python-paillier
python-paillier copied to clipboard
data61
Backport to Python2.7
Any chance for a backport to python 2.7 ?
We have a partial backport with almost all of the functions that we need working ...
... but we are still running into problems when (de)serializing (with pickle).
And sorry - I am not a Python 2 vs 3 expert neither.
Thanks for the interest @drandreaskrueger. I have no plans to backport python-paillier at this time however I would carefully review and consider merging a pull request.
As an aside, using pickle for serialisation of any of the objects in this (or any python cryptography) library is not considered safe unless you 100% control and trust the serialiser and the transport/storage medium. It is trivial to hide code in a public key or EncryptedNumber. For example see the bottom of this gist.
Thanks a lot.
And thanks for the offer with the pull request. We'll consider that.
using pickle for serialisation ...
Thanks for that hint.
Please show us the alternative. The purpose of h.e. is to pass on encrypted data, so ... what in your opinion is the best way for that?
Our case: After we have encrypted a privacy relevant dataset, we pass it on (*) to a third party to do calculations on it, then we get their results as encrypted numbers back from them (*), and will decrypt those results.
For the transfers (*) what do you suggest if not pickle?
Plus ...
for passing data around, we only ever intend to pickle a phe.paillier.EncryptedNumber, and not a phe.paillier.PaillierPrivateKey - so I don't see a problem, right?
so I don't see a problem, right?
Even that is a big problem - because pickle serializes both code and data. Your third party could alter the EncryptedNumber class before serializing with pickle.
You are correct that for passing on encrypted data you should explicitly serialize the EncryptedNumber instances - but I'd strongly recommend you use a data only format. We have an examples in the docs:
>>> import json
>>> enc_with_one_pub_key = {}
>>> enc_with_one_pub_key['public_key'] = {'g': public_key.g,
... 'n': public_key.n}
>>> enc_with_one_pub_key['values'] = [
... (str(x.ciphertext()), x.exponent) for x in encrypted_number_list
... ]
>>> serialised = json.dumps(enc_with_one_pub_key)
Tiny issue in your deserializer example code:
public_key_rec = paillier.PaillierPublicKey(g=int(pk['g']), n=int(pk['n']))
E TypeError: __init__() got an unexpected keyword argument 'g'
because the constructor allows only to pass n, not g, and then generates g = n + 1
Problematic? Can I everywhere assume that g is always n+1 ?
I would carefully review and consider merging a pull request.
Great, here is a starting point for that:
zlevas' changes from your py3 code to python 2.7 syntax seem to be enough to make my tests run through without problems.
So far so good.
But:
- incomplete, because our time is limited
- possibly incorrect - and that would be bad, also for us.
Perhaps, when you find the time, do a diff, and see what exactly he has changed, and whether that breaks anything. That'd be really nice, thanks.
Start here:
Thanks a million!