Security Caveats¶

Information leakage¶

The exponent of an EncryptedNumber is not encrypted. By default, for floating point numbers this leads to some information leakage about the magnitude of the encrypted value. This leakage can be patched up by deciding on a fixed value for all exponents as part of the protocol; then for each EncryptedNumber, decrease_exponent_to() can be called before sharing. In practice this exponent should be a lower bound for any exponent that would naturally arise.

Alternative Base for EncodedNumber¶

If you need to interact with a library using another base, create a simple subclass of paillier.EncodedNumber and ensure you include the BASE and LOG2_BASE attributes:

class AltEncodedNumber(paillier.EncodedNumber):
    BASE = 2
    LOG2_BASE = math.log(BASE, 2)

Warning

As always, if you don’t require a specific value for the unencrypted exponents after an operation, you might be leaking information about what happened - but with smaller bases this problem is exacerbated.

No audit¶

This code has neither been written nor vetted by any sort of crypto expert. The crypto parts are mercifully short, however.

Security Caveats¶

Information leakage¶

Alternative Base for EncodedNumber¶

No audit¶

Table Of Contents

Previous topic

Next topic

This Page