diff options
Diffstat (limited to 'gp-scripts/mp_pub')
-rw-r--r-- | gp-scripts/mp_pub | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/gp-scripts/mp_pub b/gp-scripts/mp_pub new file mode 100644 index 0000000..9b49c13 --- /dev/null +++ b/gp-scripts/mp_pub | |||
@@ -0,0 +1,104 @@ | |||
1 | \\ From: "Fully private auctions in a constant number of rounds" (2003) by Felix Brandt pages 9-10 | ||
2 | |||
3 | |||
4 | \\\\\\\\\\\\ | ||
5 | \\ Adapt the following values to your needs | ||
6 | \\\\\\\\\\\\ | ||
7 | |||
8 | \\ auction parameter | ||
9 | M = 1 | ||
10 | \\ amount of bidders | ||
11 | n = 2^2 | ||
12 | \\ amount of possible prices | ||
13 | k = 2^4 | ||
14 | \\ randomize bids (change to something static, if you like) | ||
15 | bid = vector(n,i,random(k)+1) | ||
16 | \\bid = vector(n,i,n-i+1) \\ first bidder wins | ||
17 | \\bid = vector(n,i,i) \\ last bidder wins | ||
18 | \\bid = vector(n,i,(i+1)%2) \\ second bidder wins (with ties) | ||
19 | |||
20 | \\ prime finite field setup (result may be ambiguous if your prime is too small, 4*n*k seems to work fine) | ||
21 | \\q = prime(2^12) | ||
22 | \\ 512bit prime: | ||
23 | q = 12513167897862218633350152063959653109080007724899931588313481862015596111526299656550478091592311160908219544364381660940520774223634480285451547911456579 | ||
24 | \\ 2048bit prime: | ||
25 | \\q = 31905233907400964621684499856844075173802000556075101303613351426740101897961025481077892281365444367883091980681462491724119317344478120131982416132058173572772607966572720945691237876256074322291459510766147107539260048324345382562673904236506104922357079761457605045674628331006193183908801308817507027556440703972646885207099302085383887085776295396030033300833460743425162726394704256227108175491673135830378272029374848904772902525385997099641162537271298634032011458617811670193865244028195169383991286227040469186123958053863978710424421008752927011390777187889943940479064193231486057910586526439884046593027 | ||
26 | \\ 3072bit prime: | ||
27 | \\q = 5175054779340588353586849786144680366505563673837334790820581054294754700842534366479020240016540005621125885927641963390708863183739793208880756653713659686139600715884857385144475261507869935694699816011948585170171332029002674283854825650901258017026965486602158722052719421343475066067509485302858041368266332080773331946039572497794442067057597327877030322029413318847025776818839927761556478107499002213648377029201340152459685610920194363099878398871001275336711869213616313858200583491913270052111910410231060407633125816386053759634073500319223989240814564691163285769745840521560940666058800931070258886096469889796899266014106833050284032035948051974659796051419431527095503586817863043771919051402039741075037010264761045992285666560487072740505566408086913711094879155498223636912657852688296081316652278801546924079650897913388978423388839346058027184069633227966507908979049369500450630036982661231208087459099 | ||
28 | g = Mod(2, q) | ||
29 | |||
30 | \\ get generator / primitive element for G_q | ||
31 | \\var = 'x \\ copy pasta from internet | ||
32 | \\pe=ffgen(minpoly(ffprimroot(ffgen(ffinit(p,1))),var),var) \\ get primitive element | ||
33 | \\1/(fforder(pe) == p-1) \\ error out, if ord(pe) is wrong | ||
34 | \\g = Mod(eval(Str(pe))^2, p) \\ dirty hack to convert t_FFELEM to t_INT | ||
35 | |||
36 | \\\\\\\\\\\\ | ||
37 | \\ PROLOG | ||
38 | \\\\\\\\\\\\ | ||
39 | |||
40 | \\ private keys of agents | ||
41 | x = vector(n,i,random(q)) | ||
42 | \\ public keyshares of agents | ||
43 | yshares = vector(n,i,g^x[i]) | ||
44 | \\ shared public key | ||
45 | y = prod(X=1,n,yshares[X]) | ||
46 | |||
47 | \\ first index level = owning agent id (additive share) | ||
48 | \\ second index level = agent id, price id | ||
49 | m = matrix(n,k,a,b,random(q)) | ||
50 | |||
51 | \\ index = owning agent id, price id | ||
52 | r = matrix(n,k,i,j,random(q)) | ||
53 | \\ bid matrix | ||
54 | b = matrix(n,k,i,j,g^(bid[i]==j)) | ||
55 | |||
56 | \\\\\\\\\\\\ | ||
57 | \\ ROUND1 | ||
58 | \\\\\\\\\\\\ | ||
59 | |||
60 | \\ encrypted bids | ||
61 | alpha = matrix(n,k,i,j, b[i,j]*y^r[i,j]) | ||
62 | beta = matrix(n,k,i,j, g^r[i,j]) | ||
63 | |||
64 | \\\\\\\\\\\\ | ||
65 | \\ ROUND2 | ||
66 | \\\\\\\\\\\\ | ||
67 | |||
68 | \\ multiplicative shares | ||
69 | \\ first index level = owning agent id (multiplicative share) | ||
70 | \\ second index level = agent id, price id | ||
71 | GammaPrice = matrix(n,k,a,j, ( prod(h=1,n,prod(d=j,k,alpha[h,d]) * prod(d=j+1,k,alpha[h,d])) / g^(2*M+1) )^(m[a,j]) ) | ||
72 | DeltaPrice = matrix(n,k,a,j, ( prod(h=1,n,prod(d=j,k, beta[h,d]) * prod(d=j+1,k, beta[h,d])) )^(m[a,j]) ) | ||
73 | GammaWinner = matrix(n,k,a,j, ( GammaPrice[a,j] * prod(h=1,n,prod(d=j+1,k,alpha[h,d]^(2^(h-1)))) )) | ||
74 | DeltaWinner = matrix(n,k,a,j, ( DeltaPrice[a,j] * prod(h=1,n,prod(d=j+1,k, beta[h,d]^(2^(h-1)))) )) | ||
75 | |||
76 | \\\\\\\\\\\\ | ||
77 | \\ ROUND3 | ||
78 | \\\\\\\\\\\\ | ||
79 | |||
80 | \\ multiplicative shares (decryption) | ||
81 | \\ first index level = owning agent id (multiplicative share) | ||
82 | \\ second index level = agent id, price id | ||
83 | PhiPrice = matrix(n,k,a,j, prod(h=1,n,DeltaPrice[h,j])^x[a] ) | ||
84 | PhiWinner = matrix(n,k,a,j, prod(h=1,n,DeltaWinner[h,j])^x[a] ) | ||
85 | |||
86 | \\\\\\\\\\\\ | ||
87 | \\ EPILOG | ||
88 | \\\\\\\\\\\\ | ||
89 | |||
90 | \\ winner matrix | ||
91 | vPrice = lift(vector(k,j, prod(i=1,n,GammaPrice[i,j]) / prod(i=1,n,PhiPrice[i,j]) )) | ||
92 | vWinner = vector(k,j, prod(i=1,n,GammaWinner[i,j]) / prod(i=1,n,PhiWinner[i,j]) ) | ||
93 | |||
94 | print("bids are: ", bid) | ||
95 | |||
96 | price = -1 | ||
97 | for(j=1,k, if(vPrice[j]==1, price=j)) | ||
98 | |||
99 | winners = vector(i=1,M,-1) | ||
100 | winp = binary(znlog(vWinner[price],g)/n) | ||
101 | cur = 1; | ||
102 | for(i=1,length(winp), if(winp[length(winp)-i+1]==1,winners[cur]=i;cur=cur+1)) | ||
103 | print("Winners are ", winners) | ||
104 | print("And the price is ", price) | ||