Encrypt¶
Encrypt module provides some encryption methods for data. It contains [Paillier], [RSA], and Fake method.
Paillier encryption¶
Paillier encryption is a kind of addition homomorphic encryption which belongs to probabilistic asymmetric algorithm.
- Generate key pairs
To generate key pairs for Paillier, two big prime numbers are needed. The generator will randomly pick two prime numbers, \(p\) and \(q\), whose bit length has been set. Then, p and q will be used as private keys to generate PrivateKey object.
Then use \(n = pq\) as public key to generate PublicKey object.
- Encrypt by PublicKey
Encryption of Paillier follows the steps below.
Encode: Paillier algorithm is applicable only to integer. Thus the input number will be encoded as a integer.
Encrypt: The principle of encryption can be referred to [here] or [this paper]
Apply Obfuscator: Apply an obfuscator so that every encrypted number is different even if the plaintext is the same.
- Decrypt by PrivateKey
Decrypt: Same principle introduction with encrypt above.
Decode: decode back as what it is.
- Addition and Scalar Multiplication
Please refer to the links above with encrypt step for details.
Affine Homomorphic Encryption¶
Affine homomorphic encryption is another kind of addition homomorphic encryption.
- keygen
First generate a big integer \(n\), then generate another three big integers \(a, a^{-1}, b, (a, n) = 1, a * a^{-1}\equiv 1\pmod{n}\).
- Encrypt
\(E(x) = (a * x + b)\pmod{n}\), recorded as pair \((E(x), 1)\), \(E(x)\) is ciphertext, 1 means the bias \(b\) is 1.
- Addition and Scalar Multiplication
\(E(x + y) = (E(x), 1) + (E(y), 1) = ((a * x + b) + (a * y + b), 1 + 1) = ((a * (x + y) + 2 * b), 2) = (E(x + y), 2)\)
\(scalar * E(x) = Scalar * (E(x), 1) = (E(scalar * x), scalar * 1)\)
- Decrypt
Decrypt \((E(x), k)\): remember that \((E(x), k) = a * x + k * b, Dec((E(x), k) = a^{-1} * (E(x) - k * b) \pmod{n} = a^{-1} * (a * x) \pmod{n} = x \pmod{n}\)
IterativeAffine Homomorphic Encryption¶
Iterative Affine homomorphic encryption is another kind of addition homomorphic encryption.
- keygen
Generate an key-tuple array, the element in the array is a tuple \((a, a^{-1}, n)\), where \((a, n) = 1\), \(a^{-1} * a \equiv 1\pmod{n}\). The array is sorted by \(n\).
- Encrypt
- \[E(x) = (Enc_n \circ\dots\circ Enc_1)(x)\]
where \(Enc_r(x) = a_r * x % n_r. a_r\), \(n_r\) is the r-th element of key-tuple array.
- Addition and Scalar Multiplication
\(E(x + y) = E(x) + E(y) = (Enc_n \circ\dots\circ Enc_1)(x + y)\)
\(scalar * E(x) = scalar * ((Enc_n\circ\dots\circ Enc_1)(x)) = (Enc_n\circ\dots\circ Enc_1)(scalar * x)\)
- Decrypt
- \[Dec(E(x)) = (Dec_1 \circ Dec_2 \circ \dots \circ Dec_n)(x)\]
where \(Dec_r(x) = a_r^{-1} * (a_r * x) % n_r = x % n_r\)
RSA encryption¶
This encryption method generates three very large positive integers \(e\), \(d\) and \(n\). Let \(e\), \(n\) as the public-key and d as the privacy-key. While giving data \(v\), the encrypt operator will do \(enc(v) = v ^ e \pmod{n}\), and the decrypt operator will do \(dec(v) = env(v) ^ d \pmod{n}\)
Fake encryption¶
It will do nothing and return input data during encryption and decryption.
Encode¶
Encode module provides some method including “md5”, “sha1”, “sha224”, “sha256”, “sha384”, “sha512” for data encoding. This module can help you to encode your data with more convenient. It also supports for adding salt in front of data or behind data. For the encoding result, you can choose transform it to base64 or not.
Diffne Hellman Key Exchange¶
Diffie–Hellman key exchange is a method to exchange cryptographic keys over a public channel securely
Protocol¶
keygen: generate big prime number \(p\) and \(g\), where \(g\) is a primitive root modulo \(p\)
Alice generates random number \(r_1\); Bob generates random number \(r_2\).
Alice calculates \(g^{r_1}\pmod{p}\) then send to Bob; Bob calculates \(g^{r_2}\pmod{p}\) then sends to Alice.
Alice calculates \((g^{r_2})^{r_1}\pmod{p}) = g^{r_1 r_2} \pmod{p}\); Bob calculates \((g^{r_1})^{r_2}\pmod{p} = g^{r_1 r_2} \pmod{p}\); \(g^{r_1 r_2}\pmod{p}\) is the share key.
How to use¶
from federatedml.secureprotol.diffie_hellman import DiffieHellman
p, g = DiffieHellman.key_pair()
import random
r1 = random.randint(1, 10000000)
r2 = random.randint(1, 10000000)
key1 = DiffieHellman.decrypt(DiffieHellman.encrypt(g, r1, p), r2, p)
key2 = DiffieHellman.decrypt(DiffieHellman.encrypt(g, r2, p), r1, p)
assert key1 == key2