In [1]:
from numpy.polynomial import Polynomial
from numpy.polynomial.polynomial import polydiv
from phe import paillier
from phe.util import getprimeover, invert, powmod
import numpy as np
import secrets

In [382]:
def L(x, n):
    return (x - 1) // n

class PublicKey:
    def __init__(self, n, g):
        self.n = n
        self.g = g

    def encrypt(self, m):
        n = self.n
        g = self.g
        r = 0
        while r == 0:
            r = secrets.randbelow(self.n)
        
        return (powmod(g, m, n**2)) * (powmod(r, n, n**2)) % n**2
    
    def add(self, ctext1, ctext2):
        return (ctext1 * ctext2) % self.n**2
    
    def mul(self, ctext, ptext):
        return powmod(ctext, ptext, self.n**2)
    
    def obfuscate(self, c):
        n = self.n
        r = 0
        while r == 0:
            r = secrets.randbelow(self.n)

        return c * (powmod(r, n, n**2)) % n**2


class PrivateKey:
    def __init__(self, lam, mu, pk):
        self.lam = lam
        self.mu = mu
        self.pk = pk

    def decrypt(self, c):
        lam = self.lam
        mu = self.mu
        n = self.pk.n

        return ((L(powmod(c, lam, n**2), n) % n) * mu) % n


def generateKeyPair(n_length):
    p = q = n = None
    n_len = 0
    while n_len != n_length:
        p = getprimeover(n_length // 2)
        q = getprimeover(n_length // 2)
        n = p * q
        n_len = n.bit_length()

    g = n + 1
    phi_n = (p - 1) * (q - 1)
    lam = phi_n
    mu = invert(phi_n, n)

    pk = PublicKey(n, g)
    sk = PrivateKey(lam, mu, pk)

    return pk, sk

In [353]:
class MyPolynomial:
    def __init__(self, coef):
        self.coef = []
        for x in coef:
            self.coef.append(int(x))

    def __call__(self, x, n):
        y = 0
        for i in range(self.n_coef()):
            y += (self.coef[i] * powmod(x, i, n)) % n
            y %= n
        return y

    def empty(n):
        return MyPolynomial(np.zeros(n))

    def fromroots(roots):
        new_poly = MyPolynomial([1])
        for x in roots:
            new_poly = new_poly.mul(MyPolynomial([-x, 1]))
        return new_poly

    def n_coef(self):
        return len(self.coef)
    
    def degree(self):
        return len(self.coef) - 1

    def reduce(self):
        last = self.n_coef()
        for i in range(len(self.coef)-1, -1, -1):
            if self.coef[i] != 0:
                break
            else:
                last -= 1
        self.coef = self.coef[:last]


    def add(self, poly):
        if self.n_coef() > poly.n_coef():
            sum = self.coef
            for i in range(poly.n_coef()):
                sum[i] += poly.coef[i]
            new_poly = MyPolynomial(sum)
        else:
            sum = poly.coef
            for i in range(self.n_coef()):
                sum[i] += self.coef[i]
            new_poly = MyPolynomial(sum)
        new_poly.reduce()
        return new_poly
    
    def add_paillier(self, poly, pk):
        if self.n_coef() > poly.n_coef():
            sum = self.coef
            for i in range(poly.n_coef()):
                sum[i] = pk.add(self.coef[i], poly.coef[i])
            new_poly = MyPolynomial(sum)
        else:
            sum = poly.coef
            for i in range(self.n_coef()):
                sum[i] = pk.add(self.coef[i], poly.coef[i])
            new_poly = MyPolynomial(sum)
        new_poly.reduce()
        return new_poly
    
    def mul(self, poly):
        new_coef = self.n_coef() + poly.n_coef() - 1
        new_poly = MyPolynomial.empty(new_coef)

        for i in range(self.n_coef()):
            for j in range(poly.n_coef()):
                new_poly.coef[i+j] += self.coef[i] * poly.coef[j]
        new_poly.reduce()
        return new_poly
    
    def mul_paillier(self, poly, pk):
        #we assume self is ciphertext and poly is plaintext
        new_coef = self.n_coef() + poly.n_coef() - 1
        new_poly = MyPolynomial.empty(new_coef)
        new_poly = MyPolynomial([pk.encrypt(x) for x in new_poly.coef])

        for i in range(self.n_coef()):
            for j in range(poly.n_coef()):
                new_poly.coef[i+j] = pk.add(new_poly.coef[i+j], pk.mul(self.coef[i], poly.coef[j]))
        new_poly.reduce()
        return new_poly
    
    def deriv(self):
        if self.n_coef() <= 1:
            return MyPolynomial([1])    #batota

        new_poly = MyPolynomial.empty(self.n_coef() - 1)
        for i in range(new_poly.n_coef()):
            new_poly.coef[i] = self.coef[i+1] * (i + 1)
        new_poly.reduce()
        return new_poly

In [356]:
poly1 = MyPolynomial([-1, 1])
poly1 = MyPolynomial([pk.encrypt(x) for x in poly1.coef])
poly2 = MyPolynomial([-2, 1])
#poly3 = poly1.mul(poly2)
poly3 = poly1.mul_paillier(poly2, pk)
poly3 = MyPolynomial([sk.decrypt(x) for x in poly3.coef])
print(poly3.coef)

[2, 2210756054, 1]


In [346]:
m1 = 0
m1 = pk.encrypt(m1)
m2 = 4255776987325955965
m = pk.add(m1, m2)
m = sk.decrypt(m)
print(m)

2


In [417]:
class Player:
    """
    Class of honest-but-curious adversaries.

    Parameters
    ----------
    S : set_like
    sk : secret key to a homomorpic cryptosystem
    """
    def __init__(self, S, sk):
        self.S = S
        self.k = len(S)
        self.sk = sk
        self.f_list = []
        self.N = sk.pk.n
    
    def polynomial(self):
        # cria o polinómio f a partir do conjunto S 
        self.f = MyPolynomial.fromroots(self.S)
        #self.f = MyPolynomial([x % self.N for x in self.f.coef])
        print("f:", self.f.coef)
    
    def encrypt(self, pk):
        # encipta o polinómio f com pk
        self.ef = MyPolynomial([pk.encrypt(x) for x in self.f.coef])
        self.f_list.append(self.ef)
        print("ef:", self.ef.coef)
    
    def append_f(self, encrypted_polynomial):
        # adiciona polinomio encriptado de outro jogador a f_list
        self.f_list.append(encrypted_polynomial)

    def receive_l(self, encrypted_polynomial):
        # recebe lambda_i-1
        self.lam_im1 = encrypted_polynomial
    
    def receive_p(self, encrypted_polynomial):
        #recebe p = lambda_n
        self.ep = encrypted_polynomial
        print("ep:", self.ep.coef)

    def phi(self):
        # calcula phi_i
        c = len(self.f_list)
        r = []
        for _ in range(c):
            r.append(MyPolynomial([secrets.randbelow(self.N) for _ in range(self.k + 1)]))

        sum = MyPolynomial([self.sk.pk.encrypt(0)])
        for j in range(c):
            prod = self.f_list[j].mul_paillier(r[j], self.sk.pk)
            print("prod:", prod.coef)
            #prod = self.f_list[j].mul(r[j])
            sum = sum.add_paillier(prod, self.sk.pk)
            #sum = sum.add(prod)
        self.phi_i = sum
        print("phi_i:", self.phi_i.coef)
        dec_phi_i = MyPolynomial([self.sk.decrypt(x) for x in self.phi_i.coef])
        #print(dec_phi_i(1, self.N), dec_phi_i(3, self.N), dec_phi_i(4, self.N))
        
        for x in self.phi_i.coef:
            x = self.sk.pk.obfuscate(x) #re-randomização dos coeficientes

    def lam(self):
        # calcula lambda_i
        self.lam_i = self.lam_im1.add_paillier(self.phi_i, self.sk.pk)
        print("lam_i:", self.lam_i.coef)
        #self.lam_i = self.lam_im1.add(self.phi_i)
        for x in self.lam_i.coef:
            x = self.sk.pk.obfuscate(x) #re-randomização dos coeficientes
        #lam_phi_i = MyPolynomial([self.sk.decrypt(x) for x in self.lam_i.coef])
        #print(lam_phi_i(1, self.N), lam_phi_i(3, self.N), lam_phi_i(4, self.N))

    
    def decrypt(self):
        self.p = MyPolynomial([self.sk.decrypt(x) for x in self.ep.coef])
        print("p:", self.p.coef)

    def multiset(self):
        # calcula o multiset de intersecção na forma [(a,b),...,(a,b)], a \in S_i
        # onde o elemento a aparece b vezes no multiset


        res = []
        for elem in self.S:
            degree = 0
            poly = self.p
            while poly(elem, self.N) == 0:
                degree += 1
                poly = poly.deriv()
            if degree > 0:
                res.append((elem, degree))
        self.intersection = res

    

Soma de polinómios encriptados: `a.ef + b.ef`

Produto de polinímio não encriptado com polinómio encriptado: `a.f * b.ef`

Derivada de polinómio encriptado: `a.ef.deriv(d)`

Avaliação de um polinómio encriptado num ponto não encriptado: `a.ef(x)`


Função da secção 5.1

In [419]:
def psi(players, c, pk):
    """
    Perform a private Set-Intersection secure against a coalition of honest-but-curious
    adversaries.

    Parameters
    ----------
    players : array_like construct of class Player elements
    c : dishonestly colluding constant
    pk: public key to a homomorpic cryptosystem
    """
    n = len(players)
    assert n >= 2, "Not enough players"
    assert c < n, "Dishonestly colluding too large"
    assert all([player.k == players[0].k for player in players]),\
        "Differently sized private sets"
    #1
    for player in players:
        #a
        player.polynomial()       
        player.encrypt(pk)
    
    #b
    for i in range(n):
        for j in range(1, c+1):
            players[i].append_f(players[(i-j) % n].ef)
        
        # Qual é o domínio?? #consoante a resposta é preciso alterar a função phi
        # DEFAULT_KEYSIZE = 3072
        # BASE = 16
        #c, d
        players[i].phi()

    #2
    players[0].lam_i = players[0].phi_i
    players[1].receive_l(players[0].lam_i)

    #3
    for i in range(1, n):
        #a é realizado implicitamente
        #b
        players[i].lam()

        #c
        players[(i+1)%len(players)].receive_l(players[i].lam_i)
    #4
    for player in players:
        player.receive_p(players[0].lam_im1)

    #5
    for player in players:
        player.decrypt()
        pass
    #6
    for player in players:
        player.multiset()

In [146]:
# Generate keys
pk, sk = paillier.generate_paillier_keypair(None, 16)
pk.max_int = pk.nsquare

In [420]:
pk, sk = generateKeyPair(1024)

a = Player([1,2,4,3],sk)
b = Player([1,1,2,1],sk)
c = Player([1,2,6,1],sk)
d = Player([6,3,1,0],sk)
e = Player([1,3,4,6],sk)

# Calculate private set
psi([a,b,c,d,e],1,pk)

f: [24, -50, 35, -10, 1]
ef: [3700172388774633374255258662222835123765169575233072327966836454498666230988919772707071463992228682140679059620677001642638844324767111849884273953212741173321038153038589879781428137155866557538334699529717697536695764729018511219471170661620340563470706378982640281961373963908340533869868885389016439069386735721620456255492418277611369192290612563209783193087559794954165723599850946179584528583370392673613571024101301927361328430530197769726245574219337834066847182782867296712963706334138451712361641290941977968846898549791826318849698930787699034054061135358361472867137548805357947371963251823961402292360, 7904432333152050690835106893083266531701760917338579051402945703030958357005746087204093067160724272004005761036791395511847325907930917322555876904021357203956531931895603749436502776214145054863707844624581373822153093049076203929434535645438846345253791121452249039478727630878996852069707994780941285375795559033998134509076663821347998431480029143

In [421]:
#find private set
for x in a.intersection:
    print(x)

for x in a.S:
    print(a.p(x, pk.n))


(1, 1)
0
116225205289659674086967739411002511674724423390423660509494469484964721780896318782028665076565282979875478691657863261856069616754935142549417742901037450900113314049180852443519183204617086115849806110087127743519084960906085554558311210566393232177115985791149115989224914786073433733560664463209606161487
72875174542890351526306521533366367015230872313614817136813377438569565664612436044021042460913107091944703021187855387231061818114409658591909966910074077309673252157316529942852073852934600436492323284050647519775461657507067790700695476547616724511716249963143739706011546041614114041919355728565062365156
25092503249497179212829551071061845509954404339004877883936540739623346933908742251960044337640812337950790643012682207064192450133594081625131511609778348855662537363670130512630207959187938301940017602577525533961027675625011517432151431545187468557634454655426014695388452225045014506295895222626866985893


In [177]:
m = MyPolynomial([1000, 5000, 500])
pk, sk = generateKeyPair(16)
print("key generated")
c = MyPolynomial([pk.encrypt(x) for x in m.coef])
print(c.coef)
d = MyPolynomial([sk.decrypt(x) for x in c.coef])
print(d.coef)

key generated
44462 <class 'int'> 1000 <class 'int'> 1976780521 <class 'int'> 19282 <class 'int'> 44461 <class 'int'>
44462 <class 'int'> 5000 <class 'int'> 1976780521 <class 'int'> 34159 <class 'int'> 44461 <class 'int'>
44462 <class 'int'> 500 <class 'int'> 1976780521 <class 'int'> 41930 <class 'int'> 44461 <class 'int'>
[675046127, 1958857151, 716068006]
[1000, 5000, 500]


In [135]:
#testes
a = [1, 2, 1] #experimentem assim e com [1., 2., 1.,]  o polinomio força os ints a floats e lixa a encriptação!
b = MyPolynomial(a)
print(a)
print(b.coef)
c = [sk.pk.encrypt(x) for x in a]
d = MyPolynomial([sk.pk.encrypt(x) for x in b.coef])

e = [sk.decrypt(x) for x in c]
f = MyPolynomial([sk.decrypt(x) for x in d.coef])
print(e)
print(f.coef)

[1, 2, 1]
[1 2 1]
47942 <class 'int'> 1 <class 'int'> 2298339481 <class 'int'> 40222 <class 'int'> 47941 <class 'int'>
47942 <class 'int'> 2 <class 'int'> 2298339481 <class 'int'> 3918 <class 'int'> 47941 <class 'int'>
47942 <class 'int'> 1 <class 'int'> 2298339481 <class 'int'> 4310 <class 'int'> 47941 <class 'int'>
47942 <class 'int'> 1 <class 'int'> 2298339481 <class 'int'> 22535 <class 'int'> 47941 <class 'int'>
47942 <class 'int'> 2 <class 'int'> 2298339481 <class 'int'> 27999 <class 'int'> 47941 <class 'int'>
47942 <class 'int'> 1 <class 'int'> 2298339481 <class 'int'> 44968 <class 'int'> 47941 <class 'int'>


OverflowError: Python int too large to convert to C long

In [131]:
a = secrets.randbelow(pk.n) * secrets.randbelow(pk.n) + secrets.randbelow(pk.n) * secrets.randbelow(pk.n) + secrets.randbelow(pk.n) * secrets.randbelow(pk.n)
print(a % pk.n, a)
b = pk.encrypt(a)
c = sk.decrypt(b)
print(c)

42198 2481564240
47942 <class 'int'> 2481564240 <class 'int'> 2298339481 <class 'int'> 4510 <class 'int'> 47941 <class 'int'>
42198


In [14]:
# Teste das operações definidas em 4.2
pk, sk = paillier.generate_paillier_keypair()
a = Player([1,2,3],sk)
b = Player([2,3,4],sk)
a.polynomial()
b.polynomial()
a.encrypt(pk)
b.encrypt(pk)

d = 2
x = 0
print(f"Soma:\n{a.ef + b.ef}")
print(f"Multiplicação:\n{a.f * b.ef}")
print(f"Derivada:\n{a.ef.deriv(d)}")
print(f"Avaliação:\n{a.ef(x)}")


Soma:
-30.0 + 37.0 x - 15.0 x**2 + 2.0 x**3
Multiplicação:
144.0 - 420.0 x + 484.0 x**2 - 285.0 x**3 + 91.0 x**4 - 15.0 x**5 +
1.0 x**6
Derivada:
-12.0 + 6.0 x
Avaliação:
-6.0
