In [None]:
from smpc_secrets import ShamirSecretSharing, AdditiveSecretSharing, Vandermonde, P, RandPoly

In [1]:
import numpy as np
from numpy.linalg import inv
from scipy.interpolate import lagrange

ModuleNotFoundError: No module named 'numpy'

## Description

In [41]:
# parameters
n=7 # number of parties
t=3 # 2t+1 <= n, subset of the parties that would reconstruct the secret of the multiplication
p=17 # suposed to be large integer value

In [42]:
# Parties
Alice = ShamirSecretSharing(n=n, t=t, p=p)
Bob = ShamirSecretSharing(n=n, t=t, p=p)
Charlie = ShamirSecretSharing(n=n, t=t, p=p)
Daniel = ShamirSecretSharing(n=n, t=t, p=p)
Edward = ShamirSecretSharing(n=n, t=t, p=p)
Fauster = ShamirSecretSharing(n=n, t=t, p=p)
Gary = ShamirSecretSharing(n=n, t=t, p=p)

## Generate Shares

In [43]:
a=Alice.generate(1)
b=Bob.generate(2)
c=Charlie.generate(3)
d=Daniel.generate(4)
e=Edward.generate(5)
f=Fauster.generate(6)
g=Gary.generate(7)
a,b,c,d,e,f,g

([(0, 1), (1, 4), (2, 9), (3, 16), (4, 25), (5, 36), (6, 49), (7, 64)],
 [(0, 2), (1, 14), (2, 48), (3, 104), (4, 182), (5, 282), (6, 404), (7, 548)],
 [(0, 3), (1, 12), (2, 27), (3, 48), (4, 75), (5, 108), (6, 147), (7, 192)],
 [(0, 4), (1, 26), (2, 70), (3, 136), (4, 224), (5, 334), (6, 466), (7, 620)],
 [(0, 5), (1, 33), (2, 85), (3, 161), (4, 261), (5, 385), (6, 533), (7, 705)],
 [(0, 6), (1, 30), (2, 78), (3, 150), (4, 246), (5, 366), (6, 510), (7, 678)],
 [(0, 7), (1, 21), (2, 61), (3, 127), (4, 219), (5, 337), (6, 481), (7, 651)])

In [44]:
# Polynomials
alice_poly = RandPoly(name="a", n=t,p=p, R=Alice.R)
bob_poly = RandPoly(name="b", n=t,p=p, R=Bob.R)
charlie_poly = RandPoly(name="c", n=t,p=p, R=Charlie.R)
daniel_poly = RandPoly(name="d", n=t,p=p, R=Daniel.R)
edward_poly = RandPoly(name="e", n=t,p=p, R=Edward.R)
fauster_poly = RandPoly(name="f", n=t,p=p, R=Fauster.R)
gary_poly = RandPoly(name="g", n=t,p=p, R=Gary.R)

alice_poly, bob_poly, charlie_poly, daniel_poly, edward_poly, fauster_poly, gary_poly

(a(x)=1+2x+1x^2,
 b(x)=2+1x+11x^2,
 c(x)=3+6x+3x^2,
 d(x)=4+11x+11x^2,
 e(x)=5+16x+12x^2,
 f(x)=6+12x+12x^2,
 g(x)=7+1x+13x^2)

In [45]:
# Shares
alice_shares = a[1], b[1], c[1], d[1], e[1] , f[1], g[1]
bob_shares = a[2], b[2], c[2], d[2], e[2] , f[2], g[2]
charlie_shares = a[3], b[3], c[3], d[3], e[3] , f[3], g[3]
daniel_shares = a[4], b[4], c[4], d[4], e[4] , f[4], g[4]
edward_shares = a[5], b[5], c[5], d[5], e[5] , f[5], g[5]
fauster_shares = a[6], b[6], c[6], d[6], e[6] , f[6], g[6]
gary_shares = a[7], b[7], c[7], d[7], e[7] , f[7], g[7]

alice_shares, bob_shares, charlie_shares, daniel_shares, edward_shares, fauster_shares, gary_shares

(((1, 4), (1, 14), (1, 12), (1, 26), (1, 33), (1, 30), (1, 21)),
 ((2, 9), (2, 48), (2, 27), (2, 70), (2, 85), (2, 78), (2, 61)),
 ((3, 16), (3, 104), (3, 48), (3, 136), (3, 161), (3, 150), (3, 127)),
 ((4, 25), (4, 182), (4, 75), (4, 224), (4, 261), (4, 246), (4, 219)),
 ((5, 36), (5, 282), (5, 108), (5, 334), (5, 385), (5, 366), (5, 337)),
 ((6, 49), (6, 404), (6, 147), (6, 466), (6, 533), (6, 510), (6, 481)),
 ((7, 64), (7, 548), (7, 192), (7, 620), (7, 705), (7, 678), (7, 651)))

In [46]:
# Product of shares
alice_prod = a[1][1] * b[1][1] * c[1][1] * d[1][1] * e[1][1] * f[1][1] * g[1][1]
bob_prod = a[2][1] * b[2][1] * c[2][1] * d[2][1] * e[2][1] * f[2][1] * g[2][1]
charlie_prod = a[3][1] * b[3][1] * c[3][1] * d[3][1] * e[3][1] * f[3][1] * g[3][1]
daniel_prod = a[4][1] * b[4][1] * c[4][1] * d[4][1] * e[4][1] * f[4][1] * g[4][1]
edward_prod = a[5][1] * b[5][1] * c[5][1] * d[5][1] * e[5][1] * f[5][1] * g[5][1]
fauster_prod = a[6][1] * b[6][1] * c[6][1] * d[6][1] * e[6][1] * f[6][1] * g[6][1]
gary_prod = a[7][1] * b[7][1] * c[7][1] * d[7][1] * e[7][1] * f[7][1] * g[7][1]

alice_prod, bob_prod, charlie_prod, daniel_prod, edward_prod, fauster_prod, gary_prod

(363242880,
 330209006400,
 33316112793600,
 1074831554160000,
 17389758354756480,
 177305888049086160,
 1299131909436211200)

## Re-randomization

In [47]:
alice_rand = RandPoly(name="q1", n=2*t, p=p, fzc=True)
bob_rand = RandPoly(name="q2", n=2*t, p=p, fzc=True)
charlie_rand = RandPoly(name="q3", n=2*t, p=p, fzc=True)
daniel_rand = RandPoly(name="q4", n=2*t, p=p, fzc=True)
edward_rand = RandPoly(name="q5", n=2*t, p=p, fzc=True)
fauster_rand = RandPoly(name="q6", n=2*t, p=p, fzc=True)
gary_rand = RandPoly(name="q7", n=2*t, p=p, fzc=True)

alice_rand, bob_rand, charlie_rand, daniel_rand, edward_rand, fauster_rand, gary_rand

(q1(x)=4x+10x^2+2x^3+10x^4+7x^5+15x^6,
 q2(x)=14x+8x^2+14x^3+2x^4+12x^5+3x^6,
 q3(x)=5x+7x^2+5x^3+4x^4+3x^5+16x^6,
 q4(x)=10x+11x^2+12x^3+6x^4+2x^5+6x^6,
 q5(x)=12x+13x^2+9x^3+15x^4+11x^5+15x^6,
 q6(x)=4x+12x^2+8x^3+17x^4+2x^5+14x^6,
 q7(x)=7x+10x^2+4x^3+11x^4+11x^5+17x^6)

In [48]:
q1 = alice_rand.poly
q2 = bob_rand.poly
q3 = charlie_rand.poly
q4 = daniel_rand.poly
q5 = edward_rand.poly
q6 = fauster_rand.poly
q7 = gary_rand.poly

In [49]:
alice_q = q1(1) + q2(1) + q3(1) + q4(1) + q5(1) + q6(1) + q7(1)
bob_q = q1(2) + q2(2) + q3(2) + q4(2) + q5(2) + q6(2) + q7(2)
charlie_q = q1(3) + q2(3) + q3(3) + q4(3) + q5(3) + q6(3) + q7(3)
daniel_q = q1(4) + q2(4) + q3(4) + q4(4) + q5(4) + q6(4) + q7(4)
edward_q = q1(5) + q2(5) + q3(5) + q4(5) + q5(5) + q6(5) + q7(5)
fauster_q = q1(6) + q2(6) + q3(6) + q4(6) + q5(6) + q6(6) + q7(6)
gary_q = q1(7) + q2(7) + q3(7) + q4(7) + q5(7) + q6(7) + q7(7)

alice_q, bob_q, charlie_q, daniel_q, edward_q, fauster_q, gary_q

(380, 8908, 81888, 422864, 1543180, 4484460, 11103008)

In [50]:
alice_s = alice_prod + alice_q
bob_s = bob_prod + bob_q
charlie_s = charlie_prod + charlie_q
daniel_s = daniel_prod + daniel_q
edward_s = edward_prod + edward_q
fauster_s = fauster_prod + fauster_q
gary_s = gary_prod + gary_q

alice_s, bob_s, charlie_s, daniel_s, edward_s, fauster_s, gary_s

(363243260,
 330209015308,
 33316112875488,
 1074831554582864,
 17389758356299660,
 177305888053570620,
 1299131909447314208)

In [51]:
S = np.array([alice_s, bob_s, charlie_s, daniel_s, edward_s, fauster_s, gary_s])
S, S.shape

(array([          363243260,        330209015308,      33316112875488,
           1074831554582864,   17389758356299660,  177305888053570620,
        1299131909447314208]),
 (7,))

## Degree Reduction

In [52]:
# Vandermonde Matrix
B = np.array(Vandermonde(n=n))

# Inverse Vandermonde Matrix
Binv = inv(B)
B, Binv

(array([[     1,      1,      1,      1,      1,      1,      1],
        [     1,      2,      4,      8,     16,     32,     64],
        [     1,      3,      9,     27,     81,    243,    729],
        [     1,      4,     16,     64,    256,   1024,   4096],
        [     1,      5,     25,    125,    625,   3125,  15625],
        [     1,      6,     36,    216,   1296,   7776,  46656],
        [     1,      7,     49,    343,   2401,  16807, 117649]]),
 array([[ 7.00000000e+00, -2.10000000e+01,  3.50000000e+01,
         -3.50000000e+01,  2.10000000e+01, -7.00000000e+00,
          1.00000000e+00],
        [-1.11500000e+01,  4.39500000e+01, -7.90833333e+01,
          8.20000000e+01, -5.02500000e+01,  1.69833333e+01,
         -2.45000000e+00],
        [ 7.08888889e+00, -3.27416667e+01,  6.48333333e+01,
         -7.06944444e+01,  4.46666667e+01, -1.54083333e+01,
          2.25555556e+00],
        [-2.31250000e+00,  1.18333333e+01, -2.53958333e+01,
          2.93333333e+01, -1.927083

## Linear Projection Matrix

In [53]:
Proj = np.array(P(n=n,t=t))
Proj

array([[1, 0, 0, 0, 0, 0, 0],
       [0, 1, 0, 0, 0, 0, 0],
       [0, 0, 1, 0, 0, 0, 0],
       [0, 0, 0, 0, 0, 0, 0],
       [0, 0, 0, 0, 0, 0, 0],
       [0, 0, 0, 0, 0, 0, 0],
       [0, 0, 0, 0, 0, 0, 0]])

## Matrix of product points reduction 

In [54]:
# A = Binv @ Proj @ B
# A
A = B @ Proj @ Binv
Binv @ S

array([ 3.86715646e+17, -9.59947590e+17,  9.01183077e+17, -4.19035849e+17,
        1.03443381e+17, -1.30185867e+16,  6.59922342e+14])

## Randomized polynomial outputs

In [55]:
# R = S @ A
R = A @ S
R

array([3.27951133e+17, 2.07155277e+18, 5.61752057e+18, 1.09658545e+19,
       1.81165546e+19, 2.70696209e+19, 3.78250533e+19])

## Lagrange Interpolation

In [56]:
shares = [(i, r) for (i, r) in enumerate(R[0:t].tolist())]
R[0], shares

(3.279511329130456e+17,
 [(0, 3.279511329130456e+17),
  (1, 2.0715527727506862e+18),
  (2, 5.6175205657612e+18)])

In [57]:
# Lagrange Interpolation for Multiplication 
x = np.arange(1,len(shares)+1) # prod points indices
y = R      # prod points values
f = lagrange(x, y)
x, y, f

(array([1, 2, 3]),
 array([3.27951133e+17, 2.07155277e+18, 5.61752057e+18, 1.09658545e+19,
        1.81165546e+19, 2.70696209e+19, 3.78250533e+19]),
 poly1d([ 9.01183077e+17, -9.59947590e+17,  3.86715646e+17]))

## Degree reduced (and Randomized) polynomial

In [58]:
coef = [(i, r) for (i,r) in enumerate(np.flip(f.coef).tolist())]
p = RandPoly(n=t, R=coef)
p

3.86715646248278e+17+-9.599475899216691e+17x+9.011830765864366e+17x^2

## Secret Multiplication Result

In [21]:
p.poly(0)

3863629550214392.0