viff

changeset 1555:8c432745702b

BeDOZa: Added check on random element.
author Thomas P Jakobsen <tpj@cs.au.dk>
date Tue, 28 Sep 2010 09:36:57 +0200
parents bef695aa76bf
children 698be97cc543
files viff/bedoza/modified_paillier.py
diffstat 1 files changed, 14 insertions(+), 4 deletions(-) [+]
line diff
     1.1 --- a/viff/bedoza/modified_paillier.py	Mon Sep 27 14:54:16 2010 +0200
     1.2 +++ b/viff/bedoza/modified_paillier.py	Tue Sep 28 09:36:57 2010 +0200
     1.3 @@ -15,6 +15,8 @@
     1.4  # You should have received a copy of the GNU Lesser General Public
     1.5  # License along with VIFF. If not, see <http://www.gnu.org/licenses/>.
     1.6  
     1.7 +from gmpy import gcd
     1.8 +
     1.9  try:
    1.10      import pypaillier
    1.11  except ImportError:
    1.12 @@ -61,7 +63,6 @@
    1.13          pseudo-random generator given when the ModifiedPaillier object
    1.14          was constructed.
    1.15          """
    1.16 -        # TODO: Assert that random_elm is None eller in Zn*.
    1.17          assert isinstance(value, int) or isinstance(value, long), \
    1.18              "paillier: encrypts only integers and longs, got %s" % \
    1.19                  value.__class__
    1.20 @@ -73,10 +74,19 @@
    1.21          assert min <= value <= max, \
    1.22              "paillier: plaintext %d outside legal range [-(n-1)/2 " \
    1.23              "; (n-1)/2] = [%d ; %d]"  % (value, min, max)
    1.24 -        # TODO: This is not correct. Since n=pq, Zn* is only a subset
    1.25 -        # of Zn \ {0}.
    1.26 +
    1.27 +        # Here we verify that random_elm is either None or in Zn*. But
    1.28 +        # for realistical parameters, we can save time by not doing
    1.29 +        # this, since for large n = pq, it is extremely unlikely that
    1.30 +        # a random element in Zn is not also a member of Zn*.
    1.31          if random_elm == None:
    1.32 -            random_elm = self.random.randint(1, long(n))
    1.33 +            while True:
    1.34 +                random_elm = self.random.randint(1, long(n))
    1.35 +                if gcd(random_elm, n) == 1:
    1.36 +                    break
    1.37 +        elif not gcd(random_elm, n) == 1:
    1.38 +            raise Exception("Random element must be an element in Zn*")
    1.39 +
    1.40          pubkey = self.runtime.players[player_id].pubkey
    1.41          return random_elm, pypaillier.encrypt_r(
    1.42              self._f(value, n), random_elm, pubkey)