distributed_keygen.distributed_keygen module

Code for a single player in the Paillier distributed key-generation protocol.

class distributed_keygen.distributed_keygen.DistributedPaillier(public_key, secret_key, precision, pool, index, party_indices, session_id, distributed, corruption_threshold, **kwargs)[source]

Bases: Paillier, SupportsSerialization

Class that acts as one of the parties involved in distributed Paillier secret key generation. The pool represents the network of parties involved in the key generation protocol.

class SerializedDistributedPaillier[source]

Bases: SerializedPaillier, TypedDict

Serialized DistributedPaillier for use with the communication module.

distributed: bool
index: int
prec: int
pubkey: PaillierPublicKey
scheme_id: int
seckey: PaillierSecretKey
session_id: int
class StoredDistributedPaillier[source]

Bases: TypedDict

corruption_threshold: int
index: int
party_indices: dict[str, int]
precision: int
priv_key: PaillierSharedKey
pub_key: PaillierPublicKey
shares: Shares
__eq__(other)[source]

Compare this Distributed Paillier scheme with another to determine (in)equality. Does not take the secret key into account as it might not be known and the public key combined with the precision and the session id.

Parameters:

other (object) – Object to compare this Paillier scheme with.

Return type:

bool

Returns:

Boolean value representing (in)equality of both objects.

__init__(public_key, secret_key, precision, pool, index, party_indices, session_id, distributed, corruption_threshold, **kwargs)[source]

Initializes a DistributedPaillier instance with a public Paillier key and a shared secret Paillier key.

Parameters:

  • public_key (PaillierPublicKey) – The Paillier public key

  • secret_key (PaillierSharedKey) – The shared secret Paillier key

  • precision (int) – The precision of the resulting scheme

  • pool (Pool) – The pool with connections of parties involved in the shared secret key

  • index (int) – The index of the party who owns this instance within the pool

  • party_indices (dict[str, int]) – Dictionary mapping parties in the pool to their indices

  • session_id (int) – The unique session identifier belonging to the protocol that generated the keys for this DistributedPaillier scheme.

  • distributed (bool) – Boolean value indicating whether the protocol that generated the keys for this DistributedPaillier scheme was run in different Python instances (True) or in a single python instance (False)

  • corruption_threshold (int) – The corruption threshold used during the generation of the key

  • kwargs (Any) – Any keyword arguments that are passed to the super __init__ function

apply_encoding(decrypted_ciphertext, apply_encoding)[source]

Function which decodes a decrypted ciphertext

Parameters:

  • decrypted_ciphertext (EncodedPlaintext[int]) – ciphertext to decode

  • apply_encoding (bool) – Boolean indicating if decrypted_ciphertext needs to be decoded.

Return type:

Union[Integral, float, FixedPoint]

Returns:

The decoded plaintext

async classmethod compute_modulus(shares, index, pool, prime_list, party_indices, prime_length, shamir_scheme_t, shamir_scheme_2t, correct_param_biprime, session_id, batch_size=1)[source]

Function that starts a protocol to generate candidates for $p$ and $q$ the multiplication of the two is then checked for biprimality to ensure it is a valid modulus. This is run until it succeeds.

Parameters:

  • shares (Shares) – dictionary that keeps track of shares for parties for certain numbers

  • index (int) – index of this party

  • pool (Pool) – network of involved parties

  • prime_list (list[int]) – list of prime numbers

  • party_indices (dict[str, int]) – mapping from party names to indices

  • prime_length (int) – desired bit length of $p$ and $q$

  • shamir_scheme_t (ShamirSecretSharingScheme) – $t$-out-of-$n$ Shamir secret sharing scheme

  • shamir_scheme_2t (ShamirSecretSharingScheme) – $2t$-out-of-$n$ Shamir secret sharing scheme

  • correct_param_biprime (int) – correctness parameter that affects the certainty that the generated $N$ is a product of two primes

  • session_id (int) – The unique session identifier belonging to the protocol that generated the keys for this DistributedPaillier scheme.

  • batch_size (int) – How many $p$’s and $q$’s to generate at once (drastically reduces communication at the expense of potentially wasted computation)

Raises:

RuntimeError – thrown if the protocol is interrupted

Return type:

int

Returns:

modulus $N$

async decrypt(ciphertext, apply_encoding=True, receivers=None)[source]

Decrypts the input ciphertext. Starts a protocol between the parties involved to create local decryptions, send them to the other parties and combine them into full decryptions for each party.

Parameters:

  • ciphertext (PaillierCiphertext) – Ciphertext to be decrypted.

  • apply_encoding (bool) – Boolean indicating whether the decrypted ciphertext is decoded before it is returned. Defaults to True.

  • receivers (list[str] | None) – An optional list specifying the names of the receivers, your own ‘name’ is “self”.

Return type:

Union[Integral, float, FixedPoint, None]

Returns:

Plaintext decrypted value.

async decrypt_sequence(ciphertext_sequence, apply_encoding=True, receivers=None)[source]

Decrypts the list of ciphertexts

Parameters:

  • ciphertext_sequence (Iterable[PaillierCiphertext]) – Sequence of Ciphertext to be decrypted

  • apply_encoding (bool) – Boolean indicating whether the decrypted ciphertext is decoded before it is returned. Defaults to True.

  • receivers (list[str] | None) – The receivers of all (partially) decrypted ciphertexts. If None is given it is sent to all parties. If a list is provided it is sent to those receivers.

Return type:

list[Union[Integral, float, FixedPoint]] | None

Returns:

The list of encoded plaintext corresponding to the ciphertext, or None if ‘self’ is not in the receivers list.

default_biprime_param = 40
default_corruption_threshold = 1
default_key_length = 2048
default_prime_threshold = 2000
default_sec_shamir = 40
static deserialize(obj, *, origin=None, **kwargs)[source]

Deserialization function for Distributed Paillier schemes, which will be passed to the communication module

Parameters:

  • obj (SerializedDistributedPaillier | SerializedPaillier) – serialization of a distributed paillier scheme.

  • origin (HTTPClient | None) – HTTPClient representing where the message came from if applicable

  • **kwargs (Any) – optional extra keyword arguments

Return type:

DistributedPaillier | Paillier

Returns:

Deserialized DistributedPaillier scheme, local instance thereof, or a regular Paillier scheme in case this party is not part of the distributed session.

async classmethod from_security_parameter(pool, corruption_threshold=1, key_length=2048, prime_threshold=2000, correct_param_biprime=40, stat_sec_shamir=40, distributed=True, precision=0, batch_size=100)[source]

Function that takes security parameters related to secret sharing and Paillier and initiates a protocol to create a shared secret key between the parties in the provided pool.

Parameters:

  • precision (int) – precision of the fixed point encoding in Paillier

  • pool (Pool) – The network of involved parties

  • corruption_threshold (int) – Maximum number of allowed corruptions. We require for the number of parties in the pool and the corruption threshold that $$text{number_of_parties} >= 2 * text{corruption_threshold} + 1$$. This is because we need to multiply secret sharings that both use polynomials of degree corruption_threshold. The resulting secret sharing then becomes a polynomial of degree $2*text{corruption_threshold}$ and it requires at least $2*text{corruption_threshold}+1$ evaluation points to reconstruct the secret in that sharing.

  • key_length (int) – desired bit length of the modulus $N$

  • prime_threshold (int) – Upper bound on the number of prime numbers to check during primality tests

  • correct_param_biprime (int) – parameter that affects the certainty of the generated $N$ to be the product of two primes

  • stat_sec_shamir (int) – security parameter for the Shamir secret sharing over the integers

  • distributed (bool) – Whether the different parties are run on different python instances

  • precision – precision (number of decimals) to ensure

  • batch_size (int) – How many $p$’s and $q$’s to generate at once (drastically reduces communication at the expense of potentially wasted computation)

Raises:

  • ValueError – In case the number of parties $n$ and the corruption threshold $t$ do not satisfy that $n geq 2*t + 1$

  • SessionIdError – In case the parties agree on a session ID that is already being used.

Return type:

DistributedPaillier

Returns:

DistributedPaillier scheme containing a regular Paillier public key and a shared secret key.

async classmethod gather_shares(content, pool, shares, party_indices, msg_id=None)[source]

Gather all shares with label content

Parameters:

  • content (str) – string identifying a number

  • pool (Pool) – network of involved parties

  • shares (Shares) – dictionary keeping track of shares of different parties for certain numbers

  • party_indices (dict[str, int]) – mapping from party names to indices

  • msg_id (str | None) – Optional message id.

Raises:

AttributeError – In case the given content is not any of the possible values for which we store shares (“p”, “q”, “n”, “biprime”, “lambda_”, “beta”, “secret_key”).

Return type:

None

async classmethod generate_keypair(stat_sec_shamir, number_of_players, corruption_threshold, shares, index, pool, prime_list, prime_length, party_indices, correct_param_biprime, shamir_scheme_t, shamir_scheme_2t, session_id, batch_size=1)[source]

Function to distributively generate a shared secret key and a corresponding public key

Parameters:

  • stat_sec_shamir (int) – security parameter for Shamir secret sharing over the integers

  • number_of_players (int) – number of parties involved in the protocol

  • corruption_threshold (int) – number of parties that are allowed to be corrupted

  • shares (Shares) – dictionary that keeps track of shares for parties for certain numbers

  • index (int) – index of this party

  • pool (Pool) – network of involved parties

  • prime_list (list[int]) – list of prime numbers

  • prime_length (int) – desired bit length of $p$ and $q$

  • party_indices (dict[str, int]) – mapping from party names to indices

  • correct_param_biprime (int) – correctness parameter that affects the certainty that the generated $N$ is a product of two primes

  • shamir_scheme_t (ShamirSecretSharingScheme) – $t$-out-of-$n$ Shamir secret sharing scheme

  • shamir_scheme_2t (ShamirSecretSharingScheme) – $2t$-out-of-$n$ Shamir secret sharing scheme

  • session_id (int) – The unique session identifier belonging to the protocol that generated the keys for this DistributedPaillier scheme.

  • batch_size (int) – How many $p$’s and $q$’s to generate at once (drastically reduces communication at the expense of potentially wasted computation)

Return type:

tuple[PaillierPublicKey, PaillierSharedKey]

Returns:

regular Paillier public key and a shared secret key

async classmethod generate_secret_key(stat_sec_shamir, number_of_players, corruption_threshold, shares, index, pool, prime_list, prime_length, party_indices, correct_param_biprime, shamir_scheme_t, shamir_scheme_2t, session_id, batch_size)[source]

Functions that generates the modulus and sets up the sharing of the private key

Parameters:

  • stat_sec_shamir (int) – security parameter for the Shamir secret sharing over the integers

  • number_of_players (int) – total number of participants in this session (including self)

  • corruption_threshold (int) – Maximum number of allowed corruptions

  • shares (Shares) – dictionary that keeps track of shares for parties for certain numbers

  • index (int) – index of this party

  • pool (Pool) – network of involved parties

  • prime_list (list[int]) – list of prime numbers

  • prime_length (int) – desired bit length of $p$ and $q$

  • party_indices (dict[str, int]) – mapping from party names to indices

  • correct_param_biprime (int) – correctness parameter that affects the certainty that the generated $N$ is a product of two primes

  • shamir_scheme_t (ShamirSecretSharingScheme) – $t$-out-of-$n$ Shamir secret sharing scheme

  • shamir_scheme_2t (ShamirSecretSharingScheme) – $2t$-out-of-$n$ Shamir secret sharing scheme

  • session_id (int) – The unique session identifier belonging to the protocol that generated the keys for this DistributedPaillier scheme.

  • batch_size (int) – How many $p$’s and $q$’s to generate at once (drastically reduces communication at the expense of potentially wasted computation)

Return type:

PaillierSharedKey

Returns:

shared secret key

async classmethod get_indices(pool)[source]

Function that initiates a protocol to determine IDs (indices) for each party

Parameters:

pool (Pool) – network of involved parties

Return type:

tuple[dict[str, int], int]

Returns:

dictionary from party name to index, where the entry “self” contains this party’s index

classmethod int_shamir_share_and_send(content, shares, int_shamir_scheme, index, pool, party_indices, msg_id=None)[source]

Create a secret-sharing of the input value, and send each share to the corresponding player, together with the label content

Parameters:

  • content (str) – string identifying the number to be shared and sent

  • shares (Shares) – dictionary keeping track of shares for different parties and numbers

  • int_shamir_scheme (ShamirSecretSharingIntegers) – Shamir secret sharing scheme over the integers

  • index (int) – index of this party

  • pool (Pool) – network of involved parties

  • party_indices (dict[str, int]) – mapping from party names to indices

  • msg_id (str | None) – Optional message id.

Raises:

NotImplementedError – In case the given content is not “lambda_” or “beta”.

Return type:

None

async classmethod load_private_key_from_bytes(obj_bytes, pool, distributed)[source]

Create a distributed paillier key from the bytes provided. The bytes must represent a distributed paillier key. The number of parties must be equal to the number of parties in a pool.

Parameters:

  • obj_bytes (bytes) – the bytes representing the key

  • pool (Pool) – The pool used for the communication

  • distributed (bool) – Whether the different parties are run on different python instances

Return type:

DistributedPaillier

Returns:

The distributed paillier key derived from the obj_bytes

Raises:

  • ValueError – When the number of parties in the pool does not correspond to the number of parties expected by the key.

  • ImportError – When the ‘tno.mpc.communication’ module is not installed

serialize(**_kwargs)[source]

Serialization function for Distributed Paillier schemes, which will be passed to the communication module

Parameters:

**_kwargs (Any) – optional extra keyword arguments

Return type:

SerializedDistributedPaillier

Returns:

Dictionary containing the serialization of this DistributedPaillier scheme.

classmethod setup_input(pool, key_length, prime_threshold, corruption_threshold)[source]

Function that sets initial variables for the process of creating a shared secret key

Parameters:

  • pool (Pool) – network of involved parties

  • key_length (int) – desired bit length of the modulus $N = p cdot q$

  • prime_threshold (int) – Bound on the number of prime numbers to be checked for primality tests

  • corruption_threshold (int) – Number of parties that are allowed to be corrupted

Return type:

tuple[int, int, list[int], ShamirSecretSharingScheme, ShamirSecretSharingScheme, Shares]

Returns:

A tuple of initiated variables, containing first the number_of_players, second the length of the primes $p$ and $q$, third a list of small primes for the small_prime test (empty if the length of $p$ and $q$ is smaller than the prime_threshold), fourth a regular Shamir Sharing scheme, fifth a Shares data structure for holding relevant shares, and last a list of the names of other parties.

async classmethod setup_protocol(pool)[source]

Runs the indices protocol and sets own ID.

Parameters:

pool (Pool) – network of involved parties

Return type:

tuple[int, dict[str, int], int]

Returns:

This party’s index, a dictionary with indices for the other parties, the session id

store_private_key()[source]

Serialize the entire key including the private key to bytes, such that it can be stored for later use. The key can be loaded using the function load_private_key_from_bytes.

Return type:

bytes

Returns:

byte object representing the key.

Raises:

ImportError – When the ‘tno.mpc.communication’ module is not installed

exception distributed_keygen.distributed_keygen.SessionIdError[source]

Bases: Exception

Used to raise exceptions when a session ID is invalid