Merge pull request #57 from qsantos/pure-python

Pure Python fallback

Author: gusmith

CHANGELOG.rst

@@ -1,3 +1,16 @@
+Version 1.4.0 (2018-04-19)
+=====
+
+Complete pure Python fallback implementation.
+
+Features
+----
+
+- `invert` now available without `gmpy2`, implemented using the extended
+  Euclidean algorithm (`extended_euclidean_algorithm`)
+- `getprimeover` now available without `gmpy2`, along with a probabilitic
+  primality test `isprime` based on the Miller-Rabin test (`miller_rabin`)
+
 Version 1.3.0 (2017-02-08)
 =====
 

phe/paillier.py

@@ -125,7 +125,7 @@ def raw_encrypt(self, plaintext, r_value=None):
             neg_ciphertext = (self.n * neg_plaintext + 1) % self.nsquare
             nude_ciphertext = invert(neg_ciphertext, self.nsquare)
         else:
-            # we chose g = n + 1, so that we can exploit the fact that 
+            # we chose g = n + 1, so that we can exploit the fact that
             # (n+1)^plaintext = n*plaintext + 1 mod n^2
             nude_ciphertext = (self.n * plaintext + 1) % self.nsquare
 
@@ -217,14 +217,14 @@ def __init__(self, public_key, p, q):
             # check that p and q are different, otherwise we can't compute p^-1 mod q
             raise ValueError('p and q have to be different')
         self.public_key = public_key
-        if q < p: #ensure that p < q. 
+        if q < p: #ensure that p < q.
             self.p = q
             self.q = p
         else:
             self.p = p
             self.q = q
         self.psquare = self.p * self.p
-        
+
         self.qsquare = self.q * self.q
         self.p_inverse = invert(self.p, self.q)
         self.hp = self.h_function(self.p, self.psquare)
@@ -233,18 +233,18 @@ def __init__(self, public_key, p, q):
     @staticmethod
     def from_totient(public_key, totient):
         """given the totient, one can factorize the modulus
-        
+
         The totient is defined as totient = (p - 1) * (q - 1),
         and the modulus is defined as modulus = p * q
-        
+
         Args:
           public_key (PaillierPublicKey): The corresponding public
             key
           totient (int): the totient of the modulus
-          
+
         Returns:
           the :class:`PaillierPrivateKey` that corresponds to the inputs
-          
+
         Raises:
           ValueError: if the given totient is not the totient of the modulus
             of the given public key
@@ -256,7 +256,7 @@ def from_totient(public_key, totient):
         if not p*q == public_key.n:
             raise ValueError('given public key and totient do not match.')
         return PaillierPrivateKey(public_key, p, q)
-        
+
     def __repr__(self):
         pub_repr = repr(self.public_key)
         return "<PaillierPrivateKey for {}>".format(pub_repr)
@@ -342,20 +342,20 @@ def raw_decrypt(self, ciphertext):
         decrypt_to_p = self.l_function(powmod(ciphertext, self.p-1, self.psquare), self.p) * self.hp % self.p
         decrypt_to_q = self.l_function(powmod(ciphertext, self.q-1, self.qsquare), self.q) * self.hq % self.q
         return self.crt(decrypt_to_p, decrypt_to_q)
-    
+
     def h_function(self, x, xsquare):
-        """Computes the h-function as defined in Paillier's paper page 12, 
+        """Computes the h-function as defined in Paillier's paper page 12,
         'Decryption using Chinese-remaindering'.
         """
         return invert(self.l_function(powmod(self.public_key.g, x - 1, xsquare),x), x)
 
     def l_function(self, x, p):
         """Computes the L function as defined in Paillier's paper. That is: L(x,p) = (x-1)/p"""
         return (x - 1) // p
-    
+
     def crt(self, mp, mq):
         """The Chinese Remainder Theorem as needed for decryption. Returns the solution modulo n=pq.
-        
+
         Args:
            mp(int): the solution modulo p.
            mq(int): the solution modulo q.

phe/tests/paillier_test.py

@@ -78,7 +78,7 @@ def testStaticPrivateKeyConstructor(self):
         c = public_key.encrypt(4242)
         self.assertEqual(private_key, private_key_from_static, "The private keys should be the same.")
         self.assertEqual(private_key_from_static.decrypt(c), 4242, "Result of the decryption should be 4242")
-        
+
     def testPrivateKeyEquality(self):
         pk = PaillierPublicKey(2537)
         p1 = PaillierPrivateKey(pk, 43, 59)

phe/tests/util_test.py

@@ -18,6 +18,10 @@
 import unittest
 import random
 import math
+try:
+    from math import gcd  # new in Python 3.5
+except ImportError:
+    from fractions import gcd  # deprecated since Python 3.5
 
 from phe import util
 
@@ -45,7 +49,7 @@ def testPrimeOverN(self):
         for n in range(2, 50):
             p = util.getprimeover(n)
             self.assertGreaterEqual(p, 1 << (n-1))
-            
+
     def testIsqrt(self):
         for _ in range(100):
             n = random.randint(2, 10000000)
@@ -54,6 +58,58 @@ def testIsqrt(self):
             self.assertEqual(util.isqrt(nsq), util.improved_i_sqrt(nsq))
 
 
+# same tests as above, but with gmpy2 and Crypto libraries disabled
+class PaillierUtilFallbacksTest(PaillierUtilTest):
+
+    def setUp(self):
+        # save presence of libraries
+        self.HAVE_GMP = util.HAVE_GMP
+        self.HAVE_CRYPTO = util.HAVE_CRYPTO
+        # disable libraties
+        util.HAVE_GMP = False
+        util.HAVE_CRYPTO = False
+
+    def tearDown(self):
+        # restore presence of libraries
+        util.HAVE_GMP = self.HAVE_GMP
+        util.HAVE_CRYPTO = self.HAVE_CRYPTO
+
+    def testExtendedEuclieanAlgorithm(self):
+        # from <https://en.wikipedia.org/wiki/Extended_Euclidean_algorithm>
+        self.assertEqual(util.extended_euclidean_algorithm(240, 46), (2, -9, 47))
+
+        # tests with arbirary values
+        for a, b in [(77, 99), (45, 127)]:  # non-coprime pair, coprime pair
+            r, s, t = util.extended_euclidean_algorithm(a, b)
+            self.assertEqual(r, s*a + t*b)
+            self.assertEqual(r, gcd(a, b))
+
+    def testMillerRabin(self):
+        a = 2  # witness, enough by itself for checking n < 2047
+        self.assertFalse(util.miller_rabin(4, a))
+        self.assertTrue(util.miller_rabin(127, a))
+        composite = util.first_primes[-1] * util.first_primes[-2]
+        self.assertFalse(util.miller_rabin(composite, a))
+
+    def testIsPrime(self):
+        self.assertTrue(util.is_prime(17881))  # first not in first_primes
+        self.assertFalse(util.is_prime(-17881))
+
+        self.assertFalse(util.is_prime(-4))
+        self.assertFalse(util.is_prime(-2))
+        self.assertFalse(util.is_prime(-1))
+        self.assertFalse(util.is_prime(0))
+        self.assertFalse(util.is_prime(1))
+        self.assertTrue(util.is_prime(2))
+        self.assertTrue(util.is_prime(3))
+
+        # same tests as for miller_rabin()
+        self.assertFalse(util.is_prime(4))
+        self.assertTrue(util.is_prime(127))
+        composite = util.first_primes[-1] * util.first_primes[-2]
+        self.assertFalse(util.is_prime(composite))
+
+
 class Base64UtilTest(unittest.TestCase):
 
     def testEncodeDecodePositiveNonZeroInt(self):
@@ -67,4 +123,4 @@ def testFailToEncodeZero(self):
 
 
 if __name__ == "__main__":
-    unittest.main()
+    unittest.main()