async def random_bits(self, sftype, n, signed=False):
"""n secure uniformly random bits of the given type."""
prss0 = False
f1 = 1
if issubclass(sftype, Share):
await returnType((sftype, True), n)
field = sftype.field
if sftype.__name__.startswith('SecFld'):
prss0 = True
f1 = field.lshift_factor
else:
await returnType(Future)
field = sftype
m = len(self.parties)
if not isinstance(field.modulus, int):
prfs = self.parties[self.pid].prfs(2)
bits = thresha.pseudorandom_share(field, m, self.pid, prfs,
self._prss_uci(), n)
return bits
bits = [None] * n
p = field.modulus
if not signed:
q = (p + 1) >> 1 # q = 1/2 mod p
prfs = self.parties[self.pid].prfs(p)
t = self.threshold
h = n
while h > 0:
rs = thresha.pseudorandom_share(field, m, self.pid, prfs,
self._prss_uci(), h)
# Compute and open the squares and compute square roots.
r2s = [r * r for r in rs]
if prss0:
z = thresha.pseudorandom_share_zero(field, m, self.pid, prfs,
self._prss_uci(), h)
for i in range(h):
r2s[i] += z[i]
r2s = await self.output(r2s, threshold=2 * t)
for r, r2 in zip(rs, r2s):
if r2.value != 0:
h -= 1
s = r.value * r2.sqrt(INV=True).value
if not signed:
s += 1
s %= p
s *= q
bits[h] = field(f1 * s)
return bits
def test_prss(self):
field = self.f256
key = int('0x00112233445566778899aabbccddeeff',
16).to_bytes(16, byteorder='little')
bound = 256 # field.modulus
F = thresha.PRF(key, bound)
m = 1
pid = 0
prfs = {(0, ): F}
uci = 'test uci'.encode()
n = 8
a = F(uci, n)
shares = thresha.pseudorandom_share(field, m, pid, prfs, uci, n)
b = thresha.recombine(field, [(1, shares)])
self.assertEqual(a, [s.value for s in b])
a = [0] * n
shares = thresha.pseudorandom_share_zero(field, m, pid, prfs, uci, n)
b = thresha.recombine(field, [(1, shares)])
self.assertEqual(a, b)
m = 3
pid = 0
prfs = {(0, 1): F, (0, 2): F} # reuse dummy PRF
shares0 = thresha.pseudorandom_share_zero(field, m, pid, prfs, uci, n)
pid = 1
prfs = {(0, 1): F, (1, 2): F} # reuse dummy PRF
shares1 = thresha.pseudorandom_share_zero(field, m, pid, prfs, uci, n)
pid = 2
prfs = {(0, 2): F, (1, 2): F} # reuse dummy PRF
shares2 = thresha.pseudorandom_share_zero(field, m, pid, prfs, uci, n)
b = thresha.recombine(field, [(1, shares0), (2, shares1),
(3, shares2)])
self.assertEqual(a, b)
def _randoms(self, sftype, n, bound=None):
"""n secure random values of the given type in the given range."""
if issubclass(sftype, Share):
field = sftype.field
else:
field = sftype
if bound is None:
bound = field.order
else:
bound = 1 << max(0, (bound // self._bincoef).bit_length() - 1) # NB: round to power of 2
m = len(self.parties)
prfs = self.prfs(bound)
shares = thresha.pseudorandom_share(field, m, self.pid, prfs, self._prss_uci(), n)
if issubclass(sftype, Share):
shares = [sftype(s) for s in shares]
return shares
def _randoms(self, sftype, n, bound=None):
"""n secure random values of the given type in the given range."""
if issubclass(sftype, Share):
field = sftype.field
else:
field = sftype
if bound is None:
bound = field.order
else:
bound = (bound - 1) // self._bincoef + 1
m = len(self.parties)
prfs = self.parties[self.pid].prfs(bound)
shares = thresha.pseudorandom_share(field, m, self.pid, prfs,
self._prss_uci(), n)
if issubclass(sftype, Share):
shares = [sftype(s) for s in shares]
return shares
def randoms(self, sftype, m, max=None):
"""m secure random values of the given type in the given range."""
if issubclass(sftype, Share):
field = sftype.field
else:
field = sftype
if max is None:
max = field.modulus
else:
max = (max - 1) // self._bincoef + 1
prfs = self.parties[self.id].prfs(max)
shares = thresha.pseudorandom_share(field, len(self.parties), self.id,
prfs, self._prss_uci(), m)
if issubclass(sftype, Share):
return [sftype(s) for s in shares]
else:
return shares
def test_prss(self):
field = self.f19
key = b'00112233445566778899aabbccddeeff'
max = field.modulus
F = thresha.PRF(key, max)
n = 1
id = 0
prfs = {frozenset([0]): F}
uci = 'test uci'
m = 8
a = F(uci, m)
shares = thresha.pseudorandom_share(field, n, id, prfs, uci, m)
b = thresha.recombine(field, [(1, shares)])
self.assertEqual(a, b)
a = [0] * m
shares = thresha.pseudorandom_share_zero(field, n, id, prfs, uci, m)
b = thresha.recombine(field, [(1, shares)])
self.assertEqual(a, b)
async def random_bits(self, sftype, m):
"""m secure random bits of the given type."""
prss0 = False
f1 = 1
if issubclass(sftype, Share):
await returnType((sftype, True), m)
field = sftype.field
if sftype.__name__.startswith('SecFld'):
prss0 = True
f1 = 1 << sftype.field.frac_length
else:
await returnType(Share)
field = sftype
bits = [None] * m
p = field.modulus
q = (p + 1) >> 1 # q = 1/2 mod p
prfs = self.parties[self.id].prfs(p)
h = m
while h > 0:
rs = thresha.pseudorandom_share(field, len(self.parties), self.id,
prfs, self._prss_uci(), h)
# Compute and open the squares and compute square roots.
r2s = [r * r for r in rs]
if prss0:
z = thresha.pseudorandom_share_zero(field, len(self.parties),
self.id, prfs,
self._prss_uci(), h)
for i in range(h):
r2s[i] += z[i]
r2s = await self.output(r2s, threshold=2 * self.threshold)
for r, r2 in zip(rs, r2s):
if r2.value != 0:
h -= 1
bits[h] = field(
f1 * ((r.value * r2.sqrt(INV=True).value + 1) % p) * q)
return bits