viff
view viff/shamir.py @ 1575:cfb8e1485006
Updated email address.
| author | Thomas P Jakobsen <tpj@cs.au.dk> |
|---|---|
| date | Wed Dec 15 13:00:00 2010 +0100 (17 months ago) |
| parents | 4e36cad23bc1 |
| children |
line source
1 # Copyright 2007, 2008 VIFF Development Team.
2 #
3 # This file is part of VIFF, the Virtual Ideal Functionality Framework.
4 #
5 # VIFF is free software: you can redistribute it and/or modify it
6 # under the terms of the GNU Lesser General Public License (LGPL) as
7 # published by the Free Software Foundation, either version 3 of the
8 # License, or (at your option) any later version.
9 #
10 # VIFF is distributed in the hope that it will be useful, but WITHOUT
11 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
13 # Public License for more details.
14 #
15 # You should have received a copy of the GNU Lesser General Public
16 # License along with VIFF. If not, see <http://www.gnu.org/licenses/>.
18 """Shamir secret sharing and recombination. Based on the paper *How to
19 share a secret* by Adi Shamir in *Communications of the ACM* **22**
20 (11): 612-613.
21 """
29 """Shamir share secret.
31 The *threshold* indicates the maximum number of shares that reveal
32 nothing about *secret*. The return value is a list of ``(player
33 id, share)`` pairs.
35 It holds that sharing and recombination cancels each other:
37 >>> from field import GF
38 >>> Zp = GF(47)
39 >>> secret = Zp(42)
40 >>> recombine(share(secret, 7, 15)[:8]) == secret
41 True
43 The threshold can range from zero (for a dummy-sharing):
45 >>> share(Zp(10), 0, 5)
46 [({1}, {10}), ({2}, {10}), ({3}, {10}), ({4}, {10}), ({5}, {10})]
48 up to but not including *num_players*:
50 >>> share(Zp(10), 5, 5)
51 Traceback (most recent call last):
52 ...
53 AssertionError: Threshold out of range
54 """
59 # TODO: introduce a random() method in FieldElements so that
60 # this wont have to be a long when we are sharing a
61 # GMPIntegerFieldElement.
66 # Instead of calculating s_i as
67 #
68 # s_i = s + a_1 x_i + a_2 x_i^2 + ... + a_t x_i^t
69 #
70 # we avoid the exponentiations by calculating s_i by
71 #
72 # s_i = s + x_i (a_1 + x_i (a_2 + x_i ( ... (a_t) ... )))
73 #
74 # This is a little faster, even for small n and t.
77 # Go backwards from threshold-1 down to 0
85 #: Cached recombination vectors.
86 #:
87 #: The recombination vector used by `recombine` depends only on the
88 #: recombination point and the player IDs of the shares, and so it can
89 #: be cached for efficiency.
95 """Recombines list of ``(xi, yi)`` pairs.
97 Shares is a list of *threshold* + 1 ``(player id, share)`` pairs.
98 Recombination is done in the optional point *x_recomb*.
100 Note that player ids must be elements in the same field as the
101 shares or otherwise the algorithm will not work.
103 >>> from field import GF
104 >>> Zp = GF(19)
105 >>> shares = [(Zp(i), 7 * Zp(i) + 3) for i in range(1, 4)]
106 >>> print shares
107 [({1}, {10}), ({2}, {17}), ({3}, {5})]
108 >>> del(shares[1])
109 >>> recombine(shares)
110 {3}
111 """
127 """Verifies that a sharing is correct.
129 It is verified that the given shares correspond to points on a
130 polynomial of at most the given degree.
132 >>> from field import GF
133 >>> Zp = GF(47)
134 >>> shares = [(Zp(i), Zp(i**2)) for i in range(1, 6)]
135 >>> print shares
136 [({1}, {1}), ({2}, {4}), ({3}, {9}), ({4}, {16}), ({5}, {25})]
137 >>> verify_sharing(shares, 2)
138 True
139 >>> verify_sharing(shares, 1)
140 False
141 """