viff

changeset 662:c0304d48fbba

Added a single_share_random method.
author Martin Geisler <mg@daimi.au.dk>
date Sun, 13 Apr 2008 17:20:10 +0200
parents d66a147bbea6
children 8f2e45ecc8b4
files viff/runtime.py
diffstat 1 files changed, 87 insertions(+), 0 deletions(-) [+]
line diff
     1.1 --- a/viff/runtime.py	Sun Apr 13 15:03:15 2008 +0200
     1.2 +++ b/viff/runtime.py	Sun Apr 13 17:20:10 2008 +0200
     1.3 @@ -1016,6 +1016,93 @@
     1.4          return result
     1.5  
     1.6      @increment_pc
     1.7 +    def single_share_random(self, T, degree, field):
     1.8 +        """Share a random secret.
     1.9 +
    1.10 +        The guarantee is that a number of shares are made and out of
    1.11 +        those, the T that are returned by this method will be correct
    1.12 +        sharings of a random number using C{degree} as the polynomial
    1.13 +        degree.
    1.14 +
    1.15 +        @param T: The number of shares output.
    1.16 +        @param degree: The degree of the polynomial.
    1.17 +        @param field: The field over which to share the secret.
    1.18 +        """
    1.19 +        # TODO: Move common code between single_share and
    1.20 +        # double_share_random out to their own methods.
    1.21 +        inputters = range(1, self.num_players + 1)
    1.22 +        if self._hyper is None:
    1.23 +            self._hyper = hyper(self.num_players, field)
    1.24 +
    1.25 +        # Generate a random element.
    1.26 +        si = rand.randint(0, field.modulus - 1)
    1.27 +
    1.28 +        # Every player shares the random value with two thresholds.
    1.29 +        shares = self.shamir_share(inputters, field, si, degree)
    1.30 +
    1.31 +        # Turn the shares into a column vector.
    1.32 +        svec = Matrix([shares]).transpose()
    1.33 +
    1.34 +        # Apply the hyper-invertible matrix to svec1 and svec2.
    1.35 +        rvec = (self._hyper * svec)
    1.36 +
    1.37 +        # Get back to normal lists of shares.
    1.38 +        svec = svec.transpose().rows[0]
    1.39 +        rvec = rvec.transpose().rows[0]
    1.40 +
    1.41 +        def verify(shares):
    1.42 +            """Verify shares.
    1.43 +
    1.44 +            It is checked that they correspond to polynomial of the
    1.45 +            expected degree.
    1.46 +
    1.47 +            If the verification succeeds, the T shares are returned,
    1.48 +            otherwise the errback is called.
    1.49 +            """
    1.50 +            # TODO: This is necessary since shamir.recombine expects
    1.51 +            # to receive a list of *pairs* of field elements.
    1.52 +            shares = map(lambda (i, s): (field(i+1), s), enumerate(shares))
    1.53 +
    1.54 +            # Verify the sharings. If any of the assertions fail and
    1.55 +            # raise an exception, the errbacks will be called on the
    1.56 +            # share returned by single_share_random.
    1.57 +            assert shamir.verify_sharing(shares, degree), "Could not verify"
    1.58 +
    1.59 +            # If we reach this point the n - T shares were verified
    1.60 +            # and we can safely return the first T shares.
    1.61 +            return rvec[:T]
    1.62 +
    1.63 +        def exchange(svec):
    1.64 +            """Exchange and (if possible) verify shares."""
    1.65 +            pc = tuple(self.program_counter)
    1.66 +
    1.67 +            # We send our shares to the verifying players.
    1.68 +            for offset, share in enumerate(svec):
    1.69 +                if T+1+offset != self.id:
    1.70 +                    self.protocols[T+1+offset].sendShare(pc, share)
    1.71 +
    1.72 +            if self.id > T:
    1.73 +                # The other players will send us their shares of si_1
    1.74 +                # and si_2 and we will verify it.
    1.75 +                si = []
    1.76 +                for peer_id in inputters:
    1.77 +                    if self.id == peer_id:
    1.78 +                        si.append(Share(self, field, svec[peer_id - T - 1]))
    1.79 +                    else:
    1.80 +                        si.append(self._expect_share(peer_id, field))
    1.81 +                result = gatherResults(si)
    1.82 +                self.schedule_callback(result, verify)
    1.83 +                return result
    1.84 +            else:
    1.85 +                # We cannot verify anything, so we just return the
    1.86 +                # first T shares.
    1.87 +                return rvec[:T]
    1.88 +
    1.89 +        result = gather_shares(svec[T:])
    1.90 +        self.schedule_callback(result, exchange)
    1.91 +        return result
    1.92 +
    1.93 +    @increment_pc
    1.94      def double_share_random(self, T, d1, d2, field):
    1.95          """Double-share a random secret using two polynomials.
    1.96