secure_comparison.secure_comparison module

Implementation of secure comparison protocol as given in https://eprint.iacr.org/2018/1100.pdf Protocol 3 (with fixes).

We implement all (sub)steps separately, and do not handle communication or which player performs what action.

We implement the protocol using Paillier only, i.e., in our implementation $[[m]]$ and $[m]$ are both the same Paillier scheme.

secure_comparison.secure_comparison.from_bits(bits)[source]

Convert a set of bits, least significant bit first to an integer.

Parameters:

bits (List[int]) – List of bits, least significant bit first.

Return type:

int

Returns:

Integer representation of the bits.

secure_comparison.secure_comparison.shuffle(values)[source]

Shuffle the list in random order.

Parameters:

values (List[Any]) – List of objets that is to be shuffled.

Return type:

List[Any]

Returns:

Shuffled version of the input list.

secure_comparison.secure_comparison.step_1(x_enc, y_enc, l, scheme)[source]

$A$ chooses a random number $r, 0 leq r < N$, and computes $$[[z]] leftarrow [[y - x + 2^l + r]] = [[x]] cdot [[y]]^{-1} cdot [[2^l + r]] mod N^2.$$

Parameters:

  • x_enc (PaillierCiphertext) – Encrypted value of $x$: $[[x]]$.

  • y_enc (PaillierCiphertext) – Encrypted value of $y$: $[[y]]$.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x$, $y$ that will be given as input to this method.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

Tuple[PaillierCiphertext, int]

Returns:

Tuple containing as first entry the encrypted value of $z$: $[[z]] leftarrow [[y - x + 2^l + r]] = [[y]] cdot [[x]]^{-1} cdot [[2^l + r]] mod N^2$. The second entry is the randomness value $r$.

secure_comparison.secure_comparison.step_2(z_enc, l, scheme)[source]

$B$ decrypts $[[z]]$, and computes $beta = z mod 2^l$.

Parameters:

  • z_enc (PaillierCiphertext) – Encrypted value of $z$: $[[z]]$.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x, y$ that will be given as input to this method.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

Tuple[int, int]

Returns:

Tuple containing as first entry the plaintext value of $z$. The second entry is the value $beta = z mod 2^l$.

secure_comparison.secure_comparison.step_3(r, l)[source]

$A$ computes $alpha = r mod 2^l$.

Parameters:

  • r (int) – The randomness value $r$ from step 1.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x, y$ that will be given as input to this method.

Return type:

List[int]

Returns:

Value $alpha = r mod 2^l$ as bits.

secure_comparison.secure_comparison.step_4a(z, scheme)[source]

$B$ computes the encrypted bit $[d]$ where $d = (z < (N - 1)/2)$ is the bit informing $A$ whether a carryover has occurred.

Parameters:

  • z (int) – Plaintext value of $z$.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

PaillierCiphertext

Returns:

Encrypted value of the bit $d = (z < (N - 1)/2)$: $[d]$.

secure_comparison.secure_comparison.step_4b(beta, l, scheme)[source]

$B$ computes the encrypted bits $[beta_i], 0 leq i < l$ to $A$.

Parameters:

  • beta (int) – The value $beta$ from step 2.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x, y$ that will be given as input to this method.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the bits $beta_i$: $[beta_i], 0 leq i < l$ to $A$.

secure_comparison.secure_comparison.step_4c(d_enc, r, scheme)[source]

$A$ corrects $[d]$ by setting $[d] leftarrow [0]$ whenever $0 leq r < (N - 1)/2$.

Parameters:

  • d_enc (PaillierCiphertext) – Encrypted value of $d$: $[d]$.

  • r (int) – The randomness value $r$ from step 1.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

PaillierCiphertext

Returns:

Corrected encrypted value of $d$: $[d]$. If $0 leq r < (N - 1)/2$, then $[d] leftarrow [0]$, else $[d]$ remains unaltered.

secure_comparison.secure_comparison.step_4d(alpha, beta_is_enc)[source]

For each $i, 0 leq i < l$, $A$ computes $[alpha_i oplus beta_i]$ as follows: if $alpha_i = 0$ then $[alpha_i oplus beta_i] leftarrow [beta_i]$ else $[alpha_i oplus beta_i] leftarrow [1] cdot [beta_i]^{-1} mod n$.

Parameters:

  • alpha (List[int]) – The value $alpha$ from step 3.

  • beta_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of $beta_i$: $[beta_i], 0 leq i < l$.

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the bits $alpha_i oplus beta_i$: $[alpha_i oplus beta_i], 0 leq i < l$.

secure_comparison.secure_comparison.step_4e(r, alpha, alpha_is_xor_beta_is_enc, d_enc, scheme)[source]

A computes $tilde{alpha} = (r - N) mod 2^l$, the corrected value of $alpha$ in case a carry-over actually did occur and adjusts $[alpha_i oplus beta_i]$ for each $i$: If $alpha_i = tilde{alpha}_i$ then $[w_i] leftarrow [alpha_i oplus beta_i]$ else $[w_i] leftarrow [alpha_i oplus beta_i] cdot [d]^{-1} mod n$

Parameters:

  • r (int) – The randomness value $r$ from step 1.

  • alpha (List[int]) – The value $alpha$ from step 3.

  • alpha_is_xor_beta_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits $alpha_i oplus beta_i$: $[alpha_i oplus beta_i], 0 leq i < l$.

  • d_enc (PaillierCiphertext) – Encrypted value of $d$: $[d]$.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

Tuple[List[PaillierCiphertext], List[int]]

Returns:

Tuple containing as first entry a list containing the encrypted values of the bits $w_i$: $[w_i], 0 leq i < l$. The second entry is the value $tilde{alpha} = (r - N) mod 2^l$ as bits.

secure_comparison.secure_comparison.step_4f(w_is_enc)[source]

For each $i, 0 leq i < l$, $A$ computes $[w_i] leftarrow [w_i]^{2^i} mod n$ such that these values will not interfere each other when added.

Parameters:

w_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits $w_i$: $[w_i], 0 leq i < l$.

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the bits $w_i$: $[w_i], 0 leq i < l$.

secure_comparison.secure_comparison.step_4g()[source]

$A$ chooses a uniformly random bit $delta_A$ and computes $s = 1 - 2 cdot delta_A$.

Return type:

Tuple[int, int]

Returns:

Tuple containing as first entry the value $s = 1 - 2 cdot delta_A$. The second entry is the value $delta_A$.

secure_comparison.secure_comparison.step_4h(s, alpha, alpha_tilde, d_enc, beta_is_enc, w_is_enc, delta_a, scheme)[source]

For each $i, 0 leq i < l$, $A$ computes $[c_i] = [s] cdot [alpha_i] cdot [d]^{tilde{alpha}_i-alpha_i} cdot [beta_i]^{-1} cdot (Pi^{l-1}_{j=i+1}[w_j])^3 mod n$. We add an additional value $[c_{-1}]$, with $c_{-1}=delta_A + Sigma^{l-1}_{i=0}(x_i oplus y_i)$ to also make the scheme work in case of equality of $x$ and $y$.

Parameters:

  • s (int) – The value $s$ from step 4g.

  • alpha (List[int]) – The value $alpha$ from step 3.

  • alpha_tilde (List[int]) – The value $tilde{alpha}$ from step 4e.

  • d_enc (PaillierCiphertext) – Encrypted value of $d$: $[d]$.

  • beta_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits $beta_i$: $[beta_i], 0 leq i < l$.

  • w_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits $w_i$: $[w_i], 0 leq i < l$.

  • delta_a (int) – The value $delta_A$ from step 4g.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the bits $c_i$: $[c_i] = [s] cdot [alpha_i] cdot [d]^{tilde{alpha}_i-alpha_i} cdot [beta_i]^{-1} cdot (Pi^{l-1}_{j=i+1}[w_j])^3 mod n, 0 leq i < l$.

secure_comparison.secure_comparison.step_4i(c_is_enc, scheme, do_shuffle=True)[source]

$A$ blinds the numbers $c_i$ by raising them to a random non-zero exponent $r_i in {1,ldots,u-1}$, and refreshing the randomness with a second exponent $r’_i$ of $2t$ bits: $[c_i] leftarrow [c_i]^{r_i} cdot h^{r’_i} mod n$.

Parameters:

  • c_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits $c_i$: $[c_i], 0 leq i < l$.

  • scheme (Paillier) – Paillier encryption scheme.

  • do_shuffle (bool) – Boolean parameter stating whether or not the bits should be shuffled randomly. (Default: True).

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the masked bits $c_i$: $[c_i], 0 leq i < l$.

secure_comparison.secure_comparison.step_4j(c_is_enc, scheme)[source]

$B$ checks whether one of the numbers $c_i$ is decrypted to zero. If he finds one, $delta_B leftarrow 1$, else $delta_B leftarrow 0$.

Parameters:

  • c_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits $c_i$: $[c_i], 0 leq i < l$.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

int

Returns:

Value $delta_B$.

secure_comparison.secure_comparison.step_5(z, l, delta_b, scheme)[source]

$B$ computes $zeta_1 = z div 2^l$ and encrypts it to $[[zeta_1]]$ and computes $zeta_2 = (z + N) div 2^l$ and encrypts it to $[[zeta_2]]$. $B$ also encrypts $delta_B$ to $[[delta_B]]$.

Parameters:

  • z (int) – Plaintext value of $z$.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x, y$ that will be given as input to this method.

  • delta_b (int) – The value $delta_B$ from step 4j.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

Tuple[PaillierCiphertext, PaillierCiphertext, PaillierCiphertext]

Returns:

A tuple with the first entry being the encrypted value of $zeta_1$: $[[zeta_1]]$. The second entry is the encrypted value of $zeta_2$: $[[zeta_2]]$. The third entry is the encrypted value of $delta_B$: $[[delta_B]]$.

secure_comparison.secure_comparison.step_6(delta_a, delta_b_enc)[source]

$A$ computes $[[(beta < alpha)]]$ as follows: if $delta_A = 1$ then $[[(beta < alpha)]] leftarrow [[delta_B]]$ else $[[(beta < alpha)]] leftarrow [[1]] cdot [[delta_B]]^{-1} mod N^2$.

Parameters:

  • delta_a (int) – The value $delta_A$ from step 4g.

  • delta_b_enc (PaillierCiphertext) – Encrypted value of $delta_B$: $[[delta_B]]$.

Return type:

PaillierCiphertext

Returns:

Encrypted value of $(beta < alpha)$: $[[(beta < alpha)]]$.

secure_comparison.secure_comparison.step_7(zeta_1_enc, zeta_2_enc, r, l, beta_lt_alpha_enc, scheme)[source]

$A$ computes $[[(x leq y)]] leftarrow [[zeta]] cdot ([[ r div 2^l]] cdot [[(beta < alpha)]])^{-1} mod N^2$, where $zeta = zeta_1$, if $r < (N - 1) / 2$, else $zeta = zeta_2$.

Parameters:

  • zeta_1_enc (PaillierCiphertext) – Encrypted value of $zeta_1$: $[[zeta_1]]$.

  • zeta_2_enc (PaillierCiphertext) – Encrypted value of $zeta_2$: $[[zeta_2]]$.

  • r (int) – The randomness value $r$ from step 1.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x, y$ that will be given as input to this method.

  • beta_lt_alpha_enc (PaillierCiphertext) – Encrypted value of $(beta < alpha)$: $[[(beta < alpha)]]$.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

PaillierCiphertext

Returns:

Encrypted value of $(x leq y)$: $[[(x leq y)]]$. This is the final result of the computation.

secure_comparison.secure_comparison.to_bits(integer, bit_length)[source]

Convert a given integer to a list of bits, with the least significant bit first, and the most significant bit last.

Parameters:

  • integer (int) – Integer to be converted to bits.

  • bit_length (int) – Amount of bits to which the integer should be converted.

Return type:

List[int]

Returns:

Bit representation of the integer in bit_length bits. Least significant bit first, most significant last.