aboutsummaryrefslogtreecommitdiff
path: root/gp-scripts/mp_pub
diff options
context:
space:
mode:
authorMarkus Teich <markus.teich@stusta.mhn.de>2016-11-22 03:17:01 +0100
committerMarkus Teich <markus.teich@stusta.mhn.de>2016-11-22 03:17:01 +0100
commit5706e91058ff6aa4b23b6fb13871853a54a5c4d2 (patch)
treea10f6e774ff6bd9eae30410613f30b90c153ca6a /gp-scripts/mp_pub
parenta74e1503752e310fbfc8dda142c5803eff86dc88 (diff)
downloadlibbrandt-5706e91058ff6aa4b23b6fb13871853a54a5c4d2.tar.gz
libbrandt-5706e91058ff6aa4b23b6fb13871853a54a5c4d2.zip
add m+1st price auctions with public outcome
Diffstat (limited to 'gp-scripts/mp_pub')
-rw-r--r--gp-scripts/mp_pub104
1 files changed, 104 insertions, 0 deletions
diff --git a/gp-scripts/mp_pub b/gp-scripts/mp_pub
new file mode 100644
index 0000000..9b49c13
--- /dev/null
+++ b/gp-scripts/mp_pub
@@ -0,0 +1,104 @@
1\\ From: "Fully private auctions in a constant number of rounds" (2003) by Felix Brandt pages 9-10
2
3
4\\\\\\\\\\\\
5\\ Adapt the following values to your needs
6\\\\\\\\\\\\
7
8\\ auction parameter
9M = 1
10\\ amount of bidders
11n = 2^2
12\\ amount of possible prices
13k = 2^4
14\\ randomize bids (change to something static, if you like)
15bid = vector(n,i,random(k)+1)
16\\bid = vector(n,i,n-i+1) \\ first bidder wins
17\\bid = vector(n,i,i) \\ last bidder wins
18\\bid = vector(n,i,(i+1)%2) \\ second bidder wins (with ties)
19
20\\ prime finite field setup (result may be ambiguous if your prime is too small, 4*n*k seems to work fine)
21\\q = prime(2^12)
22\\ 512bit prime:
23q = 12513167897862218633350152063959653109080007724899931588313481862015596111526299656550478091592311160908219544364381660940520774223634480285451547911456579
24\\ 2048bit prime:
25\\q = 31905233907400964621684499856844075173802000556075101303613351426740101897961025481077892281365444367883091980681462491724119317344478120131982416132058173572772607966572720945691237876256074322291459510766147107539260048324345382562673904236506104922357079761457605045674628331006193183908801308817507027556440703972646885207099302085383887085776295396030033300833460743425162726394704256227108175491673135830378272029374848904772902525385997099641162537271298634032011458617811670193865244028195169383991286227040469186123958053863978710424421008752927011390777187889943940479064193231486057910586526439884046593027
26\\ 3072bit prime:
27\\q = 5175054779340588353586849786144680366505563673837334790820581054294754700842534366479020240016540005621125885927641963390708863183739793208880756653713659686139600715884857385144475261507869935694699816011948585170171332029002674283854825650901258017026965486602158722052719421343475066067509485302858041368266332080773331946039572497794442067057597327877030322029413318847025776818839927761556478107499002213648377029201340152459685610920194363099878398871001275336711869213616313858200583491913270052111910410231060407633125816386053759634073500319223989240814564691163285769745840521560940666058800931070258886096469889796899266014106833050284032035948051974659796051419431527095503586817863043771919051402039741075037010264761045992285666560487072740505566408086913711094879155498223636912657852688296081316652278801546924079650897913388978423388839346058027184069633227966507908979049369500450630036982661231208087459099
28g = Mod(2, q)
29
30\\ get generator / primitive element for G_q
31\\var = 'x \\ copy pasta from internet
32\\pe=ffgen(minpoly(ffprimroot(ffgen(ffinit(p,1))),var),var) \\ get primitive element
33\\1/(fforder(pe) == p-1) \\ error out, if ord(pe) is wrong
34\\g = Mod(eval(Str(pe))^2, p) \\ dirty hack to convert t_FFELEM to t_INT
35
36\\\\\\\\\\\\
37\\ PROLOG
38\\\\\\\\\\\\
39
40\\ private keys of agents
41x = vector(n,i,random(q))
42\\ public keyshares of agents
43yshares = vector(n,i,g^x[i])
44\\ shared public key
45y = prod(X=1,n,yshares[X])
46
47\\ first index level = owning agent id (additive share)
48\\ second index level = agent id, price id
49m = matrix(n,k,a,b,random(q))
50
51\\ index = owning agent id, price id
52r = matrix(n,k,i,j,random(q))
53\\ bid matrix
54b = matrix(n,k,i,j,g^(bid[i]==j))
55
56\\\\\\\\\\\\
57\\ ROUND1
58\\\\\\\\\\\\
59
60\\ encrypted bids
61alpha = matrix(n,k,i,j, b[i,j]*y^r[i,j])
62beta = matrix(n,k,i,j, g^r[i,j])
63
64\\\\\\\\\\\\
65\\ ROUND2
66\\\\\\\\\\\\
67
68\\ multiplicative shares
69\\ first index level = owning agent id (multiplicative share)
70\\ second index level = agent id, price id
71GammaPrice = matrix(n,k,a,j, ( prod(h=1,n,prod(d=j,k,alpha[h,d]) * prod(d=j+1,k,alpha[h,d])) / g^(2*M+1) )^(m[a,j]) )
72DeltaPrice = matrix(n,k,a,j, ( prod(h=1,n,prod(d=j,k, beta[h,d]) * prod(d=j+1,k, beta[h,d])) )^(m[a,j]) )
73GammaWinner = matrix(n,k,a,j, ( GammaPrice[a,j] * prod(h=1,n,prod(d=j+1,k,alpha[h,d]^(2^(h-1)))) ))
74DeltaWinner = matrix(n,k,a,j, ( DeltaPrice[a,j] * prod(h=1,n,prod(d=j+1,k, beta[h,d]^(2^(h-1)))) ))
75
76\\\\\\\\\\\\
77\\ ROUND3
78\\\\\\\\\\\\
79
80\\ multiplicative shares (decryption)
81\\ first index level = owning agent id (multiplicative share)
82\\ second index level = agent id, price id
83PhiPrice = matrix(n,k,a,j, prod(h=1,n,DeltaPrice[h,j])^x[a] )
84PhiWinner = matrix(n,k,a,j, prod(h=1,n,DeltaWinner[h,j])^x[a] )
85
86\\\\\\\\\\\\
87\\ EPILOG
88\\\\\\\\\\\\
89
90\\ winner matrix
91vPrice = lift(vector(k,j, prod(i=1,n,GammaPrice[i,j]) / prod(i=1,n,PhiPrice[i,j]) ))
92vWinner = vector(k,j, prod(i=1,n,GammaWinner[i,j]) / prod(i=1,n,PhiWinner[i,j]) )
93
94print("bids are: ", bid)
95
96price = -1
97for(j=1,k, if(vPrice[j]==1, price=j))
98
99winners = vector(i=1,M,-1)
100winp = binary(znlog(vWinner[price],g)/n)
101cur = 1;
102for(i=1,length(winp), if(winp[length(winp)-i+1]==1,winners[cur]=i;cur=cur+1))
103print("Winners are ", winners)
104print("And the price is ", price)