/rev/f626a6dfef43 changeset: 1262:f626a6dfef43 user: Marcel Keller <[email protected]> date: Thu Oct 08 14:28:12 2009 +0200 summary: Merged with Janus.
diffstat: doc/active.txt | 4 +- doc/authors.txt | 1 + doc/constants.txt | 24 ++++++++++++ doc/hashbroadcast.txt | 12 ++++++ doc/implementation.txt | 6 ++- doc/orlandi.txt | 15 +++++++ doc/runtime.txt | 10 ----- doc/todo.txt | 6 --- viff/active.py | 2 +- viff/orlandi.py | 76 +++++++++++++++++++++----------------- 10 files changed, 102 insertions(+), 54 deletions(-) diffs (298 lines): diff -r ed2d02202af0 -r f626a6dfef43 doc/active.txt --- a/doc/active.txt Thu Oct 08 14:27:37 2009 +0200 +++ b/doc/active.txt Thu Oct 08 14:28:12 2009 +0200 @@ -1,6 +1,6 @@ -Actively Secure Protocols -========================= +A Thresholdbased Actively Secure Runtime +======================================== .. automodule:: viff.active diff -r ed2d02202af0 -r f626a6dfef43 doc/authors.txt --- a/doc/authors.txt Thu Oct 08 14:27:37 2009 +0200 +++ b/doc/authors.txt Thu Oct 08 14:28:12 2009 +0200 @@ -15,6 +15,7 @@ * Marcel Keller <[email protected]> * Tord Reistad * Ivan Damgård +* Janus Dam Nielsen <[email protected]> If you have been forgotten, then please checkout `the repository`_, add yourself to the list and `send us a patch`_! diff -r ed2d02202af0 -r f626a6dfef43 doc/constants.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/constants.txt Thu Oct 08 14:28:12 2009 +0200 @@ -0,0 +1,24 @@ +Constants Module +================ + +.. automodule:: viff.constants + + .. attribute:: SHARE + ECHO + READY + SEND + PAILLIER + TEXT + + Constants used by :class:`ShareExchanger` and others when sending + shares and other messages. They serve to distinguish messages sent + with the same program counter from one another. + + .. attribute::INCONSISTENTHASH + OK + HASH + SIGNAL + + Constants used by :class:`HashBroadcastMixin` when sending shares + and other messages. They serve to distinguish messages sent with + the same program counter from one another. diff -r ed2d02202af0 -r f626a6dfef43 doc/hashbroadcast.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/hashbroadcast.txt Thu Oct 08 14:28:12 2009 +0200 @@ -0,0 +1,12 @@ + +An Hash Based Broadcast Protocol +================================ + +.. automodule:: viff.hash_broadcast + + .. autoclass:: InconsistentHashException + :members: + + .. autoclass:: HashBroadcastMixin + :members: + diff -r ed2d02202af0 -r f626a6dfef43 doc/implementation.txt --- a/doc/implementation.txt Thu Oct 08 14:27:37 2009 +0200 +++ b/doc/implementation.txt Thu Oct 08 14:28:12 2009 +0200 @@ -13,9 +13,13 @@ matrix runtime passive - active + active_runtimes paillier comparison prss config aes + constants + orlandi + hashbroadcast + diff -r ed2d02202af0 -r f626a6dfef43 doc/orlandi.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/orlandi.txt Thu Oct 08 14:28:12 2009 +0200 @@ -0,0 +1,15 @@ + +The Orlandi Runtime - An Actively Secure Protocol with Full Threshold +======================================================================= + +.. automodule:: viff.orlandi + + .. autoclass:: OrlandiException + :members: + + .. autoclass:: OrlandiShare + :members: + + .. autoclass:: OrlandiRuntime + :members: + diff -r ed2d02202af0 -r f626a6dfef43 doc/runtime.txt --- a/doc/runtime.txt Thu Oct 08 14:27:37 2009 +0200 +++ b/doc/runtime.txt Thu Oct 08 14:28:12 2009 +0200 @@ -21,16 +21,6 @@ or the data itself if data is received from the other player before we are ready to use it. - .. attribute:: SHARE - ECHO - READY - SEND - PAILLIER - - Constants used by :class:`ShareExchanger` when sending shares - and other messages. They serve to distinguish messages sent with - the same program counter from one another. - .. autofunction:: preprocess See also :ref:`preprocessing` for more background information. diff -r ed2d02202af0 -r f626a6dfef43 doc/todo.txt --- a/doc/todo.txt Thu Oct 08 14:27:37 2009 +0200 +++ b/doc/todo.txt Thu Oct 08 14:28:12 2009 +0200 @@ -34,13 +34,6 @@ make the other honest players crash too, thereby effectively halting the protocol. -Self Trust ----------- - -Implement an (actively) secure protocol with threshold ``t = n-1`` -based on the "triples approach" of Claudio Orlandi and Jesper Buus -Nielsen. There will soon be a paper describing the protocol. - Covert Adversaries ------------------ diff -r ed2d02202af0 -r f626a6dfef43 viff/active.py --- a/viff/active.py Thu Oct 08 14:27:37 2009 +0200 +++ b/viff/active.py Thu Oct 08 14:28:12 2009 +0200 @@ -15,7 +15,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with VIFF. If not, see <http://www.gnu.org/licenses/>. -"""Actively secure protocols.""" +"""A thresholdbased actively secure runtime.""" __docformat__ = "restructuredtext" diff -r ed2d02202af0 -r f626a6dfef43 viff/orlandi.py --- a/viff/orlandi.py Thu Oct 08 14:27:37 2009 +0200 +++ b/viff/orlandi.py Thu Oct 08 14:28:12 2009 +0200 @@ -345,9 +345,10 @@ Communication cost: none. - Each party ``P_i`` computes: - ``[z]_i = [x]_i + [y]_i - = (x_i + y_i mod p, rho_xi + rho_yi mod p, C_x * C_y)``. + Each party ``P_i`` computes:: + + [z]_i = [x]_i + [y]_i + = (x_i + y_i mod p, rho_xi + rho_yi mod p, C_x * C_y) """ def is_share(s, field): @@ -378,9 +379,10 @@ Communication cost: none. - Each party ``P_i`` computes: - ``[z]_i = [x]_i - [y]_i - = (x_i - y_i mod p, rho_x,i - rho_y,i mod p, C_x * C_y)``. + Each party ``P_i`` computes:: + + [z]_i = [x]_i - [y]_i + = (x_i - y_i mod p, rho_x,i - rho_y,i mod p, C_x * C_y) """ def is_share(s, field): @@ -424,11 +426,11 @@ Assume the parties are given a random share ``[r]`` by a trusted dealer. Then we denote the following protocol but ``[x] = Shift(P_i, x, [r])``. - 1) ``r = OpenTo(P_i, [r]`` + 1. ``r = OpenTo(P_i, [r]`` - 2) ``P_i broadcasts Delta = r - x`` + 2. ``P_i broadcasts Delta = r - x`` - 3) ``[x] = [r] - Delta`` + 3. ``[x] = [r] - Delta`` """ # TODO: Communitcation costs? @@ -440,7 +442,7 @@ def hack(_, peer_id): # Assume the parties are given a random share [r] by a trusted dealer. share_r = self.random_share(field) - # 1) r = OpenTo(P_i, [r]) + # 1. r = OpenTo(P_i, [r]) open_r = self.open(share_r, [peer_id]) def subtract_delta(delta, share_r): delta = field(long(delta)) @@ -676,20 +678,21 @@ Assuming a set of multiplicative triples: ``M = ([a_i], [b_i], [c_i]) for 1 <= i <= 2d + 1``. - 1) ``for i = 1, ..., d do [f_i] = rand(), [g_i] = rand()`` + 1. ``for i = 1, ..., d do [f_i] = rand(), [g_i] = rand()`` - 2) ``for j = 1, ..., 2d+1 do + 2. Compute:: + + for j = 1, ..., 2d+1 do [F_j] = [x] + SUM_i=1^d [f_i]*j^i and - [G_j] = [y] + SUM_i=1^d [g_i]*j^i`` + [G_j] = [y] + SUM_i=1^d [g_i]*j^i - 3) for j = 1, ..., 2d+1 do [H_j] = Mul([F_j], [G_j], [a_j], [b_j], [c_j]) + 3. ``for j = 1, ..., 2d+1 do [H_j] = Mul([F_j], [G_j], [a_j], [b_j], [c_j])`` - 4) compute [H_0] = SUM_j=1^2d+1 delta_j[H_j] + 4. compute ``[H_0] = SUM_j=1^2d+1 delta_j[H_j]`` where + ``delta_j = PRODUCT_k=1, k!=j^2d+1 k/(k-j)`` - 5) output [z] = [H_0] - - delta_j = PRODUCT_k=1, k!=j^2d+1 k/(k-j). + 5. output ``[z] = [H_0]`` """ assert isinstance(share_x, Share) or isinstance(share_y, Share), \ "At least one of share_x and share_y must be a Share." @@ -703,7 +706,7 @@ if cmul_result is not None: return cmul_result - # 1) for i = 1, ..., d do [f_i] = rand(), [g_i] = rand() + # 1. for i = 1, ..., d do [f_i] = rand(), [g_i] = rand() d = (len(M) - 1) // 2 deltas = self.compute_delta(d) f = [] @@ -787,30 +790,35 @@ def triple_gen(self, field): """Generate a triple ``a, b, c`` s.t. ``c = a * b``. - 1) Every party ``P_i`` chooses random values ``a_i, r_i in Z_p X (Z_p)^2``, - compute ``alpha_i = Enc_eki(a_i)`` and ``Ai = Com_ck(a_i, r_i)``, and - broadcast them. + 1. Every party ``P_i`` chooses random values ``a_i, r_i in Z_p X (Z_p)^2``, + compute ``alpha_i = Enc_eki(a_i)`` and ``Ai = Com_ck(a_i, r_i)``, and + broadcast them. - 2) Every party ``P_j`` does: - (a) choose random ``b_j, s_j in Z_p X (Z_p)^2``. + 2. Every party ``P_j`` does: - (b) compute ``B_j = ``Com_ck(b_j, s_j)`` and broadcast it. + a. choose random ``b_j, s_j in Z_p X (Z_p)^2``. - (c) ``P_j`` do towards every other party: + b. compute ``B_j = ``Com_ck(b_j, s_j)`` and broadcast it. + + c. ``P_j`` do towards every other party: + i. choose random ``d_ij in Z_p^3`` - ii. compute and send - ``gamma_ij = alpha_i^b_j Enc_ek_i(1;1)^d_ij`` to ``P_i``. - 3) Every party ``P_i`` does: - (a) compute ``c_i = SUM_j Dec_sk_i(gamma_ij) - SUM_j d_ij mod p`` + ii. compute and send + ``gamma_ij = alpha_i^b_j Enc_ek_i(1;1)^d_ij`` to ``P_i``. - (b) pick random ``t_i in (Z_p)^2``, compute and - broadcast ``C_i = Com_ck(c_i, t_i)`` - 4) Everyone computes: + 3. Every party ``P_i`` does: + + a. compute ``c_i = SUM_j Dec_sk_i(gamma_ij) - SUM_j d_ij mod p`` + + b. pick random ``t_i in (Z_p)^2``, compute and + broadcast ``C_i = Com_ck(c_i, t_i)`` + + 4. Everyone computes: ``(A, B, C) = (PRODUCT_i A_i, PRODUCT_i B_i, PRODUCT_i C_i)`` - 5) Every party ``P_i`` outputs shares ``[a_i] = (a_i, r_i, A)``, + 5. Every party ``P_i`` outputs shares ``[a_i] = (a_i, r_i, A)``, ``[b_i] = (b_i, s_i, B)``, and ``[c_i] = (c_i, t_i, C)``. """ _______________________________________________ viff-commits mailing list [email protected] http://lists.viff.dk/listinfo.cgi/viff-commits-viff.dk
