gcd, h, k = cryptok.egcd(e1, e2)
print("gcd: ", gcd)
print("h: ", h)
print("k: ", k)
# Test if correct
print("h*e1+k*e2 == 1: ", h * e1 + k * e2 == 1)
# We can now say that
# m = m^1 = m^(h*e1 + k*e2) mod n
# = (m^e1)^h * (m^e2)^k mod n
# = c1^h * c2^k mod n ...and we have that :)
# But, since k is negative:
# c2^k mod n = (c2^-1)^|k|. Lets find the inverse
c2_inv = cryptok.modular_inverse(c2, n)
print("c2_inv: ", c2_inv)
k = abs(k) # and we can use the absolute value of k now
# So, m = c1 ** h + c2_inv ** k mod n
# Sadly, this overflows using the power operator, so we need to apply fast exponentiation
# m = c1 ** h * c2 ** k mod n
# m = ((c1 ** h) mod n) * (c2 ** k) mod n) mod n
c1_power_h_mod_n = cryptok.fast_exp(c1, h, n)
c2_power_k_mod_n = cryptok.fast_exp(c2_inv, k, n)
print("fast_exp(c1, h, n): ", c1_power_h_mod_n)
print("fast_exp(c2_inv, k, n): ", c2_power_k_mod_n)
# No voters selected 0, Yes voters Selected 1.
# Determine the result of the election given the Paillier keys below.
# -Paillier public key is 1110875290280920009961998978166106038302156763
# -Paillier private key phi(N) is 1110875290280920009961932304108708457006287400
#Given Information
# PK
N = 1110875290280920009961998978166106038302156763
# SK
phi_N = 1110875290280920009961932304108708457006287400
# Precalculate the inverse of phy_N mod N, for efficiency
inverse_phy_N = cryptok.modular_inverse(phi_N, N)
print("inverse_phy_N: ", inverse_phy_N)
# Precalculate the second power of N, for efficiency
N_power_2 = N ** 2
# Auxiliary functions
def readVotes(filename):
"""Reads the votes from a file (Specific to the exercise).
Reads the ciphertexts of votes from a file where each line follows
this format:
Encrypted vote 999 is 583774516394803398092108966834984381238573894741794012923645838732245187126090513945406013
Args:
filename: Relative or full path of the input file.
# No voters selected 0, Yes voters Selected 1.
# Determine the result of the election given the Paillier keys below.
# -Paillier public key is 1110875290280920009961998978166106038302156763
# -Paillier private key phi(N) is 1110875290280920009961932304108708457006287400
#Given Information
# PK
N = 1110875290280920009961998978166106038302156763
# SK
phi_N = 1110875290280920009961932304108708457006287400
# Precalculate the inverse of phy_N mod N, for efficiency
inverse_phy_N = cryptok.modular_inverse(phi_N, N)
print("inverse_phy_N: ", inverse_phy_N)
# Precalculate the second power of N, for efficiency
N_power_2 = N**2
# Auxiliary functions
def readVotes(filename):
"""Reads the votes from a file (Specific to the exercise).
Reads the ciphertexts of votes from a file where each line follows
this format:
Encrypted vote 999 is 583774516394803398092108966834984381238573894741794012923645838732245187126090513945406013
Args:
gcd, h, k = cryptok.egcd(e1, e2)
print("gcd: ", gcd)
print("h: ", h)
print("k: ", k)
# Test if correct
print("h*e1+k*e2 == 1: ", h*e1+k*e2 == 1)
# We can now say that
# m = m^1 = m^(h*e1 + k*e2) mod n
# = (m^e1)^h * (m^e2)^k mod n
# = c1^h * c2^k mod n ...and we have that :)
# But, since k is negative:
# c2^k mod n = (c2^-1)^|k|. Lets find the inverse
c2_inv = cryptok.modular_inverse(c2, n)
print("c2_inv: ", c2_inv)
k = abs(k) # and we can use the absolute value of k now
# So, m = c1 ** h + c2_inv ** k mod n
# Sadly, this overflows using the power operator, so we need to apply fast exponentiation
# m = c1 ** h * c2 ** k mod n
# m = ((c1 ** h) mod n) * (c2 ** k) mod n) mod n
c1_power_h_mod_n = cryptok.fast_exp(c1, h, n)
c2_power_k_mod_n = cryptok.fast_exp(c2_inv, k, n)
print("fast_exp(c1, h, n): ", c1_power_h_mod_n)
print("fast_exp(c2_inv, k, n): ", c2_power_k_mod_n)
