Questions about using the Shamir secret sharing protocol

[farmerj777]

Discussed in https://github.com/lschoe/mpyc/discussions/92

^{Originally posted by **sda427** May 20, 2024} 1. Does MPyC support direct input secret sharing? Our own program has already generated secret shares through shamir protocol, and we want to use MPyC for subsequent secure multi-party computation based on shamir protocol, which does not seem to be described in the documentation. 2. Does MPyC support the definition of a variable length data structure in ciphertext?

Continuing from sda427 first question, I now have secret shares generated under a specified field (e.g., +7). How can I use MPyC to reconstruct and output the original secret value using these shares under the specified field?

[lschoe]

Well, if you want to work with a prime field modulo +7 (?), you first create a secure finite field type for that modulus:

secfld = mpc.SecFld(7)

And then you let each party "import" their share in this secure field. If a party has a share s (represented as an integer), then it executes:

a = secfld(s)

Note that for party $i$, with $0\leq i \< m$, this means that $s$ should correspond to the value on the Shamir polynomial at $x=i+1$. That's because the numbering of the parties starts at $0$, but at $x=0$ we have the secret itself as value on the Shamir polynomial. Then afterwards you can check if the value for the secret is correct like this:

print(await mpc.output(a))