Closed degregat closed 5 years ago
I found the source:
If no prime is explicitly given, primes.get_large_enough_prime
selects a prime big enough for each individual share generation, so added shares can be greater than this prime.
The fix is to pass a prime bigger than any possible sum as an additional argument. This seems to be doable in recent versions, but not yet in 0.2.6 which I was using.
I wanted to use the additively homomorphic property of the secret sharing, so I wrote a little toy program to generate two sets of shares from two secrets, add them and reconstruct the sum from the new summed shares. The reconstruction works correctly only some of the time though. There also seems to be some pattern to the incorrect reconstruction.
This is the program:
I appended some of the outputs, with rough estimates of how often they occur:
With the two secrets being 5 and 7 about ~20% of the time I get a correct result.
Maybe ~60% of the time I get output similar to this:
And the other ~20% these two have popped up so far.
With secrets 4 and 8, ~80% of the time I get a correct result.
And ~20% of the time I get this.