-1

I am trying to do some calculations with the Paillier Homomorphic encryption scheme. Specifically, given three plain text integers, x1, x2,and x3. I want to first encrypt them, getting their corresponding ciphertexts, say c1, c2 and c3. I want to find the results of (x1+x2+x3)/3 by utilizing c1, c2, c3 and the homomorphic property of Paillier.

I found a post here, which was answered quite a long time ago. When I try the toy example in the accepted answer in this link myself, I can not get the provided result. Specifically, for the following step:enter image description here

I can calculate the value of k^(-1) mod N with powermod function correctly, but I can not calculate [\mu] correctly. Here is what I did:

  1. Say temp = powermod(k, -1, N), Calculate A = powermod(c1*c2*c3, temp, N^2).
  2. Calculate B = powermod(r, N, N^2).
  3. Calculate [\mu] = mod(A*B, N^2).

This gives me wrong results, I also try replacing powermod with mod, but this time the answer is going to NaN.

Can anyone help me with this, please? Thanks in advance!

Sea_
  • 1
  • 1

2 Answers2

0

Not sure precisely which language you're using, but the intermediate values should be

temp=206674

A=284095452063

B=144829438301

and the calculation works fien for me.

Daniel S
  • 29,316
  • 1
  • 33
  • 73
0

Mathlab is not directly adequate for the large integers used in public-key crypto.

Reading The Fine Manual shows there is a limit of $2^{64}$. Even $c_1\cdot c_2$ exceeds that.

Python, SageMath, Mathematica, and many other languages have no such limitation. That makes them adequate for experimenting with the math in public-key crypto (but not necessarily implementation of public-key crypto when it comes to adequate speed, or resisting side-channel attacks).

fgrieu
  • 149,326
  • 13
  • 324
  • 622