# HG changeset patch # User Laman # Date 2020-12-07 21:53:15 # Node ID f90dd9a4f5a43ce3bd9757f46a96d01749786c2c # Parent 25c5d4c877c607964497908cd9aab3a9b516fdf4 integrated fft evaluation into core functions diff --git a/src/shamira/core.py b/src/shamira/core.py --- a/src/shamira/core.py +++ b/src/shamira/core.py @@ -6,6 +6,7 @@ import base64 import binascii from . import gf256 +from . import fft class SException(Exception): pass @@ -15,13 +16,17 @@ class DecodingException(SException): pas class MalformedShare(SException): pass +def compute_x(n): + return fft.precompute_x(fft.ceil_size(n))[:n] + + def _share_byte(secret_b, k, n): if not k<=n<255: raise InvalidParams("Failed k<=n<255, k={0}, n={1}".format(k, n)) - # we might be concerned with zero coefficients degenerating our polynomial, but there's no reason - we still need k shares to determine it is the case - coefs = [int(b) for b in os.urandom(k-1)]+[int(secret_b)] - points = [gf256.evaluate(coefs, i) for i in range(1, n+1)] - return points + # we might be concerned with zero coefficients degenerating our polynomial, + # but there's no reason - we still need k shares to determine it is the case + coefs = [int(secret_b)]+[int(b) for b in os.urandom(k-1)] + return fft.evaluate(coefs, n) def generate_raw(secret, k, n): @@ -31,8 +36,9 @@ def generate_raw(secret, k, n): :param k: number of shares necessary for secret recovery. 1 <= k <= n :param n: (int) number of shares generated. 1 <= n < 255 :return: [(i, (bytes) share), ...]""" + xs = compute_x(n) shares = [_share_byte(b, k, n) for b in secret] - return [(i+1, bytes([s[i] for s in shares])) for i in range(n)] + return [(xi, bytes([s[i] for s in shares])) for (i, xi) in enumerate(xs)] def reconstruct_raw(*shares): diff --git a/src/shamira/fft.py b/src/shamira/fft.py --- a/src/shamira/fft.py +++ b/src/shamira/fft.py @@ -4,10 +4,22 @@ import itertools from .gf256 import gfmul, gfpow -# values of n-th square roots +# divisors of 255 and their factors in natural numbers +DIVISORS = [3, 5, 15, 17, 51, 85, 255] +FACTORS = {3: [3], 5: [5], 15: [3, 5], 17: [17], 51: [3, 17], 85: [5, 17], 255: [3, 5, 17]} +# values of n-th square roots in GF256 SQUARE_ROOTS = {3: 189, 5: 12, 15: 225, 17: 53, 51: 51, 85: 15, 255: 3} +def ceil_size(n): + assert n <= DIVISORS[-1] + for (i, ni) in enumerate(DIVISORS): + if ni >= n: + break + + return ni + + def precompute_x(n): """Return a geometric sequence [1, w, w**2, ..., w**(n-1)], where w**n==1. This can be done only for certain values of n.""" @@ -73,3 +85,11 @@ def prime_fft(p, divisors, basic_dft=dft for k2 in range(N2): res[(k1*N2*N2_inv+k2*N1*N1_inv) % N] = ys[k1][k2] return res + + +def evaluate(coefs, n): + ni = ceil_size(n) + extended_coefs = coefs + [0]*(ni-len(coefs)) + ys = prime_fft(extended_coefs, FACTORS[ni]) + + return ys[:n] diff --git a/src/shamira/tests/test_fft.py b/src/shamira/tests/test_fft.py --- a/src/shamira/tests/test_fft.py +++ b/src/shamira/tests/test_fft.py @@ -5,12 +5,12 @@ import functools import operator from unittest import TestCase -from ..gf256 import evaluate +from .. import gf256 from ..fft import * def batch_evaluate(coefs, xs): - return [evaluate(coefs, x) for x in xs] + return [gf256.evaluate(coefs, x) for x in xs] class TestFFT(TestCase): diff --git a/src/shamira/tests/test_shamira.py b/src/shamira/tests/test_shamira.py --- a/src/shamira/tests/test_shamira.py +++ b/src/shamira/tests/test_shamira.py @@ -5,7 +5,7 @@ from unittest import TestCase from .. import * from .. import gf256 -from ..core import encode, decode,detect_encoding, _share_byte +from ..core import encode, decode, detect_encoding, _share_byte, compute_x class TestShamira(TestCase): @@ -29,7 +29,7 @@ class TestShamira(TestCase): _share_byte("x", 2, 3) ys = _share_byte(ord(b"a"), 2, 3) - xs = list(range(1, 4)) + xs = compute_x(3) weights = gf256.compute_weights(xs) self.assertEqual(gf256.get_constant_coef(weights, ys), ord(b"a"))