def next_data_in(self):
self.params = {"dim": 3, "lenX": 32, "lenY": 32}
self.client_inputs = {"X": (1, 2, 3)}
self.server_inputs = {"Y": (2, 3, 4)}
self.result = 2
yield
for i in xrange(10):
self.params = {
"dim": rand.randint(0, 100),
"lenX": rand.randint(0, 512),
"lenY": rand.randint(0, 512)
}
self.client_inputs = {
"X":
nogen(
get_random(0, 2**self.params['lenX'] - 1,
self.params["dim"]))
}
self.server_inputs = {
"Y":
nogen(
get_random(0, 2**self.params['lenY'] - 1,
self.params["dim"]))
}
self.result = min(
map(lambda x: x[0] * x[1],
zip(self.client_inputs["X"], self.server_inputs["Y"])))
yield
def next_data_in(self):
self.params = {"SETSIZE_C": 3, "SETSIZE_S": 3}
self.client_inputs = {"X": (1, 2, 3)}
self.server_inputs = {"Y": (2, 3, 4)}
self.intersection = set((2, 3))
yield
for i in xrange(10):
randset = nogen(
get_random(1,
2**state.config.asymmetric_security_parameter - 1,
100))
self.count_C = rand.randint(1, 50)
self.count_S = rand.randint(1, 50)
self.params = {
"SETSIZE_C": self.count_C,
"SETSIZE_S": self.count_S
}
client_inputs = set(rand.sample(randset, self.count_C))
server_inputs = set(rand.sample(randset, self.count_S))
self.client_inputs = {"X": client_inputs}
self.server_inputs = {"Y": server_inputs}
self.intersection = client_inputs.intersection(server_inputs)
yield
def receiver_online1(self, args):
"""
self.args is expected to be a list of one-bit integers
"""
# receive C and rG from sender
args = tuple(args)
self.C = C = decompressPoint(args[0], self.EC)
self.rG = decompressPoint(args[1], self.EC)
self.idx = utils.nogen(self.args)
G = self.G
order = self.EC.getOrder()
compress = self.compress
self.s = ss = []
#Communication costs in this round: one ECPoint per bit in self.args
cost_results.CostSystem.costs["theoretical"]["setup"]["accumulated"](
Send=utils.bit2byte(len(self.idx) * self.comCostsECPoint))
for i in self.idx:
s = utils.rand.randint(1, order)
ss.append(s)
PK = G * s
PK.compress = compress
if i == 0:
yield PK
else:
PK2 = C - PK
PK2.compress = compress
yield PK2
def client_1(self, args):
self.args = utils.nogen(self.args)
gc.disable()
def otlist(r, T):
r = utils.bits2value(r)
for i in xrange(self.k):
ti = utils.bits2value(ithrow(T, i))
yield (ti, ti ^ r)
m = len(self.args)
if m <= state.config.symmetric_security_parameter:
# IKNP03 does not make sense if m <= symmetric_security_parameter
# Use the subot directly then.
self.subot.forward()
self.subot(self.args)
self.results = self.subot.get_results()
return None
#self.T = T = [list(utils.get_random(0, 1, self.k)) for i in xrange(m)]
l = (1 << self.k) - 1
self.T = T = [
utils.value2bits(mpz(utils.rand.randint(0, l)), self.k)
for i in xrange(m)
]
self.subot(otlist(self.args, T))
return tuple()
def generate_test_data_for_iteration(self):
if self.iterations:
self.client_inputs = nogen(get_random(1, 2**32 - 1, 2))
self.server_inputs = tuple()
self.params = {}
self.iterations -= 1
else:
self.params = None
def compute_deblinding(self):
b1b2 = (i * (-j) for i, j in zip(self.blindings, self.blindings2))
b1b2 = nogen(b1b2)
# print "deblinding", b1b2
m1b2 = (i * (-j) for i, j in zip(self.args[0], self.blindings2))
m2b1 = (i * (-j) for i, j in zip(self.args[1], self.blindings))
return b1b2, m1b2, m2b1
def sender_online2(self, args):
"""
self.args is expected to be a list of message-tuples
"""
args = tuple(args)
self.args = utils.nogen(self.args)
r = self.r
rC = self.rC
#TODO: PLEASE FIX COSTS !!!
#communication costs:
# at the moment we sent 256 bit chunks. so the bits needed to transmit a message is
# ceil(bitlen(msg)/256) * 256
costs = 0
for msg in self.args:
costs += int(math.ceil(mpz(msg[0]).bit_length() / 256.0)) * 256
costs += int(math.ceil(mpz(msg[1]).bit_length() / 256.0)) * 256
cost_results.CostSystem.costs["theoretical"]["setup"]["accumulated"](
Send=utils.bit2byte(costs))
for i, (m0, m1) in enumerate(self.args):
PK = decompressPoint(args[i], self.EC)
PK0r = PK * r
PK1r = rC - PK0r
# digest0 = ""
# digest1 = ""
chunks = ((utils.bitlength(max(m0, m1)) - 1) // 256) + 1
cost_results.CostSystem.costs["theoretical"]["setup"][
"accumulated"](SHA256=2 * chunks)
key0 = cPickle.dumps((PK0r, "0"), protocol=2)
key1 = cPickle.dumps((PK1r, "1"), protocol=2)
digest0 = "".join(
hashlib.sha256(key0 + mpz(j).binary()).digest()
for j in xrange(chunks))
digest1 = "".join(
hashlib.sha256(key1 + mpz(j).binary()).digest()
for j in xrange(chunks))
# for j in xrange(chunks):
# sj = mpz(j).binary()
# digest0 += hashlib.sha256(key0 + sj).digest()
# digest1 += hashlib.sha256(key1 + sj).digest()
#TODO: truncate digest0 and digest1 to same length as m0 and m1 !!!
h0 = abs(mpz(digest0, 256)) ^ m0
h1 = abs(mpz(digest1, 256)) ^ m1
yield (h0.binary(), h1.binary())
def next_data_in(self):
self.params = {"la": 32, "lb": 32, "da": 8, "db": 8}
self.inputs = {"a": 8 * (0, ), "b": rand.randint(1, 2**31 - 1)}
yield
self.inputs = {"b": 0, "a": nogen(get_random(1, 2**31 - 1, 8))}
yield
self.inputs = {"a": 8 * (0, ), "b": 0}
yield
self.inputs = {"a": 8 * (2**31 - 1, ), "b": 2**31 - 1}
yield
for i in xrange(self.COUNT):
da = rand.randint(1, self.MAXDIM)
db = rand.randint(1, self.MAXDIM)
la = rand.randint(2, self.MAXBITLEN)
lb = rand.randint(2, self.MAXBITLEN)
self.params = {'la': la, 'lb': lb, 'da': da, 'db': db}
self.inputs = {
'a': tuple(get_random(1, max(1, (2**(la - 1)) - 1), da)),
'b': rand.randint(1, max(1, (2**(lb - 1)) - 1))
}
yield
def get_random(self, maxbits, num, innum=0):
if self.SIGNED[innum]:
return nogen(
get_random(-2**(maxbit - 1) - 1, 2**(maxbit - 1) - 1, num))
else:
return nogen(get_random(0, 2**(maxbit) - 1, num))
def PaillierVec_GarbledVec_receive(src, dst, source_bitlen, source_dim, signed, force_bitlen=None, force_signed=None):
p = partyAttribute
if force_bitlen and (force_signed or (signed and not force_signed == False)):
raise NotImplementedError("forcing bitlen on signeds is not supported now")
if force_bitlen:
source_bitlen = force_bitlen
overallbitlen = reduce(operator.mul, source_dim, 1) * source_bitlen
cpc = state.config.asymmetric_security_parameter - state.config.symmetric_security_parameter - 1
chunksize = (cpc - 1) / source_bitlen
chunkpayloadbits = chunksize * source_bitlen
chunks = (overallbitlen - 1) / chunkpayloadbits + 1
lastchunksize = overallbitlen % (chunksize * source_bitlen)
if lastchunksize:
chunksizes = (chunks - 1) * (chunkpayloadbits, ) + (lastchunksize, )
masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter) - 1, chunks - 1)) + (mpz(rand.randint(0, 2**(lastchunksize + state.config.symmetric_security_parameter) - 1)),)
else:
chunksizes = chunks * (chunkpayloadbits, )
masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter)- 1, chunks))
if state.precompute:
if force_signed is not None:
signed = force_signed
# receive garbled Mask
mgms = _receive(src, dst)
for mgm, size in zip(mgms, chunksizes):
mgm._bit_length = size
# prepare for creation of garbled masked plain value
state.active_party.push_tmpval(mgms)
# precompute first chunkpayloadbits for the garbled masked value
mgvs = []
for i in chunksizes:
mgv = Garbled(bitlen=i, val=p, signed=False)
state.passive_party.push_tmpattr(mgv)
mgvs.append(mgv)
# precompute the unmasking and unpacking
rets = []
for mgv, mgm, chunksize in zip (mgvs, mgms, chunksizes):
ret = mgv.unpack(mgm, source_bitlen, chunksize, signed)
state.active_party.push_tmpattr(ret)
rets.extend(ret)
rets.reverse()
vec = GarbledVec(bitlen=source_bitlen, dim=source_dim, val=rets, signed=signed)
# save shadow copy of resulting GarbledVec
_set_dst(src, dst, vec)
else: # online phase
if force_signed is not None:
signed = force_signed
if not isclient():
raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense")
# receive masked homomorphic values
mhvs = _receive()
for i, chunksize in zip(mhvs, chunksizes):
i._bit_length = chunksize
# decrypt masked garbled values
mvs = nogen(Unsigned(val=i) for i in mhvs)
# get the masked garbled values from tmpval-stack
mgms = state.active_party.pop_tmpval()
# compute first chunksize bits of garbled masked values
mgvs = []
for mv, chunksize in zip(mvs, chunksizes):
state.passive_party._tmp_ = mgv = state.passive_party.pop_tmpattr()
mv._value &= (1<<chunksize) - 1
mv.set_bit_length(chunksize)
state.passive_party._tmp_ = Garbled(val=mv, bitlen=chunksize, signed=signed)
mgvs.append(state.passive_party._tmp_)
# unpacking and unblinding
rets = []
for mgm, mgv, chunksize in zip(mgms, mgvs, chunksizes):
state.active_party._tmp_ = state.active_party.pop_tmpattr()
state.active_party._tmp_ = mgv.unpack(mgm, source_bitlen, chunksize, signed)
rets.extend(state.active_party._tmp_)
rets.reverse()
vec = GarbledVec(bitlen=source_bitlen, dim=source_dim, val=rets, signed = rets[0].signed())
_set_dst(src, dst, vec)
def PaillierVec_GarbledVec_send(src, dst, source_bitlen, source_dim, signed, force_bitlen=None, force_signed=None):
if force_bitlen and (force_signed or (signed and not force_signed == False)):
raise NotImplementedError("forcing bitlen on signeds is not supported now")
if force_bitlen is not None:
diff = source_bitlen - force_bitlen
source_bitlen = force_bitlen
else:
diff = 0
p = partyAttribute
if not isserver():
raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense")
# number of maximal bits in content
overallbitlen = _dimtimes(source_dim) * source_bitlen
# we have asymmetric_security_parameter bits to pack into, but need symmetric_security_parameter bits to blind
cpc = state.config.asymmetric_security_parameter - state.config.symmetric_security_parameter - 1
chunksize = cpc / source_bitlen
chunkpayloadbits = chunksize * source_bitlen
chunks = (overallbitlen - 1) / chunkpayloadbits + 1
lastchunksize = overallbitlen % chunkpayloadbits
Homomorphic = tasty.types.Homomorphic
HomomorphicVec = tasty.types.HomomorphicVec
if lastchunksize:
chunksizes = (chunks - 1) * (chunkpayloadbits, ) + (lastchunksize, )
else:
chunksizes = chunks * (chunkpayloadbits, )
if state.precompute:
if lastchunksize:
masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter) - 1, chunks - 1)) + (mpz(rand.randint(0, 2**(lastchunksize + state.config.symmetric_security_parameter) - 1)),)
else:
masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter)- 1, chunks))
if force_signed is not None:
signed = force_signed
# generate Mask values
umasks = nogen(Unsigned(val=v, bitlen=l + state.config.symmetric_security_parameter) for v, l in zip(masks, chunksizes))
# homomorphically encrypt masks
hmasks = tuple(tasty.types.Homomorphic(val=mask, signed=False) for mask in umasks)
state.active_party.push_tmpval(hmasks)
# garble first chunkpayloadbits of the masks (manual construction of garbled! Voodoo!)
mgms = []
for mask, chunksize in zip(masks, chunksizes):
state.passive_party._tmp_ = Garbled(bitlen=chunksize, signed=False, val=p)
zv = Garbled.get_zero_value(state.passive_party._tmp_.gid)
state.passive_party._tmp_[:] = plain2garbled(value2bits(mask & (1<<chunksize) - 1, chunksize), zv, state.R)
mgms.append(state.passive_party._tmp_)
state.passive_party.push_tmpval(mgms)
#raise NotImplementedError("COSTS")
# _sendcost(chunks * chunksize[0]
# send garbled masks to client
_send(mgms)
# precompute the first chunkpayloadbits for the garbled masked value
mgvs = []
for chunksize in chunksizes:
mgv = Garbled(bitlen=chunksize, passive=True, val=p, signed=False)
state.passive_party.push_tmpattr(mgv)
mgvs.append(mgv)
# precompute the unmasking and unpacking
rets = []
for mgv, mgm, chunksize in zip(mgvs, mgms, chunksizes):
ret = mgv.unpack(mgm, source_bitlen, chunksize, signed)
state.passive_party.push_tmpattr(ret)
rets.extend(ret)
rets.reverse() # packing works exactly in the oposite direction then unpacking, so reverse here to get original result back
vec = GarbledVec(bitlen=source_bitlen, dim=source_dim, val=rets)
# save shadow copy of resulting GarbledVec
_set_dst(src, dst, vec)
else: # online phase
assert signed == src.signed(), "the analyzer disagrees with the typesystems signedness"
if force_signed is not None:
signed = force_signed
if not isserver():
raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense")
# Pack the values with respecting the force_signed and force_bitlen
hmasks = state.active_party.pop_tmpval()
if force_signed is not None: # we must change it to the forced sign
origsigned = src.signed()
src._signed = force_signed
for i in src:
i._signed = force_signed
packed, _, _ = src.pack(-(state.config.symmetric_security_parameter + 1), force_bitlen=force_bitlen)
if force_signed is not None: # no change in the source, so revert changes done before pack()
src._signed = origsigned
for i in src:
i._signed = origsigned
assert len(packed) == len(hmasks), "packing error (%d packed chunks, but %d expected (%r, %r))"%(len(packed), len(hmasks), hmasks, packed)
# mask the packed values
for i, j in zip(packed, hmasks):
i += j
# send packed values to client
_send(packed)
# retrive garbled masks from tmpval-stack
mgms = state.passive_party.pop_tmpval()
# passive part for generation of garbled masked values
mgvs = []
for chunksize in chunksizes:
state.passive_party._tmp_ = state.passive_party.pop_tmpattr()
state.passive_party._tmp_ = Garbled(val=p, bitlen=chunksize, passive=True, signed=False)
mgvs.append(state.passive_party._tmp_)
# passive part of unblinding and unpacking
# rets = []
for mgm, mgv, chunksize in zip(mgms, mgvs, chunksizes):
state.passive_party._tmp_ = state.passive_party.pop_tmpattr()
