How does secret sharing work with one source

Hello! This is an answer based on my understanding of how CrypTen works! - someone from the CrypTen team can correct me if I am wrong 😄

More than 1 Party In the usual scenario, you should have more than 1 party in a SMPC. CrypTen is using PRZS (Pseudo Random Zero Share) when sharing a value. For doing this, each “party” holds 2 generators and one of them is “shared” with the previous party.

Then the parties generate shares (one of the shares is not, hmm…let’s say “final”, you will see down below why I say that) using those two generators.

Where: As you can see the shares would have the sum 0 (hence the name Pseudo-Random Zero Share) Now, the party that shares the secret, adds this value to its personal share. When you combine the shares (the reconstruction of the initial data) - you will get back the secret.

1 Party In the case there is only one party:

The constructed share would be simply: 0 + secret. ^^ The zero value is because you have the same “generator” (more exactly you initialized the 2 generators using the same seed). The “next party”, from which we should have gotten one of the seeds is “party 1” (so we get the exact same seed ==> the generators would generate the same series of random numbers) You need to take into consideration that the secret, is “transformed” using a FixedPointEncoder.

CrypTen uses as default precision 16 bits --> which gives us a constant of 2^16 that would play the role of a scale.

Example Let’s say you have:

x = torch.tensor([1.0, 2.0, 3.0])
x_enc = crypten.cryptensor(x)

With the generators, we created a “zero value” that we add with the fixed-point representation of our tensor. It would simply result in a single share that is exactly our fixed-point number: x_enc = [1.0 * 2^16, 2.0 * 2^16, 3.0 * 2^16] (where 2^16 is the scale).

So you should get back: [65536, 131072, 196608]

TL;DR: You get back only the fixed-point representation of that tensor.

Hello! This is an answer based on my understanding of how CrypTen works! - someone from the CrypTen team can correct me if I am wrong 😄

More than 1 Party In the usual scenario, you should have more than 1 party in a SMPC. CrypTen is using PRZS (Pseudo Random Zero Share) when sharing a value. For doing this, each “party” holds 2 generators and one of them is “shared” with the previous party.

Then the parties generate shares (one of the shares is not, hmm…let’s say “final”, you will see down below why I say that) using those two generators.

Where: As you can see the shares would have the sum 0 (hence the name Pseudo-Random Zero Share) Now, the party that shares the secret, adds this value to its personal share. When you combine the shares (the reconstruction of the initial data) - you will get back the secret.

1 Party In the case there is only one party:

The constructed share would be simply: 0 + secret. ^^ The zero value is because you have the same “generator” (more exactly you initialized the 2 generators using the same seed). The “next party”, from which we should have gotten one of the seeds is “party 1” (so we get the exact same seed ==> the generators would generate the same series of random numbers) You need to take into consideration that the secret, is “transformed” using a FixedPointEncoder.

CrypTen uses as default precision 16 bits --> which gives us a constant of 2^16 that would play the role of a scale.

Example Let’s say you have:

x = torch.tensor([1.0, 2.0, 3.0])
x_enc = crypten.cryptensor(x)

With the generators, we created a “zero value” that we add with the fixed-point representation of our tensor. It would simply result in a single share that is exactly our fixed-point number: x_enc = [1.0 * 2^16, 2.0 * 2^16, 3.0 * 2^16] (where 2^16 is the scale).

So you should get back: [65536, 131072, 196608]

TL;DR: You get back only the fixed-point representation of that tensor.

@gmuraru When generating Share1, Share2 and Share3, what is the function next, involved in next(G1),next(G2) and next(G3). Is the next function a this function a PRF, like HMAC?