Merge pull request #5146 from FederatedAI/dev-2.0.0-beta-fix-ou

fix some comments, type and names
FederatedAI · Sep 8, 2023 · 3cd9d37 · 3cd9d37
2 parents 7b353a9 + d30c9af
commit 3cd9d37
Showing 1 changed file with 18 additions and 30 deletions.
diff --git a/rust/fate_utils/crates/ou/src/lib.rs b/rust/fate_utils/crates/ou/src/lib.rs
@@ -56,7 +56,7 @@ pub struct SK {
     pub g: BInt,
     // pub n: BInt,
     // // n = p * q
-    // p_minus_one: BInt,
+    p_minus_one: BInt,
     // q_minus_one: BInt,
     // ps: BInt,
     // qs: BInt,
@@ -66,29 +66,29 @@ pub struct SK {
     // hq: BInt,
 }
 
-/// generate paillier keypairs with providing bit lenght
-pub fn keygen(bit_lenght: u32) -> (SK, PK) {
-    let prime_bit_size = bit_lenght / 3;
+/// generate Okamoto–Uchiyama cryptosystem with providing bit length
+pub fn keygen(bit_length: u32) -> (SK, PK) {
+    let prime_bit_size = bit_length / 3;
     let (mut p, mut q, mut n, mut g): (BInt, BInt, BInt, BInt);
     loop {
         p = BInt::gen_prime(prime_bit_size);
-        q = BInt::gen_prime(bit_lenght - 2 * prime_bit_size);
+        q = BInt::gen_prime(bit_length - 2 * prime_bit_size);
         n = &p * &p * &q;
-        if p != q && n.significant_bits() == bit_lenght {
+        if p != q && n.significant_bits() == bit_length {
             break;
         }
     }
     let p2 = &p * &p;
-    let p_1 = &p - 1;
-    let n_1 = &n - 1;
+    let p_minus_one = &p - 1;
+    let n_minus_one = &n - 1;
     loop {
-        g = BInt::gen_positive_integer(&n_1) + 1;
-        if g.pow_mod_ref(&p_1, &p2).ne(&BInt::from(1u8)) {
+        g = BInt::gen_positive_integer(&n_minus_one) + 1;
+        if g.pow_mod_ref(&p_minus_one, &p2).ne(&BInt::from(1u8)) {
             break;
         }
     }
     let h = g.pow_mod_ref(&n, &n);
-    (SK::new(p, q, g.clone()), PK::new(n, g, h))
+    (SK::new(p, p_minus_one, q, g.clone()), PK::new(n, g, h))
 }
 
 impl PK {
@@ -98,48 +98,36 @@ impl PK {
     /// encrypt plaintext
     ///
     /// ```math
-    /// (plaintext \cdot n + 1)r^n \pmod{n^2}
+    /// g^plaintext \cdot h^r \pmod{n}
     /// ```
-    pub fn encrypt(&self, plaintext: &PT, obfuscate: bool) -> CT {
+    pub fn encrypt(&self, plaintext: &PT, _obfuscate: bool) -> CT {
         let r = BInt::gen_positive_integer(&self.n);
         let c = self.g.pow_mod_ref(&plaintext.0, &self.n) * self.h.pow_mod_ref(&r, &self.n);
         CT(c)
     }
 }
 
 impl SK {
-    fn new(p: BInt, q: BInt, g: BInt) -> SK {
+    fn new(p: BInt, p_minus_one: BInt, q: BInt, g: BInt) -> SK {
         assert!(p != q, "p == q");
         SK {
             p,
             q,
             g,
+            p_minus_one,
         }
     }
     /// decrypt ciphertext
     ///
-    /// crt optimization applied:
-    /// ```math
-    /// dp = \frac{(c^{p-1} \pmod{p^2})-1}{p}\cdot hp \pmod{p}\\
-    /// ```
-    /// ```math
-    /// dq = \frac{(c^{q-1} \pmod{q^2})-1}{q}\cdot hq \pmod{q}\\
-    /// ```
-    /// ```math
-    /// ((dq - dp)(p^{-1} \pmod{q}) \pmod{q})p + dp
-    /// ```
     pub fn decrypt(&self, c: &CT) -> PT {
         let ps = &self.p * &self.p;
-        let p_1 = &self.p - 1;
-        let dp = SK::h_function(&c.0, &self.p, &p_1, &ps);
-        let dq = SK::h_function(&self.g, &self.p, &p_1, &ps);
-        let dp1 = dq.invert(&self.p);
-        let mut m = (dp * dp1) % &self.p;
+        let dp = SK::h_function(&c.0, &self.p, &self.p_minus_one, &ps);
+        let dq = SK::h_function(&self.g, &self.p, &self.p_minus_one, &ps);
+        let mut m = (dp * dq.invert(&self.p)) % &self.p;
         // TODO: any better way to do this?
         if m < BInt::from(0) {
             m.0.add_assign(&self.p.0)
         }
-
         PT(m)
     }
     #[inline]