dbfv

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2019 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package dbfv implements a distributed (or threshold) version of the BFV scheme that enables secure multiparty computation solutions with secret-shared secret keys.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCRPGenerator 

func NewCRPGenerator(params *bfv.Parameters, key []byte) *ring.CRPGenerator

Types

type CKGProtocol added in v1.3.0 

type CKGProtocol struct {
	// contains filtered or unexported fields
}

CKGProtocol is the structure storing the parameters and state for a party in the collective key generation protocol.

func NewCKGProtocol added in v1.3.0 

func NewCKGProtocol(params *bfv.Parameters) *CKGProtocol

NewCKGProtocol creates a new CKGProtocol instance

func (*CKGProtocol) AggregateShares added in v1.3.0 

func (ckg *CKGProtocol) AggregateShares(share1, share2, shareOut CKGShare)

AggregateShares aggregates a new share to the aggregate key

func (*CKGProtocol) AllocateShares added in v1.3.0 

func (ckg *CKGProtocol) AllocateShares() CKGShare

AllocateShares allocates the CKG shares.

func (*CKGProtocol) GenPublicKey added in v1.3.0 

func (ckg *CKGProtocol) GenPublicKey(roundShare CKGShare, crs *ring.Poly, pubkey *bfv.PublicKey)

GenPublicKey return the current aggregation of the received shares as a bfv.PublicKey.

func (*CKGProtocol) GenShare added in v1.3.0 

func (ckg *CKGProtocol) GenShare(sk *ring.Poly, crs *ring.Poly, shareOut CKGShare)

GenShare generates the party's public key share from its secret key as:

crs*s_i + e_i

for the receiver protocol. Has no effect is the share was already generated.

type CKGShare added in v1.3.0 

type CKGShare struct {
	*ring.Poly
}

CKGShare is a struct holding a CKG share.

func (*CKGShare) UnmarshalBinary added in v1.3.0 

func (share *CKGShare) UnmarshalBinary(data []byte) error

UnmarshalBinary decode a marshaled CKG share on the target CKG share.

type CKSProtocol added in v1.3.0 

type CKSProtocol struct {
	// contains filtered or unexported fields
}

CKSProtocol is a structure storing the parameters for the collective key-switching protocol.

func NewCKSProtocol added in v1.3.0 

func NewCKSProtocol(params *bfv.Parameters, sigmaSmudging float64) *CKSProtocol

NewCKSProtocol creates a new CKSProtocol that will be used to operate a collective key-switching on a ciphertext encrypted under a collective public-key, whose secret-shares are distributed among j parties, re-encrypting the ciphertext under another public-key, whose secret-shares are also known to the parties.

func (*CKSProtocol) AggregateShares added in v1.3.0 

func (cks *CKSProtocol) AggregateShares(share1, share2, shareOut CKSShare)

AggregateShares is the second part of the unique round of the CKSProtocol protocol. Upon receiving the j-1 elements each party computes :

[ctx[0] + sum((skInput_i - skOutput_i) * ctx[0] + e_i), ctx[1]]

func (*CKSProtocol) AllocateShare added in v1.3.0 

func (cks *CKSProtocol) AllocateShare() CKSShare

AllocateShare allocates the shares of the CKSProtocol

func (*CKSProtocol) GenShare added in v1.3.0 

func (cks *CKSProtocol) GenShare(skInput, skOutput *ring.Poly, ct *bfv.Ciphertext, shareOut CKSShare)

GenShare is the first and unique round of the CKSProtocol protocol. Each party holding a ciphertext ctx encrypted under a collective publick-key musth compute the following :

[(skInput_i - skOutput_i) * ctx[0] + e_i]

Each party then broadcast the result of this computation to the other j-1 parties.

func (*CKSProtocol) KeySwitch added in v1.3.0 

func (cks *CKSProtocol) KeySwitch(combined CKSShare, ct *bfv.Ciphertext, ctOut *bfv.Ciphertext)

KeySwitch performs the actual keyswitching operation on a ciphertext ct and put the result in ctOut

type CKSShare added in v1.3.0 

type CKSShare struct {
	*ring.Poly
}

CKSShare is a type for the CKS protocol shares.

func (*CKSShare) UnmarshalBinary added in v1.3.0 

func (share *CKSShare) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a previouls marshaled share on the target share.

type PCKSProtocol added in v1.3.0 

type PCKSProtocol struct {
	// contains filtered or unexported fields
}

PCKSProtocol is the structure storing the parameters for the collective public key-switching.

func NewPCKSProtocol added in v1.3.0 

func NewPCKSProtocol(params *bfv.Parameters, sigmaSmudging float64) *PCKSProtocol

NewPCKSProtocol creates a new PCKSProtocol object and will be used to re-encrypt a ciphertext ctx encrypted under a secret-shared key among j parties under a new collective public-key.

func (*PCKSProtocol) AggregateShares added in v1.3.0 

func (pcks *PCKSProtocol) AggregateShares(share1, share2, shareOut PCKSShare)

AggregateShares is the second part of the first and unique round of the PCKSProtocol protocol. Each party uppon receiving the j-1 elements from the other parties computes :

[ctx[0] + sum(s_i * ctx[0] + u_i * pk[0] + e_0i), sum(u_i * pk[1] + e_1i)]

func (*PCKSProtocol) AllocateShares added in v1.3.0 

func (pcks *PCKSProtocol) AllocateShares() (s PCKSShare)

AllocateShares allocates the shares of the PCKS protocol

func (*PCKSProtocol) GenShare added in v1.3.0 

func (pcks *PCKSProtocol) GenShare(sk *ring.Poly, pk *bfv.PublicKey, ct *bfv.Ciphertext, shareOut PCKSShare)

GenShare is the first part of the unique round of the PCKSProtocol protocol. Each party computes the following :

[s_i * ctx[0] + (u_i * pk[0] + e_0i)/P, (u_i * pk[1] + e_1i)/P]

and broadcasts the result to the other j-1 parties.

func (*PCKSProtocol) KeySwitch added in v1.3.0 

func (pcks *PCKSProtocol) KeySwitch(combined PCKSShare, ct, ctOut *bfv.Ciphertext)

KeySwitch performs the actual keyswitching operation on a ciphertext ct and put the result in ctOut

type PCKSShare added in v1.3.0 

type PCKSShare [2]*ring.Poly

PCKSShare is a type for the PCKS protocol shares.

func (*PCKSShare) MarshalBinary added in v1.3.0 

func (share *PCKSShare) MarshalBinary() ([]byte, error)

MarshalBinary encodes a PCKS share on a slice of bytes.

func (*PCKSShare) UnmarshalBinary added in v1.3.0 

func (share *PCKSShare) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes marshaled PCKS share on the target PCKS share.

type RKGNaiveShareRoundOne added in v1.3.0 

type RKGNaiveShareRoundOne [][2]*ring.Poly

RKGNaiveShareRoundOne is a struct holding the round one shares of the RKG Naive protocol.

type RKGNaiveShareRoundTwo added in v1.3.0 

type RKGNaiveShareRoundTwo [][2]*ring.Poly

RKGNaiveShareRoundTwo is a struct holding the round two shares of the RKG Naive protocol.

type RKGProtocol added in v1.3.0 

type RKGProtocol struct {
	// contains filtered or unexported fields
}

RKGProtocol is the structure storing the parameters and state for a party in the collective relinearization key generation protocol.

func NewEkgProtocol 

func NewEkgProtocol(params *bfv.Parameters) *RKGProtocol

NewEkgProtocol creates a new RKGProtocol object that will be used to generate a collective evaluation-key among j parties in the given context with the given bit-decomposition.

func (*RKGProtocol) AggregateShareRoundOne added in v1.3.0 

func (ekg *RKGProtocol) AggregateShareRoundOne(share1, share2, shareOut RKGShareRoundOne)

AggregateShareRoundOne adds share1 and share2 on shareOut.

func (*RKGProtocol) AggregateShareRoundThree added in v1.3.0 

func (ekg *RKGProtocol) AggregateShareRoundThree(share1, share2, shareOut RKGShareRoundThree)

AggregateShareRoundThree adds share1 and share2 on shareOut.

func (*RKGProtocol) AggregateShareRoundTwo added in v1.3.0 

func (ekg *RKGProtocol) AggregateShareRoundTwo(share1, share2, shareOut RKGShareRoundTwo)

AggregateShareRoundTwo is the first part of the third and last round of the RKGProtocol protocol. Upon receiving the j-1 elements, each party computes :

[sum(s_j * (-u*a + s*w + e) + e_j1), sum(s_j*a + e_j2)]

= [s * (-u*a + s*w + e) + e_1, s*a + e_2].

func (*RKGProtocol) AllocateShares added in v1.3.0 

func (ekg *RKGProtocol) AllocateShares() (r1 RKGShareRoundOne, r2 RKGShareRoundTwo, r3 RKGShareRoundThree)

AllocateShares allocates the shares of the EKG protocol.

func (*RKGProtocol) GenRelinearizationKey added in v1.3.0 

func (ekg *RKGProtocol) GenRelinearizationKey(round2 RKGShareRoundTwo, round3 RKGShareRoundThree, evalKeyOut *bfv.EvaluationKey)

GenRelinearizationKey finalizes the protocol and returns the common EvaluationKey.

func (*RKGProtocol) GenShareRoundOne added in v1.3.0 

func (ekg *RKGProtocol) GenShareRoundOne(u, sk *ring.Poly, crp []*ring.Poly, shareOut RKGShareRoundOne)

GenShareRoundOne is the first of three rounds of the RKGProtocol protocol. Each party generates a pseudo encryption of its secret share of the key s_i under its ephemeral key u_i : [-u_i*a + s_i*w + e_i] and broadcasts it to the other j-1 parties.

func (*RKGProtocol) GenShareRoundThree added in v1.3.0 

func (ekg *RKGProtocol) GenShareRoundThree(round2 RKGShareRoundTwo, u, sk *ring.Poly, shareOut RKGShareRoundThree)

GenShareRoundThree is the second pard of the third and last round of the RKGProtocol protocol. Each party operates a key-switch on [s*a + e_2], by computing :

[(u_i - s_i)*(s*a + e_2)]

and broadcasts the result to the other j-1 parties.

func (*RKGProtocol) GenShareRoundTwo added in v1.3.0 

func (ekg *RKGProtocol) GenShareRoundTwo(round1 RKGShareRoundOne, sk *ring.Poly, crp []*ring.Poly, shareOut RKGShareRoundTwo)

GenShareRoundTwo is the second of three rounds of the RKGProtocol protocol. Upon receiving the j-1 shares, each party computes :

[s_i * sum([-u_j*a + s_j*w + e_j]) + e_i1, s_i*a + e_i2]

= [s_i * (-u*a + s*w + e) + e_i1, s_i*a + e_i2]

and broadcasts both values to the other j-1 parties.

func (*RKGProtocol) NewEphemeralKey added in v1.3.0 

func (ekg *RKGProtocol) NewEphemeralKey(p float64) (ephemeralKey *ring.Poly)

NewEphemeralKey generates a new Ephemeral Key u_i (needs to be stored for the 3 first rounds). Each party is required to pre-compute a secret additional ephemeral key in addition to its share of the collective secret-key.

type RKGProtocolNaive added in v1.3.0 

type RKGProtocolNaive struct {
	// contains filtered or unexported fields
}

RKGProtocolNaive is a structure storing the parameters for the naive EKG protocol.

func NewRKGProtocolNaive added in v1.3.0 

func NewRKGProtocolNaive(params *bfv.Parameters) (rkg *RKGProtocolNaive)

NewRKGProtocolNaive creates a new RKGProtocolNaive object that will be used to generate a collective evaluation-key among j parties in the given context with the given bit-decomposition.

func (*RKGProtocolNaive) AggregateShareRoundOne added in v1.3.0 

func (rkg *RKGProtocolNaive) AggregateShareRoundOne(share1, share2, shareOut RKGNaiveShareRoundOne)

AggregateShareRoundOne is the second part of the first round of the naive EKG protocol. Upon receiving the j-1 elements, each party computes :

[sum(cpk[0] * u_j + P * s_j + e_0j), sum(cpk[1] * u_j + e_1j)]

= [cpk[0] * u + P * s + e_0, cpk[1]*u + e_1]

func (*RKGProtocolNaive) AggregateShareRoundTwo added in v1.3.0 

func (rkg *RKGProtocolNaive) AggregateShareRoundTwo(share1, share2, shareOut RKGNaiveShareRoundTwo)

AggregateShareRoundTwo is the second part of the second and last round of the naive EKG protocol. Uppon receiving the j-1 elements, each party computes :

[ sum(cpk[0] * (u*s_i) + P * (s*s_i) + (s_i*e_0) + v_i*cpk[0] + e_2i), sum(cpk[1]*u*s_i + (s_i*e_1) + cpk[1] * v_i + e_3i)]

= [cpk[0] * (s*u + v) + (P * s^2 ) + s*e_0 + e_2, ckp[1] * (s*u + v) + s*e_1 + e_3]

= [-s*b + P * s^2 - (s*u + b) * e_cpk + s*e_0 + e_2, b + s*e_1 + e_3]

func (*RKGProtocolNaive) AllocateShares added in v1.3.0 

func (rkg *RKGProtocolNaive) AllocateShares() (r1 RKGNaiveShareRoundOne, r2 RKGNaiveShareRoundTwo)

AllocateShares shares allocates the shares of the RKG Naive protocol

func (*RKGProtocolNaive) GenRelinearizationKey added in v1.3.0 

func (rkg *RKGProtocolNaive) GenRelinearizationKey(round2 RKGNaiveShareRoundTwo, evalKeyOut *bfv.EvaluationKey)

GenRelinearizationKey finalizes the protocol and returns the common EvaluationKey.

func (*RKGProtocolNaive) GenShareRoundOne added in v1.3.0 

func (rkg *RKGProtocolNaive) GenShareRoundOne(sk *ring.Poly, pk [2]*ring.Poly, shareOut RKGNaiveShareRoundOne)

GenShareRoundOne is the first of two rounds of the naive EKG protocol. Using the shared public key "cpk", each party generates a pseudo-encryption of s*w of the form :

[cpk[0]*u_i + s_i * w + e_0i, cpk[1]*u_i + e_1i]

and broadcasts it to all other j-1 parties.

func (*RKGProtocolNaive) GenShareRoundTwo added in v1.3.0 

func (rkg *RKGProtocolNaive) GenShareRoundTwo(round1 RKGNaiveShareRoundOne, sk *ring.Poly, pk [2]*ring.Poly, shareOut RKGNaiveShareRoundTwo)

GenShareRoundTwo is the first part of the second round, each party computes :

[s_i * (cpk[0] * u + P * s + e_0) + v_i * cpk[0] + e_2i, s_i * (cpk[1] * u + e_1) + cpk[1] * v_i + e_3i]

= [ cpk[0] * (u * s_i) + P * (s * s_i) + (s_i * e_0) + v_i*cpk[0] + e_2i, cpk[1] * u * s_i + (s_i * e_1) + cpk[1] * v_i + e_3i]

And party broadcast this last result to the other j-1 parties.

type RKGShareRoundOne added in v1.3.0 

type RKGShareRoundOne []*ring.Poly

RKGShareRoundOne is a struct storing the round one RKG shares.

func (*RKGShareRoundOne) MarshalBinary added in v1.3.0 

func (share *RKGShareRoundOne) MarshalBinary() ([]byte, error)

MarshalBinary encodes the target element on a slice of bytes.

func (*RKGShareRoundOne) UnmarshalBinary added in v1.3.0 

func (share *RKGShareRoundOne) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a slice of bytes on the target element.

type RKGShareRoundThree added in v1.3.0 

type RKGShareRoundThree []*ring.Poly

RKGShareRoundThree is a struct storing the round three RKG shares.

func (*RKGShareRoundThree) MarshalBinary added in v1.3.0 

func (share *RKGShareRoundThree) MarshalBinary() ([]byte, error)

MarshalBinary encodes the target element on a slice of bytes.

func (*RKGShareRoundThree) UnmarshalBinary added in v1.3.0 

func (share *RKGShareRoundThree) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a slice of bytes on the target element.

type RKGShareRoundTwo added in v1.3.0 

type RKGShareRoundTwo [][2]*ring.Poly

RKGShareRoundTwo is a struct storing the round two RKG shares.

func (*RKGShareRoundTwo) MarshalBinary added in v1.3.0 

func (share *RKGShareRoundTwo) MarshalBinary() ([]byte, error)

MarshalBinary encodes the target element on a slice of bytes.

func (*RKGShareRoundTwo) UnmarshalBinary added in v1.3.0 

func (share *RKGShareRoundTwo) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a slice of bytes on the target element.

type RTGProtocol added in v1.3.0 

type RTGProtocol struct {
	// contains filtered or unexported fields
}

RTGProtocol is the structure storing the parameters for the collective rotation-keys generation.

func NewRotKGProtocol added in v1.3.0 

func NewRotKGProtocol(params *bfv.Parameters) (rtg *RTGProtocol)

NewRotKGProtocol creates a new rotkg object and will be used to generate collective rotation-keys from a shared secret-key among j parties.

func (*RTGProtocol) Aggregate added in v1.3.0 

func (rtg *RTGProtocol) Aggregate(share1, share2, shareOut RTGShare)

Aggregate is the second part of the unique round of the rotkg protocol. Uppon receiving the j-1 public shares, each party computes :

[sum(a*a_j + (pi(a_j) - a_j) + e_j), a]

func (*RTGProtocol) AllocateShare added in v1.3.0 

func (rtg *RTGProtocol) AllocateShare() (rtgShare RTGShare)

AllocateShare allocates the shares of the RTG protocol.

func (*RTGProtocol) Finalize added in v1.3.0 

func (rtg *RTGProtocol) Finalize(share RTGShare, crp []*ring.Poly, rotKey *bfv.RotationKeys)

Finalize populates the input RotationKeys struture with the Switching key computed from the protocol.

func (*RTGProtocol) GenShare added in v1.3.0 

func (rtg *RTGProtocol) GenShare(rotType bfv.Rotation, k uint64, sk *ring.Poly, crp []*ring.Poly, shareOut *RTGShare)

GenShare is the first and unique round of the rotkg protocol. Each party, using its secret share of the collective secret-key and a collective random polynomial, a public share of the rotation-key by computing :

[a*s_i + (pi(s_i) - s_i) + e]

and broadcasts it to the other j-1 parties. The protocol must be repeated for each desired rotation.

type RTGShare added in v1.3.0 

type RTGShare struct {
	Type  bfv.Rotation
	K     uint64
	Value []*ring.Poly
}

RTGShare is the structure storing the shares of the RTG protocol

func (*RTGShare) MarshalBinary added in v1.3.0 

func (share *RTGShare) MarshalBinary() ([]byte, error)

MarshalBinary encode the target element on a slice of byte.

func (*RTGShare) UnmarshalBinary added in v1.3.0 

func (share *RTGShare) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a slice of bytes on the target element.

type RefreshProtocol added in v1.3.0 

type RefreshProtocol struct {
	// contains filtered or unexported fields
}

RefreshProtocol is a struct storing the relevant parameters for the Refresh protocol.

func NewRefreshProtocol added in v1.3.0 

func NewRefreshProtocol(params *bfv.Parameters) (refreshProtocol *RefreshProtocol)

NewRefreshProtocol creates a new Refresh protocol instance.

func (*RefreshProtocol) Aggregate added in v1.3.0 

func (rfp *RefreshProtocol) Aggregate(share1, share2, shareOut RefreshShare)

Aggregate sums share1 and share2 on shareOut.

func (*RefreshProtocol) AllocateShares added in v1.3.0 

func (rfp *RefreshProtocol) AllocateShares() RefreshShare

AllocateShares allocates the shares of the Refresh protocol.

func (*RefreshProtocol) Decrypt added in v1.3.0 

func (rfp *RefreshProtocol) Decrypt(ciphertext *bfv.Ciphertext, shareDecrypt RefreshShareDecrypt, sharePlaintext *ring.Poly)

Decrypt operates a masked decryption on the input ciphertext using the provided decryption shares.

func (*RefreshProtocol) Finalize added in v1.3.0 

func (rfp *RefreshProtocol) Finalize(ciphertext *bfv.Ciphertext, crs *ring.Poly, share RefreshShare, ciphertextOut *bfv.Ciphertext)

Finalize applies Decrypt, Recode and Recrypt on the input ciphertext.

func (*RefreshProtocol) GenShares added in v1.3.0 

func (rfp *RefreshProtocol) GenShares(sk *ring.Poly, ciphertext *bfv.Ciphertext, crs *ring.Poly, share RefreshShare)

GenShares generates a share for the Refresh protocol.

func (*RefreshProtocol) Recode added in v1.3.0 

func (rfp *RefreshProtocol) Recode(sharePlaintext *ring.Poly, sharePlaintextOut *ring.Poly)

Recode decodes and re-encode (removing the error) the masked decrypted ciphertext.

func (*RefreshProtocol) Recrypt added in v1.3.0 

func (rfp *RefreshProtocol) Recrypt(sharePlaintext *ring.Poly, crs *ring.Poly, shareRecrypt RefreshShareRecrypt, ciphertextOut *bfv.Ciphertext)

Recrypt recrypts the input masked decrypted ciphertext with the recryption shares.

type RefreshShare added in v1.3.0 

type RefreshShare struct {
	RefreshShareDecrypt RefreshShareDecrypt
	RefreshShareRecrypt RefreshShareRecrypt
}

RefreshShare is a struct storing the decryption and recryption shares.

func (*RefreshShare) MarshalBinary added in v1.3.0 

func (share *RefreshShare) MarshalBinary() ([]byte, error)

MarshalBinary encodes a RefreshShare on a slice of bytes.

func (*RefreshShare) UnmarshalBinary added in v1.3.0 

func (share *RefreshShare) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a marshaled RefreshShare on the target RefreshShare.

type RefreshShareDecrypt added in v1.3.0 

type RefreshShareDecrypt *ring.Poly

RefreshShareDecrypt is a struct storing the decrpytion share.

type RefreshShareRecrypt added in v1.3.0 

type RefreshShareRecrypt *ring.Poly

RefreshShareRecrypt is a struct storing the recrpytion share.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.