# Mahdavi et al.'s OT-MP-PSI Protocol
## An implementation in SageMath for research purposes

We implement the OT-MP-PSI protocol of Mahdavi et al. It is based on Shamir's Secret Sharing and the homomorphic Paillier encryption scheme.

### Mathematical Preamble


In [23]:
import hashlib
import random

# Prime order of the finite field
q = 11
p = 2*q + 1 # 23 is prime!
# Threshold value
t = 4
# Number of participants (holders of a dataset)
m = 7
# Secret to reconstruct
S = 0

Fp = GF(p)
R = PolynomialRing(Fp,"x")

G = Integers(q)

# Paillier Cryptosystem
p2 = 13
q2 = 17
assert(p2.is_prime())
assert(q2.is_prime())
N  = p2 * q2

alpha = 0

#FN2 = FiniteField(N^2, 'g')
ZN2 = Zmod(N^2)
FN2 = [a for a in ZN2 if gcd(a,N^2) == 1]

g = random.choice(FN2)

### Paillier Encryption

In [24]:
def paillier_encrypt(element):
    r = random.randint(0, N-1)
    return pow(g, element) * pow(r, N)

### Initialize Shamir's Secret Sharing

In [25]:
def sample_coefficients(t):
    coefficients = []
    coefficients.append(S)
    for i in range(0, t-1):
        coefficients.append(Fp.random_element())
    print(coefficients)
    return coefficients

In [26]:
# Construct Polynomial
def poly(coefficients):
    return R(coefficients)

In [27]:
f_x = poly(sample_coefficients(t))
f_x(4)

[0, 6, 6, 0]


5

In [28]:
def H(element):
    h = hashlib.new('sha256')
    h.update(bytes(element))
    return int(h.hexdigest(), 16) % q

In [29]:
H(0b10011101)

7

In [39]:
def keyholder_init():
    coefficients = sample_coefficients(t)
    
def participant_init(element):
    global alpha 
    alpha = random.randint(1,p)
    print(alpha)
    return (pow(H(element), alpha), pow(g, alpha))

In [40]:
def keyholder_processing(part_init_res):
    hash_element, g_power_alpha = part_init_res
    print(hash_element)
    random_numbers = []
    for i in range(0, t-1):
        random_numbers.append(Fp.random_element())
    
    return_values = []
    print(random_numbers)
    for j in range(0, t-1):
        return_values.append(pow(g_power_alpha, random_numbers[j]) * pow(hash_element, coefficients[j+1]))
        
    return return_values

In [41]:
coefficients = sample_coefficients(t)
print(coefficients)
res = participant_init(10)
print(alpha)
print(res)
keyholder_processing(res)

def participant_2(keyholder_values):
    intermediate_results = []
    for i in keyholder_values:
        intermediate_results.append(pow(i, alpha))
        
    # Paillier Encryption
    encrypted_values = []
    for i in intermediate_results:
        encrypted_values.append(paillier_encrypt(i))
    
    return encrypted_values
    
    
participant_2(keyholder_processing(participant_init(10)))

[0, 8, 14, 12]
[0, 8, 14, 12]
3
3
(64, 16102)
64
[21, 21, 3]
3
64
[6, 9, 6]


[5806, 32072, 38726]

In [None]:
def keyholder_2(encrypted_values):
    intermediate_values = []
    for i in encrypted_values:
        intermediate_values.append(i * )