dbfv

func (*CKG) AggregateShares ¶

func (ckg *CKG) AggregateShares(shares []*ring.Poly) error

AggregateShares is the second part of the first and unique round of the CKS protocol. Uppon receiving the j-1 shares, each party computes :

[sum(a* s_i + e_i), sum(a)] = [b * s + e, b]

func (*CKG) Finalize ¶

func (ckg *CKG) Finalize() (*bfv.PublicKey, error)

Finalize transforms the aggregated shares into a new public-key element and returns it.

func (*CKG) GenShare ¶

func (ckg *CKG) GenShare(sk *ring.Poly) error

GenShare is the first and unique round of the CKG protocol. Each party generates a secret share and computes from it a public-share of the form :

[a*s_i + e_i, a]

and broadcasts it to all other j-1 parties.

func (*CKG) GetShare ¶

func (ckg *CKG) GetShare() *ring.Poly

GetShare returns the public-share stored in the CKG structure.

func (*CKS) Aggregate ¶

func (cks *CKS) Aggregate(c0 *ring.Poly, h []*ring.Poly)

Aggregate is the second part of the unique round of the CKS protocol. Uppon receiving the j-1 elements each party computes :

[ctx[0] + sum((skInput_i - skOutput_i) * ctx[0] + e_i), ctx[1]]

func (*CKS) KeySwitch ¶

func (cks *CKS) KeySwitch(c1 *ring.Poly) *ring.Poly

KeySwitch is the first and unique round of the CKS protocol. Each party holding a ciphertext ctx encrypted under a collective publick-key musth compute the following :

[(skInput_i - skOutput_i) * ctx[0] + e_i]

Each party then broadcast the result of this computation to the other j-1 parties.

func (*CRPGenerator) Clock ¶

func (crpgenerator *CRPGenerator) Clock() *ring.Poly

Clock generates and returns a new uniform polynomial. Also increases the clock cycle by 1.

func (*CRPGenerator) GetClock ¶

func (crpgenerator *CRPGenerator) GetClock() uint64

GetClock returns the current clock of the CRPGenerator.

func (*CRPGenerator) GetSeed ¶

func (crpgenerator *CRPGenerator) GetSeed() []byte

GetSeed returns the seed of the CRPGenerator.

func (*CRPGenerator) Seed ¶

func (crpgenerator *CRPGenerator) Seed(seed []byte)

Seed resets the CRPGenerator and instantiate it with a new seed. Does not change the key.

func (*CRPGenerator) SetClock ¶

func (crpgenerator *CRPGenerator) SetClock(n uint64) error

SetClock sets the clock of the CRPGenerator to the given input by clocking it until the clock cycle reach the desired number. If the given input is smaller than the current clock, it will return an error.

func (*EkgProtocol) Aggregate ¶

func (ekg *EkgProtocol) Aggregate(sk *ring.Poly, samples [][][]*ring.Poly, crp [][]*ring.Poly) (h [][][2]*ring.Poly)

Aggregate is the second of three rounds of the EkgProtocol protocol. Uppon received the j-1 shares, each party computes :

[s_i * sum([-u_j*a + s_j*w + e_j]) + e_i1, s_i*a + e_i2]

= [s_i * (-u*a + s*w + e) + e_i1, s_i*a + e_i2]

and broadcasts both values to the other j-1 parties.

func (*EkgProtocol) ComputeEVK ¶

func (ekg *EkgProtocol) ComputeEVK(h1 [][][]*ring.Poly, h [][][2]*ring.Poly) (collectiveEVK [][][2]*ring.Poly)

ComputeEVK is third part ot the third and last round of the EkgProtocol protocol. Uppon receiving the other j-1 elements, each party computes :

[s * (-u*a + s*w + e) + e_1 + sum([(u_j - s_j)*(s*a + e_2)])]

= [s * (-u*a + s*w + e) + e_1 + (u - s)*(s*a + e_2)]

= [-s*u*a + s^2*w + s*e + e_1 + s*u*a -s^2*a + (u - s)*e_2]

= [-s^2*a + s^2*w + e_1 + (u - s)*e_2]

= [-s^2*a + s^2*w + e]

The evaluation key is therefor : [-s*b + s^2*w + e, s*b]

func (*EkgProtocol) GenSamples ¶

func (ekg *EkgProtocol) GenSamples(u, sk *ring.Poly, crp [][]*ring.Poly) (h [][]*ring.Poly)

GenSamples is the first of three rounds of the EkgProtocol protocol. Each party generates a pseudo encryption of its secret share of the key s_i under its ephemeral key u_i : [-u_i*a + s_i*w + e_i] and broadcasts it to the other j-1 parties.

func (*EkgProtocol) KeySwitch ¶

func (ekg *EkgProtocol) KeySwitch(u, sk *ring.Poly, samples [][][2]*ring.Poly) (h1 [][]*ring.Poly)

KeySwitch is the second pard of the third and last round of the EkgProtocol protocol. Each party operates a key-switch on [s*a + e_2], by computing :

[(u_i - s_i)*(s*a + e_2)]

and broadcasts the result the other j-1 parties.

func (*EkgProtocol) NewEphemeralKey ¶

func (ekg *EkgProtocol) NewEphemeralKey(p float64) (ephemeralKey *ring.Poly, err error)

NewEphemeralKey generates a new Ephemeral Key u_i (needs to be stored for the 3 first round). Each party is required to pre-compute a secret additional ephemeral key in addition to its share of the collective secret-key.

func (*EkgProtocol) Sum ¶

func (ekg *EkgProtocol) Sum(samples [][][][2]*ring.Poly) (h [][][2]*ring.Poly)

Sum is the first part of the third and last round of the EkgProtocol protocol. Uppon receiving the j-1 elements, each party computues :

[sum(s_j * (-u*a + s*w + e) + e_j1), sum(s_j*a + e_j2)]

= [s * (-u*a + s*w + e) + e_1, s*a + e_2].

func (*EkgProtocolNaive) Aggregate ¶

func (ekg *EkgProtocolNaive) Aggregate(sk *ring.Poly, pk [2]*ring.Poly, samples [][][][2]*ring.Poly) (h [][][2]*ring.Poly)

Aggregate is the first part of the second and last round of the naive EKG protocol. Uppon receiving the j-1 elements, each party computes :

[sum(cpk[0]*u_j + s_j * w + e_0j), sum(cpk[1]*u_j + e_1j)]

= [cpk[0]*u + s * w + e_0, cpk[1]*u + e_1]

Using this intermediate result, each party computes :

[s_i * (cpk[0]*u + s * w + e_0) + v_i*cpk[0] + e_2i, s_i*(cpk[1]*u + e_1) + cpk[1] * v_i + e_3i]

= [ cpk[0] * (u*s_i) + (s*s_i) * w + (s_i*e_0) + v_i*cpk[0] + e_2i, cpk[1]*u*s_i + (s_i*e_1) + cpk[1] * v_i + e_3i]

And party broadcast this last result to the other j-1 parties.

func (*EkgProtocolNaive) Finalize ¶

func (ekg *EkgProtocolNaive) Finalize(h [][][][2]*ring.Poly) (evaluationKey [][][2]*ring.Poly)

Finalize is the second part of the second and last round of the naive EKG protocol. Uppon receiving the j-1 elements, each party computes :

[ sum(cpk[0] * (u*s_i) + (s*s_i) * w + (s_i*e_0) + v_i*cpk[0] + e_2i), sum(cpk[1]*u*s_i + (s_i*e_1) + cpk[1] * v_i + e_3i)]

= [cpk[0] * (s*u + v) + (s^2 * w) + s*e_0 + e_2, ckp[1] * (s*u + v) + s*e_1 + e_3]

= [-s*b + s^2 * w - (s*u + b) * e_cpk + s*e_0 + e_2, b + s*e_1 + e_3]

func (*EkgProtocolNaive) GenSamples ¶

func (ekg *EkgProtocolNaive) GenSamples(sk *ring.Poly, pk [2]*ring.Poly) (h [][][2]*ring.Poly)

GenSamples is the first of two rounds of the naive EKG protocol. Using the shared public key "cpk", each party generates a pseudo-encryption of s*w of the form :

[cpk[0]*u_i + s_i * w + e_0i, cpk[1]*u_i + e_1i]

and broadcasts it to all other j-1 parties.

func (*PCKS) Aggregate ¶

func (pcks *PCKS) Aggregate(ct []*ring.Poly, h [][2]*ring.Poly)

Aggregate is the second part of the first and unique round of the PCKS protocol. Each party uppon receiving the j-1 elements from the other parties computes :

[ctx[0] + sum(s_i * ctx[0] + u_i * pk[0] + e_0i), sum(u_i * pk[1] + e_1i)]

func (*PCKS) KeySwitch ¶

func (pcks *PCKS) KeySwitch(ct1 *ring.Poly) (h [2]*ring.Poly)

KeySwitch is the first part of the unique round of the PCKS protocol. Each party computes the following :

[s_i * ctx[0] + u_i * pk[0] + e_0i, u_i * pk[1] + e_1i]

and broadcasts the result to the other j-1 parties.

func (*PRNG) Clock ¶

func (prng *PRNG) Clock() []byte

Clock returns the right 32 bytes of the digest value of the current PRNG state and reseeds the PRNG with the left 32 bytes of the digest value. Also increases the clock cycle by 1.

func (*PRNG) GetClock ¶

func (prng *PRNG) GetClock() uint64

GetClock returns the value of the clock cycle of the PRNG.

func (*PRNG) GetSeed ¶

func (prng *PRNG) GetSeed() []byte

func (*PRNG) Seed ¶

func (prng *PRNG) Seed(seed []byte)

Seed resets the current state of the PRNG (without changing the optional key) and seeds it with the given bytes. Seed will also reset the clock cycle to 0.

func (*PRNG) SetClock ¶

func (prng *PRNG) SetClock(n uint64) error

SetClock sets the clock cycle of the PRNG to a given number by calling Clock until the clock cycle reaches the desired number. Returns an error if the target clock cycle is smaller than the current clock cycle.