def decrypt(text, key, rcs): res = text[:] lin_matrix = invert(mds_matrix(t, 0)) key_matrix = mds_matrix(t, 1) keys = [key] + ([None] * rounds) for r in range(rounds): keys[r + 1] = [ mpc.in_prod(key_matrix[i], keys[r]) + rcs[(r * t) + i] for i in range(t) ] keys.reverse() ### for i in range(t): res[i] -= keys[0][i] ### for r in range(1, full2 + 1): res = [ mpc.in_prod(lin_matrix[i], res) for i in range(t) ] for i in range(t): res[i] = res[i] ** s res[i] -= keys[r][i] ### for r in range(full2 + 1, full2 + partial + 1): res = [ mpc.in_prod(lin_matrix[i], res) for i in range(t) ] res[0] = res[0] ** s for i in range(t): res[i] -= keys[r][i] ### for r in range(full2 + partial + 1, full2 + partial + full1 + 1): res = [ mpc.in_prod(lin_matrix[i], res) for i in range(t) ] for i in range(t): res[i] = res[i] ** s res[i] -= keys[r][i] ### return res
def encrypt(text, key, rcs): assert len(text) == t assert len(key) == t assert len(rcs) == t * rounds res = text[:] lin_matrix = mds_matrix(t, 0) key_matrix = mds_matrix(t, 1) keys = [key] + ([None] * rounds) for r in range(rounds): keys[r + 1] = [ mpc.in_prod(key_matrix[i], keys[r]) + rcs[(r * t) + i] for i in range(t) ] ### for r in range(full1): for i in range(t): res[i] += keys[r][i] res[i] = res[i] ** 3 res = [ mpc.in_prod(lin_matrix[i], res) for i in range(t) ] ### for r in range(full1, full1 + partial): for i in range(t): res[i] += keys[r][i] res[0] = res[0] ** 3 res = [ mpc.in_prod(lin_matrix[i], res) for i in range(t) ] ### for r in range(full1 + partial, full1 + partial + full2): for i in range(t): res[i] += keys[r][i] res[i] = res[i] ** 3 res = [ mpc.in_prod(lin_matrix[i], res) for i in range(t) ] ### for i in range(t): res[i] += keys[rounds][i] ### return res
async def main(): # initialize mpc, define secure int type LEN = 100000 await mpc.start() secint = mpc.SecInt(128) # party 0 samples the inputs locally... if mpc.pid == 0: vec1 = [np.random.randint(1, 1000) for _ in range(LEN)] vec2 = [np.random.randint(1, 1000) for _ in range(LEN)] # ...and secret-shares them with the others result_type = [secint()] * LEN sec_vec1 = mpc.input([secint(v) for v in vec1] if mpc.pid == 0 else result_type, senders=0) sec_vec2 = mpc.input([secint(v) for v in vec2] if mpc.pid == 0 else result_type, senders=0) # compute inner product ip = mpc.in_prod(sec_vec1, sec_vec2) # output result (to everybody) result = await mpc.output(ip) print("result:", result) if mpc.pid == 0: assert (result == np.dot(vec1, vec2)) await mpc.shutdown()
def __lt__( self, other ): # NB: __lt__() is basic comparison as in Python's list.sort() c = mpc.in_prod([self.n, -self.d], [other.d, other.n]) < 0 c = mpc.if_else(self.pos, c, 0) c = mpc.if_else(other.pos, c, 1) return c
def arg_le_rat(x0, x1): (n0, d0) = x0 (n1, d1) = x1 a = mpc.in_prod([n0, d0], [d1, -n1]) >= 0 h = mpc.scalar_mul(a, [n1 - n0, d1 - d0]) m = (h[0] + n0, h[1] + d0) return a, m
def encrypt(m, roundkeys, linmatrices, roundconstants): m = mpc.vector_add(m, roundkeys[0]) for r in range(rounds): m = substitute(m) m = [mpc.in_prod(linmatrices[r][i], m) for i in range(blocksize)] m = mpc.vector_add(m, roundconstants[r]) m = mpc.vector_add(m, roundkeys[r + 1]) return m
def GI(x): """Gini impurity for contingency table x.""" y = [args.alpha * s + 1 for s in map(mpc.sum, x)] # NB: alternatively, use s + (s == 0) D = mpc.prod(y) G = mpc.in_prod(list(map(mpc.in_prod, x, x)), list(map(lambda x: 1 / x, y))) return [D * G, D] # numerator, denominator
def decrypt(m, roundkeys, invlinmatrices, roundconstants): for r in range(rounds, 0, -1): m = mpc.vector_add(m, roundkeys[r]) m = mpc.vector_add(m, roundconstants[r - 1]) m = [ mpc.in_prod(invlinmatrices[r - 1][i], m) for i in range(blocksize) ] m = invsubstitute(m) return mpc.vector_add(m, roundkeys[0])
def random_permutation(n, sectype): """Random permutation of [sectype(i) for i in range(n)]. """ p = [sectype(i) for i in range(n)] for i in range(n - 1): x_r = random_unit_vector(n - i, sectype) p_r = mpc.in_prod(p[i:], x_r) d_r = mpc.scalar_mul(p[i] - p_r, x_r) p[i] = p_r for j in range(n - i): p[i + j] += d_r[j] return p
def random_permutation(n): # returns list of n secint elements p = [secint(i) for i in range(n)] # initialize p to identity permutation for i in range(n - 1): x_r = random_unit_vector( n - i) # x_r = [0]*(r-i) + [1] + [0]*(n-1-r), i <= r < n p_r = mpc.in_prod(p[i:], x_r) # p_r = p[r] d_r = mpc.scalar_mul( p[i] - p_r, x_r) # d_r = [0]*(r-i) + [p[i] - p[r]] + [0]*(n-1-r) p[i] = p_r # p[i] = p[r] for j in range(n - i): p[i + j] += d_r[j] # p[r] = p[r} + p[i] - p[r] = p[i] return p
def test_empty_input(self): secint = mpc.SecInt() self.assertEqual(mpc.run(mpc.gather([])), []) self.assertEqual(mpc.run(mpc.output([])), []) self.assertEqual(mpc._reshare([]), []) self.assertEqual(mpc.convert([], None), []) self.assertEqual(mpc.sum([]), 0) self.assertEqual(mpc.prod([]), 1) self.assertEqual(mpc.in_prod([], []), 0) self.assertEqual(mpc.vector_add([], []), []) self.assertEqual(mpc.vector_sub([], []), []) self.assertEqual(mpc.scalar_mul(secint(0), []), []) self.assertEqual(mpc.schur_prod([], []), []) self.assertEqual(mpc.from_bits([]), 0)
async def main(): # Use 32-bit (default) secure integers: secint = mpc.SecInt() # Each party locally generates LOAD random entries of type secint: my_entries_for_vec_x = [secint(randint(-1000, 1000)) for _ in range(LOAD)] my_entries_for_vec_y = [secint(randint(-1000, 1000)) for _ in range(LOAD)] # Start MPyC runtime to let all parties connect: await mpc.start() # The entries for vectors x and y are secret-shared between all parties: vec_x = flatten(mpc.input(my_entries_for_vec_x)) vec_y = flatten(mpc.input(my_entries_for_vec_y)) # Secure dot products are supported natively and *very* efficiently: c = mpc.in_prod(vec_x, vec_y) # Open the secret-shared value c and let all parties print the result: print('Dot product:', await mpc.output(c)) # Shutdown MPyC runtime to close all connections: await mpc.shutdown()
async def schmidt_multilateration(locations, toas): """Schmidt's multilateration algorithm.""" # Transform sensor locations and ToA measurements # into linear system A w = b, using Schmidt's method: norm = [mpc.in_prod(p, p) for p in locations] A, b = [], [] for i, j, k in itertools.combinations(range(len(locations)), 3): Delta = [toas[j] - toas[k], toas[k] - toas[i], toas[i] - toas[j]] XYZN = [ locations[i] + [norm[i]], locations[j] + [norm[j]], locations[k] + [norm[k]] ] r_x, r_y, r_z, r_n = mpc.matrix_prod([Delta], XYZN)[0] A.append([2 * r_x, 2 * r_y, 2 * r_z]) b.append(mpc.prod(Delta) + r_n) # Compute least-squares solution w satisfying A^T A w = A^T b: AT, bT = list(map(list, zip(*A))), [b] # transpose of A and b ATA = mpc.matrix_prod(AT, AT, tr=True) # A^T (A^T)^T = A^T A ATb = mpc.matrix_prod(AT, bT, tr=True) # A^T (b^T)^T = A^T b w_det = linear_solve(ATA, ATb) x, y, z, det = await mpc.output(w_det) w = x / det, y / det, z / det return w
async def id3(T, R) -> asyncio.Future: sizes = [mpc.in_prod(T, v) for v in S[C]] i, mx = mpc.argmax(sizes) sizeT = mpc.sum(sizes) stop = (sizeT <= int(args.epsilon * len(T))) + (mx == sizeT) if not (R and await mpc.is_zero_public(stop)): i = await mpc.output(i) logging.info(f'Leaf node label {i}') tree = i else: T_R = [[mpc.schur_prod(T, v) for v in S[A]] for A in R] gains = [GI(mpc.matrix_prod(T_A, S[C], True)) for T_A in T_R] k = await mpc.output(mpc.argmax(gains, key=SecureFraction)[0]) T_Rk = T_R[k] del T_R, gains # release memory A = list(R)[k] logging.info(f'Attribute node {A}') if args.parallel_subtrees: subtrees = await mpc.gather( [id3(Tj, R.difference([A])) for Tj in T_Rk]) else: subtrees = [await id3(Tj, R.difference([A])) for Tj in T_Rk] tree = A, subtrees return tree
async def main(): parser = argparse.ArgumentParser() parser.add_argument('-d', '--data', help='filename for tableau') parser.add_argument('options', nargs='*') parser.set_defaults(data='default') args = parser.parse_args() if not args.options: certificate_filename = f'c{mpc.pid}.cert' logging.info( f'Setting certificate file to default = {certificate_filename}') else: certificate_filename = args.options[0] T = load_tableau(args.data) m = len(T) - 1 n = len(T[0]) - 1 l = mpc.options.bit_length secfxp = mpc.SecFxp(l) for i in range(m + 1): for j in range(n + 1): T[i][j] = secfxp(T[i][j]) basis = [secfxp(i + n) for i in range(m)] cobasis = [secfxp(j) for j in range(n)] await mpc.start() iteration = 0 logging.info(f'{iteration} Termination?...') p_col_index, minimum = argmin_int(T[-1][:-1]) while await mpc.output(minimum < 0): iteration += 1 logging.info(f'{iteration} Determining pivot...') p_col = index_matrix_prod(p_col_index + [secfxp(0)], T, True) constraints = [(T[i][-1] + (p_col[i] <= 0), p_col[i]) for i in range(m)] p_row_index, _ = argmin_rat(constraints) pivot = mpc.in_prod(p_row_index, p_col) logging.info(f'{iteration} Updating tableau...') h = mpc.scalar_mul(1 / pivot, mpc.vector_sub(p_row_index + [0], p_col)) p_row = index_matrix_prod(p_row_index, T[:-1]) v = mpc.vector_add(p_row, p_col_index + [0]) for i in range(m + 1): T[i] = mpc.vector_add(T[i], mpc.scalar_mul(h[i], v)) # swap basis entries delta = mpc.in_prod(basis, p_row_index) - mpc.in_prod( cobasis, p_col_index) p_row_index = mpc.scalar_mul(delta, p_row_index) basis = mpc.vector_sub(basis, p_row_index) p_col_index = mpc.scalar_mul(delta, p_col_index) cobasis = mpc.vector_add(cobasis, p_col_index) logging.info(f'{iteration} Termination?...') p_col_index, minimum = argmin_int(T[-1][:-1]) logging.info('Termination...') mx = await mpc.output(T[-1][-1]) print(' max(f) =', mx) logging.info('Computing solution...') solution = [secfxp(0) for _ in range(n)] for i in range(m): x = mpc.unit_vector(basis[i], m + n)[:n] y = mpc.scalar_mul(T[i][-1], x) solution = mpc.vector_add(solution, y) solution = await mpc.output(solution) logging.info('Computing dual solution...') dual_solution = [secfxp(0) for _ in range(m)] for j in range(n): x = mpc.unit_vector(cobasis[j], m + n)[n:] y = mpc.scalar_mul(T[-1][j], x) dual_solution = mpc.vector_add(dual_solution, y) dual_solution = await mpc.output(dual_solution) await mpc.shutdown() logging.info(f'Writing output to {certificate_filename}') tab = '\t' with open(os.path.join('data', 'lp', certificate_filename), 'w') as f: f.write(f'# tableau =\n{args.data}\n') f.write(f'# bit-length =\n{mpc.options.bit_length}\n') f.write(f'# security parameter =\n{mpc.options.sec_param}\n') f.write(f'# threshold =\n{mpc.threshold}\n') f.write(f'# solution =\n{tab.join(x.__repr__() for x in solution)}\n') f.write( f'# dual solution =\n{tab.join(x.__repr__() for x in dual_solution)}\n' )
async def main(): parser = argparse.ArgumentParser() parser.add_argument( '-i', '--dataset', type=int, metavar='I', help=('dataset 0=uvlp (default), 1=wiki, 2=tb2x2, 3=woody, ' '4=LPExample_R20, 5=sc50b, 6=kb2, 7=LPExample')) parser.add_argument('-l', '--bit-length', type=int, metavar='L', help='override preset bit length for dataset') parser.set_defaults(dataset=0, bit_length=0) args = parser.parse_args() settings = [('uvlp', 24, 37 / 3), ('wiki', 24, 20), ('tb2x2', 18, 10.5), ('woody', 36, 540), ('LPExample_R20', 52, 3.441176), ('sc50b', 52, 70), ('kb2', 96, 1749.9204734889486), ('LPExample', 96, 1188806595)] name, bit_length, exact_max = settings[args.dataset] if args.bit_length: bit_length = args.bit_length with open(os.path.join('data', 'lp', name + '.csv')) as file: T = list(csv.reader(file)) m = len(T) - 1 n = len(T[0]) - 1 secfxp = mpc.SecFxp(bit_length) print( f'Using secure {bit_length}-bit fixed-point numbers: {secfxp.__name__}' ) print(f'dataset: {name} with {m} constraints and {n} variables') T[0][-1] = '0' # initialize optimal value for i in range(m + 1): for j in range(n + 1): T[i][j] = secfxp(float(T[i][j]), integral=False) c = T[0][:-1] # maximize c.x subject to A.x <= b, x >= 0 A = [T[i + 1][:-1] for i in range(m)] b = [T[i + 1][-1] for i in range(m)] await mpc.start() cobasis = [secfxp(j) for j in range(n)] basis = [secfxp(n + i) for i in range(m)] iteration = 0 while True: # find index of pivot column p_col_index, minimum = argmin_int(T[0][:-1]) if await mpc.output(minimum >= 0): break # maximum reached # find index of pivot row p_col = mpc.matrix_prod([p_col_index], T, True)[0] constraints = [[T[i][-1], p_col[i], p_col[i] > 0.0001] for i in range(1, m + 1)] p_row_index, (_, pivot, _) = argmin_rat(constraints) # reveal progress a bit iteration += 1 mx = await mpc.output(T[0][-1]) p = await mpc.output(pivot) logging.info(f'Iteration {iteration}: {mx} pivot={p}') # swap basis entries delta = mpc.in_prod(basis, p_row_index) - mpc.in_prod( cobasis, p_col_index) cobasis = mpc.vector_add(cobasis, mpc.scalar_mul(delta, p_col_index)) basis = mpc.vector_sub(basis, mpc.scalar_mul(delta, p_row_index)) # update tableau Tij = Tij - (Til - bool(i==k))/Tkl * (Tkj + bool(j==l)) p_col_index.append(secfxp(0)) p_row_index.insert(0, secfxp(0)) p_col = mpc.vector_sub(p_col, p_row_index) p_col = mpc.scalar_mul(1 / pivot, p_col) p_row = mpc.matrix_prod([p_row_index], T)[0] p_row = mpc.vector_add(p_row, p_col_index) T = mpc.gauss(T, secfxp(1), p_col, p_row) mx = await mpc.output(T[0][-1]) rel_error = (mx - exact_max) / exact_max print(f'max = {mx} (error {rel_error:.3%}) in {iteration} iterations') logging.info('Solution x') x = [secfxp(0) for _ in range(n)] for i in range(m): u = mpc.unit_vector(basis[i], m + n)[:n] v = mpc.scalar_mul(T[i + 1][-1], u) x = mpc.vector_add(x, v) cx = mpc.in_prod(c, x) Ax = mpc.matrix_prod([x], A, True)[0] approx = lambda a: 1.01 * a + 0.0001 Ax_bounded_by_b = mpc.all(Ax[i] <= approx(b[i]) for i in range(m)) x_nonnegative = mpc.all(x[j] >= 0 for j in range(n)) logging.info('Dual solution y') y = [secfxp(0) for _ in range(m)] for j in range(n): u = mpc.unit_vector(cobasis[j], m + n)[n:] v = mpc.scalar_mul(T[0][j], u) y = mpc.vector_sub(y, v) yb = mpc.in_prod(y, b) yA = mpc.matrix_prod([y], A)[0] approx = lambda a: mpc.if_else(a < 0, 1 / 1.01, 1.01) * a + 0.0001 yA_bounded_by_c = mpc.all(yA[j] <= approx(c[j]) for j in range(n)) y_nonpositive = mpc.all(y[i] <= 0 for i in range(m)) cx_eq_yb = abs(cx - yb) <= 0.01 * abs(cx) check = mpc.all([ cx_eq_yb, Ax_bounded_by_b, x_nonnegative, yA_bounded_by_c, y_nonpositive ]) check = bool(await mpc.output(check)) print( f'verification c.x == y.b, A.x <= b, x >= 0, y.A <= c, y <= 0: {check}' ) x = await mpc.output(x) print(f'solution = {x}') await mpc.shutdown()
def test_secfxp(self): secfxp = mpc.SecFxp() c = mpc.to_bits(secfxp(0), 0) # mpc.output() only works for nonempty lists self.assertEqual(c, []) c = mpc.run(mpc.output(mpc.to_bits(secfxp(0)))) self.assertEqual(c, [0.0] * 32) c = mpc.run(mpc.output(mpc.to_bits(secfxp(1)))) self.assertEqual(c, [0.0] * 16 + [1.0] + [0.0] * 15) c = mpc.run(mpc.output(mpc.to_bits(secfxp(0.5)))) self.assertEqual(c, [0.0] * 15 + [1.0] + [0.0] * 16) c = mpc.run(mpc.output(mpc.to_bits(secfxp(8113)))) self.assertEqual(c, [0.0] * 16 + [ float(b) for b in [1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0] ]) c = mpc.run(mpc.output(mpc.to_bits(secfxp(2**15 - 1)))) self.assertEqual(c, [float(b) for b in [0] * 16 + [1] * 15 + [0]]) c = mpc.run(mpc.output(mpc.to_bits(secfxp(-1)))) self.assertEqual(c, [float(b) for b in [0] * 16 + [1] * 16]) c = mpc.run(mpc.output(mpc.to_bits(secfxp(-2**15)))) self.assertEqual(c, [float(b) for b in [0] * 31 + [1]]) for f in [8, 16, 32, 64]: secfxp = mpc.SecFxp(2 * f) c = mpc.run(mpc.output(secfxp(1) + secfxp(1))) self.assertEqual(c.frac_length, f) self.assertEqual(c, 2) c = mpc.run(mpc.output(secfxp(2**-f) + secfxp(1))) if f != 64: # NB: 1 + 2**-64 == 1 in Python self.assertEqual(c, 1 + 2**-f) self.assertEqual(mpc.run(mpc.output(secfxp(0.5) * secfxp(2.0))), 1) self.assertEqual(mpc.run(mpc.output(secfxp(2.0) * secfxp(0.5))), 1) s = [10.7, -3.4, 0.1, -0.11] self.assertEqual(mpc.run(mpc.output(list(map(secfxp, s)))), s) s = [10.5, -3.25, 0.125, -0.125] a, b, c, d = list(map(secfxp, s)) t = [v * v for v in s] self.assertEqual(mpc.run(mpc.output([a * a, b * b, c * c, d * d])), t) x = [a, b, c, d] self.assertEqual(mpc.run(mpc.output(mpc.schur_prod(x, x))), t) self.assertEqual(mpc.run(mpc.output(mpc.schur_prod(x, x[:]))), t) t = sum(t) self.assertEqual(mpc.run(mpc.output(mpc.in_prod(x, x))), t) self.assertEqual(mpc.run(mpc.output(mpc.in_prod(x, x[:]))), t) self.assertEqual( mpc.run(mpc.output(mpc.matrix_prod([x], [x], True)[0])), [t]) t = [_ for a, b, c, d in [s] for _ in [a + b, a * b, a - b]] self.assertEqual(mpc.run(mpc.output([a + b, a * b, a - b])), t) t = [ _ for a, b, c, d in [s] for _ in [(a + b)**2, (a + b)**2 + 3 * c] ] self.assertEqual( mpc.run(mpc.output([(a + b)**2, (a + b)**2 + 3 * c])), t) t = [int(_) for a, b, c, d in [s] for _ in [a < b, b < c, c < d]] self.assertEqual(mpc.run(mpc.output([a < b, b < c, c < d])), t) t = int(s[0] < s[1] and s[1] < s[2]) self.assertEqual(mpc.run(mpc.output((a < b) & (b < c))), t) t = int(s[0] < s[1] or s[1] < s[2]) self.assertEqual(mpc.run(mpc.output((a < b) | (b < c))), t) t = (int(s[0] < s[1]) ^ int(s[1] < s[2])) self.assertEqual(mpc.run(mpc.output((a < b) ^ (b < c))), t) t = (int(not s[0] < s[1]) ^ int(s[1] < s[2])) self.assertEqual(mpc.run(mpc.output(~(a < b) ^ b < c)), t) t = [int(s[0] > 1), int(10 * s[1] < 5), int(10 * s[0] == 5)] self.assertEqual( mpc.run(mpc.output([a > 1, 10 * b < 5, 10 * a == 5])), t) s[3] = -0.120 d = secfxp(s[3]) t = s[3] / 0.25 self.assertAlmostEqual(mpc.run(mpc.output(d / 0.25)).signed(), t, delta=1) t = s[3] / s[2] + s[0] self.assertAlmostEqual(mpc.run(mpc.output(d / c + a)).signed(), t, delta=1) t = round(t * (1 << f)) self.assertAlmostEqual(mpc.run(mpc.output(d / c + a)), t, delta=1) t = ((s[0] + s[1])**2 + 3 * s[2]) / s[2] self.assertAlmostEqual(mpc.run(mpc.output( ((a + b)**2 + 3 * c) / c)).signed(), t, delta=2) t = 1 / s[3] self.assertAlmostEqual((mpc.run(mpc.output(1 / d))).signed(), t, delta=1) t = s[2] / s[3] self.assertAlmostEqual(mpc.run(mpc.output(c / d)).signed(), t, delta=1) t = -s[3] / s[2] t = round(t * (1 << f)) self.assertAlmostEqual(mpc.run(mpc.output(-d / c)), t, delta=1) t = s[2] / s[3] t = round(t * (1 << f)) self.assertAlmostEqual(mpc.run(mpc.output(d / c)), t, delta=1) self.assertEqual(mpc.run(mpc.output(mpc.sgn(+a))), int(s[0] > 0)) self.assertEqual(mpc.run(mpc.output(mpc.sgn(-a))), -int(s[0] > 0)) self.assertEqual(mpc.run(mpc.output(mpc.sgn(secfxp(0)))), 0) self.assertEqual(mpc.run(mpc.output(abs(secfxp(-1.5)))), 1.5) self.assertEqual(mpc.run(mpc.output(mpc.min(a, b, c, d))), min(s)) self.assertEqual(mpc.run(mpc.output(mpc.min(a, 0))), min(s[0], 0)) self.assertEqual(mpc.run(mpc.output(mpc.min(0, b))), min(0, s[1])) self.assertEqual(mpc.run(mpc.output(mpc.max(a, b, c, d))), max(s)) self.assertEqual(mpc.run(mpc.output(mpc.max(a, 0))), max(s[0], 0)) self.assertEqual(mpc.run(mpc.output(mpc.max(0, b))), max(0, s[1])) self.assertEqual( mpc.run(mpc.output(list(mpc.min_max(a, b, c, d)))), [min(s), max(s)]) self.assertEqual(mpc.run(mpc.output(secfxp(5) % 2)), 1) self.assertEqual(mpc.run(mpc.output(secfxp(1) % 2**(1 - f))), 0) self.assertEqual(mpc.run(mpc.output(secfxp(2**-f) % 2**(1 - f))), 2**-f) self.assertEqual( mpc.run(mpc.output(secfxp(2 * 2**-f) % 2**(1 - f))), 0) self.assertEqual(mpc.run(mpc.output(secfxp(1) // 2**(1 - f))), 2**(f - 1)) self.assertEqual(mpc.run(mpc.output(secfxp(27.0) % 7.0)), 6.0) self.assertEqual(mpc.run(mpc.output(secfxp(-27.0) // 7.0)), -4.0) self.assertEqual( mpc.run(mpc.output(list(divmod(secfxp(27.0), 6.0)))), [4.0, 3.0]) self.assertEqual(mpc.run(mpc.output(secfxp(21.5) % 7.5)), 6.5) self.assertEqual(mpc.run(mpc.output(secfxp(-21.5) // 7.5)), -3.0) self.assertEqual( mpc.run(mpc.output(list(divmod(secfxp(21.5), 0.5)))), [43.0, 0.0])
def test_secfxp(self): secfxp = mpc.SecFxp() self.assertEqual( mpc.run(mpc.output(mpc.input(secfxp(7.75), senders=0))), 7.75) c = mpc.to_bits(secfxp(0), 0) # mpc.output() only works for nonempty lists self.assertEqual(c, []) c = mpc.run(mpc.output(mpc.to_bits(secfxp(0)))) self.assertEqual(c, [0.0] * 32) c = mpc.run(mpc.output(mpc.to_bits(secfxp(1)))) self.assertEqual(c, [0.0] * 16 + [1.0] + [0.0] * 15) c = mpc.run(mpc.output(mpc.to_bits(secfxp(0.5)))) self.assertEqual(c, [0.0] * 15 + [1.0] + [0.0] * 16) c = mpc.run(mpc.output(mpc.to_bits(secfxp(8113)))) self.assertEqual(c, [0.0] * 16 + [1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0]) c = mpc.run(mpc.output(mpc.to_bits(secfxp(2**15 - 1)))) self.assertEqual(c, [0] * 16 + [1] * 15 + [0]) c = mpc.run(mpc.output(mpc.to_bits(secfxp(-1)))) self.assertEqual(c, [0] * 16 + [1] * 16) c = mpc.run(mpc.output(mpc.to_bits(secfxp(-2**15)))) self.assertEqual(c, [0] * 31 + [1]) for f in [8, 16, 32, 64]: secfxp = mpc.SecFxp(2 * f) c = mpc.run(mpc.output(secfxp(1) + secfxp(1))) self.assertEqual(c, 2) c = mpc.run(mpc.output(secfxp(2**-f) + secfxp(1))) if f != 64: # NB: 1 + 2**-64 == 1 in Python self.assertEqual(c, 1 + 2**-f) self.assertEqual(mpc.run(mpc.output(secfxp(0.5) * secfxp(2.0))), 1) self.assertEqual(mpc.run(mpc.output(secfxp(2.0) * secfxp(0.5))), 1) c = mpc.run( mpc.output( secfxp(2**(f // 2 - 1) - 0.5) * secfxp(-2**(f // 2) + 0.5))) self.assertEqual(c, -2**(f - 1) + 1.5 * 2**(f // 2 - 1) - 0.25) s = [10.75, -3.375, 0.125, -0.125] self.assertEqual(mpc.run(mpc.output(list(map(secfxp, s)))), s) s = [10.5, -3.25, 0.125, -0.125] a, b, c, d = list(map(secfxp, s)) t = [v * v for v in s] self.assertEqual(mpc.run(mpc.output([a * a, b * b, c * c, d * d])), t) x = [a, b, c, d] self.assertEqual(mpc.run(mpc.output(mpc.schur_prod(x, x))), t) self.assertEqual(mpc.run(mpc.output(mpc.schur_prod(x, x[:]))), t) t = sum(t) self.assertEqual(mpc.run(mpc.output(mpc.in_prod(x, x))), t) self.assertEqual(mpc.run(mpc.output(mpc.in_prod(x, x[:]))), t) self.assertEqual( mpc.run(mpc.output(mpc.matrix_prod([x], [x], True)[0])), [t]) u = mpc.unit_vector(secfxp(3), 4) self.assertEqual( mpc.run(mpc.output(mpc.matrix_prod([x], [u], True)[0])), [s[3]]) self.assertEqual( mpc.run(mpc.output(mpc.matrix_prod([u], [x], True)[0])), [s[3]]) self.assertEqual( mpc.run(mpc.output(mpc.gauss([[a]], b, [a], [b])[0])), [0]) t = [_ for a, b, c, d in [s] for _ in [a + b, a * b, a - b]] self.assertEqual(mpc.run(mpc.output([a + b, a * b, a - b])), t) t = [ _ for a, b, c, d in [s] for _ in [(a + b)**2, (a + b)**2 + 3 * c] ] self.assertEqual( mpc.run(mpc.output([(a + b)**2, (a + b)**2 + 3 * c])), t) t = [_ for a, b, c, d in [s] for _ in [a < b, b < c, c < d]] self.assertEqual(mpc.run(mpc.output([a < b, b < c, c < d])), t) t = s[0] < s[1] and s[1] < s[2] self.assertEqual(mpc.run(mpc.output((a < b) & (b < c))), t) t = s[0] < s[1] or s[1] < s[2] self.assertEqual(mpc.run(mpc.output((a < b) | (b < c))), t) t = (int(s[0] < s[1]) ^ int(s[1] < s[2])) self.assertEqual(mpc.run(mpc.output((a < b) ^ (b < c))), t) t = (int(not s[0] < s[1]) ^ int(s[1] < s[2])) self.assertEqual(mpc.run(mpc.output(~(a < b) ^ b < c)), t) t = [s[0] > 1, 10 * s[1] < 5, 10 * s[0] == 5] self.assertEqual( mpc.run(mpc.output([a > 1, 10 * b < 5, 10 * a == 5])), t) s[3] = -0.120 d = secfxp(s[3]) t = s[3] / 0.25 self.assertAlmostEqual(mpc.run(mpc.output(d / 0.25)), t, delta=2**(1 - f)) t = round(s[3] / s[2] + s[0]) self.assertEqual(round(mpc.run(mpc.output(d / c + a))), t) t = ((s[0] + s[1])**2 + 3 * s[2]) / s[2] self.assertAlmostEqual(mpc.run(mpc.output( ((a + b)**2 + 3 * c) / c)), t, delta=2**(8 - f)) t = 1 / s[3] self.assertAlmostEqual(mpc.run(mpc.output(1 / d)), t, delta=2**(6 - f)) t = s[2] / s[3] self.assertAlmostEqual(mpc.run(mpc.output(c / d)), t, delta=2**(3 - f)) t = -s[3] / s[2] self.assertAlmostEqual(mpc.run(mpc.output(-d / c)), t, delta=2**(3 - f)) self.assertEqual(mpc.run(mpc.output(mpc.sgn(+a))), s[0] > 0) self.assertEqual(mpc.run(mpc.output(mpc.sgn(-a))), -(s[0] > 0)) self.assertEqual(mpc.run(mpc.output(mpc.sgn(secfxp(0)))), 0) self.assertEqual(mpc.run(mpc.output(abs(secfxp(-1.5)))), 1.5) self.assertEqual(mpc.run(mpc.output(mpc.min(a, b, c, d))), min(s)) self.assertEqual(mpc.run(mpc.output(mpc.min(a, 0))), min(s[0], 0)) self.assertEqual(mpc.run(mpc.output(mpc.min(0, b))), min(0, s[1])) self.assertEqual(mpc.run(mpc.output(mpc.max(a, b, c, d))), max(s)) self.assertEqual(mpc.run(mpc.output(mpc.max(a, 0))), max(s[0], 0)) self.assertEqual(mpc.run(mpc.output(mpc.max(0, b))), max(0, s[1])) self.assertEqual( mpc.run(mpc.output(list(mpc.min_max(a, b, c, d)))), [min(s), max(s)]) self.assertEqual(mpc.run(mpc.output(mpc.argmin([a, b, c, d])[0])), 1) self.assertEqual( mpc.run(mpc.output(mpc.argmin([a, b], key=operator.neg)[1])), max(s)) self.assertEqual(mpc.run(mpc.output(mpc.argmax([a, b, c, d])[0])), 0) self.assertEqual( mpc.run(mpc.output(mpc.argmax([a, b], key=operator.neg)[1])), min(s)) self.assertEqual(mpc.run(mpc.output(secfxp(5) % 2)), 1) self.assertEqual(mpc.run(mpc.output(secfxp(1) % 2**(1 - f))), 0) self.assertEqual(mpc.run(mpc.output(secfxp(2**-f) % 2**(1 - f))), 2**-f) self.assertEqual( mpc.run(mpc.output(secfxp(2 * 2**-f) % 2**(1 - f))), 0) self.assertEqual(mpc.run(mpc.output(secfxp(1) // 2**(1 - f))), 2**(f - 1)) self.assertEqual(mpc.run(mpc.output(secfxp(27.0) % 7.0)), 6.0) self.assertEqual(mpc.run(mpc.output(secfxp(-27.0) // 7.0)), -4.0) self.assertEqual( mpc.run(mpc.output(list(divmod(secfxp(27.0), 6.0)))), [4.0, 3.0]) self.assertEqual(mpc.run(mpc.output(secfxp(21.5) % 7.5)), 6.5) self.assertEqual(mpc.run(mpc.output(secfxp(-21.5) // 7.5)), -3.0) self.assertEqual( mpc.run(mpc.output(list(divmod(secfxp(21.5), 0.5)))), [43.0, 0.0])
def main(): parser = argparse.ArgumentParser() parser.add_argument('-d', '--data', help='Filename for tableau.') parser.add_argument('options', nargs='*') parser.set_defaults(data='default') args = parser.parse_args(mpc.args) if not args.options: certificate_filename = "c" + str(mpc.id) + ".cert" logging.info('Setting certificate file to default = %s', certificate_filename) else: certificate_filename = args.options[0] T = load_tableau(args.data) m = len(T) - 1 n = len(T[0]) - 1 l = mpc.options.bit_length secfxp = mpc.SecFxp(l) for i in range(len(T)): for j in range(len(T[0])): T[i][j] = secfxp(T[i][j]) basis = [secfxp(i + n) for i in range(m)] cobasis = [secfxp(j) for j in range(n)] mpc.start() iteration = 0 logging.info('%d Termination?...', iteration) p_col_index, minimum = argmin_int(T[-1][:-1]) while mpc.run(mpc.output(minimum < 0)): iteration += 1 logging.info('%d Determining pivot...', iteration) p_col = index_matrix_prod(p_col_index + [secfxp(0)], T, True) constraints = [(T[i][-1] + (p_col[i] <= 0), p_col[i]) for i in range(m)] p_row_index, _ = argmin_rat(constraints) pivot = mpc.in_prod(p_row_index, p_col) pivot1 = 1 / pivot mpc.run(mpc.barrier()) logging.info('%d Updating tableau...', iteration) h = mpc.scalar_mul(pivot1, [(p_row_index[i] if i < m else 0) - p_col[i] for i in range(m + 1)]) p_row = index_matrix_prod(p_row_index, T[:-1]) v = mpc.vector_add(p_row, p_col_index + [0]) for i in range(m + 1): T[i] = mpc.vector_add(T[i], mpc.scalar_mul(h[i], v)) #swap basis entries delta = mpc.in_prod(basis, p_row_index) - mpc.in_prod( cobasis, p_col_index) p_row_index = mpc.scalar_mul(delta, p_row_index) basis = mpc.vector_sub(basis, p_row_index) p_col_index = mpc.scalar_mul(delta, p_col_index) cobasis = mpc.vector_add(cobasis, p_col_index) logging.info('%d Termination?...', iteration) p_col_index, minimum = argmin_int(T[-1][:-1]) logging.info('Termination...') mx = mpc.run(mpc.output(T[-1][-1])) print(' max(f) =', mx) logging.info('Computing solution...') solution = [secfxp(0) for _ in range(n)] for i in range(m): x = unit_vector(basis[i], m + n)[:n] y = mpc.scalar_mul(T[i][-1], x) solution = mpc.vector_add(solution, y) solution = mpc.run(mpc.output(solution)) logging.info('Computing dual solution...') dual_solution = [secfxp(0) for _ in range(m)] for j in range(n): x = unit_vector(cobasis[j], m + n)[n:] y = mpc.scalar_mul(T[-1][j], x) dual_solution = mpc.vector_add(dual_solution, y) dual_solution = mpc.run(mpc.output(dual_solution)) mpc.shutdown() logging.info('Writing output to %s.', certificate_filename) with open(os.path.join('data', 'lp', certificate_filename), 'w') as f: f.write('# tableau = \n' + args.data + '\n') f.write('# bit-length = \n' + str(mpc.options.bit_length) + '\n') f.write('# security parameter = \n' + str(mpc.options.security_parameter) + '\n') f.write('# threshold = \n' + str(mpc.threshold) + '\n') f.write('# solution = \n') f.write('\t'.join(x.__repr__() for x in solution) + '\n') f.write('# dual solution = \n') f.write('\t'.join(x.__repr__() for x in dual_solution) + '\n')
async def main(): parser = argparse.ArgumentParser() parser.add_argument( '-i', '--dataset', type=int, metavar='I', help=('dataset 0=uvlp (default), 1=wiki, 2=tb2x2, 3=woody, ' '4=LPExample_R20, 5=sc50b, 6=kb2, 7=LPExample')) parser.add_argument('-l', '--bit-length', type=int, metavar='L', help='override preset bit length for dataset') parser.set_defaults(dataset=0, bit_length=0) args = parser.parse_args() settings = [('uvlp', 8, 1, 2), ('wiki', 6, 1, 2), ('tb2x2', 6, 1, 2), ('woody', 8, 1, 3), ('LPExample_R20', 70, 1, 5), ('sc50b', 104, 10, 55), ('kb2', 536, 100000, 106), ('LPExample', 110, 1, 178)] name, bit_length, scale, n_iter = settings[args.dataset] if args.bit_length: bit_length = args.bit_length with open(os.path.join('data', 'lp', name + '.csv')) as file: T = list(csv.reader(file)) m = len(T) - 1 n = len(T[0]) - 1 secint = mpc.SecInt(bit_length, n=m + n) # force existence of Nth root of unity, N>=m+n print(f'Using secure {bit_length}-bit integers: {secint.__name__}') print( f'dataset: {name} with {m} constraints and {n} variables (scale factor {scale})' ) T[0][-1] = '0' # initialize optimal value for i in range(m + 1): g = 0 for j in range(n + 1): T[i][j] = int(scale * float(T[i][j])) # scale to integer g = math.gcd(g, T[i][j]) g = max(g, 1) if i else 1 # skip cost row for j in range(n + 1): T[i][j] = secint(T[i][j] // g) c = T[0][:-1] # maximize c.x subject to A.x <= b, x >= 0 A = [T[i + 1][:-1] for i in range(m)] b = [T[i + 1][-1] for i in range(m)] Zp = secint.field N = Zp.nth w = Zp.root # w is an Nth root of unity in Zp, where N >= m + n w_powers = [Zp(1)] for _ in range(N - 1): w_powers.append(w_powers[-1] * w) assert w_powers[-1] * w == 1 await mpc.start() cobasis = [secint(w_powers[-j]) for j in range(n)] basis = [secint(w_powers[-(i + n)]) for i in range(m)] previous_pivot = secint(1) iteration = 0 while True: # find index of pivot column p_col_index, minimum = argmin_int(T[0][:-1]) if await mpc.output(minimum >= 0): break # maximum reached # find index of pivot row p_col = mpc.matrix_prod([p_col_index], T, True)[0] constraints = [[T[i][-1] + (p_col[i] <= 0), p_col[i]] for i in range(1, m + 1)] p_row_index, (_, pivot) = argmin_rat(constraints) # reveal progress a bit iteration += 1 mx = await mpc.output(T[0][-1]) cd = await mpc.output(previous_pivot) p = await mpc.output(pivot) # NB: no await in f-strings in Python 3.6 logging.info( f'Iteration {iteration}/{n_iter}: {mx / cd} pivot={p / cd}') # swap basis entries delta = mpc.in_prod(basis, p_row_index) - mpc.in_prod( cobasis, p_col_index) cobasis = mpc.vector_add(cobasis, mpc.scalar_mul(delta, p_col_index)) basis = mpc.vector_sub(basis, mpc.scalar_mul(delta, p_row_index)) # update tableau Tij = Tij*Tkl/Tkl' - (Til/Tkl' - bool(i==k)) * (Tkj + bool(j==l)*Tkl') p_col_index.append(secint(0)) p_row_index.insert(0, secint(0)) pp_inv = 1 / previous_pivot p_col = mpc.scalar_mul(pp_inv, p_col) p_col = mpc.vector_sub(p_col, p_row_index) p_row = mpc.matrix_prod([p_row_index], T)[0] p_row = mpc.vector_add(p_row, mpc.scalar_mul(previous_pivot, p_col_index)) T = mpc.gauss(T, pivot * pp_inv, p_col, p_row) previous_pivot = pivot mx = await mpc.output(T[0][-1]) cd = await mpc.output(previous_pivot ) # common denominator for all entries of T print( f'max = {mx} / {cd} / {scale} = {mx / cd / scale} in {iteration} iterations' ) logging.info('Solution x') sum_x_powers = [secint(0) for _ in range(N)] for i in range(m): x_powers = pow_list(T[i + 1][-1] / N, basis[i], N) sum_x_powers = mpc.vector_add(sum_x_powers, x_powers) x = [None] * n for j in range(n): coefs = [w_powers[(j * k) % N] for k in range(N)] x[j] = mpc.in_prod(coefs, sum_x_powers) cx = mpc.in_prod(c, x) Ax = mpc.matrix_prod([x], A, True)[0] Ax_bounded_by_b = mpc.all(Ax[i] <= b[i] * cd for i in range(m)) x_nonnegative = mpc.all(x[j] >= 0 for j in range(n)) logging.info('Dual solution y') sum_x_powers = [secint(0) for _ in range(N)] for j in range(n): x_powers = pow_list(T[0][j] / N, cobasis[j], N) sum_x_powers = mpc.vector_add(sum_x_powers, x_powers) y = [None] * m for i in range(m): coefs = [w_powers[((n + i) * k) % N] for k in range(N)] y[i] = mpc.in_prod(coefs, sum_x_powers) y[i] = -y[i] yb = mpc.in_prod(y, b) yA = mpc.matrix_prod([y], A)[0] yA_bounded_by_c = mpc.all(yA[j] <= c[j] * cd for j in range(n)) y_nonpositive = mpc.all(y[i] <= 0 for i in range(m)) cx_eq_yb = cx == yb check = mpc.all([ cx_eq_yb, Ax_bounded_by_b, x_nonnegative, yA_bounded_by_c, y_nonpositive ]) check = bool(await mpc.output(check)) print( f'verification c.x == y.b, A.x <= b, x >= 0, y.A <= c, y <= 0: {check}' ) x = await mpc.output(x) print(f'solution = {[a / cd for a in x]}') await mpc.shutdown()
def __lt__( self, other ): # NB: __lt__() is basic comparison as in Python's list.sort() return mpc.in_prod([self.n, -self.d], [other.d, other.n]) < 0
def keyschedule(key, keymatrices): return [[mpc.in_prod(keymatrices[r][i], key) for i in range(keysize)] for r in range(rounds + 1)]
async def main(): parser = argparse.ArgumentParser() parser.add_argument('-d', '--data', help='filename for tableau') parser.add_argument('options', nargs='*') parser.set_defaults(data='default') args = parser.parse_args() if not args.options: certificate_filename = f'c{mpc.pid}.cert' logging.info('Setting certificate file to default = %s', certificate_filename) else: certificate_filename = args.options[0] T = load_tableau(args.data) l = mpc.options.bit_length m = len(T) - 1 n = len(T[0]) - 1 secint = mpc.SecInt(l, n=m + n) for i in range(m + 1): for j in range(n + 1): T[i][j] = secint(T[i][j]) Zp = secint.field N = Zp.nth w = Zp.root w_powers = [Zp(1)] for _ in range(N - 1): w_powers.append(w_powers[-1] * w) assert w_powers[-1] * w == 1 basis = [secint(w_powers[-(i + n)]) for i in range(m)] cobasis = [secint(w_powers[-j]) for j in range(n)] prev_pivot = secint(1) await mpc.start() iteration = 0 logging.info('%d Termination?...', iteration) p_col_index, minimum = argmin_int(T[-1][:-1]) while await mpc.output(minimum < 0): iteration += 1 logging.info('%d Determining pivot...', iteration) p_col = mpc.matrix_prod([p_col_index], T, True)[0] constraints = [(T[i][-1] + (p_col[i] <= 0), p_col[i]) for i in range(m)] p_row_index, (_, pivot) = argmin_rat(constraints) logging.info('%d Updating tableau...', iteration) # T[i,j] = T[i,j]*p/p' - (C[i]/p' - p_row_index[i])*(R[j] + p * p_col_index[j]) p_row = mpc.matrix_prod([p_row_index], T)[0] delta_row = mpc.scalar_mul(prev_pivot, p_col_index) delta_row.append(secint(0)) p_row = mpc.vector_add(p_row, delta_row) prev_p_inv = 1 / prev_pivot p_col = mpc.scalar_mul(prev_p_inv, p_col) p_col = mpc.vector_sub(p_col, p_row_index + [secint(0)]) T = mpc.gauss(T, pivot * prev_p_inv, p_col, p_row) prev_pivot = pivot # swap basis entries delta = mpc.in_prod(basis, p_row_index) - mpc.in_prod( cobasis, p_col_index) p_row_index = mpc.scalar_mul(delta, p_row_index) basis = mpc.vector_sub(basis, p_row_index) p_col_index = mpc.scalar_mul(delta, p_col_index) cobasis = mpc.vector_add(cobasis, p_col_index) logging.info('%d Termination?...', iteration) p_col_index, minimum = argmin_int(T[-1][:-1]) logging.info('Termination...') mx = await mpc.output(T[-1][-1]) cd = await mpc.output(prev_pivot) print(' max(f) = %d / %d = %f' % (mx.value, cd.value, float(mx.value) / cd.value)) logging.info('Computing solution...') sum_x_powers = [secint(0) for _ in range(N)] for i in range(m): x_powers = pow_list(T[i][-1] / N, basis[i], N) sum_x_powers = mpc.vector_add(sum_x_powers, x_powers) solution = [None] * n for j in range(n): coefs = [w_powers[(j * k) % N] for k in range(N)] solution[j] = mpc.lin_comb(coefs, sum_x_powers) solution = await mpc.output(solution) logging.info('Computing dual solution...') sum_x_powers = [secint(0) for _ in range(N)] for j in range(n): x_powers = pow_list(T[-1][j] / N, cobasis[j], N) sum_x_powers = mpc.vector_add(sum_x_powers, x_powers) dual_solution = [None] * m for i in range(m): coefs = [w_powers[((n + i) * k) % N] for k in range(N)] dual_solution[i] = mpc.lin_comb(coefs, sum_x_powers) dual_solution = await mpc.output(dual_solution) await mpc.shutdown() logging.info('Writing output to %s.', certificate_filename) with open(os.path.join('data', 'lp', certificate_filename), 'w') as f: f.write('# tableau = \n' + args.data + '\n') f.write('# bit-length = \n' + str(mpc.options.bit_length) + '\n') f.write('# security parameter = \n' + str(mpc.options.sec_param) + '\n') f.write('# threshold = \n' + str(mpc.threshold) + '\n') f.write('# common denominator = \n' + str(cd.value) + '\n') f.write('# solution = \n') f.write('\t'.join(str(x.value) for x in solution) + '\n') f.write('# dual solution = \n') f.write('\t'.join(str(x.value) for x in dual_solution) + '\n')
def arg_le_rat(x0, x1): n0, d0 = x0 n1, d1 = x1 a = mpc.in_prod([n0, d0], [d1, -n1]) >= 0 m = mpc.if_else(a, [n1, d1], [n0, d0]) return a, m