gcd, h, k = cryptok.egcd(e1, e2) print("gcd: ", gcd) print("h: ", h) print("k: ", k) # Test if correct print("h*e1+k*e2 == 1: ", h * e1 + k * e2 == 1) # We can now say that # m = m^1 = m^(h*e1 + k*e2) mod n # = (m^e1)^h * (m^e2)^k mod n # = c1^h * c2^k mod n ...and we have that :) # But, since k is negative: # c2^k mod n = (c2^-1)^|k|. Lets find the inverse c2_inv = cryptok.modular_inverse(c2, n) print("c2_inv: ", c2_inv) k = abs(k) # and we can use the absolute value of k now # So, m = c1 ** h + c2_inv ** k mod n # Sadly, this overflows using the power operator, so we need to apply fast exponentiation # m = c1 ** h * c2 ** k mod n # m = ((c1 ** h) mod n) * (c2 ** k) mod n) mod n c1_power_h_mod_n = cryptok.fast_exp(c1, h, n) c2_power_k_mod_n = cryptok.fast_exp(c2_inv, k, n) print("fast_exp(c1, h, n): ", c1_power_h_mod_n) print("fast_exp(c2_inv, k, n): ", c2_power_k_mod_n)
# No voters selected 0, Yes voters Selected 1. # Determine the result of the election given the Paillier keys below. # -Paillier public key is 1110875290280920009961998978166106038302156763 # -Paillier private key phi(N) is 1110875290280920009961932304108708457006287400 #Given Information # PK N = 1110875290280920009961998978166106038302156763 # SK phi_N = 1110875290280920009961932304108708457006287400 # Precalculate the inverse of phy_N mod N, for efficiency inverse_phy_N = cryptok.modular_inverse(phi_N, N) print("inverse_phy_N: ", inverse_phy_N) # Precalculate the second power of N, for efficiency N_power_2 = N ** 2 # Auxiliary functions def readVotes(filename): """Reads the votes from a file (Specific to the exercise). Reads the ciphertexts of votes from a file where each line follows this format: Encrypted vote 999 is 583774516394803398092108966834984381238573894741794012923645838732245187126090513945406013 Args: filename: Relative or full path of the input file.
# No voters selected 0, Yes voters Selected 1. # Determine the result of the election given the Paillier keys below. # -Paillier public key is 1110875290280920009961998978166106038302156763 # -Paillier private key phi(N) is 1110875290280920009961932304108708457006287400 #Given Information # PK N = 1110875290280920009961998978166106038302156763 # SK phi_N = 1110875290280920009961932304108708457006287400 # Precalculate the inverse of phy_N mod N, for efficiency inverse_phy_N = cryptok.modular_inverse(phi_N, N) print("inverse_phy_N: ", inverse_phy_N) # Precalculate the second power of N, for efficiency N_power_2 = N**2 # Auxiliary functions def readVotes(filename): """Reads the votes from a file (Specific to the exercise). Reads the ciphertexts of votes from a file where each line follows this format: Encrypted vote 999 is 583774516394803398092108966834984381238573894741794012923645838732245187126090513945406013 Args:
gcd, h, k = cryptok.egcd(e1, e2) print("gcd: ", gcd) print("h: ", h) print("k: ", k) # Test if correct print("h*e1+k*e2 == 1: ", h*e1+k*e2 == 1) # We can now say that # m = m^1 = m^(h*e1 + k*e2) mod n # = (m^e1)^h * (m^e2)^k mod n # = c1^h * c2^k mod n ...and we have that :) # But, since k is negative: # c2^k mod n = (c2^-1)^|k|. Lets find the inverse c2_inv = cryptok.modular_inverse(c2, n) print("c2_inv: ", c2_inv) k = abs(k) # and we can use the absolute value of k now # So, m = c1 ** h + c2_inv ** k mod n # Sadly, this overflows using the power operator, so we need to apply fast exponentiation # m = c1 ** h * c2 ** k mod n # m = ((c1 ** h) mod n) * (c2 ** k) mod n) mod n c1_power_h_mod_n = cryptok.fast_exp(c1, h, n) c2_power_k_mod_n = cryptok.fast_exp(c2_inv, k, n) print("fast_exp(c1, h, n): ", c1_power_h_mod_n) print("fast_exp(c2_inv, k, n): ", c2_power_k_mod_n)