pp-phragmen 0.1.0__tar.gz

pp_phragmen-0.1.0/PKG-INFO

@@ -0,0 +1,9 @@
+Metadata-Version: 2.4
+Name: pp-phragmen
+Version: 0.1.0
+Summary: Privacy-Preserving Phragmén Voting via Secure Multi-Party Computation
+Author-email: Liran Shem-Tov <liranst13@gmail.com>
+License: MIT
+Project-URL: Homepage, https://github.com/liranst13/Phragmen_Voting
+Requires-Python: >=3.10
+Requires-Dist: mpc-secret-shares>=0.2.0

pp_phragmen-0.1.0/README.md

@@ -0,0 +1,3 @@
+# PP-Phragmén: Privacy-Preserving Phragmén Voting
+
+PP-Phragmén is a cryptographic implementation of the Phragmén proportional representation voting method in which all ballots and intermediate tallies remain secret throughout the computation. The protocol runs as a Secure Multi-Party Computation (MPC) over Shamir secret shares: each party holds only an encrypted fragment of every vote and score, and the winning committee is determined by jointly executing a sequence of secure comparison, multiplication, and division sub-protocols without any party ever learning another party's inputs or any intermediate plaintext. This implementation follows Algorithms 1–8 of the accompanying Artificial Intelligence journal submission and is built on top of the MPC primitive library in `mpc_primitives/`.

pp_phragmen-0.1.0/pp_phragmen.egg-info/PKG-INFO

@@ -0,0 +1,9 @@
+Metadata-Version: 2.4
+Name: pp-phragmen
+Version: 0.1.0
+Summary: Privacy-Preserving Phragmén Voting via Secure Multi-Party Computation
+Author-email: Liran Shem-Tov <liranst13@gmail.com>
+License: MIT
+Project-URL: Homepage, https://github.com/liranst13/Phragmen_Voting
+Requires-Python: >=3.10
+Requires-Dist: mpc-secret-shares>=0.2.0

pp_phragmen-0.1.0/pp_phragmen.egg-info/SOURCES.txt

@@ -0,0 +1,28 @@
+README.md
+pyproject.toml
+pp_phragmen.egg-info/PKG-INFO
+pp_phragmen.egg-info/SOURCES.txt
+pp_phragmen.egg-info/dependency_links.txt
+pp_phragmen.egg-info/requires.txt
+pp_phragmen.egg-info/top_level.txt
+protocol/__init__.py
+protocol/algorithm1_permutation.py
+protocol/algorithm2_validation.py
+protocol/algorithm3_initialization.py
+protocol/algorithm4_score.py
+protocol/algorithm5_find_min.py
+protocol/algorithm6_one_hot.py
+protocol/algorithm7_wallet_update.py
+protocol/algorithm8_reconstruct_winner.py
+protocol/state_manager.py
+protocol/types.py
+tests/test_algorithm1.py
+tests/test_algorithm2.py
+tests/test_algorithm3.py
+tests/test_algorithm4.py
+tests/test_algorithm5.py
+tests/test_algorithm6.py
+tests/test_algorithm7.py
+tests/test_algorithm8.py
+tests/test_field_size.py
+tests/test_integration.py

pp_phragmen-0.1.0/pp_phragmen.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

pp_phragmen-0.1.0/pp_phragmen.egg-info/requires.txt

@@ -0,0 +1 @@
+mpc-secret-shares>=0.2.0

pp_phragmen-0.1.0/pp_phragmen.egg-info/top_level.txt

@@ -0,0 +1 @@
+protocol

pp_phragmen-0.1.0/protocol/__init__.py

@@ -0,0 +1 @@
+# PP-Phragmén voting protocol — Algorithms 1–8.

pp_phragmen-0.1.0/protocol/algorithm1_permutation.py

@@ -0,0 +1,147 @@
+"""Algorithm 1 — Oblivious Candidate Permutation.
+
+Reference: Algorithm 1 in "Fairness Without Exposure: Privacy-Preserving
+Phragmén Voting", Section 5.1 (page 8).  Run once at setup, before any
+election period.  No MPC secure operations are required.
+
+Each tallying party P_d (d ∈ [D]):
+  1. Samples a secret random seed s_d ← {0,1}^λ.
+  2. Broadcasts a commitment com_d = SHA-256(s_d ‖ d).
+  3. Reveals s_d; all other parties verify the commitment.
+
+The shared seed is s = s_1 ⊕ … ⊕ s_D, and the public permutation is
+derived by running a Fisher-Yates shuffle seeded with s.
+"""
+
+import hashlib
+import os
+import random
+from typing import List, Optional
+
+
+# ---------------------------------------------------------------------------
+# Internal helpers (exposed for unit-testing)
+# ---------------------------------------------------------------------------
+
+def _commitment(seed: bytes, party_index: int) -> bytes:
+    """Return SHA-256(seed ‖ party_index) as defined in Algorithm 1, Line 3.
+
+    Args:
+        seed: The party's random seed bytes.
+        party_index: Zero-based party index, encoded as a big-endian 4-byte
+            unsigned integer before hashing.
+
+    Returns:
+        32-byte SHA-256 digest.
+    """
+    return hashlib.sha256(seed + party_index.to_bytes(4, "big")).digest()
+
+
+def _verify_commitments(seeds: List[bytes], commitments: List[bytes]) -> None:
+    """Verify every revealed seed against its published commitment.
+
+    Implements the verification step in Algorithm 1, Lines 6–8.
+
+    Args:
+        seeds: Revealed seeds, one per party (zero-indexed).
+        commitments: Published commitments in the same order.
+
+    Raises:
+        ValueError: If any seed does not reproduce its commitment.
+    """
+    for d, (seed, com) in enumerate(zip(seeds, commitments)):
+        if _commitment(seed, d) != com:
+            raise ValueError(
+                f"commitment mismatch for party {d}: "
+                "revealed seed does not match published commitment"
+            )
+
+
+def _fisher_yates(combined_seed: bytes, num_candidates: int) -> List[int]:
+    """Produce a uniformly random permutation of [0, M) via Fisher-Yates.
+
+    Implements Algorithm 1, Line 10.  The combined seed is converted to an
+    integer and used to seed Python's Mersenne-Twister PRNG, which then
+    drives `random.shuffle` (a Fisher-Yates implementation).
+
+    Args:
+        combined_seed: XOR of all party seeds (Algorithm 1, Line 9).
+        num_candidates: M — size of the candidate set.
+
+    Returns:
+        A permutation of [0, M) as a list of length M.
+    """
+    seed_int = int.from_bytes(combined_seed, "big")
+    rng = random.Random(seed_int)
+    pi = list(range(num_candidates))
+    rng.shuffle(pi)
+    return pi
+
+
+# ---------------------------------------------------------------------------
+# Algorithm 1
+# ---------------------------------------------------------------------------
+
+def algorithm_1_oblivious_candidate_permutation(
+    security_bits: int,
+    num_candidates: int,
+    num_parties: int,
+    seeds: Optional[List[bytes]] = None,
+) -> List[int]:
+    """Generate a public uniformly random permutation of candidates.
+
+    Algorithm 1 of "Fairness Without Exposure: Privacy-Preserving Phragmén
+    Voting", Section 5.1.
+
+    Each party commits to a random seed via SHA-256, then reveals it.  The
+    combined (XOR) seed drives a Fisher-Yates shuffle that produces the
+    oblivious permutation π used by Algorithm 6 for tie-breaking.
+
+    Args:
+        security_bits: λ — bit-length of each party's random seed.
+            Must be a positive multiple of 8.
+        num_candidates: M — number of candidates to permute.
+        num_parties: D (= n in MPC notation) — number of tallying parties.
+        seeds: Optional list of D byte-strings each of length
+            ``security_bits // 8``.  When None every party samples a fresh
+            random seed.  Supply explicit seeds only in tests to obtain
+            deterministic output.
+
+    Returns:
+        A permutation π of [0, M) as a list of M distinct integers.
+
+    Raises:
+        ValueError: If ``seeds`` has wrong length or wrong element sizes.
+        ValueError: If any revealed seed does not match its commitment
+            (simulates an abort on cheating during the reveal phase).
+    """
+    seed_len = security_bits // 8
+
+    # Lines 1-3: every party samples a seed and publishes a commitment.
+    if seeds is None:
+        seeds = [os.urandom(seed_len) for _ in range(num_parties)]
+    else:
+        if len(seeds) != num_parties:
+            raise ValueError(
+                f"expected {num_parties} seeds, got {len(seeds)}"
+            )
+        for d, s in enumerate(seeds):
+            if len(s) != seed_len:
+                raise ValueError(
+                    f"seed for party {d} has length {len(s)}, "
+                    f"expected {seed_len} (security_bits={security_bits})"
+                )
+
+    commitments = [_commitment(s, d) for d, s in enumerate(seeds)]  # Line 3
+
+    # Lines 4-8: reveal phase — every party broadcasts its seed and all
+    # others verify it against the stored commitment.
+    _verify_commitments(seeds, commitments)  # Lines 6-8
+
+    # Line 9: derive the shared seed by XOR-ing all party seeds.
+    combined = seeds[0]
+    for s in seeds[1:]:
+        combined = bytes(a ^ b for a, b in zip(combined, s))
+
+    # Lines 10-11: Fisher-Yates shuffle seeded with the combined seed.
+    return _fisher_yates(combined, num_candidates)

pp_phragmen-0.1.0/protocol/algorithm2_validation.py

@@ -0,0 +1,95 @@
+"""Algorithm 2 — Input Validation, Sanitization & Compaction.
+
+Reference: Algorithm 2 in "Fairness Without Exposure: Privacy-Preserving
+Phragmén Voting", Section 5.2 (page 9).  Run once at setup (or per period
+if ballots are re-submitted).
+
+For each ballot entry B_{n,m} the protocol verifies B_{n,m} ∈ {0, 1} by
+checking that B_{n,m}·(B_{n,m} − 1) = 0 using a single SecureMult followed
+by a public Reconstruct.  Voters whose ballot fails this check are flagged as
+cheaters and removed; the remaining honest-voter rows are compacted into a
+fresh matrix B̂ of size N_valid × M.
+"""
+
+from typing import List, Tuple
+
+from mpc_secret_shares import (
+    reconstruct,
+    secure_mult,
+    shares_one,
+    shares_sub,
+)
+from protocol.types import BallotMatrix, Shares
+
+
+def algorithm_2_input_validation(
+    B_shares: BallotMatrix,
+    n: int,
+    t: int,
+    p: int,
+) -> Tuple[BallotMatrix, int]:
+    """Validate ballot entries, remove cheating voters, and compact the matrix.
+
+    Algorithm 2 of "Fairness Without Exposure: Privacy-Preserving Phragmén
+    Voting", Section 5.2.
+
+    For each entry B_{n,m} the protocol computes
+    ``[[u]] = SecureMult([[B]], [[B]] − [[1]])``
+    and reconstructs u publicly.  Because u = B·(B−1) equals 0 if and only
+    if B ∈ {0, 1}, a non-zero u identifies voter n as a cheater.  The first
+    invalid entry short-circuits the inner loop (Lines 7–8 of the paper).
+
+    Args:
+        B_shares: An N × M matrix of (t,n)-sharings, where
+            ``B_shares[voter][candidate]`` is the sharing of B_{n,m}.
+            Voters are zero-indexed; the paper uses 1-indexed notation.
+        n: Number of MPC parties (talliers).
+        t: Reconstruction threshold.
+        p: Prime field modulus.
+
+    Returns:
+        A tuple ``(B_hat, n_valid)`` where:
+
+        * ``B_hat`` is an N_valid × M matrix of (t,n)-sharings containing
+          only the rows of honest voters, in their original relative order
+          and re-indexed from 0.
+        * ``n_valid`` is the count of honest voters (public after this step).
+    """
+    num_voters = len(B_shares)
+    num_candidates = len(B_shares[0]) if num_voters > 0 else 0
+
+    cheaters: set[int] = set()
+    one_shares: Shares = shares_one(n)  # [[1]] — shared public constant
+
+    # Lines 2-8: for each voter, check every ballot entry until a violation
+    # is found.  The inner loop breaks on the first detected cheat (Line 8).
+    for voter in range(num_voters):                                  # Line 2
+        for cand in range(num_candidates):                           # Line 3
+            b_nm: Shares = B_shares[voter][cand]
+
+            # Line 4: [[u]] = SecureMult([[B]], [[B]] − [[1]])
+            # [[B]] − [[1]] is a local operation (affine subtraction).
+            b_minus_one: Shares = shares_sub(b_nm, one_shares, p)
+            u_shares: Shares = secure_mult(
+                b_nm, b_minus_one, n, t, p
+            )
+
+            # Line 5: u ← Reconstruct([[u]])  — publicly revealed.
+            u_val: int = reconstruct(u_shares[:t], p)
+
+            # Lines 6-8: non-zero u means B ∉ {0, 1} → voter is a cheater.
+            if u_val != 0:                                           # Line 6
+                cheaters.add(voter)                                  # Line 7
+                break                                                # Line 8
+
+    # Line 9: N_valid = N − |Cheaters|.
+    n_valid: int = num_voters - len(cheaters)
+
+    # Lines 10-15: compact honest voters into B_hat, preserving row order.
+    B_hat: BallotMatrix = [
+        B_shares[voter]
+        for voter in range(num_voters)
+        if voter not in cheaters
+    ]
+
+    return B_hat, n_valid                                            # Line 16

pp_phragmen-0.1.0/protocol/algorithm3_initialization.py

@@ -0,0 +1,56 @@
+"""Algorithm 3 — Initialization.
+
+Reference: Algorithm 3 in "Fairness Without Exposure: Privacy-Preserving
+Phragmén Voting", Section 5.3 (page 9).  Run once, prior to the first
+election period only.
+
+Sets the global denominator Δ to 1 and every voter's scaled wallet W̃_i to 0,
+establishing the invariant w_n = W̃_n / Δ = 0 for all voters at the start.
+No MPC secure operations are required — both values are public constants.
+"""
+
+from typing import List, Tuple
+
+from mpc_secret_shares import (
+    shares_one,
+    shares_zero,
+)
+from protocol.types import Shares
+
+
+def algorithm_3_initialization(
+    n_valid: int,
+    n: int,
+    t: int,
+    p: int,
+) -> Tuple[Shares, List[Shares]]:
+    """Initialise the global denominator and all voter wallets to their
+    starting values.
+
+    Algorithm 3 of "Fairness Without Exposure: Privacy-Preserving Phragmén
+    Voting", Section 5.3.
+
+    At the start of the first period all rational wallet balances w_n are 0.
+    The protocol represents each balance as w_n = W̃_n / Δ, so initialising
+    Δ = 1 and W̃_n = 0 satisfies the invariant without any field division.
+
+    Args:
+        n_valid: N_valid — number of honest voters after Algorithm 2.
+        n: Number of MPC parties (talliers).
+        t: Reconstruction threshold.
+        p: Prime field modulus.
+
+    Returns:
+        A tuple ``(delta_shares, wallet_shares)`` where:
+
+        * ``delta_shares`` is a (t,n)-sharing of Δ = 1  (Algorithm 3, Line 1).
+        * ``wallet_shares`` is a list of N_valid (t,n)-sharings, each
+          encoding W̃_i = 0  (Algorithm 3, Lines 2–3).
+    """
+    # Line 1: [[Δ]] ← [[1]]
+    delta_shares: Shares = shares_one(n)
+
+    # Lines 2-3: [[W̃_i]] ← [[0]] for every honest voter i.
+    wallet_shares: List[Shares] = [shares_zero(n) for _ in range(n_valid)]
+
+    return delta_shares, wallet_shares

pp_phragmen-0.1.0/protocol/algorithm4_score.py

@@ -0,0 +1,116 @@
+"""Algorithm 4 — Oblivious Score Computation (Global Denominator).
+
+Reference: Algorithm 4 in "Fairness Without Exposure: Privacy-Preserving
+Phragmén Voting", Section 5.4 (pages 10–11).  Run every election period.
+
+Computes per-candidate scores in numerator/denominator form using the
+common-denominator strategy (Section 5, page 7):
+
+    Score_m = Score_m^num / Score_m^den
+            = (Δ − T̃_m) / (|A(m)| · Δ)
+
+where T̃_m = Σ_{i ∈ A(m)} W̃_i is the sum of scaled wallets of candidate
+m's supporters, and Δ is the shared global denominator.  This eliminates
+per-voter cross-multiplication from the critical path (O(MN) SecureMult
+instead of O(MN²)).
+
+Precondition (paper Section 5, page 8): at least one candidate must have
+|A(m)| > 0 (i.e. at least one voter approves at least one candidate).
+The degenerate all-zero ballot matrix is explicitly excluded by the paper;
+calling this function with n_valid=0 or all-zero ballots is outside the
+paper's guaranteed domain and will produce Score^den = 0 for every candidate,
+making Algorithm 5's comparison meaningless.
+"""
+
+from typing import List, Tuple
+
+from mpc_secret_shares import (
+    secure_mult,
+    shares_add,
+    shares_sub,
+    shares_zero,
+)
+from protocol.types import BallotMatrix, ScorePair, Shares
+
+
+def algorithm_4_score_computation(
+    B_hat: BallotMatrix,
+    wallet_shares: List[Shares],
+    delta_shares: Shares,
+    n_valid: int,
+    num_candidates: int,
+    n: int,
+    t: int,
+    p: int,
+) -> Tuple[List[ScorePair], List[Shares], List[Shares]]:
+    """Compute per-candidate scores and supporting data for the current period.
+
+    Algorithm 4 of "Fairness Without Exposure: Privacy-Preserving Phragmén
+    Voting", Section 5.4.
+
+    For each candidate m the algorithm accumulates:
+
+    * ``[[|A(m)|]]`` — supporter count (local additions of ballot bits).
+    * ``[[T̃_m]]`` — scaled wallet sum of supporters (SecureMult per voter).
+
+    Then it derives the score representation from Equation (4) of the paper:
+
+    * ``[[Score_m^num]] = [[Δ]] − [[T̃_m]]``       (local subtraction)
+    * ``[[Score_m^den]] = SecureMult([[Δ]], [[|A(m)|]])``
+
+    Args:
+        B_hat: N_valid × M matrix of (t,n)-sharings of B̂_{i,m} ∈ {0,1}.
+        wallet_shares: List of N_valid (t,n)-sharings of the scaled wallets
+            W̃_i.  Index matches the row index of B_hat.
+        delta_shares: (t,n)-sharing of the global denominator Δ.
+        n_valid: Number of valid voters N_valid.  Must equal len(B_hat).
+        num_candidates: Number of candidates M.
+        n: Number of MPC parties.
+        t: Reconstruction threshold.
+        p: Prime field modulus.
+
+    Returns:
+        A tuple ``(scores, A_shares, T_tilde_shares)`` where:
+
+        * ``scores[m]`` is ``(Score_m^num, Score_m^den)`` — a ScorePair of
+          (t,n)-sharings for candidate m (Algorithm 4, Lines 8–9).
+        * ``A_shares[m]`` is ``[[|A(m)|]]`` — supporter count for candidate m
+          (Line 5), needed by Algorithm 7.
+        * ``T_tilde_shares[m]`` is ``[[T̃_m]]`` — scaled wallet sum for
+          candidate m (Line 7), needed by Algorithm 7.
+    """
+    scores: List[ScorePair] = []
+    A_shares: List[Shares] = []
+    T_tilde_shares: List[Shares] = []
+
+    for m in range(num_candidates):                               # Line 1
+        A_m: Shares = shares_zero(n)                             # Line 2
+        T_m: Shares = shares_zero(n)                             # Line 3
+
+        for i in range(n_valid):                                  # Line 4
+            b_im: Shares = B_hat[i][m]
+
+            # Line 5: [[|A(m)|]] ← [[|A(m)|]] + [[B̂_{i,m}]]  (local)
+            A_m = shares_add(A_m, b_im, p)
+
+            # Line 6: [[contrib]] ← SecureMult([[B̂_{i,m}]], [[W̃_i]])
+            contrib: Shares = secure_mult(
+                b_im, wallet_shares[i], n, t, p
+            )
+
+            # Line 7: [[T̃_m]] ← [[T̃_m]] + [[contrib]]  (local)
+            T_m = shares_add(T_m, contrib, p)
+
+        # Line 8: [[Score_m^num]] ← [[Δ]] − [[T̃_m]]  (local)
+        score_num: Shares = shares_sub(delta_shares, T_m, p)
+
+        # Line 9: [[Score_m^den]] ← SecureMult([[Δ]], [[|A(m)|]])
+        score_den: Shares = secure_mult(
+            delta_shares, A_m, n, t, p
+        )
+
+        scores.append((score_num, score_den))
+        A_shares.append(A_m)
+        T_tilde_shares.append(T_m)
+
+    return scores, A_shares, T_tilde_shares

pp_phragmen-0.1.0/protocol/algorithm5_find_min.py

@@ -0,0 +1,109 @@
+"""Algorithm 5 — Find Minimum Score.
+
+Reference: Algorithm 5 in "Fairness Without Exposure: Privacy-Preserving
+Phragmén Voting", Section 5.5 (page 12).  Run every election period.
+
+Finds the winning (minimum) score among all M candidates using a sequential
+left-to-right reduction.  At each step the running best is compared against
+the next candidate via cross-multiplication to avoid division:
+
+    Score_m < Score_best  iff  Score_m^num · best^den < best^num · Score_m^den
+
+Both cross-products are non-negative (Lemma 7.1), so SecureLT is valid.
+
+Round complexity: O(M) — this sequential chain is the dominant latency
+bottleneck of the per-period loop (paper Remark 6.1).
+"""
+
+from typing import List, Tuple
+
+from mpc_secret_shares import (
+    secure_mult,
+    secure_lt,
+    shares_add,
+    shares_sub,
+)
+from protocol.types import ScorePair, Shares
+
+
+def algorithm_5_find_minimum_score(
+    scores: List[ScorePair],
+    n: int,
+    t: int,
+    p: int,
+) -> ScorePair:
+    """Find the shared winning (minimum) score across all candidates.
+
+    Algorithm 5 of "Fairness Without Exposure: Privacy-Preserving Phragmén
+    Voting", Section 5.5.
+
+    Maintains a running best ``(best^num, best^den)`` initialised to the
+    first candidate's score (Lines 1–2).  For each subsequent candidate m
+    (Lines 3–8) the algorithm:
+
+    1. Computes two cross-products to compare scores without division
+       (Lines 4–5).
+    2. Calls SecureLT to get a shared bit β_m = 1_{Score_m < Score_best}
+       (Line 6).
+    3. Updates the running best via a multiplexer:
+       ``best ← best + β_m · (Score_m − best)``
+       which selects Score_m when β_m = 1 and leaves best unchanged when 0
+       (Lines 7–8).
+
+    Args:
+        scores: List of M ScorePairs ``(Score_m^num, Score_m^den)`` produced
+            by Algorithm 4.  Must contain at least one entry.
+        n: Number of MPC parties.
+        t: Reconstruction threshold.
+        p: Prime field modulus.
+
+    Returns:
+        A ScorePair ``(Score*^num, Score*^den)`` — a (t,n)-sharing of the
+        minimum score among all candidates.
+
+    Raises:
+        ValueError: If ``scores`` is empty (no candidates).
+    """
+    if not scores:
+        raise ValueError("scores must be non-empty: at least one candidate required")
+
+    # Lines 1-2: initialise the running best to the first candidate's score.
+    best_num: Shares = scores[0][0]
+    best_den: Shares = scores[0][1]
+
+    # Lines 3-8: compare each subsequent candidate against the running best.
+    for m in range(1, len(scores)):                                  # Line 3
+        score_num: Shares = scores[m][0]
+        score_den: Shares = scores[m][1]
+
+        # Line 4: cross_a = Score_m^num · best^den
+        cross_a: Shares = secure_mult(
+            score_num, best_den, n, t, p
+        )
+
+        # Line 5: cross_b = best^num · Score_m^den
+        cross_b: Shares = secure_mult(
+            best_num, score_den, n, t, p
+        )
+
+        # Line 6: β_m = SecureLT(cross_a, cross_b)
+        # β_m = 1  iff  Score_m < Score_best  (candidate m is a better winner)
+        beta_m: Shares = secure_lt(cross_a, cross_b, n, t, p)
+
+        # Line 7: best^num ← best^num + β_m · (Score_m^num − best^num)
+        diff_num: Shares = shares_sub(score_num, best_num, p)
+        best_num = shares_add(
+            best_num,
+            secure_mult(beta_m, diff_num, n, t, p),
+            p,
+        )
+
+        # Line 8: best^den ← best^den + β_m · (Score_m^den − best^den)
+        diff_den: Shares = shares_sub(score_den, best_den, p)
+        best_den = shares_add(
+            best_den,
+            secure_mult(beta_m, diff_den, n, t, p),
+            p,
+        )
+
+    return best_num, best_den                                        # Lines 9-10