Class OrlandiRuntime

Initialize runtime.

Overrides: runtime.Runtime.__init__

Open share to receivers (defaults to all players).

Returns a Share to players with IDs in receivers and None to the remaining players.

Overrides: runtime.Runtime.output

(inherited documentation)

Share the value *number* among all the parties using additive sharing.

To share an element ``x in Z_p``, choose random ``x_1, ..., x_n-1 in Z_p``, define ``x_n = x - SUM_i=1^n-1 x_i mod p``.

Choose random values ``rho_x1, ..., rho_xn in (Z_p)^2``, define ``rho_x = SUM_i=1^n rho_x,i`` and ``C_x = Com_ck(x, p_x)``.

Send ``[x]_i = (x_i, rho_xi, C_x)`` to party ``P_i``.

Share reconstruction.

Every partyi broadcasts a share pair ``(x_i', rho_x,i')``.

The parties compute the sums ``x'``, ``rho_x'`` and check ``Com_ck(x',rho_x' = C_x``.

If yes, return ``x = x'``, else else return :const:`None`.

Generate a random share in the field, field.

To generate a share of a random element ``r in Z_p``, party ``P_i`` chooses at random ``r_i, rho_ri in Z_p X (Z_p)^2`` and broadcast ``C_r^i = Com_ck(r_i, rho_ri)``.

Every party computes ``C_r = PRODUCT_i=1^n C_r^i = Com_ck(r, rho_r)``, where ``r_i = SUM_i=1^n r_i and rho_r = SUM_i=1^n rho_ri``.

Party ``P_i sets [r]_i = (r_i, rho_ri, C_r)``.

Addition of shares.

Communication cost: none.

Each party ``P_i`` computes:

 [z]_i = [x]_i + [y]_i
       = (x_i + y_i mod p, rho_xi + rho_yi mod p, C_x * C_y)

Overrides: runtime.Runtime.add

Subtraction of shares.

Communication cost: none.

Each party ``P_i`` computes:

 [z]_i = [x]_i - [y]_i
       = (x_i - y_i mod p, rho_x,i - rho_y,i mod p, C_x * C_y)

Input *number* to the computation.

The input is shared using the :meth:`shift` method.

Overrides: runtime.Runtime.input

Shift of a share.

Useful for input.

Communication cost: ???.

Assume the parties are given a random share ``[r]`` by a
trusted dealer. Then we denote the following protocol but
``[x] = Shift(P_i, x, [r])``.

1. ``r = OpenTo(P_i, [r]``

2. ``P_i broadcasts Delta = r - x``

3. ``[x] = [r] - Delta``

Multiplication of shares.

Communication cost: ???.

Overrides: runtime.Runtime.mul

Leak tolerant multiplication of shares.

Communication cost: ???.

Assuming a set of multiplicative triples:
``M = ([a_i], [b_i], [c_i]) for 1 <= i <= 2d + 1``.

1. ``for i = 1, ..., d do [f_i] = rand(), [g_i] = rand()``

2. Compute::

     for j = 1, ..., 2d+1 do
     [F_j] = [x] + SUM_i=1^d [f_i]*j^i
     and
     [G_j] = [y] + SUM_i=1^d [g_i]*j^i

3. ``for j = 1, ..., 2d+1 do [H_j] = Mul([F_j], [G_j], [a_j],
   [b_j], [c_j])``

4. compute ``[H_0] = SUM_j=1^2d+1 delta_j[H_j]`` where
   ``delta_j = PRODUCT_k=1, k!=j^2d+1 k/(k-j)``

5. output ``[z] = [H_0]``

Generate a triple ``a, b, c`` s.t. ``c = a * b``.

1. Every party ``P_i`` chooses random values ``a_i, r_i in Z_p
   X (Z_p)^2``, compute ``alpha_i = Enc_eki(a_i)`` and ``Ai =
   Com_ck(a_i, r_i)``, and broadcast them.

2. Every party ``P_j`` does:

   a. choose random ``b_j, s_j in Z_p X (Z_p)^2``.

   b. compute ``B_j = ``Com_ck(b_j, s_j)`` and broadcast it.

   c. ``P_j`` do towards every other party:

        i. choose random ``d_ij in Z_p^3``

        ii. compute and send
            ``gamma_ij = alpha_i^b_j Enc_ek_i(1;1)^d_ij`` to ``P_i``.


3. Every party ``P_i`` does:

   a. compute ``c_i = SUM_j Dec_sk_i(gamma_ij) - SUM_j d_ij mod p``

   b. pick random ``t_i in (Z_p)^2``, compute and
      broadcast ``C_i = Com_ck(c_i, t_i)``

4. Everyone computes:
   ``(A, B, C) = (PRODUCT_i A_i, PRODUCT_i B_i, PRODUCT_i C_i)``

5. Every party ``P_i`` outputs shares ``[a_i] = (a_i, r_i, A)``,
   ``[b_i] = (b_i, s_i, B)``, and ``[c_i] = (c_i, t_i, C)``.

Generate a triple ``(a, b, c)`` where ``c = a * b``.

The triple ``(a, b, c)`` is checked against the triple ``(x, y, z)`` and a random value ``r``.

Generate a list of triples ``(a, b, c)`` where ``c = a * b``.

The triple ``(a, b, c)`` is secure in the Fcrs-hybrid model.

Overrides: hash_broadcast.HashBroadcastMixin.error_handler