Add quadratic scheme

Author: MechFroG88

README.md

@@ -19,6 +19,9 @@ pip install pymife
 ### Single input inner product (Function Hiding)
 1. (Adaptive Secure) DDH based scheme from https://eprint.iacr.org/2016/440.pdf
 
+### Single input inner product (Quadratic)
+1. (Adaptive Secure) DDH based scheme from https://eprint.iacr.org/2018/206.pdf
+
 ### Multi input inner product
 1. (Adaptive Secure) Damgard based scheme from https://eprint.iacr.org/2017/972.pdf
 
@@ -105,6 +108,26 @@ c = FeDDH.encrypt(x, key)
 sk = FeDDH.keygen(y, key)
 m = FeDDH.decrypt(c, key.get_public_key(), sk, (0, 1000))
 ```
+
+
+### Single input inner product (Quadratic)
+
+#### DDH based scheme
+
+```python
+from mife.single.quadratic.ddh import FeDDH
+
+n = 2
+x = [i + 2 for i in range(n)]
+y = [i + 3 for i in range(n)]
+f = [[i + j + 1 for j in range(n)] for i in range(n)]
+key = FeDDH.generate(n)
+c = FeDDH.encrypt(x, y, key)
+sk = FeDDH.keygen(f, key)
+m = FeDDH.decrypt(c, key.get_public_key(), sk, (0, 1000))
+```
+
+
 ### Multi input inner product
 
 #### Damgard based scheme
@@ -219,13 +242,17 @@ To use custom group, simply pass the group class to the `generate` function.
 
 This library has implemented prime order group and curve25519 group.
 
-For MCFE-DDH scheme, you can also supply your own hash function by using the same signature as the default hash function found in `/src/mife/multiclient/ddh.py`.
+For Random Oracle Model MCFE-DDH scheme, you can also supply your own hash function by using the same signature as the default hash function found in `/src/mife/multiclient/ddh.py`.
+
+For Function Hiding and Quadratic scheme, you can supply your own pairing group better efficiency.
 
 ## References
 
 - https://eprint.iacr.org/2015/017.pdf
 - https://eprint.iacr.org/2015/608.pdf
+- https://eprint.iacr.org/2016/440.pdf
 - https://eprint.iacr.org/2017/972.pdf
 - https://eprint.iacr.org/2017/989.pdf
+- https://eprint.iacr.org/2018/206.pdf
 - https://eprint.iacr.org/2019/487.pdf
 - https://github.com/fentec-project/CiFEr/blob/master/src/innerprod/simple/lwe.cr2html

mife/data/zmod_r.py

@@ -37,23 +37,28 @@ class _ZmodRElem():
 
     def __init__(self, group: ZmodR, val: mpz):
         self.group = group
-        self.val = val
+        self._val = val
+
+    @property
+    def val(self):
+        self._val = self._val % self.group.modulus
+        return self._val
 
     def __radd__(self, other):
         return self.__add__(other)
 
     def __add__(self, other: Self) -> Self:
         if isinstance(other, int) or isinstance(other, mpz):
-            return _ZmodRElem(self.group, (self.val + other) % self.group.modulus)
+            return _ZmodRElem(self.group, (self._val + other) % self.group.modulus)
         if self.group != other.group:
             return Exception(f"Addition not define for element of {self.group} and {other.group}")
-        return _ZmodRElem(self.group, (self.val + other.val) % self.group.modulus)
+        return _ZmodRElem(self.group, (self._val + other._val) % self.group.modulus)
 
     def __rsub__(self, other):
-        return _ZmodRElem(self.group, (other - self.val) % self.group.modulus)
+        return _ZmodRElem(self.group, (other - self._val) % self.group.modulus)
 
     def __neg__(self) -> Self:
-        return _ZmodRElem(self.group, -self.val)
+        return _ZmodRElem(self.group, -self._val)
 
     def __sub__(self, other):
         return self.__add__(-other)
@@ -63,16 +68,16 @@ def __rmul__(self, other):
 
     def __mul__(self, other: _ZmodRElem):
         if isinstance(other, int) or isinstance(other, mpz):
-            return _ZmodRElem(self.group, (self.val * other) % self.group.modulus)
-        return _ZmodRElem(self.group, (self.val * other.val) % self.group.modulus)
+            return _ZmodRElem(self.group, (self._val * other) % self.group.modulus)
+        return _ZmodRElem(self.group, (self._val * other._val) % self.group.modulus)
 
     def __truediv__(self, other):
         if isinstance(other, int):
             return self.__mul__(_ZmodRElem(self.group, mpz(inverse(other, self.group.modulus))))
-        return self.__mul__(_ZmodRElem(self.group, mpz(inverse(other.val, self.group.modulus))))
+        return self.__mul__(_ZmodRElem(self.group, mpz(inverse(other._val, self.group.modulus))))
 
     def __rtruediv__(self, other):
-        return _ZmodRElem(self.group, other * mpz(inverse(self.val, self.group.modulus)))
+        return _ZmodRElem(self.group, other * mpz(inverse(self._val, self.group.modulus)))
 
     def __eq__(self, other):
         if (isinstance(other, int) or isinstance(other, mpz)):

mife/single/fhiding/ddh.py

@@ -63,7 +63,7 @@ def generate(n: int, F: PairingBase = None) -> _FeDDH_MK:
         G = ZmodR(F.order())
         B = invertible_matrix(G, n)
         B_determinant = B.determinant()
-        B_star = B_determinant.val * B.inverse().T
+        B_star = int(B_determinant) * B.inverse().T
 
         msk = _FeDDH_MSK(g1, g2, B, B_star, B_determinant)
 
@@ -87,7 +87,7 @@ def encrypt(x: List[int], key: _FeDDH_MK) -> _FeDDH_C:
 
         x = [key.G(x[i]) for i in range(key.n)]
         exponents = Matrix.flatten((Matrix(x) * key.msk.B_star).M)
-        c2 = [((exponents[i] * beta).val) * key.msk.g2 for i in range(key.n)]
+        c2 = [int(exponents[i] * beta) * key.msk.g2 for i in range(key.n)]
 
         return _FeDDH_C(c1, c2)
 
@@ -127,10 +127,10 @@ def keygen(y: List[int], key: _FeDDH_MK) -> _FeDDH_SK:
 
         alpha = randbelow(key.G.order())
 
-        k1 = ((alpha * key.msk.B_determinant).val) * key.msk.g1
+        k1 = (int(alpha * key.msk.B_determinant)) * key.msk.g1
 
         y = [key.G(y[i]) for i in range(key.n)]
         exponents = Matrix.flatten((Matrix(y) * key.msk.B).M)
-        k2 = [((exponents[i] * alpha).val) * key.msk.g1 for i in range(key.n)]
+        k2 = [int(exponents[i] * alpha) * key.msk.g1 for i in range(key.n)]
 
         return _FeDDH_SK(k1, k2)

mife/single/quadratic/ddh.py

@@ -0,0 +1,152 @@
+from secrets import randbelow
+from typing import List, Tuple
+
+from mife.common import discrete_log_bound, invertible_matrix
+from mife.data.pairing import PairingBase
+from mife.data.pyecc_bn128_wrapper import Bn128Pairing
+from mife.data.matrix import Matrix
+from mife.data.group import GroupElem
+from mife.data.zmod_r import ZmodR, _ZmodRElem
+
+
+# References:
+# https://eprint.iacr.org/2018/206.pdf
+
+class _FeDDH_MSK:
+    def __init__(self, s: List[_ZmodRElem], t: List[_ZmodRElem]):
+        self.s = s
+        self.t = t
+
+class _FeDDH_MK:
+    def __init__(self, n: int, F: PairingBase, G: ZmodR, gs: List[GroupElem], gt: List[GroupElem], msk: _FeDDH_MSK = None):
+        self.n = n
+        self.F = F
+        self.G = G
+        self.gs = gs
+        self.gt = gt
+        self.msk = msk
+
+    def has_private_key(self) -> bool:
+        return self.msk is not None
+
+    def get_public_key(self):
+        return _FeDDH_MK(self.n, self.F, self.G, self.gs, self.gt)
+
+
+class _FeDDH_SK:
+    def __init__(self, g2f: GroupElem, f: List[List[int]]):
+        self.g2f = g2f
+        self.f = f
+
+class _FeDDH_C:
+    def __init__(self, g1_gamma: GroupElem, c: List[List[GroupElem]]):
+        self.g1_gamma = g1_gamma
+        self.c = c
+
+class FeDDH:
+
+    @staticmethod
+    def generate(n: int, F: PairingBase = None) -> _FeDDH_MK:
+        """
+        Generate a FeDDH master key
+
+        :param n: Dimension of the encrypt vector
+        :param F: Group to use for the scheme. If set to None, bn128 will be used
+        :return: FeDDH master key
+        """
+        if F is None:
+            F = Bn128Pairing()
+
+        G = ZmodR(F.order())
+
+        s = [G(randbelow(F.order())) for i in range(n)]
+        t = [G(randbelow(F.order())) for i in range(n)]
+
+        g1 = F.generator1()
+        g2 = F.generator2()
+
+        gs = [int(s[i]) * g1 for i in range(n)]
+        gt = [int(t[i]) * g2 for i in range(n)]
+
+        msk = _FeDDH_MSK(s,t)
+
+        return _FeDDH_MK(n, F, G, gs, gt, msk=msk)
+
+    @staticmethod
+    def encrypt(x: List[int], y: List[int], key: _FeDDH_MK) -> _FeDDH_C:
+        """
+        Encrypt FeDDH message vector
+
+        :param x: First Message vector
+        :param y: Second Message vector
+        :param key: FeDDH master key
+        :return: FeDDH cipher text
+        """
+        if len(x) != key.n or len(y) != key.n:
+            raise Exception(f"Encrypt vector must be of length {key.n}")
+
+        gamma = randbelow(key.G.order())
+        W = invertible_matrix(key.G, 2)
+        W_iT = W.inverse().T
+
+        c = [[] for i in range(key.n)]
+
+        g1 = key.F.generator1()
+        g2 = key.F.generator2()
+
+        for i in range(key.n):
+            a = Matrix.flatten((W_iT * Matrix([x[i], gamma * key.msk.s[i]]).T).M)
+            b = Matrix.flatten((W * Matrix([y[i], -key.msk.t[i]]).T).M)
+            c[i] = [int(a[0]) * g1, int(a[1]) * g1, int(b[0]) * g2, int(b[1]) * g2]
+
+        return _FeDDH_C(gamma * g1, c)
+
+    @staticmethod
+    def decrypt(c: _FeDDH_C, pub: _FeDDH_MK, sk: _FeDDH_SK, bound: Tuple[int, int]) -> int:
+        """
+        Decrypt FeDDH cipher text within a bound
+
+        :param c: FeDDH cipher text
+        :param pub: FeDDH public key
+        :param sk: FeDDH decryption key
+        :param bound: Bound for discrete logarithm search, the decrypted text should be within the bound
+        :return: Decrypted message
+        """
+        out = pub.F.pairing(c.g1_gamma, sk.g2f)
+
+        for i in range(pub.n):
+            for j in range(pub.n):
+                t = pub.F.pairing(c.c[i][0], c.c[j][2]) + pub.F.pairing(c.c[i][1], c.c[j][3])
+                out += sk.f[i][j] * t
+
+        g1 = pub.F.generator1()
+        g2 = pub.F.generator2()
+
+        return discrete_log_bound(out, pub.F.pairing(g1, g2), bound)
+
+
+    @staticmethod
+    def keygen(f: List[List[int]], key: _FeDDH_MK) -> _FeDDH_SK:
+        """
+        Generate FeDDH decryption key
+
+        :param f: Function vector f[i][j] is the coefficient for x_iy_j
+        :param key: FeDDH master key
+        :return: FeDDH decryption key
+        """
+        if len(f) != key.n:
+            raise Exception(f"Function vector must be of shape {key.n} x {key.n}")
+        if not key.has_private_key():
+            raise Exception("Private key not found in master key")
+
+        eval = 0
+
+        for i in range(key.n):
+            if len(f[i]) != key.n:
+                raise Exception(f"Function vector must be of shape {key.n} x {key.n}")
+            for j in range(key.n):
+                eval += f[i][j] * key.msk.s[i] * key.msk.t[j]
+
+        g2f = int(eval) * key.F.generator2()
+
+        return _FeDDH_SK(g2f, f)

pyproject.toml

@@ -13,7 +13,7 @@ extragroup = [
 
 [project]
 name = "pymife"
-version = "0.0.10"
+version = "0.0.11"
 authors = [
   { name="mechfrog88", email="kelzzin2@gmail.com" },
 ]

tests/single/quadratic/test_ddh.py

@@ -0,0 +1,54 @@
+import time
+import logging
+from tests.test_base import TestBase
+from mife.single.quadratic.ddh import FeDDH
+
+class TestFeDDH(TestBase):
+
+    def test_scheme_1(self):
+        start = time.time()
+        n = 2
+        x = [i + 2 for i in range(n)]
+        y = [i + 3 for i in range(n)]
+        f = [[i + j + 1 for j in range(n)] for i in range(n)]
+
+        key = FeDDH.generate(n)
+        c = FeDDH.encrypt(x, y, key)
+        sk = FeDDH.keygen(f, key)
+        m = FeDDH.decrypt(c, key.get_public_key(), sk, (0, 1000))
+        end = time.time()
+
+        logging.info(f'Quadratic FeDDH test scheme 1 performance (n={n}): {end - start}s')
+
+        expected = 0
+        for i in range(n):
+            for j in range(n):
+                expected += f[i][j] * x[i] * y[j]
+
+        self.assertEqual(expected, m)
+
+    def test_scheme_2(self):
+        start = time.time()
+        n = 2
+        x = [i - 2 for i in range(n)]
+        y = [i + 3 for i in range(n)]
+        f = [[i - j + 3 for j in range(n)] for i in range(n)]
+
+        key = FeDDH.generate(n)
+        c = FeDDH.encrypt(x, y, key)
+        sk = FeDDH.keygen(f, key)
+        m = FeDDH.decrypt(c, key.get_public_key(), sk, (-10000, 10000))
+        end = time.time()
+
+        logging.info(f'Quadratic FeDDH test scheme 2 performance (n={n}): {end - start}s')
+
+        expected = 0
+        for i in range(n):
+            for j in range(n):
+                expected += f[i][j] * x[i] * y[j]
+
+        print(expected)
+
+        self.assertEqual(expected, m)
+
+