libbrandt/gp-scripts/firstPrice

92 lines
2.6 KiB
Plaintext
Raw Normal View History

2016-06-01 15:29:33 +02:00
\\ From: "How to obtain full privacy in auctions" (2006) by Felix Brandt pages 19-20
\\\\\\\\\\\\
\\ Adapt the following values to your needs
\\\\\\\\\\\\
\\ amount of bidders
n = 2^3
\\ amount of possible prices
k = 2^7
\\ randomize bids (change to something static, if you like)
bid = vector(n,i,random(k)+1)
\\bid = vector(n,i,n-i+1) \\ first bidder wins
\\bid = vector(n,i,i) \\ last bidder wins
\\bid = vector(n,i,(i+1)%2) \\ second bidder wins (with ties)
\\ prime finite field setup (result may be ambiguous if your prime is too small, 4*n*k seems to work fine)
q = prime(4*n*k)
\\\\\\\\\\\\
\\ SETUP
\\\\\\\\\\\\
\\ p not needed? wat?
\\p = 47
\\ get generator / primitive element for Z_q
var = 'x \\ copy pasta from internet
pe=ffgen(minpoly(ffprimroot(ffgen(ffinit(q,1))),var),var) \\ get primitive element
1/(fforder(pe) == q-1) \\ error out, if ord(pe) is wrong
g = Mod(eval(Str(pe)), q) \\ dirty hack to convert t_FFELEM to t_INT
\\\\\\\\\\\\
\\ PROLOG
\\\\\\\\\\\\
\\ private keys of agents
x = vector(n,i,random(q))
\\ public keyshares of agents
yshares = vector(n,i,g^x[i])
\\ shared public key
y = prod(X=1,n,yshares[X])
2016-06-08 13:04:53 +02:00
\\ first index level = owning agent id (additive share)
2016-06-01 15:29:33 +02:00
\\ second index level = agent id, price id
m = vector(n,i,matrix(n,k,a,b,random(q)))
2016-06-08 13:04:53 +02:00
\\ index = owning agent id, price id
2016-06-01 15:29:33 +02:00
r = matrix(n,k,i,j,random(q))
\\ bid matrix
b = matrix(n,k,i,j,g^(bid[i]==j))
\\\\\\\\\\\\
\\ ROUND1
\\\\\\\\\\\\
\\ encrypted bids
alpha = matrix(n,k,i,j, b[i,j]*y^r[i,j])
beta = matrix(n,k,i,j, g^r[i,j])
\\\\\\\\\\\\
\\ ROUND2
\\\\\\\\\\\\
\\ multiplicative shares
2016-06-08 13:04:53 +02:00
\\ first index level = owning agent id (multiplicative share)
2016-06-01 15:29:33 +02:00
\\ second index level = agent id, price id
Gamma = vector(n,a,matrix(n,k,i,j, ( prod(h=1,n,prod(d=j+1,k,alpha[h,d])) * prod(d=1,j-1,alpha[i,d]) * prod(h=1,i-1,alpha[h,j]) )^m[a][i,j] ))
Delta = vector(n,a,matrix(n,k,i,j, ( prod(h=1,n,prod(d=j+1,k, beta[h,d])) * prod(d=1,j-1, beta[i,d]) * prod(h=1,i-1, beta[h,j]) )^m[a][i,j] ))
\\\\\\\\\\\\
\\ ROUND3
\\\\\\\\\\\\
\\ multiplicative shares (decryption)
2016-06-08 13:04:53 +02:00
\\ first index level = owning agent id (multiplicative share)
2016-06-01 15:29:33 +02:00
\\ second index level = agent id, price id
Phi = vector(n,a,matrix(n,k,i,j, prod(h=1,n,Delta[h][i,j])^x[a] ))
\\\\\\\\\\\\
\\ EPILOG
\\\\\\\\\\\\
\\ winner matrix
v = matrix(n,k,a,j, prod(i=1,n,Gamma[i][a,j]) / prod(i=1,n,Phi[i][a,j]) )
vi = lift(v)
print("bids are: ", bid)
for(X=1,n, if(vecmin(vi[X,])==1, print("And the winner is ", X) ))