Security Caveats

Information leakage

The exponent of an EncryptedNumber is not encrypted. By default, for floating point numbers this leads to some information leakage about the magnitude of the encrypted value. This leakage can be patched up by deciding on a fixed value for all exponents as part of the protocol; then for each EncryptedNumber, decrease_exponent_to() can be called before sharing. In practice this exponent should be a lower bound for any exponent that would naturally arise.

Alternative Base for EncodedNumber

If you need to interact with a library using another base, create a simple subclass of paillier.EncodedNumber and ensure you include the BASE and LOG2_BASE attributes:

class AltEncodedNumber(paillier.EncodedNumber):
    BASE = 2
    LOG2_BASE = math.log(BASE, 2)


As always, if you don’t require a specific value for the unencrypted exponents after an operation, you might be leaking information about what happened - but with smaller bases this problem is exacerbated.

No audit

This code has neither been written nor vetted by any sort of crypto expert. The crypto parts are mercifully short, however.