paillier

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrPaillierLength = errors.New("wrong number bit length of Paillier modulus N")
	ErrPaillierEven   = errors.New("modulus N is even")
	ErrPaillierNil    = errors.New("modulus N is nil")
)
View Source
var (
	ErrPrimeBadLength = errors.New("prime factor is not the right length")
	ErrNotBlum        = errors.New("prime factor is not equivalent to 3 (mod 4)")
	ErrNotSafePrime   = errors.New("supposed prime factor is not a safe prime")
	ErrPrimeNil       = errors.New("prime is nil")
)

Functions

func KeyGen

func KeyGen(pl *pool.Pool) (pk *PublicKey, sk *SecretKey)

KeyGen generates a new PublicKey and it's associated SecretKey.

func ValidateN

func ValidateN(n *saferith.Modulus) error

ValidateN performs basic checks to make sure the modulus is valid: - log₂(n) = params.BitsPaillier. - n is odd.

func ValidatePrime

func ValidatePrime(p *saferith.Nat) error

ValidatePrime checks whether p is a suitable prime for Paillier. Checks: - log₂(p) ≡ params.BitsBlumPrime. - p ≡ 3 (mod 4). - q := (p-1)/2 is prime.

Types

type Ciphertext

type Ciphertext struct {
	// contains filtered or unexported fields
}

Ciphertext represents an integer of the for (1+N)ᵐρᴺ (mod N²), representing the encryption of m ∈ ℤₙˣ.

func (*Ciphertext) Add

func (ct *Ciphertext) Add(pk *PublicKey, ct2 *Ciphertext) *Ciphertext

Add sets ct to the homomorphic sum ct ⊕ ct₂. ct ← ct•ct₂ (mod N²).

func (Ciphertext) Clone

func (ct Ciphertext) Clone() *Ciphertext

Clone returns a deep copy of ct.

func (*Ciphertext) Domain

func (*Ciphertext) Domain() string

Domain implements hash.WriterToWithDomain, and separates this type within hash.Hash.

func (*Ciphertext) Equal

func (ct *Ciphertext) Equal(ctA *Ciphertext) bool

Equal check whether ct ≡ ctₐ (mod N²).

func (*Ciphertext) MarshalBinary

func (ct *Ciphertext) MarshalBinary() ([]byte, error)

func (*Ciphertext) Mul

func (ct *Ciphertext) Mul(pk *PublicKey, k *saferith.Int) *Ciphertext

Mul sets ct to the homomorphic multiplication of k ⊙ ct. ct ← ctᵏ (mod N²).

func (*Ciphertext) Nat

func (ct *Ciphertext) Nat() *saferith.Nat

func (*Ciphertext) Randomize

func (ct *Ciphertext) Randomize(pk *PublicKey, nonce *saferith.Nat) *saferith.Nat

Randomize multiplies the ciphertext's nonce by a newly generated one. ct ← ct ⋅ nonceᴺ (mod N²). If nonce is nil, a random one is generated. The receiver is updated, and the nonce update is returned.

func (*Ciphertext) UnmarshalBinary

func (ct *Ciphertext) UnmarshalBinary(data []byte) error

func (*Ciphertext) WriteTo

func (ct *Ciphertext) WriteTo(w io.Writer) (int64, error)

WriteTo implements io.WriterTo and should be used within the hash.Hash function.

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is a Paillier public key. It is represented by a modulus N.

func NewPublicKey

func NewPublicKey(n *saferith.Modulus) *PublicKey

NewPublicKey returns an initialized paillier.PublicKey and caches N, N² and (N-1)/2.

func (PublicKey) Domain

func (PublicKey) Domain() string

Domain implements hash.WriterToWithDomain, and separates this type within hash.Hash.

func (PublicKey) Enc

func (pk PublicKey) Enc(m *saferith.Int) (*Ciphertext, *saferith.Nat)

Enc returns the encryption of m under the public key pk. The nonce used to encrypt is returned.

The message m must be in the range [-(N-1)/2, …, (N-1)/2] and panics otherwise.

ct = (1+N)ᵐρᴺ (mod N²).

func (PublicKey) EncWithNonce

func (pk PublicKey) EncWithNonce(m *saferith.Int, nonce *saferith.Nat) *Ciphertext

EncWithNonce returns the encryption of m under the public key pk. The nonce is not returned.

The message m must be in the range [-(N-1)/2, …, (N-1)/2] and panics otherwise

ct = (1+N)ᵐρᴺ (mod N²).

func (PublicKey) Equal

func (pk PublicKey) Equal(other *PublicKey) bool

Equal returns true if pk ≡ other.

func (*PublicKey) Modulus

func (pk *PublicKey) Modulus() *arith.Modulus

Modulus returns an arith.Modulus for N which may allow for accelerated exponentiation when this public key was generated from a secret key.

func (*PublicKey) ModulusSquared

func (pk *PublicKey) ModulusSquared() *arith.Modulus

ModulusSquared returns an arith.Modulus for N² which may allow for accelerated exponentiation when this public key was generated from a secret key.

func (*PublicKey) N

func (pk *PublicKey) N() *saferith.Modulus

N is the public modulus making up this key.

func (PublicKey) ValidateCiphertexts

func (pk PublicKey) ValidateCiphertexts(cts ...*Ciphertext) bool

ValidateCiphertexts checks if all ciphertexts are in the correct range and coprime to N² ct ∈ [1, …, N²-1] AND GCD(ct,N²) = 1.

func (*PublicKey) WriteTo

func (pk *PublicKey) WriteTo(w io.Writer) (int64, error)

WriteTo implements io.WriterTo and should be used within the hash.Hash function.

type SecretKey

type SecretKey struct {
	*PublicKey
	// contains filtered or unexported fields
}

SecretKey is the secret key corresponding to a Public Paillier Key.

A public key is a modulus N, and the secret key contains the information needed to factor N into two primes, P and Q. This allows us to decrypt values encrypted using this modulus.

func NewSecretKey

func NewSecretKey(pl *pool.Pool) *SecretKey

NewSecretKey generates primes p and q suitable for the scheme, and returns the initialized SecretKey.

func NewSecretKeyFromPrimes

func NewSecretKeyFromPrimes(P, Q *saferith.Nat) *SecretKey

NewSecretKeyFromPrimes generates a new SecretKey. Assumes that P and Q are prime.

func (*SecretKey) Dec

func (sk *SecretKey) Dec(ct *Ciphertext) (*saferith.Int, error)

Dec decrypts c and returns the plaintext m ∈ ± (N-2)/2. It returns an error if gcd(c, N²) != 1 or if c is not in [1, N²-1].

func (*SecretKey) DecWithRandomness

func (sk *SecretKey) DecWithRandomness(ct *Ciphertext) (*saferith.Int, *saferith.Nat, error)

DecWithRandomness returns the underlying plaintext, as well as the randomness used.

func (SecretKey) GeneratePedersen

func (sk SecretKey) GeneratePedersen() (*pedersen.Parameters, *saferith.Nat)

func (*SecretKey) P

func (sk *SecretKey) P() *saferith.Nat

P returns the first of the two factors composing this key.

func (*SecretKey) Phi

func (sk *SecretKey) Phi() *saferith.Nat

Phi returns ϕ = (P-1)(Q-1).

This is the result of the totient function ϕ(N), where N = P⋅Q is our public key. This function counts the number of units mod N.

This quantity is useful in ZK proofs.

func (*SecretKey) Q

func (sk *SecretKey) Q() *saferith.Nat

Q returns the second of the two factors composing this key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL