secure_comparison.secure_comparison module

Implementation of secure comparison protocol as given in https://eprint.iacr.org/2018/1100.pdf Protocol 3 (with fixes).

We implement all (sub)steps separately, and do not handle communication or which player performs what action.

We implement the protocol using Paillier only, i.e., in our implementation \([[m]]\) and \([m]\) are both the same Paillier scheme.

secure_comparison.secure_comparison.from_bits(bits)[source]

Convert a set of bits, least significant bit first to an integer.

Parameters:

bits (List[int]) – List of bits, least significant bit first.

Return type:

int

Returns:

Integer representation of the bits.

secure_comparison.secure_comparison.shuffle(values)[source]

Shuffle the list in random order.

Parameters:

values (List[Any]) – List of objets that is to be shuffled.

Return type:

List[Any]

Returns:

Shuffled version of the input list.

secure_comparison.secure_comparison.step_1(x_enc, y_enc, l, scheme)[source]

\(A\) chooses a random number \(r, 0 \leq r < N\), and computes

\[[[z]] \leftarrow [[y - x + 2^l + r]] = [[x]] \cdot [[y]]^{-1} \cdot [[2^l + r]] \mod N^2.\]

Parameters:

  • x_enc (PaillierCiphertext) – Encrypted value of \(x\): \([[x]]\).

  • y_enc (PaillierCiphertext) – Encrypted value of \(y\): \([[y]]\).

  • l (int) – Fixed value, such that \(0 \leq x,y < 2^l\), for any \(x\), \(y\) that will be given as input to this method.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

Tuple[PaillierCiphertext, int]

Returns:

Tuple containing as first entry the encrypted value of \(z\): \([[z]] \leftarrow [[y - x + 2^l + r]] = [[y]] \cdot [[x]]^{-1} \cdot [[2^l + r]] \mod N^2\). The second entry is the randomness value \(r\).

secure_comparison.secure_comparison.step_2(z_enc, l, scheme)[source]

\(B\) decrypts \([[z]]\), and computes \(\beta = z \mod 2^l\).

Parameters:

  • z_enc (PaillierCiphertext) – Encrypted value of \(z\): \([[z]]\).

  • l (int) – Fixed value, such that \(0 \leq x,y < 2^l\), for any \(x, y\) that will be given as input to this method.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

Tuple[int, int]

Returns:

Tuple containing as first entry the plaintext value of \(z\). The second entry is the value \(\beta = z \mod 2^l\).

secure_comparison.secure_comparison.step_3(r, l)[source]

\(A\) computes \(\alpha = r \mod 2^l\).

Parameters:

  • r (int) – The randomness value \(r\) from step 1.

  • l (int) – Fixed value, such that \(0 \leq x,y < 2^l\), for any \(x, y\) that will be given as input to this method.

Return type:

List[int]

Returns:

Value \(\alpha = r \mod 2^l\) as bits.

secure_comparison.secure_comparison.step_4a(z, scheme)[source]

\(B\) computes the encrypted bit \([d]\) where \(d = (z < (N - 1)/2)\) is the bit informing \(A\) whether a carryover has occurred.

Parameters:

  • z (int) – Plaintext value of \(z\).

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

PaillierCiphertext

Returns:

Encrypted value of the bit \(d = (z < (N - 1)/2)\): \([d]\).

secure_comparison.secure_comparison.step_4b(beta, l, scheme)[source]

\(B\) computes the encrypted bits \([\beta_i], 0 \leq i < l\) to \(A\).

Parameters:

  • beta (int) – The value \(\beta\) from step 2.

  • l (int) – Fixed value, such that \(0 \leq x,y < 2^l\), for any \(x, y\) that will be given as input to this method.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the bits \(\beta_i\): \([\beta_i], 0 \leq i < l\) to \(A\).

secure_comparison.secure_comparison.step_4c(d_enc, r, scheme)[source]

\(A\) corrects \([d]\) by setting \([d] \leftarrow [0]\) whenever \(0 \leq r < (N - 1)/2\).

Parameters:

  • d_enc (PaillierCiphertext) – Encrypted value of \(d\): \([d]\).

  • r (int) – The randomness value \(r\) from step 1.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

PaillierCiphertext

Returns:

Corrected encrypted value of \(d\): \([d]\). If \(0 \leq r < (N - 1)/2\), then \([d] \leftarrow [0]\), else \([d]\) remains unaltered.

secure_comparison.secure_comparison.step_4d(alpha, beta_is_enc)[source]

For each \(i, 0 \leq i < l\), \(A\) computes \([\alpha_i \oplus \beta_i]\) as follows: if \(\alpha_i = 0\) then \([\alpha_i \oplus \beta_i] \leftarrow [\beta_i]\) else \([\alpha_i \oplus \beta_i] \leftarrow [1] \cdot [\beta_i]^{-1} \mod n\).

Parameters:

  • alpha (List[int]) – The value \(\alpha\) from step 3.

  • beta_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of \(\beta_i\): \([\beta_i], 0 \leq i < l\).

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the bits \(\alpha_i \oplus \beta_i\): \([\alpha_i \oplus \beta_i], 0 \leq i < l\).

secure_comparison.secure_comparison.step_4e(r, alpha, alpha_is_xor_beta_is_enc, d_enc, scheme)[source]

A computes \(\tilde{\alpha} = (r - N) \mod 2^l\), the corrected value of \(\alpha\) in case a carry-over actually did occur and adjusts \([\alpha_i \oplus \beta_i]\) for each \(i\): If \(\alpha_i = \tilde{\alpha}_i\) then \([w_i] \leftarrow [\alpha_i \oplus \beta_i]\) else \([w_i] \leftarrow [\alpha_i \oplus \beta_i] \cdot [d]^{-1} \mod n\)

Parameters:

  • r (int) – The randomness value \(r\) from step 1.

  • alpha (List[int]) – The value \(\alpha\) from step 3.

  • alpha_is_xor_beta_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits \(\alpha_i \oplus \beta_i\): \([\alpha_i \oplus \beta_i], 0 \leq i < l\).

  • d_enc (PaillierCiphertext) – Encrypted value of \(d\): \([d]\).

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

Tuple[List[PaillierCiphertext], List[int]]

Returns:

Tuple containing as first entry a list containing the encrypted values of the bits \(w_i\): \([w_i], 0 \leq i < l\). The second entry is the value \(\tilde{\alpha} = (r - N) \mod 2^l\) as bits.

secure_comparison.secure_comparison.step_4f(w_is_enc)[source]

For each \(i, 0 \leq i < l\), \(A\) computes \([w_i] \leftarrow [w_i]^{2^i} \mod n\) such that these values will not interfere each other when added.

Parameters:

w_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits \(w_i\): \([w_i], 0 \leq i < l\).

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the bits \(w_i\): \([w_i], 0 \leq i < l\).

secure_comparison.secure_comparison.step_4g()[source]

\(A\) chooses a uniformly random bit \(\delta_A\) and computes \(s = 1 - 2 \cdot \delta_A\).

Return type:

Tuple[int, int]

Returns:

Tuple containing as first entry the value \(s = 1 - 2 \cdot \delta_A\). The second entry is the value \(\delta_A\).

secure_comparison.secure_comparison.step_4h(s, alpha, alpha_tilde, d_enc, beta_is_enc, w_is_enc, delta_a, scheme)[source]

For each \(i, 0 \leq i < l\), \(A\) computes \([c_i] = [s] \cdot [\alpha_i] \cdot [d]^{\tilde{\alpha}_i-\alpha_i} \cdot [\beta_i]^{-1} \cdot (\Pi^{l-1}_{j=i+1}[w_j])^3 \mod n\). We add an additional value \([c_{-1}]\), with \(c_{-1}=\delta_A + \Sigma^{l-1}_{i=0}(x_i \oplus y_i)\) to also make the scheme work in case of equality of \(x\) and \(y\).

Parameters:

  • s (int) – The value \(s\) from step 4g.

  • alpha (List[int]) – The value \(\alpha\) from step 3.

  • alpha_tilde (List[int]) – The value \(\tilde{\alpha}\) from step 4e.

  • d_enc (PaillierCiphertext) – Encrypted value of \(d\): \([d]\).

  • beta_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits \(\beta_i\): \([\beta_i], 0 \leq i < l\).

  • w_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits \(w_i\): \([w_i], 0 \leq i < l\).

  • delta_a (int) – The value \(\delta_A\) from step 4g.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the bits \(c_i\): \([c_i] = [s] \cdot [\alpha_i] \cdot [d]^{\tilde{\alpha}_i-\alpha_i} \cdot [\beta_i]^{-1} \cdot (\Pi^{l-1}_{j=i+1}[w_j])^3 \mod n, 0 \leq i < l\).

secure_comparison.secure_comparison.step_4i(c_is_enc, scheme, do_shuffle=True)[source]

\(A\) blinds the numbers \(c_i\) by raising them to a random non-zero exponent \(r_i \in \{1,\ldots,u-1\}\), and refreshing the randomness with a second exponent \(r'_i\) of \(2t\) bits: \([c_i] \leftarrow [c_i]^{r_i} \cdot h^{r'_i} \mod n\).

Parameters:

  • c_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits \(c_i\): \([c_i], 0 \leq i < l\).

  • scheme (Paillier) – Paillier encryption scheme.

  • do_shuffle (bool) – Boolean parameter stating whether or not the bits should be shuffled randomly. (Default: True).

Return type:

List[PaillierCiphertext]

Returns:

List containing the encrypted values of the masked bits \(c_i\): \([c_i], 0 \leq i < l\).

secure_comparison.secure_comparison.step_4j(c_is_enc, scheme)[source]

\(B\) checks whether one of the numbers \(c_i\) is decrypted to zero. If he finds one, \(\delta_B \leftarrow 1\), else \(\delta_B \leftarrow 0\).

Parameters:

  • c_is_enc (List[PaillierCiphertext]) – List containing the encrypted values of the bits \(c_i\): \([c_i], 0 \leq i < l\).

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

int

Returns:

Value \(\delta_B\).

secure_comparison.secure_comparison.step_5(z, l, delta_b, scheme)[source]

\(B\) computes \(\zeta_1 = z \div 2^l\) and encrypts it to \([[\zeta_1]]\) and computes \(\zeta_2 = (z + N) \div 2^l\) and encrypts it to \([[\zeta_2]]\). \(B\) also encrypts \(\delta_B\) to \([[\delta_B]]\).

Parameters:

  • z (int) – Plaintext value of \(z\).

  • l (int) – Fixed value, such that \(0 \leq x,y < 2^l\), for any \(x, y\) that will be given as input to this method.

  • delta_b (int) – The value \(\delta_B\) from step 4j.

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

Tuple[PaillierCiphertext, PaillierCiphertext, PaillierCiphertext]

Returns:

A tuple with the first entry being the encrypted value of \(\zeta_1\): \([[\zeta_1]]\). The second entry is the encrypted value of \(\zeta_2\): \([[\zeta_2]]\). The third entry is the encrypted value of \(\delta_B\): \([[\delta_B]]\).

secure_comparison.secure_comparison.step_6(delta_a, delta_b_enc)[source]

\(A\) computes \([[(\beta < \alpha)]]\) as follows: if \(\delta_A = 1\) then \([[(\beta < \alpha)]] \leftarrow [[\delta_B]]\) else \([[(\beta < \alpha)]] \leftarrow [[1]] \cdot [[\delta_B]]^{-1} \mod N^2\).

Parameters:

  • delta_a (int) – The value \(\delta_A\) from step 4g.

  • delta_b_enc (PaillierCiphertext) – Encrypted value of \(\delta_B\): \([[\delta_B]]\).

Return type:

PaillierCiphertext

Returns:

Encrypted value of \((\beta < \alpha)\): \([[(\beta < \alpha)]]\).

secure_comparison.secure_comparison.step_7(zeta_1_enc, zeta_2_enc, r, l, beta_lt_alpha_enc, scheme)[source]

\(A\) computes \([[(x \leq y)]] \leftarrow [[\zeta]] \cdot ([[ r \div 2^l]] \cdot [[(\beta < \alpha)]])^{-1} \mod N^2\), where \(\zeta = \zeta_1\), if \(r < (N - 1) / 2\), else \(\zeta = \zeta_2\).

Parameters:

  • zeta_1_enc (PaillierCiphertext) – Encrypted value of \(\zeta_1\): \([[\zeta_1]]\).

  • zeta_2_enc (PaillierCiphertext) – Encrypted value of \(\zeta_2\): \([[\zeta_2]]\).

  • r (int) – The randomness value \(r\) from step 1.

  • l (int) – Fixed value, such that \(0 \leq x,y < 2^l\), for any \(x, y\) that will be given as input to this method.

  • beta_lt_alpha_enc (PaillierCiphertext) – Encrypted value of \((\beta < \alpha)\): \([[(\beta < \alpha)]]\).

  • scheme (Paillier) – Paillier encryption scheme.

Return type:

PaillierCiphertext

Returns:

Encrypted value of \((x \leq y)\): \([[(x \leq y)]]\). This is the final result of the computation.

secure_comparison.secure_comparison.to_bits(integer, bit_length)[source]

Convert a given integer to a list of bits, with the least significant bit first, and the most significant bit last.

Parameters:

  • integer (int) – Integer to be converted to bits.

  • bit_length (int) – Amount of bits to which the integer should be converted.

Return type:

List[int]

Returns:

Bit representation of the integer in bit_length bits. Least significant bit first, most significant last.