def next_data_in(self): self.params = {"dim": 3, "lenX": 32, "lenY": 32} self.client_inputs = {"X": (1, 2, 3)} self.server_inputs = {"Y": (2, 3, 4)} self.result = 2 yield for i in xrange(10): self.params = { "dim": rand.randint(0, 100), "lenX": rand.randint(0, 512), "lenY": rand.randint(0, 512) } self.client_inputs = { "X": nogen( get_random(0, 2**self.params['lenX'] - 1, self.params["dim"])) } self.server_inputs = { "Y": nogen( get_random(0, 2**self.params['lenY'] - 1, self.params["dim"])) } self.result = min( map(lambda x: x[0] * x[1], zip(self.client_inputs["X"], self.server_inputs["Y"]))) yield
def next_data_in(self): self.params = {"SETSIZE_C": 3, "SETSIZE_S": 3} self.client_inputs = {"X": (1, 2, 3)} self.server_inputs = {"Y": (2, 3, 4)} self.intersection = set((2, 3)) yield for i in xrange(10): randset = nogen( get_random(1, 2**state.config.asymmetric_security_parameter - 1, 100)) self.count_C = rand.randint(1, 50) self.count_S = rand.randint(1, 50) self.params = { "SETSIZE_C": self.count_C, "SETSIZE_S": self.count_S } client_inputs = set(rand.sample(randset, self.count_C)) server_inputs = set(rand.sample(randset, self.count_S)) self.client_inputs = {"X": client_inputs} self.server_inputs = {"Y": server_inputs} self.intersection = client_inputs.intersection(server_inputs) yield
def receiver_online1(self, args): """ self.args is expected to be a list of one-bit integers """ # receive C and rG from sender args = tuple(args) self.C = C = decompressPoint(args[0], self.EC) self.rG = decompressPoint(args[1], self.EC) self.idx = utils.nogen(self.args) G = self.G order = self.EC.getOrder() compress = self.compress self.s = ss = [] #Communication costs in this round: one ECPoint per bit in self.args cost_results.CostSystem.costs["theoretical"]["setup"]["accumulated"]( Send=utils.bit2byte(len(self.idx) * self.comCostsECPoint)) for i in self.idx: s = utils.rand.randint(1, order) ss.append(s) PK = G * s PK.compress = compress if i == 0: yield PK else: PK2 = C - PK PK2.compress = compress yield PK2
def client_1(self, args): self.args = utils.nogen(self.args) gc.disable() def otlist(r, T): r = utils.bits2value(r) for i in xrange(self.k): ti = utils.bits2value(ithrow(T, i)) yield (ti, ti ^ r) m = len(self.args) if m <= state.config.symmetric_security_parameter: # IKNP03 does not make sense if m <= symmetric_security_parameter # Use the subot directly then. self.subot.forward() self.subot(self.args) self.results = self.subot.get_results() return None #self.T = T = [list(utils.get_random(0, 1, self.k)) for i in xrange(m)] l = (1 << self.k) - 1 self.T = T = [ utils.value2bits(mpz(utils.rand.randint(0, l)), self.k) for i in xrange(m) ] self.subot(otlist(self.args, T)) return tuple()
def generate_test_data_for_iteration(self): if self.iterations: self.client_inputs = nogen(get_random(1, 2**32 - 1, 2)) self.server_inputs = tuple() self.params = {} self.iterations -= 1 else: self.params = None
def compute_deblinding(self): b1b2 = (i * (-j) for i, j in zip(self.blindings, self.blindings2)) b1b2 = nogen(b1b2) # print "deblinding", b1b2 m1b2 = (i * (-j) for i, j in zip(self.args[0], self.blindings2)) m2b1 = (i * (-j) for i, j in zip(self.args[1], self.blindings)) return b1b2, m1b2, m2b1
def sender_online2(self, args): """ self.args is expected to be a list of message-tuples """ args = tuple(args) self.args = utils.nogen(self.args) r = self.r rC = self.rC #TODO: PLEASE FIX COSTS !!! #communication costs: # at the moment we sent 256 bit chunks. so the bits needed to transmit a message is # ceil(bitlen(msg)/256) * 256 costs = 0 for msg in self.args: costs += int(math.ceil(mpz(msg[0]).bit_length() / 256.0)) * 256 costs += int(math.ceil(mpz(msg[1]).bit_length() / 256.0)) * 256 cost_results.CostSystem.costs["theoretical"]["setup"]["accumulated"]( Send=utils.bit2byte(costs)) for i, (m0, m1) in enumerate(self.args): PK = decompressPoint(args[i], self.EC) PK0r = PK * r PK1r = rC - PK0r # digest0 = "" # digest1 = "" chunks = ((utils.bitlength(max(m0, m1)) - 1) // 256) + 1 cost_results.CostSystem.costs["theoretical"]["setup"][ "accumulated"](SHA256=2 * chunks) key0 = cPickle.dumps((PK0r, "0"), protocol=2) key1 = cPickle.dumps((PK1r, "1"), protocol=2) digest0 = "".join( hashlib.sha256(key0 + mpz(j).binary()).digest() for j in xrange(chunks)) digest1 = "".join( hashlib.sha256(key1 + mpz(j).binary()).digest() for j in xrange(chunks)) # for j in xrange(chunks): # sj = mpz(j).binary() # digest0 += hashlib.sha256(key0 + sj).digest() # digest1 += hashlib.sha256(key1 + sj).digest() #TODO: truncate digest0 and digest1 to same length as m0 and m1 !!! h0 = abs(mpz(digest0, 256)) ^ m0 h1 = abs(mpz(digest1, 256)) ^ m1 yield (h0.binary(), h1.binary())
def next_data_in(self): self.params = {"la": 32, "lb": 32, "da": 8, "db": 8} self.inputs = {"a": 8 * (0, ), "b": rand.randint(1, 2**31 - 1)} yield self.inputs = {"b": 0, "a": nogen(get_random(1, 2**31 - 1, 8))} yield self.inputs = {"a": 8 * (0, ), "b": 0} yield self.inputs = {"a": 8 * (2**31 - 1, ), "b": 2**31 - 1} yield for i in xrange(self.COUNT): da = rand.randint(1, self.MAXDIM) db = rand.randint(1, self.MAXDIM) la = rand.randint(2, self.MAXBITLEN) lb = rand.randint(2, self.MAXBITLEN) self.params = {'la': la, 'lb': lb, 'da': da, 'db': db} self.inputs = { 'a': tuple(get_random(1, max(1, (2**(la - 1)) - 1), da)), 'b': rand.randint(1, max(1, (2**(lb - 1)) - 1)) } yield
def get_random(self, maxbits, num, innum=0): if self.SIGNED[innum]: return nogen( get_random(-2**(maxbit - 1) - 1, 2**(maxbit - 1) - 1, num)) else: return nogen(get_random(0, 2**(maxbit) - 1, num))
def PaillierVec_GarbledVec_receive(src, dst, source_bitlen, source_dim, signed, force_bitlen=None, force_signed=None): p = partyAttribute if force_bitlen and (force_signed or (signed and not force_signed == False)): raise NotImplementedError("forcing bitlen on signeds is not supported now") if force_bitlen: source_bitlen = force_bitlen overallbitlen = reduce(operator.mul, source_dim, 1) * source_bitlen cpc = state.config.asymmetric_security_parameter - state.config.symmetric_security_parameter - 1 chunksize = (cpc - 1) / source_bitlen chunkpayloadbits = chunksize * source_bitlen chunks = (overallbitlen - 1) / chunkpayloadbits + 1 lastchunksize = overallbitlen % (chunksize * source_bitlen) if lastchunksize: chunksizes = (chunks - 1) * (chunkpayloadbits, ) + (lastchunksize, ) masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter) - 1, chunks - 1)) + (mpz(rand.randint(0, 2**(lastchunksize + state.config.symmetric_security_parameter) - 1)),) else: chunksizes = chunks * (chunkpayloadbits, ) masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter)- 1, chunks)) if state.precompute: if force_signed is not None: signed = force_signed # receive garbled Mask mgms = _receive(src, dst) for mgm, size in zip(mgms, chunksizes): mgm._bit_length = size # prepare for creation of garbled masked plain value state.active_party.push_tmpval(mgms) # precompute first chunkpayloadbits for the garbled masked value mgvs = [] for i in chunksizes: mgv = Garbled(bitlen=i, val=p, signed=False) state.passive_party.push_tmpattr(mgv) mgvs.append(mgv) # precompute the unmasking and unpacking rets = [] for mgv, mgm, chunksize in zip (mgvs, mgms, chunksizes): ret = mgv.unpack(mgm, source_bitlen, chunksize, signed) state.active_party.push_tmpattr(ret) rets.extend(ret) rets.reverse() vec = GarbledVec(bitlen=source_bitlen, dim=source_dim, val=rets, signed=signed) # save shadow copy of resulting GarbledVec _set_dst(src, dst, vec) else: # online phase if force_signed is not None: signed = force_signed if not isclient(): raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense") # receive masked homomorphic values mhvs = _receive() for i, chunksize in zip(mhvs, chunksizes): i._bit_length = chunksize # decrypt masked garbled values mvs = nogen(Unsigned(val=i) for i in mhvs) # get the masked garbled values from tmpval-stack mgms = state.active_party.pop_tmpval() # compute first chunksize bits of garbled masked values mgvs = [] for mv, chunksize in zip(mvs, chunksizes): state.passive_party._tmp_ = mgv = state.passive_party.pop_tmpattr() mv._value &= (1<<chunksize) - 1 mv.set_bit_length(chunksize) state.passive_party._tmp_ = Garbled(val=mv, bitlen=chunksize, signed=signed) mgvs.append(state.passive_party._tmp_) # unpacking and unblinding rets = [] for mgm, mgv, chunksize in zip(mgms, mgvs, chunksizes): state.active_party._tmp_ = state.active_party.pop_tmpattr() state.active_party._tmp_ = mgv.unpack(mgm, source_bitlen, chunksize, signed) rets.extend(state.active_party._tmp_) rets.reverse() vec = GarbledVec(bitlen=source_bitlen, dim=source_dim, val=rets, signed = rets[0].signed()) _set_dst(src, dst, vec)
def PaillierVec_GarbledVec_send(src, dst, source_bitlen, source_dim, signed, force_bitlen=None, force_signed=None): if force_bitlen and (force_signed or (signed and not force_signed == False)): raise NotImplementedError("forcing bitlen on signeds is not supported now") if force_bitlen is not None: diff = source_bitlen - force_bitlen source_bitlen = force_bitlen else: diff = 0 p = partyAttribute if not isserver(): raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense") # number of maximal bits in content overallbitlen = _dimtimes(source_dim) * source_bitlen # we have asymmetric_security_parameter bits to pack into, but need symmetric_security_parameter bits to blind cpc = state.config.asymmetric_security_parameter - state.config.symmetric_security_parameter - 1 chunksize = cpc / source_bitlen chunkpayloadbits = chunksize * source_bitlen chunks = (overallbitlen - 1) / chunkpayloadbits + 1 lastchunksize = overallbitlen % chunkpayloadbits Homomorphic = tasty.types.Homomorphic HomomorphicVec = tasty.types.HomomorphicVec if lastchunksize: chunksizes = (chunks - 1) * (chunkpayloadbits, ) + (lastchunksize, ) else: chunksizes = chunks * (chunkpayloadbits, ) if state.precompute: if lastchunksize: masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter) - 1, chunks - 1)) + (mpz(rand.randint(0, 2**(lastchunksize + state.config.symmetric_security_parameter) - 1)),) else: masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter)- 1, chunks)) if force_signed is not None: signed = force_signed # generate Mask values umasks = nogen(Unsigned(val=v, bitlen=l + state.config.symmetric_security_parameter) for v, l in zip(masks, chunksizes)) # homomorphically encrypt masks hmasks = tuple(tasty.types.Homomorphic(val=mask, signed=False) for mask in umasks) state.active_party.push_tmpval(hmasks) # garble first chunkpayloadbits of the masks (manual construction of garbled! Voodoo!) mgms = [] for mask, chunksize in zip(masks, chunksizes): state.passive_party._tmp_ = Garbled(bitlen=chunksize, signed=False, val=p) zv = Garbled.get_zero_value(state.passive_party._tmp_.gid) state.passive_party._tmp_[:] = plain2garbled(value2bits(mask & (1<<chunksize) - 1, chunksize), zv, state.R) mgms.append(state.passive_party._tmp_) state.passive_party.push_tmpval(mgms) #raise NotImplementedError("COSTS") # _sendcost(chunks * chunksize[0] # send garbled masks to client _send(mgms) # precompute the first chunkpayloadbits for the garbled masked value mgvs = [] for chunksize in chunksizes: mgv = Garbled(bitlen=chunksize, passive=True, val=p, signed=False) state.passive_party.push_tmpattr(mgv) mgvs.append(mgv) # precompute the unmasking and unpacking rets = [] for mgv, mgm, chunksize in zip(mgvs, mgms, chunksizes): ret = mgv.unpack(mgm, source_bitlen, chunksize, signed) state.passive_party.push_tmpattr(ret) rets.extend(ret) rets.reverse() # packing works exactly in the oposite direction then unpacking, so reverse here to get original result back vec = GarbledVec(bitlen=source_bitlen, dim=source_dim, val=rets) # save shadow copy of resulting GarbledVec _set_dst(src, dst, vec) else: # online phase assert signed == src.signed(), "the analyzer disagrees with the typesystems signedness" if force_signed is not None: signed = force_signed if not isserver(): raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense") # Pack the values with respecting the force_signed and force_bitlen hmasks = state.active_party.pop_tmpval() if force_signed is not None: # we must change it to the forced sign origsigned = src.signed() src._signed = force_signed for i in src: i._signed = force_signed packed, _, _ = src.pack(-(state.config.symmetric_security_parameter + 1), force_bitlen=force_bitlen) if force_signed is not None: # no change in the source, so revert changes done before pack() src._signed = origsigned for i in src: i._signed = origsigned assert len(packed) == len(hmasks), "packing error (%d packed chunks, but %d expected (%r, %r))"%(len(packed), len(hmasks), hmasks, packed) # mask the packed values for i, j in zip(packed, hmasks): i += j # send packed values to client _send(packed) # retrive garbled masks from tmpval-stack mgms = state.passive_party.pop_tmpval() # passive part for generation of garbled masked values mgvs = [] for chunksize in chunksizes: state.passive_party._tmp_ = state.passive_party.pop_tmpattr() state.passive_party._tmp_ = Garbled(val=p, bitlen=chunksize, passive=True, signed=False) mgvs.append(state.passive_party._tmp_) # passive part of unblinding and unpacking # rets = [] for mgm, mgv, chunksize in zip(mgms, mgvs, chunksizes): state.passive_party._tmp_ = state.passive_party.pop_tmpattr()