Add Palia

Author: MechFroG88

README.md

@@ -30,6 +30,9 @@ pip install pymife
 2. (Adaptive Secure) Damgard based scheme from https://eprint.iacr.org/2019/487.pdf, using Damgard single input
 3. (Adaptive Secure with Random Oracle) Decentralized DDH based scheme from https://eprint.iacr.org/2019/020.pdf
 
+### Private Non-interactive Aggregation (PALIA)
+1. (Adaptive Secure with Random Oracle) Damgard based scheme
+
 ## Note
 - The implementation of these schemes are not fully optimized and not peer-reviewed, recommended to only use for research / testing purpose.
 - More schemes will be added in the future
@@ -239,6 +242,36 @@ cs = [FeDDHMultiClientDec.encrypt(x[i], tag, keys[i]) for i in range(n)]
 sk = [FeDDHMultiClientDec.keygen(y, keys[i]) for i in range(n)]
 m = FeDDHMultiClientDec.decrypt(cs, tag, pub, sk, (0, 2000))
 ```
+
+### Private Non-interactive Aggregation (PALIA)
+
+```python
+from mife.multiclient.decentralized.palia import Palia
+
+n = 3
+m = 5
+x = [[i + j for j in range(m)] for i in range(n)]
+y = [[i - j + 10 for j in range(m)] for i in range(n)]
+
+tag = b"testingtag123"
+pub = Palia.generate(n, m)
+keys = [pub.generate_party(i) for i in range(n)]
+for i in range(n):
+    for j in range(n):
+        if i == j: continue
+        keys[i].exchange(j, keys[j].get_exc_public_key())
+        
+for i in range(n):
+    keys[i].generate_share()
+    
+mk = Palia.generate_query_key(pub)
+pk = mk.getPublicKey()
+enc_y = Palia.encrypt_query(y, pk, pub)
+
+cs = [Palia.encrypt(x[i], tag, keys[i]) for i in range(n)]
+sk = [Palia.keygen(enc_y, keys[i]) for i in range(n)]
+m = Palia.decrypt(cs, tag, pub, sk, y, mk, (0, 2000))
+```
 ##### Export Keys
 
 ```python
@@ -260,6 +293,7 @@ print(f"secret_key = {json.dumps(sk.export())}")
 print(f"pub_key = {json.dumps(key.get_public_key().export())}")
 ```
 
+
 ## Customize
 
 All of the DDH and Damgard schemes support custom group. You can implement your own group class by extending `/src/mife/data/group.py` as base class.

mife/data/paillier.py

@@ -0,0 +1,71 @@
+from __future__ import annotations
+from Crypto.Util.number import inverse
+from secrets import randbits
+from mife.common import getStrongPrime
+from math import gcd
+from gmpy2 import mpz
+
+
+class PaillierKey:
+    def __init__(self, n, g, lcm=None):
+        self.n = n
+        self.g = g
+        self.lcm = lcm
+        self.n2 = self.n ** 2
+        if lcm is not None:
+            self.u = inverse(lcm, n)
+
+    def getPublicKey(self):
+        return PaillierKey(self.n, self.g)
+
+    def hasPrivateKey(self):
+        return self.u is not None
+
+    def encrypt(self, m: int):
+        while True:
+            r = randbits(self.n.bit_length())
+            if r < self.n and gcd(r, self.n) == 1:
+                break
+        return PaillierElem(self.getPublicKey(), (pow(self.g, m, self.n2) * pow(r, self.n, self.n2)) % self.n2)
+
+    def decrypt(self, c: PaillierElem) -> int:
+        if not self.hasPrivateKey():
+            raise ValueError("No private key")
+        return (((pow(c.c, self.lcm, self.n2) - 1) // self.n) * self.u) % self.n
+
+
+class PaillierElem:
+    def __init__(self, pk: PaillierKey, c: int):
+        self.pk = pk
+        self.c = c
+
+    def __add__(self, other):
+        if self.pk.n != other.pk.n:
+            raise ValueError("Different public keys")
+        return PaillierElem(self.pk, (self.c * other.c) % self.pk.n2)
+
+    def __radd__(self, other):
+        if other == 0:
+            return self
+        raise ValueError("Invalid operation")
+
+    def __rmul__(self, other: int):
+        return PaillierElem(self.pk, pow(self.c, other, self.pk.n2))
+
+
+class Paillier:
+    @staticmethod
+    def generate(bits=1024, p=None, q=None):
+        if p is None:
+            p = getStrongPrime(bits)
+        if q is None:
+            q = getStrongPrime(bits)
+        n = p * q
+        g = n + 1
+        lcm = (p - 1) * (q - 1) // gcd(p - 1, q - 1)
+        return PaillierKey(mpz(n), mpz(g), mpz(lcm))
+
+
+
+
+

mife/multiclient/decentralized/ddh.py

@@ -63,16 +63,16 @@ def exchange(self, index: int, pub_key: ECC.EccKey):
         self.exchange_key[index] = key_agreement(static_priv=self.exc_priv_key, static_pub=pub_key, kdf=kdf)
 
     def generate_share(self):
-        length = self.pub.F.order().bit_length()
+        length = self.pub.F.order().bit_length() // 8
         self.share = [[] for _ in range(self.pub.n)]
         for i in range(self.pub.n):
             for j in range(self.pub.m):
                 nonce = long_to_bytes(i * self.pub.m + j)
                 self.share[i].append(
                     (cprf.CPRF.eval(self.pub.n, self.index, self.exchange_key,
-                                    b'a' + nonce, length),
+                                    b'a' + nonce, length) % self.pub.F.order(),
                      cprf.CPRF.eval(self.pub.n, self.index, self.exchange_key,
-                                    b'b' + nonce, length))
+                                    b'b' + nonce, length) % self.pub.F.order())
                 )
 
 
@@ -87,13 +87,6 @@ def __init__(self, tag: bytes, c: List[GroupElem]):
         self.c = c
         self.tag = tag
 
-    def export(self):
-        return {
-            "tag": self.tag.hex(),
-            "c": [x.export() for x in self.c]
-        }
-
-
 class FeDDHMultiClientDec:
 
     @staticmethod

mife/multiclient/decentralized/palia.py

@@ -0,0 +1,37 @@
+from __future__ import annotations
+
+from typing import List, Tuple, Callable
+
+from mife.data.group import GroupBase
+from mife.data.paillier import PaillierKey, PaillierElem, Paillier
+from mife.multiclient.decentralized.ddh import (FeDDHMultiClientDec, _FeDDHMultiClientDec_PK,
+                                                _FeDDHMultiClientDec_C, _FeDDHMultiClientDec_MK,
+                                                _FeDDHMultiClientDec_SK)
+class Palia:
+    @staticmethod
+    def generate(n: int, m: int, F: GroupBase = None,
+                 hash: Callable[[bytes, int], Tuple[int, int]] = None) -> _FeDDHMultiClientDec_PK:
+        return FeDDHMultiClientDec.generate(n, m, F, hash)
+
+    @staticmethod
+    def encrypt(x: List[int], tag: bytes, key: _FeDDHMultiClientDec_MK) -> _FeDDHMultiClientDec_C:
+        return FeDDHMultiClientDec.encrypt(x, tag, key)
+
+    @staticmethod
+    def decrypt(c: List[_FeDDHMultiClientDec_C], tag: bytes,
+                key: _FeDDHMultiClientDec_PK, sk: List[_FeDDHMultiClientDec_SK], y: List[List[int]], mk: PaillierKey,
+                bound: Tuple[int, int]) -> int:
+        dec_sk = [_FeDDHMultiClientDec_SK(y, (mk.decrypt(sk[i].d[0]), mk.decrypt(sk[i].d[1]))) for i in range(len(sk))]
+        return FeDDHMultiClientDec.decrypt(c, tag, key, dec_sk, bound)
+
+    @staticmethod
+    def keygen(enc_y: List[List[PaillierElem]], key: _FeDDHMultiClientDec_MK) -> _FeDDHMultiClientDec_SK:
+        return FeDDHMultiClientDec.keygen(enc_y, key)
+
+    @staticmethod
+    def encrypt_query(y: List[List[int]], pk: PaillierKey, pub: _FeDDHMultiClientDec_PK) -> List[List[PaillierElem]]:
+        return [[pk.encrypt(y[i][j] % pub.F.order()) for j in range(len(y[i]))] for i in range(len(y))]
+
+    @staticmethod
+    def generate_query_key(pub: _FeDDHMultiClientDec_PK) -> PaillierKey:
+        return Paillier.generate(pub.F.order().bit_length() + (pub.n * pub.m).bit_length() + 1)

pyproject.toml

@@ -13,7 +13,7 @@ extragroup = [
 
 [project]
 name = "pymife"
-version = "0.0.11"
+version = "0.0.12"
 authors = [
   { name="mechfrog88", email="kelzzin2@gmail.com" },
 ]

tests/data/test_paillier.py

@@ -0,0 +1,87 @@
+from tests.test_base import TestBase
+from mife.data.paillier import Paillier
+import time, logging
+
+class TestPaillier(TestBase):
+
+    p = 134571773007924833854065458592286178876746744565913736881821465801779595071970858872308614994816317338556606169429905285264914998387968583302245087560224843241552942789674059901173947740579704064275315217146295711314307876927426902112041290244046572242022612528256950525807940730241959500337908782397375334067
+    q = 136376041929080745332720207555608615396952127278171064896949721772485191795889286118100472072063058684610764963190170043115874503100144966915460078488572507709185072831129777110117660963433630166361483550907430003279041723670193111462964773640424026516757060999870723874192759460049941352318214316748147414927
+
+    def test_basic(self):
+        start1 = time.time()
+        sk = Paillier.generate(1024, TestPaillier.p, TestPaillier.q)
+        pk = sk.getPublicKey()
+
+        c = pk.encrypt(3000)
+        m = sk.decrypt(c)
+
+        self.assertEqual(3000, m)
+        end1 = time.time()
+
+        logging.info(f'Paillier Basic : {end1 - start1}s')
+
+    def test_homomorphic_add(self):
+        start1 = time.time()
+        sk = Paillier.generate(1024, TestPaillier.p, TestPaillier.q)
+        pk = sk.getPublicKey()
+
+        c1 = pk.encrypt(3000)
+
+        c2 = pk.encrypt(2000)
+        c3 = c1 + c2
+
+        m = sk.decrypt(c3)
+        self.assertEqual(m, 5000)
+        end1 = time.time()
+
+        logging.info(f'Paillier Homomorphic Add : {end1 - start1}s')
+
+    def test_homomorphic_mul(self):
+        start1 = time.time()
+        sk = Paillier.generate(1024, TestPaillier.p, TestPaillier.q)
+        pk = sk.getPublicKey()
+
+        c1 = pk.encrypt(3000)
+        c2 = 3 * c1
+
+        m = sk.decrypt(c2)
+        self.assertEqual(m, 9000)
+        end1 = time.time()
+
+        logging.info(f'Paillier Homomorphic Mul : {end1 - start1}s')
+
+    def test_homomorphic_1(self):
+        start1 = time.time()
+        sk = Paillier.generate(1024, TestPaillier.p, TestPaillier.q)
+        pk = sk.getPublicKey()
+
+        c1 = pk.encrypt(1000)
+        c2 = pk.encrypt(4000)
+
+        c3 = 3 * c1 + 2 * c2
+
+        m = sk.decrypt(c3)
+        self.assertEqual(m, 11000)
+
+        end1 = time.time()
+
+        logging.info(f'Paillier Homomorphic 1 : {end1 - start1}s')
+
+    def test_homomorphic_2(self):
+        start1 = time.time()
+        sk = Paillier.generate(1024, TestPaillier.p, TestPaillier.q)
+        pk = sk.getPublicKey()
+
+        c1 = pk.encrypt(1000)
+        c2 = pk.encrypt(4000)
+
+        c3 = 0
+        c3 += 3 * c1
+        c3 += 2 * c2
+
+        m = sk.decrypt(c3)
+        self.assertEqual(m, 11000)
+
+        end1 = time.time()
+
+        logging.info(f'Paillier Homomorphic 2 : {end1 - start1}s')

tests/multiclient/decentralized/test_ddh.py

@@ -65,6 +65,7 @@ def test_scheme_2(self):
         for i in range(n):
             expected += sum([a * b for a, b in zip(x[i], y[i])])
 
+
         self.assertEqual(expected, res)
 
     def test_scheme_3(self):