Documentation
¶
Overview ¶
Package simple includes simple schemes for functional encryption of inner products.
All implementations in this package are based on the reference paper by Abdalla et. al (see https://eprint.iacr.org/2015/017.pdf). The reference scheme offers selective security under chosen-plaintext attacks (s-IND-CPA security).
The reference scheme is public key, which means that no master secret key is required for the encryption.
For instantiation from the decisional Diffie-Hellman assumption (DDH), see struct DDH (and its multi-input variant DDHMulti, which is a secret key scheme, because a part of the secret key is required for the encryption).
For instantiation from learning with errors (LWE), see structs LWE and RingLWE.
Index ¶
- type DDH
- func (d *DDH) Decrypt(cipher data.Vector, key *big.Int, y data.Vector) (*big.Int, error)
- func (d *DDH) DeriveKey(masterSecKey, y data.Vector) (*big.Int, error)
- func (d *DDH) Encrypt(x, masterPubKey data.Vector) (data.Vector, error)
- func (d *DDH) GenerateMasterKeys() (data.Vector, data.Vector, error)
- type DDHMulti
- type DDHMultiClient
- type DDHMultiDerivedKey
- type DDHMultiSecKey
- type DDHParams
- type LWE
- func (s *LWE) Decrypt(ct, skY, y data.Vector) (*big.Int, error)
- func (s *LWE) DeriveKey(y data.Vector, SK data.Matrix) (data.Vector, error)
- func (s *LWE) Encrypt(x data.Vector, PK data.Matrix) (data.Vector, error)
- func (s *LWE) GeneratePublicKey(SK data.Matrix) (data.Matrix, error)
- func (s *LWE) GenerateSecretKey() (data.Matrix, error)
- type LWEParams
- type RingLWE
- func (s *RingLWE) Decrypt(CT *RingLWECipher, skY, y data.Vector) (data.Vector, error)
- func (s *RingLWE) DeriveKey(y data.Vector, SK data.Matrix) (data.Vector, error)
- func (s *RingLWE) Encrypt(X data.Matrix, PK data.Matrix) (*RingLWECipher, error)
- func (s *RingLWE) GeneratePublicKey(SK data.Matrix) (data.Matrix, error)
- func (s *RingLWE) GenerateSecretKey() (data.Matrix, error)
- type RingLWECipher
- type RingLWEParams
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DDH ¶
type DDH struct {
Params *DDHParams
}
DDH represents a scheme instantiated from the DDH assumption, based on the DDH variant by Abdalla, Bourse, De Caro, and Pointchev: "Simple Functional Encryption Schemes for Inner Products".
func NewDDH ¶
NewDDH configures a new instance of the scheme. It accepts the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded.
It returns an error in case the scheme could not be properly configured, or if precondition l * bound² is >= order of the cyclic group.
func NewDDHFromParams ¶
NewDDHFromParams takes configuration parameters of an existing DDH scheme instance, and reconstructs the scheme with same configuration parameters. It returns a new DDH instance.
func NewDDHPrecomp ¶
NewDDHPrecomp configures a new instance of the scheme based on precomputed prime numbers and generators. It accepts the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded. The modulus length should be one of values 1024, 1536, 2048, 2560, 3072, or 4096.
It returns an error in case the scheme could not be properly configured, or if precondition l * bound² is >= order of the cyclic group.
func (*DDH) Decrypt ¶
Decrypt accepts the encrypted vector, functional encryption key, and a plaintext vector y. It returns the inner product of x and y. If decryption failed, error is returned.
func (*DDH) DeriveKey ¶
DeriveKey takes master secret key and input vector y, and returns the functional encryption key. In case the key could not be derived, it returns an error.
type DDHMulti ¶
DDHMulti represents a multi input variant of the underlying DDH scheme based on Abdalla, Catalano, Fiore, Gay, and Ursu: "Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings".
func NewDDHMulti ¶
NewDDHMulti configures a new instance of the scheme. It accepts the number of slots (encryptors), the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded.
It returns an error in case the underlying DDH scheme instances could not be properly instantiated.
func NewDDHMultiFromParams ¶
NewDDHMultiFromParams takes the number of slots and configuration parameters of an existing DDH scheme instance, and reconstructs the scheme with same configuration parameters.
It returns a new DDHMulti instance.
func NewDDHMultiPrecomp ¶
NewDDHMultiPrecomp configures a new instance of the scheme based on precomputed prime numbers and generators.. It accepts the number of slots (encryptors), the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded. The modulus length should be one of values 1024, 1536, 2048, 2560, 3072, or 4096.
It returns an error in case the underlying DDH scheme instances could not be properly instantiated.
func (*DDHMulti) Decrypt ¶
func (dm *DDHMulti) Decrypt(cipher []data.Vector, key *DDHMultiDerivedKey, y data.Matrix) (*big.Int, error)
Decrypt accepts the matrix cipher comprised of encrypted vectors, functional encryption key, and a matrix y comprised of plaintext vectors. It returns the sum of inner products. If decryption failed, error is returned.
func (*DDHMulti) DeriveKey ¶
func (dm *DDHMulti) DeriveKey(secKey *DDHMultiSecKey, y data.Matrix) (*DDHMultiDerivedKey, error)
DeriveKey takes master secret key and a matrix y comprised of input vectors, and returns the functional encryption key. In case the key could not be derived, it returns an error.
func (*DDHMulti) GenerateMasterKeys ¶
func (dm *DDHMulti) GenerateMasterKeys() (data.Matrix, *DDHMultiSecKey, error)
GenerateMasterKeys generates matrices comprised of master secret keys and master public keys for the scheme.
It returns an error in case master keys could not be generated.
type DDHMultiClient ¶
type DDHMultiClient struct {
*DDH
}
DDHMultiClient represents a multi input variant of the underlying DDH scheme based on Abdalla, Catalano, Fiore, Gay, and Ursu: "Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings".
func NewDDHMultiClient ¶
func NewDDHMultiClient(params *DDHParams) *DDHMultiClient
NewDDHMultiClient configures a new instance of the scheme. It accepts the number of slots (encryptors), the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded.
It returns an error in case the underlying DDH scheme instances could not be properly instantiated.
type DDHMultiDerivedKey ¶
DDHMultiDerivedKey is functional encryption key for DDH Scheme.
type DDHMultiSecKey ¶
DDHMultiSecKey is a secret key for DDH multi input scheme.
type DDHParams ¶
type DDHParams struct {
// length of input vectors x and y
L int
// The value by which coordinates of input vectors x and y are bounded.
Bound *big.Int
// Generator of a cyclic group Z_P: G^(Q) = 1 (mod P).
G *big.Int
// Modulus - we are operating in a cyclic group Z_P.
P *big.Int
// Order of the generator G.
Q *big.Int
}
DDHParams represents configuration parameters for the DDH scheme instance.
type LWE ¶
type LWE struct {
Params *LWEParams
}
LWE represents a scheme instantiated from the LWE assumption, based on the LWE variant by Abdalla, Bourse, De Caro, and Pointchev: "Simple Functional Encryption Schemes for Inner Products".
func NewLWE ¶
NewLWE configures a new instance of the scheme. It accepts the length of input vectors l, bound for coordinates of input vectors x and y, the main security parameters n and m, modulus for input data p, and modulus for ciphertext and keys q. Security parameters are generated so that they satisfy theoretical bounds provided in the phd thesis Functional Encryption for Inner-Product Evaluations, see Section 8.3.1 in https://www.di.ens.fr/~fbourse/publications/Thesis.pdf Note that this is a prototype implementation and should not be used in production before security testing against various known attacks has been performed. Unfortunately, no such (theoretical) evaluation exists yet in the literature.
It returns an error in case public parameters of the scheme could not be generated.
func (*LWE) Decrypt ¶
Decrypt accepts an encrypted vector ct, functional encryption key skY, and plaintext vector y. It returns the inner product of x and y. If decryption failed (for instance with input data that violates the configured bound or malformed ciphertext or keys), error is returned.
func (*LWE) DeriveKey ¶
DeriveKey accepts input vector y and master secret key SK, and derives a functional encryption key.
In case of malformed secret key or input vector that violates the configured bound, it returns an error.
func (*LWE) Encrypt ¶
Encrypt encrypts vector x using public key PK. It returns the resulting ciphertext vector. In case of malformed public key or input vector that violates the configured bound, it returns an error.
func (*LWE) GeneratePublicKey ¶
GeneratePublicKey accepts a secret key SK, standard deviation sigma. It generates a public key PK for the scheme. Public key is a matrix of m*l elements.
In case of a malformed secret key the function returns an error.
func (*LWE) GenerateSecretKey ¶
GenerateSecretKey generates a secret key for the scheme. The key is represented by a matrix with dimensions n*l whose elements are random values from the interval [0, q).
In case secret key could not be generated, it returns an error.
type LWEParams ¶
type LWEParams struct {
L int // Length of data vectors for inner product
N int // Main security parameters of the scheme
M int // Number of rows (samples) for the LWE problem
BoundX *big.Int // Bound for input vector coordinates (for x)
BoundY *big.Int // Bound for inner product vector coordinates (for y)
P *big.Int // Modulus for message space
Q *big.Int // Modulus for ciphertext and keys
SigmaQ *big.Float // standard deviation for the noise terms LWE
LSigma *big.Int // precomputed LSigma = SigmaQ / (1/2log(2)) needed for sampling
// Matrix A of dimensions M*N is a public parameter of the scheme
A data.Matrix
}
LWEParams represents parameters for the simple LWE scheme.
type RingLWE ¶
type RingLWE struct {
Params *RingLWEParams
}
RingLWE represents a FE scheme instantiated from the ringLWE assumption. It allows to encrypt a matrix X and derive a FE based on a vector y, so that one can decrypt y^T * X and nothing else. This can be seen as a SIMD version of a simple inner product scheme, since multiple vectors (columns of X) can be multiplied with y at the same time. It is based on Bermudo Mera, Karmakar, Marc, and Soleimanian: "Efficient Lattice-Based Inner-Product Functional Encryption", see https://eprint.iacr.org/2021/046.
func NewRingLWE ¶
NewRingLWE configures a new instance of the scheme. It accepts a security parameter sec, the length of input vectors l, bound for coordinates of input vectors x and y. It generates all the parameters needed to have a scheme with at least sec bits of security by using all the bounds derived in the paper https://eprint.iacr.org/2021/046, as well as having the parameters secure against so called primal attack on LWE.
func (*RingLWE) Decrypt ¶
Decrypt accepts a ciphertext CT, secret key skY, and plaintext vector y, and returns a vector of inner products of X's rows and y. If decryption failed (for instance with input data that violates the configured bound or malformed ciphertext or keys), error is returned.
func (*RingLWE) DeriveKey ¶
DeriveKey accepts input vector y and master secret key SK, and derives a functional encryption key. In case of malformed secret key or input vector that violates the configured bound, it returns an error.
func (*RingLWE) Encrypt ¶
Encrypt encrypts matrix X using public key PK. It returns the resulting ciphertext matrix. In case of malformed public key or input matrix that violates the configured bound, it returns an error.
The resulting ciphertext has dimensions (l + 1) * n.
func (*RingLWE) GeneratePublicKey ¶
GeneratePublicKey accepts a master secret key SK and generates a corresponding master public key. Public key is a matrix of l*n elements. In case of a malformed secret key the function returns an error.
func (*RingLWE) GenerateSecretKey ¶
GenerateSecretKey generates a secret key for the scheme. The key is a matrix of l*n small elements sampled from Discrete Gaussian distribution.
In case secret key could not be generated, it returns an error.
type RingLWECipher ¶
RingLWECipher is functional encryption key for DDH Scheme.
type RingLWEParams ¶
type RingLWEParams struct {
L int // Length of data vectors for inner product
// Main security parameters of the scheme
N int
// Settings for discrete gaussian sampler
Sigma1 *big.Float // standard deviation
Sigma2 *big.Float // standard deviation
Sigma3 *big.Float // standard deviation
BoundX *big.Int // upper bound for coordinates of input vectors
BoundY *big.Int // upper bound for coordinates of inner-product vectors
P *big.Int // bound for the resulting inner product
Q *big.Int // modulus for ciphertext and keys
// A is a vector with N coordinates.
// It represents a random polynomial for the scheme.
A data.Vector
}
RingLWEParams represents parameters for the ring LWE scheme.
Source Files