ge_m2 and m1_ge_m3:
# Millionaire 1 is largest.
comparison = comparison + [1]
elif not m1_ge_m2 and not m1_ge_m3:
# Millionaire 1 is smallest.
comparison = [1] + comparison
else:
# Millionaire 1 is between the others.
comparison = [comparison[0], 1, comparison[1]]
print "From poorest to richest:"
for id in comparison:
if id == tv.id:
print " Millionaire %d (%d millions)" % (id, millions)
else:
print " Millionaire %d" % id
tv.shutdown()