# Security Caveats¶

## Information leakage¶

The `exponent`

of an
`EncryptedNumber`

is not encrypted. By default, for floating
point numbers this leads to some information leakage about the magnitude of the
encrypted value. This leakage can be patched up by deciding on a fixed value for
all exponents as part of the protocol; then for each
`EncryptedNumber`

,
`decrease_exponent_to()`

can be called before
sharing. In practice this exponent should be a lower bound for any exponent that
would naturally arise.

## Alternative Base for EncodedNumber¶

*If* you need to interact with a library using another base, create a simple subclass
of `paillier.EncodedNumber`

and ensure you include the BASE and LOG2_BASE
attributes:

```
class AltEncodedNumber(paillier.EncodedNumber):
BASE = 2
LOG2_BASE = math.log(BASE, 2)
```

Warning

As always, if you don’t require a specific value for the unencrypted exponents after an operation, you might be leaking information about what happened - but with smaller bases this problem is exacerbated.

## No audit¶

This code has neither been written nor vetted by any sort of crypto expert. The crypto parts are mercifully short, however.