distributed_keygen.distributed_keygen module

Code for a single player in the Paillier distributed key-generation protocol.

class distributed_keygen.distributed_keygen.DistributedPaillier(public_key, secret_key, precision, pool, index, party_indices, shares, session_id, distributed, **kwargs)[source]

Bases: Paillier, SupportsSerialization

Class that acts as one of the parties involved in distributed Paillier secret key generation. The pool represents the network of parties involved in the key generation protocol.

class SerializedDistributedPaillier[source]

Bases: SerializedPaillier, TypedDict

distributed: bool

index: int

prec: int

pubkey: PaillierPublicKey

scheme_id: int

seckey: PaillierSecretKey

session_id: int

__eq__(other)[source]

Compare this Distributed Paillier scheme with another to determine (in)equality. Does not take the secret key into account as it might not be known and the public key combined with the precision and the session id.

Parameters:: other (object) – Object to compare this Paillier scheme with.
Return type:: bool
Returns:: Boolean value representing (in)equality of both objects.

__init__(public_key, secret_key, precision, pool, index, party_indices, shares, session_id, distributed, **kwargs)[source]

Initializes a DistributedPaillier instance with a public Paillier key and a shared secret Paillier key.

Parameters:

public_key (PaillierPublicKey) – The Paillier public key
secret_key (PaillierSharedKey) – The shared secret Paillier key
precision (int) – The precision of the resulting scheme
pool (Pool) – The pool with connections of parties involved in the shared secret key
index (int) – The index of the party who owns this instance within the pool
party_indices (Dict[str, int]) – Dictionary mapping parties in the pool to their indices
shares (Shares) – Data class that stores and keeps track of shares during decryption
session_id (int) – The unique session identifier belonging to the protocol that generated the keys for this DistributedPaillier scheme.
distributed (bool) – Boolean value indicating whether the protocol that generated the keys for this DistributedPaillier scheme was run in different Python instances (True) or in a single python instance (False)
kwargs (Any) – Any keyword arguments that are passed to the super __init__ function

classmethod asend(pool, handler_name, message, msg_id=None)[source]

Function that sends a message to a certain party in the pool

Parameters:

pool (Pool) – network of involved parties
handler_name (str) – receiver
message (Any) – python object to be sent
msg_id (Optional[str]) – optional

Return type:

None

classmethod broadcast(message, pool, message_id=None, receivers=None)[source]

Function that sends a message to all other parties in the pool

Parameters:

message (Any) – python object
pool (Pool) – network of involved parties
message_id (Optional[str]) – optional message ID
receivers (Optional[List[str]]) – optional list of receivers

Return type:

None

async classmethod compute_modulus(shares, zero_share, index, pool, prime_list, party_indices, prime_length, shamir_scheme, correct_param_biprime)[source]

Function that starts a protocol to generate candidates for \(p\) and \(q\) the multiplication of the two is then checked for biprimality to ensure it is a valid modulus. This is run until it succeeds.

Parameters:

shares (Shares) – dictionary that keeps track of shares for parties for certain numbers
zero_share (ShamirShares) – A secret sharing of \(0\) in a \(2t\)-out-of-\(n\) shamir secret sharing scheme
index (int) – index of this party
pool (Pool) – network of involved parties
prime_list (List[int]) – list of prime numbers
party_indices (Dict[str, int]) – mapping from party names to indices
prime_length (int) – desired bit length of \(p\) and \(q\)
shamir_scheme (ShamirSecretSharingScheme) – \(t\)-out-of-\(n\) Shamir secret sharing scheme
correct_param_biprime (int) – correctness parameter that affects the certainty that the generated \(N\) is a product of two primes

Return type:

int

Returns:

modulus \(N\)

async decrypt(ciphertext, apply_encoding=True, receivers=None)[source]

Decrypts the input ciphertext. Starts a protocol between the parties involved to create local decryptions, send them to the other parties and combine them into full decryptions for each party.

Parameters:

ciphertext (PaillierCiphertext) – Ciphertext to be decrypted.
apply_encoding (bool) – Boolean indicating whether the decrypted ciphertext is decoded before it is returned. Defaults to True.
receivers (Optional[List[str]]) – An optional list specifying the names of the receivers, your own ‘name’ is “self”.

Return type:

Union[int, float, FixedPoint, None]

Returns:

Plaintext decrypted value.

default_biprime_param = 40

default_corruption_threshold = 1

default_key_length = 2048

default_prime_threshold = 2000

default_sec_shamir = 40

static deserialize(obj, *, origin=None, **kwargs)[source]

Deserialization function for Distributed Paillier schemes, which will be passed to the communication module

Parameters:

obj (Union[SerializedDistributedPaillier, SerializedPaillier]) – serialization of a distributed paillier scheme.
origin (Optional[HTTPClient]) – HTTPClient representing where the message came from if applicable
**kwargs (Any) – optional extra keyword arguments

Return type:

Union[DistributedPaillier, Paillier]

Returns:

Deserialized DistributedPaillier scheme, local instance thereof, or a regular Paillier scheme in case this party is not part of the distributed session.

async classmethod from_security_parameter(pool, corruption_threshold=1, key_length=2048, prime_threshold=2000, correct_param_biprime=40, stat_sec_shamir=40, distributed=True, precision=0)[source]

Function that takes security parameters related to secret sharing and Paillier and initiates a protocol to create a shared secret key between the parties in the provided pool.

Parameters:

precision (int) – precision of the fixed point encoding in Paillier
pool (Pool) – The network of involved parties
corruption_threshold (int) – Maximum number of allowed corruptions. We require for the number of parties in the pool and the corruption threshold that
\[\text{number_of_parties} >= 2 * \text{corruption_threshold} + 1\]
. This is because we need to multiply secret sharings that both use polynomials of degree corruption_threshold. The resulting secret sharing then becomes a polynomial of degree \(2*\text{corruption_threshold}\) and it requires at least \(2*text{corruption_threshold}+1\) evaluation points to reconstruct the secret in that sharing.
key_length (int) – desired bit length of the modulus \(N\)
prime_threshold (int) – Upper bound on the number of prime numbers to check during primality tests
correct_param_biprime (int) – parameter that affects the certainty of the generated \(N\) to be the product of two primes
stat_sec_shamir (int) – security parameter for the Shamir secret sharing over the integers
distributed (bool) – Whether the different parties are run on different python instances
precision – precision (number of decimals) to ensure

Raises:

ValueError – In case the number of parties \(n\) and the corruption threshold \(t\) do not satisfy that \(n \geq 2*t + 1\)
Exception – In case the parties agree on a session id that is already being used.

Return type:

DistributedPaillier

Returns:

DistributedPaillier scheme containing a regular Paillier public key and a shared secret key.

async classmethod gather_shares(content, pool, shares, party_indices)[source]

Gather all shares with label content

Parameters:

content (str) – string identifying a number
pool (Pool) – network of involved parties
shares (Shares) – dictionary keeping track of shares of different parties for certain numbers
party_indices (Dict[str, int]) – mapping from party names to indices

Raises:

NotImplementedError – In case the given content is not any of the possible values for which we store shares (“p”, “q”, “n”, “biprime”, “lambda_”, “beta”, “secret_key”, “partial_decryption”).

Return type:

None

async classmethod generate_keypair(stat_sec_shamir, number_of_players, corruption_threshold, shares, index, zero_share, pool, prime_list, prime_length, party_indices, correct_param_biprime, shamir_scheme)[source]

Function to distributively generate a shared secret key and a corresponding public key

Parameters:

stat_sec_shamir (int) – security parameter for Shamir secret sharing over the integers
number_of_players (int) – number of parties involved in the protocol
corruption_threshold (int) – number of parties that are allowed to be corrupted
shares (Shares) – dictionary that keeps track of shares for parties for certain numbers
index (int) – index of this party
zero_share (ShamirShares) – A secret sharing of \(0\) in a \(2t\)-out-of-\(n\) shamir secret sharing scheme
pool (Pool) – network of involved parties
prime_list (List[int]) – list of prime numbers
prime_length (int) – desired bit length of \(p\) and \(q\)
party_indices (Dict[str, int]) – mapping from party names to indices
correct_param_biprime (int) – correctness parameter that affects the certainty that the generated \(N\) is a product of two primes
shamir_scheme (ShamirSecretSharingScheme) – \(t\)-out-of-\(n\) Shamir secret sharing scheme

Return type:

Tuple[PaillierPublicKey, PaillierSharedKey]

Returns:

regular Paillier public key and a shared secret key

async classmethod generate_pq(shares, pool, index, prime_length, party_indices, shamir_scheme)[source]

” Function to generate primes \(p\) and \(q\)

Parameters:

shares (Shares) – dictionary that keeps track of shares for parties for certain numbers
pool (Pool) – network of involved parties
index (int) – index of this party
prime_length (int) – desired bit length of \(p\) and \(q\)
party_indices (Dict[str, int]) – mapping from party names to indices
shamir_scheme (ShamirSecretSharingScheme) – \(t\)-out-of-\(n\) Shamir secret sharing scheme

Return type:

Tuple[ShamirShares, ShamirShares]

Returns:

sharings of \(p\) and \(q\)

classmethod generate_prime_additive_share(index, prime_length)[source]

Generate a random value between \(2^(\text{length}-1)\) and 2^\text{length}. the function will ensure that the random value is equal to \(3 \mod 4\) for the fist player, and to \(0 \mod 4\) for all other players. This is necessary to generate additive shares of \(p\) and \(q\), or the bi-primality test will not work.

Parameters:

index (int) – index of this party
prime_length (int) – desired bit length of primes \(p\) and \(q\)

Return type:

int

Returns:

a random integer of the desired bit length and value modulo \(4\)

async classmethod generate_secret_key(stat_sec_shamir, number_of_players, corruption_threshold, shares, index, zero_share, pool, prime_list, prime_length, party_indices, correct_param_biprime, shamir_scheme)[source]

Functions that generates the modulus and sets up the sharing of the private key

Parameters:

stat_sec_shamir (int) – security parameter for the Shamir secret sharing over the integers
number_of_players (int) – total number of participants in this session (including self)
corruption_threshold (int) – Maximum number of allowed corruptions
shares (Shares) – dictionary that keeps track of shares for parties for certain numbers
index (int) – index of this party
zero_share (ShamirShares) – A secret sharing of \(0\) in a \(2t\)-out-of-\(n\) shamir secret sharing scheme
pool (Pool) – network of involved parties
prime_list (List[int]) – list of prime numbers
prime_length (int) – desired bit length of \(p\) and \(q\)
party_indices (Dict[str, int]) – mapping from party names to indices
correct_param_biprime (int) – correctness parameter that affects the certainty that the generated \(N\) is a product of two primes
shamir_scheme (ShamirSecretSharingScheme) – \(t\)-out-of-\(n\) Shamir secret sharing scheme

Return type:

PaillierSharedKey

Returns:

shared secret key

async classmethod get_indices(pool)[source]

Function that initiates a protocol to determine IDs (indices) for each party

Parameters:: pool (Pool) – network of involved parties
Return type:: Tuple[Dict[str, int], int]
Returns:: dictionary from party name to index, where the entry “self” contains this party’s index

classmethod int_shamir_share_and_send(content, shares, int_shamir_scheme, index, pool, party_indices)[source]

Create a secret-sharing of the input value, and send each share to the corresponding player, together with the label content

Parameters:

content (str) – string identifying the number to be shared and sent
shares (Shares) – dictionary keeping track of shares for different parties and numbers
int_shamir_scheme (ShamirSecretSharingIntegers) – Shamir secret sharing scheme over the integers
index (int) – index of this party
pool (Pool) – network of involved parties
party_indices (Dict[str, int]) – mapping from party names to indices

Raises:

NotImplementedError – In case the given content is not “lambda_” or “beta”.

Return type:

None

async classmethod recv(pool, handler_name, msg_id=None)[source]

Function that receives a message from a certain party in the pool

Parameters:

pool (Pool) – network for involved parties
handler_name (str) – name of the party that sent the message
msg_id (Optional[str]) – optional message id of the expected message

Return type:

Any

Returns:

python object

async classmethod recv_all(pool)[source]

Function that retrieves one message for each party

Parameters:: pool (Pool) – network of involved parties
Return type:: Tuple[Tuple[str, Any]]
Returns:: list of tuples containing the party and their message

serialize(**_kwargs)[source]

Serialization function for Distributed Paillier schemes, which will be passed to the communication module

Parameters:: **_kwargs (Any) – optional extra keyword arguments
Return type:: SerializedDistributedPaillier
Returns:: Dictionary containing the serialization of this DistributedPaillier scheme.

classmethod setup_input(pool, key_length, prime_threshold, corruption_threshold)[source]

Function that sets initial variables for the process of creating a shared secret key

Parameters:

pool (Pool) – network of involved parties
key_length (int) – desired bit length of the modulus \(N = p \cdot q\)
prime_threshold (int) – Bound on the number of prime numbers to be checked for primality tests
corruption_threshold (int) – Number of parties that are allowed to be corrupted

Return type:

Tuple[int, int, List[int], ShamirSecretSharingScheme, Shares, List[str]]

Returns:

A tuple of initiated variables, containing first the number_of_players, second the length of the primes \(p\) and \(q\), third a list of small primes for the small_prime test (empty if the length of \(p\) and \(q\) is smaller than the prime_threshold), fourth a regular Shamir Sharing scheme, fifth a Shares data structure for holding relevant shares, and last a list of the names of other parties.

async classmethod setup_protocol(shamir_scheme, other_parties, pool)[source]

Function that initiates a protocol to determine IDs and sets own ID Additionally, the protocol prepares a secret sharing of 0 under a 2t-out-of-n threshold scheme to be used later on.

Parameters:

shamir_scheme (ShamirSecretSharingScheme) – Shamir secret sharing scheme to be used for p and q
other_parties (List[str]) – Names of the other parties in the pool
pool (Pool) – network of involved parties

Return type:

Tuple[int, Dict[str, int], ShamirShares, int]

Returns:

This party’s index, a dictionary with indices for the other parties, and a zero-sharing in a 2t-out-of-n thresholds scheme to be used later on, the session id

classmethod shamir_share_and_send(content, shares, shamir_scheme, index, pool, party_indices)[source]

Create a secret-sharing of the input value, and send each share to the corresponding player, together with the label content

Parameters:

content (str) – string identifying the number to be shared and sent
shares (Shares) – dictionary keeping track of shares for different parties and numbers
shamir_scheme (ShamirSecretSharingScheme) – \(t\)-out-of-\(n\) Shamir secret sharing scheme
index (int) – index of this party
pool (Pool) – network of involved parties
party_indices (Dict[str, int]) – mapping from party names to indices

Raises:

NotImplementedError – In case the given content is not “p” or “q”.

Return type:

None