1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 """
19 Virtual Ideal Functionality Framework.
20
21 VIFF is a Python framework for writing multi-party computations (MPC)
22 in an easy, efficient, and secure way.
23
24 Overview
25 ========
26
27 VIFF allows you to write a program which will interact with other
28 programs in order to execute a joint computation. This is called a
29 multi-party computation, MPC for short.
30
31 The programs will implement what we call a virtual ideal functionality
32 (IF). The idea is that the behavior of the programs should be
33 indistinguishable from the behavior of programs interacting with a
34 so-called ideal functionality. An ideal functionality is a player that
35 cannot be corrupted, also known as a trusted third party (TTP).
36
37 Interacting with an IF is easy: all players give their inputs to the
38 IF, which computes the results. The results are then distributed to
39 the correct players. The inputs and the results are sent over secure
40 channels, and since the IF cannot be corrupted, this ideal protocol
41 must be secure.
42
43 In the real world there is no IF, but VIFF allows you to implement a
44 virtual ideal functionality. The behavior of a bunch of programs using
45 VIFF is indistinguishable from program running in the ideal world. It
46 is indistinguishable in the sense that everything that can happen in
47 the real world protocol could happen in the ideal world too. And since
48 no attacks can occur in the ideal world, no attacks can occur in the
49 real world as well. Such a multi-party computation (MPC) is called a
50 secure multi-party computation (SMPC).
51
52 Security Assumptions
53 --------------------
54
55 Please note that like all cryptographic systems, VIFF is only secure
56 as long as certain assumptions are fulfilled. These assumptions
57 include:
58
59 - The adversary can only corrupt up to a certain threshold of the
60 total number of players. The threshold will normally be 1/2 of the
61 players, so for three players, at most one player may be
62 corrupted (there must be an honest majority).
63
64 - The adversary is computationally bounded. The protocols used by
65 VIFF rely on certain computational hardness assumptions, and
66 therefore only polynomial time adversaries are allowed.
67
68 - The adversary is passive. Being passive means that the adversary
69 only monitors the network traffic, but still follows the protocol.
70 We plan to add support for active (Byzantine) adversaries in a
71 future version.
72
73 The precise assumptions for each protocol will eventually be included
74 in the documentation for the corresponding method, but this has not
75 yet been done.
76
77 Architecture
78 ============
79
80 VIFF consists of several modules. The L{passive} and L{active} modules
81 contain the L{PassiveRuntime} and L{ActiveRuntime} classes in which
82 the main functionality is implemented. The L{runtime} module contain
83 the L{Share} class and other infrastructure for the two runtime
84 classes. The L{field} module contains implementations of finite fields
85 --- these are the values inside the shares. Other modules provide
86 support functions.
87
88 Layers
89 ------
90
91 The main functionality in VIFF is implemented in the L{PassiveRuntime}
92 class. This class offers methods to do addition, multiplication, etc.
93 These methods operate on L{Share} instances.
94
95 Shares hold either L{field.GF} or L{GF256} elements and are created
96 from the C{shamir_share} or C{prss_share} Runtime methods. Shares
97 overload the standard arithmetic operators, so you can write C{a + b -
98 c * d} with four shares, and it will be translated correctly into the
99 appropriate method calls on the Runtime instance associated with the
100 shares.
101
102 A field element contain the concrete value on which we do
103 calculations. This is just a normal Python (long) integer. The value
104 is wrapped in an object that will keep track of doing modulo
105 reductions as appropriate.
106
107 So in a nutshell, VIFF has these layers:
108
109 - Top-level layer for application programs: There you manipulate
110 Python integers or L{Share} instances.
111
112 - Runtime layer: The runtime deals with Python integers or shares.
113
114 - Field elements: Deals with arithmetic over Python integers, but
115 with modulo reductions as needed.
116
117
118 Getting into VIFF
119 =================
120
121 As explained above, the main functionality in VIFF is the
122 L{PassiveRuntime} class, so please start there. Also, be sure to
123 checkout the example applications distributed in the C{apps}
124 directory.
125
126 @authors: U{VIFF Development Team <mailto:viff-devel@viff.dk>}
127 @see: U{http://viff.dk/}
128 """
129
130 __version__ = '0.7.1'
131 __license__ = 'GNU LGPL'
132
134 """Get the full release number.
135
136 If Mercurial is available, "hg identify" will be used to determine
137 the state of the repository and a string of the form ``x.y-hash``
138 is returned where ``hash`` is the changeset ID or tag. If the tag
139 is the same as ``__version__``, then ``__version__`` is simply
140 returned.
141 """
142 try:
143 from subprocess import Popen, PIPE
144 p = Popen(["hg", "identify"], stdout=PIPE)
145 stdout, _ = p.communicate()
146 if p.returncode != 0:
147 extra = "unknown"
148 else:
149 parts = stdout.split()
150 if len(parts) == 1 or parts[1] == "tip":
151
152 extra = parts[0]
153 else:
154 extra = parts[1]
155 except OSError:
156 extra = "unknown"
157
158 if extra == __version__:
159 return __version__
160 else:
161 return "%s-%s" % (__version__, extra)
162