def server_1(self, args): gc.disable() s = list(utils.get_random(0, 1, self.k)) m = len(self.args) if m <= state.config.symmetric_security_parameter: # IKNP03 does not make sense if m <= symmetric_security_parameter # Use the subot directly then. self.subot.forward() self.subot(self.args) return None self.subot(s) tmp = [utils.value2bits(res, m) for res in self.subot.get_results()] Q = zip(*tmp) # transpose tmp del tmp si = utils.bits2value(s) q = [utils.bits2value(j) for j in Q] cost_results.CostSystem.costs["theoretical"]["setup"]["accumulated"]( Send=2 * utils.bit2byte(state.config.symmetric_security_parameter) * m) gc.enable() return (((xj0 ^ self.H(j, qj)).binary(), (xj1 ^ self.H(j, qj ^ si)).binary()) for (j, qj), (xj0, xj1) in zip(enumerate(q), self.args))
def client_1(self, args): self.args = utils.nogen(self.args) gc.disable() def otlist(r, T): r = utils.bits2value(r) for i in xrange(self.k): ti = utils.bits2value(ithrow(T, i)) yield (ti, ti ^ r) m = len(self.args) if m <= state.config.symmetric_security_parameter: # IKNP03 does not make sense if m <= symmetric_security_parameter # Use the subot directly then. self.subot.forward() self.subot(self.args) self.results = self.subot.get_results() return None #self.T = T = [list(utils.get_random(0, 1, self.k)) for i in xrange(m)] l = (1 << self.k) - 1 self.T = T = [ utils.value2bits(mpz(utils.rand.randint(0, l)), self.k) for i in xrange(m) ] self.subot(otlist(self.args, T)) return tuple()
def Garbled_Signed_receive(src, dst, bitlen, dim, signed, force_bitlen=None, force_signed=None): if isserver(): val, signed = _receive(src, dst) val = value2bits(val, bitlen) zv = Garbled.get_zero_value(src.gid) val = bits2value(perm2plain(val, zv)) new = Unsigned(val=val, bitlen=bitlen) _set_dst(src, dst, new) else: _just_receive(src, dst, bitlen, dim, signed)
def Garbled_Unsigned_receive(src, dst, bitlen, dim, signed, force_bitlen=None, force_signed=None): if isserver(): val, signed = _receive(src, dst) val = value2bits(val, bitlen) zv = permbits(Garbled.get_zero_value(src.gid)) if signed: warnings.warn("Loosing Signedness", UserWarningRepeated) val = abs(bits2value(perm2plain(val, zv))) else: val = bits2value(perm2plain(val, zv)) new = Unsigned(val=val, bitlen=bitlen) _set_dst(src, dst, new) else: _just_receive(src, dst, bitlen, dim, signed)
def eval(self, inputs): """Evaluate circuit on plain inputs""" assert len(inputs) == len(self.inputs()), \ "#inputs must match #inputs of circuit" u = self.num_input_bits() k = self.num_gates() wire_values = [None for i in xrange(u + k)] # values of wires # assign inputs input_desc = self.inputs() k = 0 for ix, i in enumerate(inputs): # for each input i v = i l, desc = input_desc[ix] state.log.debug("%s:", desc) wire_values[k:k + l] = value2bits(mpz(v), l) k += l # evaluate gates state.log.debug("Evaluating gates:") for gx, g in enumerate(self.next_gate()): # for each gate g_ins, g_tab = g # determine index into gate table tab_idx = 0 for i in g_ins: tab_idx <<= 1 tab_idx |= wire_values[i] # evaluate gate lookup_idx = (1 << len(g_ins)) - tab_idx - 1 val = (g_tab & (1 << lookup_idx)) >> lookup_idx wire_values[u + gx] = val state.log.debug("%d: %s %s @ %d => %d", u + gx, g_ins, bin(g_tab), tab_idx, val) # read outputs output_values = [] for out, desc, type_ in self.outputs(): trans_out = map(lambda x: wire_values[x], out) o_val = bits2value(trans_out) output_values.append(o_val) return output_values
def PaillierVec_GarbledVec_send(src, dst, source_bitlen, source_dim, signed, force_bitlen=None, force_signed=None): if force_bitlen and (force_signed or (signed and not force_signed == False)): raise NotImplementedError("forcing bitlen on signeds is not supported now") if force_bitlen is not None: diff = source_bitlen - force_bitlen source_bitlen = force_bitlen else: diff = 0 p = partyAttribute if not isserver(): raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense") # number of maximal bits in content overallbitlen = _dimtimes(source_dim) * source_bitlen # we have asymmetric_security_parameter bits to pack into, but need symmetric_security_parameter bits to blind cpc = state.config.asymmetric_security_parameter - state.config.symmetric_security_parameter - 1 chunksize = cpc / source_bitlen chunkpayloadbits = chunksize * source_bitlen chunks = (overallbitlen - 1) / chunkpayloadbits + 1 lastchunksize = overallbitlen % chunkpayloadbits Homomorphic = tasty.types.Homomorphic HomomorphicVec = tasty.types.HomomorphicVec if lastchunksize: chunksizes = (chunks - 1) * (chunkpayloadbits, ) + (lastchunksize, ) else: chunksizes = chunks * (chunkpayloadbits, ) if state.precompute: if lastchunksize: masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter) - 1, chunks - 1)) + (mpz(rand.randint(0, 2**(lastchunksize + state.config.symmetric_security_parameter) - 1)),) else: masks = nogen(get_randomm(0, 2**(chunkpayloadbits + state.config.symmetric_security_parameter)- 1, chunks)) if force_signed is not None: signed = force_signed # generate Mask values umasks = nogen(Unsigned(val=v, bitlen=l + state.config.symmetric_security_parameter) for v, l in zip(masks, chunksizes)) # homomorphically encrypt masks hmasks = tuple(tasty.types.Homomorphic(val=mask, signed=False) for mask in umasks) state.active_party.push_tmpval(hmasks) # garble first chunkpayloadbits of the masks (manual construction of garbled! Voodoo!) mgms = [] for mask, chunksize in zip(masks, chunksizes): state.passive_party._tmp_ = Garbled(bitlen=chunksize, signed=False, val=p) zv = Garbled.get_zero_value(state.passive_party._tmp_.gid) state.passive_party._tmp_[:] = plain2garbled(value2bits(mask & (1<<chunksize) - 1, chunksize), zv, state.R) mgms.append(state.passive_party._tmp_) state.passive_party.push_tmpval(mgms) #raise NotImplementedError("COSTS") # _sendcost(chunks * chunksize[0] # send garbled masks to client _send(mgms) # precompute the first chunkpayloadbits for the garbled masked value mgvs = [] for chunksize in chunksizes: mgv = Garbled(bitlen=chunksize, passive=True, val=p, signed=False) state.passive_party.push_tmpattr(mgv) mgvs.append(mgv) # precompute the unmasking and unpacking rets = [] for mgv, mgm, chunksize in zip(mgvs, mgms, chunksizes): ret = mgv.unpack(mgm, source_bitlen, chunksize, signed) state.passive_party.push_tmpattr(ret) rets.extend(ret) rets.reverse() # packing works exactly in the oposite direction then unpacking, so reverse here to get original result back vec = GarbledVec(bitlen=source_bitlen, dim=source_dim, val=rets) # save shadow copy of resulting GarbledVec _set_dst(src, dst, vec) else: # online phase assert signed == src.signed(), "the analyzer disagrees with the typesystems signedness" if force_signed is not None: signed = force_signed if not isserver(): raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense") # Pack the values with respecting the force_signed and force_bitlen hmasks = state.active_party.pop_tmpval() if force_signed is not None: # we must change it to the forced sign origsigned = src.signed() src._signed = force_signed for i in src: i._signed = force_signed packed, _, _ = src.pack(-(state.config.symmetric_security_parameter + 1), force_bitlen=force_bitlen) if force_signed is not None: # no change in the source, so revert changes done before pack() src._signed = origsigned for i in src: i._signed = origsigned assert len(packed) == len(hmasks), "packing error (%d packed chunks, but %d expected (%r, %r))"%(len(packed), len(hmasks), hmasks, packed) # mask the packed values for i, j in zip(packed, hmasks): i += j # send packed values to client _send(packed) # retrive garbled masks from tmpval-stack mgms = state.passive_party.pop_tmpval() # passive part for generation of garbled masked values mgvs = [] for chunksize in chunksizes: state.passive_party._tmp_ = state.passive_party.pop_tmpattr() state.passive_party._tmp_ = Garbled(val=p, bitlen=chunksize, passive=True, signed=False) mgvs.append(state.passive_party._tmp_) # passive part of unblinding and unpacking # rets = [] for mgm, mgv, chunksize in zip(mgms, mgvs, chunksizes): state.passive_party._tmp_ = state.passive_party.pop_tmpattr()
def Paillier_Garbled_send(src, dst, bitlen, dim, signed, force_bitlen=None, force_signed=None): if force_bitlen is not None: diff = bitlen - force_bitlen bitlen = force_bitlen else: diff = 0 masklen = bitlen + state.config.symmetric_security_parameter # p = partyAttribute if not isserver(): raise TastySyntaxError("Conversion from Homomorphic to Garbled from Client to Server does not make sense") if state.precompute: if force_signed is not None: signed = force_signed if signed: mask = Unsigned(val=rand.randint(2**bitlen - 1, 2**masklen - 1), bitlen=masklen) # generate the Homomorphic blinding mask and store else: mask = Unsigned(val=rand.randint(0, 2**masklen - 1), bitlen=masklen) hmask = tasty.types.Homomorphic(val=mask, signed=False) state.active_party.push_tmpattr(hmask) # Generate the Garbled Blinding Mask mgm = Garbled(bitlen=bitlen, signed=False, val=p) mgm.plainmask = mask # save the mask to be able to access it in online phase state.passive_party.push_tmpattr(mgm) # save the new Garbled zv = Garbled.get_zero_value(mgm.gid) mgm[:] = plain2garbled(value2bits(mask.get_value() & ((1<<bitlen) - 1), bitlen), zv, state.R) _sendcost(state.config.symmetric_security_parameter * bitlen) _send(mgm) # Precompute the garbled for the masked plain value mgv = Garbled(bitlen=bitlen, passive=True, val=p, signed=False) state.passive_party.push_tmpattr(mgv) # prepare the addition circuit to remove the mask ret = mgv.dropmsb_sub(mgm) # save shadow copy of resulting Garbled _set_dst(src, dst, ret) ret.set_bit_length(bitlen) ret._signed = False # avoid warning here else: assert signed == src.signed(), "the analyzer disagrees with the typesystems signedness" if force_signed is not None: signed = force_signed hmask = state.active_party.pop_tmpattr() mgm = state.passive_party.pop_tmpattr() state.passive_party._tmp_ = state.passive_party.pop_tmpattr() # blind the homomorphic and send to other party hval = src + hmask hval._bit_length -= diff # force_bitlen _sendcost(state.config.asymmetric_security_parameter * 2) _send(hval) # help to encrypt the masked value into Garbled state.passive_party._tmp_ = Garbled(bitlen=masklen + 1, passive=True, val=p, signed=signed) # help removing the mask ret = state.passive_party._tmp_.dropmsb_sub(mgm) # tasty calculates theoretical worst case bitlengths. Since we know better, # we can safely overwrite that _set_dst(src, dst, ret) ret.set_bit_length(bitlen) ret._signed = hval.signed()