Re: [viff-devel] Paillier based two player runtime
Claudio Orlandi [EMAIL PROTECTED] writes: Converting this simple protocol to the active case is harder than expected, and I'm working on it right now. Great, I'm looking forward to it! :-) Well, if you have a lot of spare time you can start some preprocessing :) Well, what are weekends but lots of spare time? In particular, I guess that the active protocol will almost surely need some commitment schemes. And to make them as efficient as we can, we will probably use some elliptic curves over Zp with p around 160 bits. Cool -- that sounds like a good opportunity to finally sit down and create a slow-but-simple elliptic curve library for VIFF. As far as I remember the NaCL people did not only do network stuff, right? So some Python code would provide a kind of specification for them to program against when they get started in the CACE project... Isn't it cool that 160bits is at the same time the size we need for security AND to avoid the overflows in the computation? :) It certainly is! :-) -- Martin Geisler ___ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
Re: [viff-devel] Paillier based two player runtime
Cool -- that sounds like a good opportunity to finally sit down and create a slow-but-simple elliptic curve library for VIFF. I suggest you to use some library instead. Some of the algorithms are quite involved... I'm sure you can find C/C++ good stuff out there, and as far as I understood, you can embed them into Python right? There is a list here http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography but I have no clue about what is good and what is not. Claudio ___ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
Re: [viff-devel] Paillier based two player runtime
Quoting Claudio Orlandi [EMAIL PROTECTED]: Cool -- that sounds like a good opportunity to finally sit down and create a slow-but-simple elliptic curve library for VIFF. I suggest you to use some library instead. Some of the algorithms are quite involved... I'm sure you can find C/C++ good stuff out there, and as far as I understood, you can embed them into Python right? There is a list here http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography but I have no clue about what is good and what is not. A good person to ask is Michael (Østergaard, email [EMAIL PROTECTED]) I think he worked with some of these libraries.. regards, Ivan ___ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
Re: [viff-devel] Paillier based two player runtime
Ivan Bjerre Damgaard [EMAIL PROTECTED] writes: Quoting Claudio Orlandi [EMAIL PROTECTED]: Cool -- that sounds like a good opportunity to finally sit down and create a slow-but-simple elliptic curve library for VIFF. I suggest you to use some library instead. Some of the algorithms are quite involved... From reading the Wikipedia page linked below it seems very simple to implement. But if it should be fast, then a library is of course much better than a home-grown Python version. I'm sure you can find C/C++ good stuff out there, and as far as I understood, you can embed them into Python right? Yes, one can do that. But then people would need to install the library on their machine to use VIFF. If the library provided binaries for Windows then it's no problem, but for a smaller library there might not be much Windows support. There is a list here http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography but I have no clue about what is good and what is not. I also found it, but I also don't have any experience with these libraries. A good person to ask is Michael (Østergaard, email [EMAIL PROTECTED]) I think he worked with some of these libraries.. Cool -- I see that Claudio has sent him an email already! -- Martin Geisler ___ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
[viff-devel] Paillier based two player runtime (was: [PATCH 0 of 4] Insecure ElGamal based two player runtime)
Claudio Orlandi [EMAIL PROTECTED] writes: Hi Claudio if you are interested just in passive security for the 2 party case you can implement the following protocol for multiplication. Excellent, thank you! I'm basically interested in anything we can come up with :-) I have posted an implemented here: http://thread.gmane.org/gmane.comp.cryptography.viff.patches/7 It seems to work in the limited testing I have done... The runtime does multiplication and addition, so the comparison protocol(s) might even work, but I haven't tested this yet. Converting this simple protocol to the active case is harder than expected, and I'm working on it right now. Great, I'm looking forward to it! :-) I don't think that the ElGamal case is that interesting, as it basically the parties could simply send to each other a,b, and they will get the same result and security (none) in less time :) You're right! I first wrote code that used the Paillier code Mikkel had written -- then I realized the problem with the players doing computations in different fields. That was when I switched to ElGamal, only to then realize that it was insecure... -- Martin Geisler ___ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk