Redistributing shares ? What if there is a new party/parties joining the computation ?

[snow884]

Does this package have a functionality that would allow for redistribution of shares ? What if there is a new participant joining the sham or a participant has left ?

If this functionality possible in theory and is it already implemented somewhere in this repo ?

[lschoe]

Good question. Indeed there is the following (internal) function for redistributing shares:

mpyc/mpyc/runtime.py

Line 601 in 5bbf14e

async def _reshare(self, x):

It is called throughout the code to reduce the degree of the "Shamir polynomial'' as part of a secure multiplication and similar protocols.

The resharing is done between a fixed set of parties, running the overall multiparty protocol. However, the same principles may be used to support a dynamic set of parties, or phrased differently, to handle situations where the set of senders differs from the set of receivers. Technically, all "elements" to implement such a general form of redistribution are present in the MPyC functions mpc.input(), mpc.output(), and mpc.transfer():

mpyc/mpyc/runtime.py

Lines 400 to 401 in 5bbf14e

	def input(self, x, senders=None):
	"""Input x to the computation.

mpyc/mpyc/runtime.py

Lines 509 to 510 in 5bbf14e

	async def output(self, x, receivers=None, threshold=None, raw=False):
	"""Output the value of x to the receivers specified.

mpyc/mpyc/runtime.py

Lines 342 to 343 in 5bbf14e

	async def transfer(self, obj, senders=None, receivers=None, sender_receivers=None) -> Future:
	"""Transfer pickable Python objects between specified parties.

The basic idea is that each sender generates shares in a target secret sharing scheme of its share in the source secret sharing scheme, and receivers will combine their received shares as prescribed for the source secret sharing scheme to obtain their new share.

This will work in general for linear secret sharing schemes such as Shamir's threshold scheme and also additive secret sharing. Two nice examples in this direction are the following protocols for exponentiation in the context of MPyC's secure groups:

mpyc/mpyc/secgroups.py

Lines 273 to 289 in 5bbf14e

	@asyncoro.mpc_coro
	async def repeat_public_base_secret_output(a, x, secgrp):
	"""Compute a^[x]->[a^x]."""
	# a in prime order group, x in Z.
	# x is a secure prime field element or secure int.
	await runtime.returnType(secgrp)
	field = x.field
	m = len(runtime.parties)
	lambda_i = _recombination_vector(field, range(1, m+1), 0)[runtime.pid]
	x_i = await runtime.gather(x)
	e_i = int(lambda_i * x_i)
	if isinstance(x, SecureFiniteField) and x.subfield is not None:
	# value of x in prime field
	e_i %= field.characteristic
	c_i = secgrp.group.repeat(a, e_i)
	c = runtime.input(secgrp(c_i))
	return mpyc.mpctools.reduce(secgrp.operation, c)

mpyc/mpyc/secgroups.py

Lines 292 to 311 in 5bbf14e

	@asyncoro.mpc_coro
	async def repeat_public_base_public_output(a, x) -> asyncio.Future:
	"""Multi-exponentiation for given base(s) a and exponent(s) x."""
	# a is a group element, or a list of group elements.
	# x is secure number (prime field element, or integer), or a list of secure numbers.
	if not isinstance(a, list):
	a, x = [a], [x]
	field = x[0].field
	group = type(a[0])
	m = len(runtime.parties)
	lambda_i = _recombination_vector(field, range(1, m+1), 0)[runtime.pid]
	x_i = await runtime.gather(x)
	e_i = [int(lambda_i * s_i) for s_i in x_i]
	if isinstance(x, SecureFiniteField) and x.subfield is not None:
	# values in x in prime field
	for j in range(len(x)):
	e_i[j] %= field.characteristic
	c_i = functools.reduce(group.operation, map(group.repeat, a, e_i))
	c = await runtime.transfer(c_i)
	return functools.reduce(group.operation, c)

[snow884]

thank you for response