1 files changed, 186 insertions, 0 deletions
diff --git a/gp-scripts/firstPrice.gp b/gp-scripts/firstPrice.gp
new file mode 100644
index 0000000..5642fa0
--- /dev/null
+++ b/gp-scripts/firstPrice.gp
@@ -0,0 +1,186 @@
+\\ From: "How to obtain full privacy in auctions" (2006) by Felix Brandt pages 19-20
+\\\\\\\\\\\\
+\\ Adapt the following values to your needs
+\\\\\\\\\\\\
+\\ amount of bidders
+n = 3
+\\ amount of possible prices
+k = 2^2
+\\ randomize bids (change to something static, if you like)
+bid = vector(n,i,random(k)+1)
+\\bid = vector(n,i,n-i+1)     \\ first bidder wins
+\\bid = vector(n,i,i)         \\ last bidder wins
+\\bid = vector(n,i,(i+1)%2)   \\ second bidder wins (with ties)
+\\\\\\\\\\\\
+\\ SETUP
+\\\\\\\\\\\\
+read(group)
+read(zkp)
+\\\\\\\\\\\\
+\\ PROLOG
+\\\\\\\\\\\\
+\\ private keys of agents
+x = vector(n,i,random(q))
+\\ first index level = owning agent id (additive share)
+\\ second index level = agent id, price id
+m = vector(n,i,matrix(n,k,a,b,random(q)))
+\\ zkp
+proofs1 = vector(n,i,zkp1_proof(G, x[i]))
+\\ public keyshares of agents
+yshares = vector(n,i,proofs1[i][4])
+\\yshares = vector(n,i,G^x[i])
+\\ for performance evaluations we need to check the proofs for every bidder
+\\ i := checking bidder (0 == seller)
+\\ h := bidder to check
+{
+for(i=0,n,
+        for(h=1,n,
+                if(1 != zkp1_check(proofs1[h]),
+                        error("zkp1 failure in round0")
+                )
+        )
+)
+}
+\\ shared public key
+y = prod(X=1,n,yshares[X])
+\\\\\\\\\\\\
+\\ ROUND1
+\\\\\\\\\\\\
+\\ bid matrix
+b = matrix(n,k,i,j,G^(bid[i]==j))
+\\ zkp
+proofs3 = matrix(n,k,i,j, zkp3_proof(G,y,G^(bid[i]==j)))
+\\ index = owning agent id, price id
+r = matrix(n,k,i,j,proofs3[i,j][13])
+\\r = matrix(n,k,i,j,random(q))
+\\ encrypted bids
+Alpha = matrix(n,k,i,j, proofs3[i,j][3])
+Beta  = matrix(n,k,i,j, proofs3[i,j][4])
+\\Alpha = matrix(n,k,i,j, b[i,j]*y^r[i,j])
+\\Beta  = matrix(n,k,i,j,        G^r[i,j])
+proofs2 = vector(n,i, zkp2_proof(y,G,sum(j=1,k, r[i,j])))
+\\ i := checking bidder (0 == seller)
+\\ h := bidder to check
+\\ j := price index to check
+{
+for(i=0,n,
+        for(h=1,n,
+                for(j=1,k,
+                        if(1 != zkp3_check(proofs3[h,j]),
+                                error("zkp3 failure in round1")
+                        )
+                );
+                if((prod(j=1,k,Alpha[h,j])/G) != proofs2[h][6],
+                        error("alpha product doesn't match")
+                );
+                if(prod(j=1,k,Beta[h,j]) != proofs2[h][7],
+                        error("beta product doesn't match")
+                );
+                if(1 != zkp2_check(proofs2[h]),
+                        error("zkp2 failure in round1")
+                )
+        )
+)
+}
+\\\\\\\\\\\\
+\\ ROUND2
+\\\\\\\\\\\\
+\\ multiplicative shares
+\\ first index level = owning agent id (multiplicative share)
+\\ second index level = agent id, price id
+Gamma = vector(n,a,matrix(n,k,i,j, prod(h=1,n,prod(d=j+1,k,Alpha[h,d])) * prod(d=1,j-1,Alpha[i,d]) * prod(h=1,i-1,Alpha[h,j]) ))
+Delta = vector(n,a,matrix(n,k,i,j, prod(h=1,n,prod(d=j+1,k, Beta[h,d])) * prod(d=1,j-1, Beta[i,d]) * prod(h=1,i-1, Beta[h,j]) ))
+\\Gamma = vector(n,a,matrix(n,k,i,j, ( prod(h=1,n,prod(d=j+1,k,Alpha[h,d])) * prod(d=1,j-1,Alpha[i,d]) * prod(h=1,i-1,Alpha[h,j]) )^m[a][i,j] ))
+\\Delta = vector(n,a,matrix(n,k,i,j, ( prod(h=1,n,prod(d=j+1,k, Beta[h,d])) * prod(d=1,j-1, Beta[i,d]) * prod(h=1,i-1, Beta[h,j]) )^m[a][i,j] ))
+\\ random masking and zkp
+proofs2 = vector(n,a,matrix(n,k,i,j, zkp2_proof(Gamma[a][i,j], Delta[a][i,j], random(q)) ))
+\\ for performance evaluations we need to check the proofs for every bidder
+\\ i := checking bidder (0 == seller)
+\\ h := bidder to check
+\\ t := target bidder (creator of the proof)
+\\ j := price
+{
+for(t=1,n,
+        for(h=1,n,
+                for(j=1,k,
+                        for(i=0,n,
+                                if(1 != zkp2_check(proofs2[t][h,j]),
+                                        error("zkp2 failure in round2")
+                                )
+                        );
+                        \\ use masked values generated during the zkp
+                        Gamma[t][h,j] = proofs2[t][h,j][6];
+                        Delta[t][h,j] = proofs2[t][h,j][7];
+                )
+        )
+)
+}
+\\\\\\\\\\\\
+\\ ROUND3
+\\\\\\\\\\\\
+\\ multiplicative shares (decryption)
+\\ first index level = owning agent id (multiplicative share)
+\\ second index level = agent id, price id
+Phi = vector(n,a,matrix(n,k,i,j, prod(h=1,n,Delta[h][i,j]) ))
+\\Phi = vector(n,a,matrix(n,k,i,j, prod(h=1,n,Delta[h][i,j])^x[a] ))
+proofs2 = vector(n,a,matrix(n,k,i,j, zkp2_proof(Phi[a][i,j], G, x[a]) ))
+\\ for performance evaluations we need to check the proofs for every bidder
+\\ i := checking bidder (0 == seller)
+\\ h := bidder to check
+\\ t := target bidder (creator of the proof)
+\\ j := price
+{
+for(t=1,n,
+        for(h=1,n,
+                for(j=1,k,
+                        for(i=0,n,
+                                if(1 != zkp2_check(proofs2[t][h,j]),
+                                        error("zkp2 failure in round2")
+                                )
+                        );
+                        \\ use masked values generated during the zkp
+                        Phi[t][h,j] = proofs2[t][h,j][6];
+                )
+        )
+)
+}
+\\\\\\\\\\\\
+\\ EPILOG
+\\\\\\\\\\\\
+\\ winner matrix
+v = matrix(n,k,a,j, prod(i=1,n,Gamma[i][a,j]) / prod(i=1,n,Phi[i][a,j]) )
+vi = lift(v)
+print("bids are: ", bid)
+for(X=1,n, if(vecmin(vi[X,])==1, print("And the winner is ", X) ))
+;

diff --git a/gp-scripts/firstPrice.gp b/gp-scripts/firstPrice.gp new file mode 100644 index 0000000..5642fa0 --- /dev/null +++ b/gp-scripts/firstPrice.gp
@@ -0,0 +1,186 @@
	1	\\ From: "How to obtain full privacy in auctions" (2006) by Felix Brandt pages 19-20
	2
	3
	4	\\\\\\\\\\\\
	5	\\ Adapt the following values to your needs
	6	\\\\\\\\\\\\
	7
	8	\\ amount of bidders
	9	n = 3
	10	\\ amount of possible prices
	11	k = 2^2
	12	\\ randomize bids (change to something static, if you like)
	13	bid = vector(n,i,random(k)+1)
	14	\\bid = vector(n,i,n-i+1) \\ first bidder wins
	15	\\bid = vector(n,i,i) \\ last bidder wins
	16	\\bid = vector(n,i,(i+1)%2) \\ second bidder wins (with ties)
	17
	18	\\\\\\\\\\\\
	19	\\ SETUP
	20	\\\\\\\\\\\\
	21
	22	read(group)
	23	read(zkp)
	24
	25	\\\\\\\\\\\\
	26	\\ PROLOG
	27	\\\\\\\\\\\\
	28
	29	\\ private keys of agents
	30	x = vector(n,i,random(q))
	31	\\ first index level = owning agent id (additive share)
	32	\\ second index level = agent id, price id
	33	m = vector(n,i,matrix(n,k,a,b,random(q)))
	34
	35	\\ zkp
	36	proofs1 = vector(n,i,zkp1_proof(G, x[i]))
	37
	38	\\ public keyshares of agents
	39	yshares = vector(n,i,proofs1[i][4])
	40	\\yshares = vector(n,i,G^x[i])
	41
	42	\\ for performance evaluations we need to check the proofs for every bidder
	43	\\ i := checking bidder (0 == seller)
	44	\\ h := bidder to check
	45	{
	46	for(i=0,n,
	47	for(h=1,n,
	48	if(1 != zkp1_check(proofs1[h]),
	49	error("zkp1 failure in round0")
	50	)
	51	)
	52	)
	53	}
	54
	55	\\ shared public key
	56	y = prod(X=1,n,yshares[X])
	57
	58	\\\\\\\\\\\\
	59	\\ ROUND1
	60	\\\\\\\\\\\\
	61
	62	\\ bid matrix
	63	b = matrix(n,k,i,j,G^(bid[i]==j))
	64
	65	\\ zkp
	66	proofs3 = matrix(n,k,i,j, zkp3_proof(G,y,G^(bid[i]==j)))
	67
	68	\\ index = owning agent id, price id
	69	r = matrix(n,k,i,j,proofs3[i,j][13])
	70	\\r = matrix(n,k,i,j,random(q))
	71
	72	\\ encrypted bids
	73	Alpha = matrix(n,k,i,j, proofs3[i,j][3])
	74	Beta = matrix(n,k,i,j, proofs3[i,j][4])
	75	\\Alpha = matrix(n,k,i,j, b[i,j]*y^r[i,j])
	76	\\Beta = matrix(n,k,i,j, G^r[i,j])
	77
	78	proofs2 = vector(n,i, zkp2_proof(y,G,sum(j=1,k, r[i,j])))
	79	\\ i := checking bidder (0 == seller)
	80	\\ h := bidder to check
	81	\\ j := price index to check
	82	{
	83	for(i=0,n,
	84	for(h=1,n,
	85	for(j=1,k,
	86	if(1 != zkp3_check(proofs3[h,j]),
	87	error("zkp3 failure in round1")
	88	)
	89	);
	90	if((prod(j=1,k,Alpha[h,j])/G) != proofs2[h][6],
	91	error("alpha product doesn't match")
	92	);
	93	if(prod(j=1,k,Beta[h,j]) != proofs2[h][7],
	94	error("beta product doesn't match")
	95	);
	96	if(1 != zkp2_check(proofs2[h]),
	97	error("zkp2 failure in round1")
	98	)
	99	)
	100	)
	101	}
	102
	103	\\\\\\\\\\\\
	104	\\ ROUND2
	105	\\\\\\\\\\\\
	106
	107	\\ multiplicative shares
	108	\\ first index level = owning agent id (multiplicative share)
	109	\\ second index level = agent id, price id
	110	Gamma = vector(n,a,matrix(n,k,i,j, prod(h=1,n,prod(d=j+1,k,Alpha[h,d])) * prod(d=1,j-1,Alpha[i,d]) * prod(h=1,i-1,Alpha[h,j]) ))
	111	Delta = vector(n,a,matrix(n,k,i,j, prod(h=1,n,prod(d=j+1,k, Beta[h,d])) * prod(d=1,j-1, Beta[i,d]) * prod(h=1,i-1, Beta[h,j]) ))
	112	\\Gamma = vector(n,a,matrix(n,k,i,j, ( prod(h=1,n,prod(d=j+1,k,Alpha[h,d])) * prod(d=1,j-1,Alpha[i,d]) * prod(h=1,i-1,Alpha[h,j]) )^m[a][i,j] ))
	113	\\Delta = vector(n,a,matrix(n,k,i,j, ( prod(h=1,n,prod(d=j+1,k, Beta[h,d])) * prod(d=1,j-1, Beta[i,d]) * prod(h=1,i-1, Beta[h,j]) )^m[a][i,j] ))
	114
	115	\\ random masking and zkp
	116	proofs2 = vector(n,a,matrix(n,k,i,j, zkp2_proof(Gamma[a][i,j], Delta[a][i,j], random(q)) ))
	117
	118	\\ for performance evaluations we need to check the proofs for every bidder
	119	\\ i := checking bidder (0 == seller)
	120	\\ h := bidder to check
	121	\\ t := target bidder (creator of the proof)
	122	\\ j := price
	123	{
	124	for(t=1,n,
	125	for(h=1,n,
	126	for(j=1,k,
	127	for(i=0,n,
	128	if(1 != zkp2_check(proofs2[t][h,j]),
	129	error("zkp2 failure in round2")
	130	)
	131	);
	132	\\ use masked values generated during the zkp
	133	Gamma[t][h,j] = proofs2[t][h,j][6];
	134	Delta[t][h,j] = proofs2[t][h,j][7];
	135	)
	136	)
	137	)
	138	}
	139
	140
	141	\\\\\\\\\\\\
	142	\\ ROUND3
	143	\\\\\\\\\\\\
	144
	145	\\ multiplicative shares (decryption)
	146	\\ first index level = owning agent id (multiplicative share)
	147	\\ second index level = agent id, price id
	148	Phi = vector(n,a,matrix(n,k,i,j, prod(h=1,n,Delta[h][i,j]) ))
	149	\\Phi = vector(n,a,matrix(n,k,i,j, prod(h=1,n,Delta[h][i,j])^x[a] ))
	150
	151	proofs2 = vector(n,a,matrix(n,k,i,j, zkp2_proof(Phi[a][i,j], G, x[a]) ))
	152
	153	\\ for performance evaluations we need to check the proofs for every bidder
	154	\\ i := checking bidder (0 == seller)
	155	\\ h := bidder to check
	156	\\ t := target bidder (creator of the proof)
	157	\\ j := price
	158	{
	159	for(t=1,n,
	160	for(h=1,n,
	161	for(j=1,k,
	162	for(i=0,n,
	163	if(1 != zkp2_check(proofs2[t][h,j]),
	164	error("zkp2 failure in round2")
	165	)
	166	);
	167	\\ use masked values generated during the zkp
	168	Phi[t][h,j] = proofs2[t][h,j][6];
	169	)
	170	)
	171	)
	172	}
	173
	174
	175	\\\\\\\\\\\\
	176	\\ EPILOG
	177	\\\\\\\\\\\\
	178
	179	\\ winner matrix
	180	v = matrix(n,k,a,j, prod(i=1,n,Gamma[i][a,j]) / prod(i=1,n,Phi[i][a,j]) )
	181	vi = lift(v)
	182
	183	print("bids are: ", bid)
	184	for(X=1,n, if(vecmin(vi[X,])==1, print("And the winner is ", X) ))
	185
	186	;