shuffle

package
v3.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 7, 2022 License: MPL-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package shuffle implements Andrew Neff's verifiable shuffle proof scheme. Neff's shuffle proof algorithm as implemented here is described in the paper "Verifiable Mixing (Shuffling) of ElGamal Pairs", April 2004.

The PairShuffle type implements the general algorithm to prove the correctness of a shuffle of arbitrary ElGamal pairs. This will be the primary API of interest for most applications. For basic usage, the caller should first instantiate a PairShuffle object, then invoke PairShuffle.Init() to initialize the shuffle parameters, and finally invoke PairShuffle.Shuffle() to shuffle a list of ElGamal pairs, yielding a list of re-randomized pairs and a noninteractive proof of its correctness.

The SimpleShuffle type implements Neff's more restrictive "simple shuffle", which requires the prover to know the discrete logarithms of all the individual ElGamal ciphertexts involved in the shuffle. The general PairShuffle builds on this SimpleShuffle scheme, but SimpleShuffle may also be used by itself in situations that satisfy its assumptions, and is more efficient.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Biffle

func Biffle(suite Suite, G, H kyber.Point,
	X, Y [2]kyber.Point, rand cipher.Stream) (
	Xbar, Ybar [2]kyber.Point, prover proof.Prover)

Biffle is a binary shuffle ("biffle") for 2 ciphertexts based on general ZKPs.

func BiffleVerifier

func BiffleVerifier(suite Suite, G, H kyber.Point,
	X, Y, Xbar, Ybar [2]kyber.Point) (
	verifier proof.Verifier)

BiffleVerifier returns a verifier of the biffle

func Shuffle

func Shuffle(group kyber.Group, g, h kyber.Point, X, Y []kyber.Point,
	rand cipher.Stream) (XX, YY []kyber.Point, P proof.Prover)

Shuffle randomly shuffles and re-randomizes a set of ElGamal pairs, producing a correctness proof in the process. Returns (Xbar,Ybar), the shuffled and randomized pairs. If g or h is nil, the standard base point is used.

func Verifier

func Verifier(group kyber.Group, g, h kyber.Point,
	X, Y, Xbar, Ybar []kyber.Point) proof.Verifier

Verifier produces a Sigma-protocol verifier to check the correctness of a shuffle.

Types

type PairShuffle

type PairShuffle struct {
	// contains filtered or unexported fields
}

PairShuffle creates a proof of the correctness of a shuffle of a series of ElGamal pairs.

The caller must first invoke Init() to establish the cryptographic parameters for the shuffle: in particular, the relevant cryptographic Group, and the number of ElGamal pairs to be shuffled.

The caller then may either perform its own shuffle, according to a permutation of the caller's choosing, and invoke Prove() to create a proof of its correctness; or alternatively the caller may simply invoke Shuffle() to pick a random permutation, compute the shuffle, and compute the correctness proof.

func (*PairShuffle) Init

func (ps *PairShuffle) Init(grp kyber.Group, k int) *PairShuffle

Init creates a new PairShuffleProof instance for a k-element ElGamal pair shuffle. This protocol follows the ElGamal Pair Shuffle defined in section 4 of Andrew Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004.

func (*PairShuffle) Prove

func (ps *PairShuffle) Prove(
	pi []int, g, h kyber.Point, beta []kyber.Scalar,
	X, Y []kyber.Point, rand cipher.Stream,
	ctx proof.ProverContext) error

Prove returns an error if the shuffle is not correct.

func (*PairShuffle) Verify

func (ps *PairShuffle) Verify(
	g, h kyber.Point, X, Y, Xbar, Ybar []kyber.Point,
	ctx proof.VerifierContext) error

Verify ElGamal Pair Shuffle proofs.

type SimpleShuffle

type SimpleShuffle struct {
	// contains filtered or unexported fields
}

SimpleShuffle is the "Simple k-shuffle" defined in section 3 of Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004.

func (*SimpleShuffle) Init

func (ss *SimpleShuffle) Init(grp kyber.Group, k int) *SimpleShuffle

Init initializes the simple shuffle with the given group and the k parameter from the paper.

func (*SimpleShuffle) Prove

func (ss *SimpleShuffle) Prove(G kyber.Point, gamma kyber.Scalar,
	x, y []kyber.Scalar, rand cipher.Stream,
	ctx proof.ProverContext) error

Prove the "Simple k-shuffle" defined in section 3 of Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004. The Scalar vector y must be a permutation of Scalar vector x but with all elements multiplied by common Scalar gamma.

func (*SimpleShuffle) Verify

func (ss *SimpleShuffle) Verify(G, Gamma kyber.Point,
	ctx proof.VerifierContext) error

Verify for Neff simple k-shuffle proofs.

type Suite

type Suite proof.Suite

Suite wraps the functionalities needed by the shuffle/ package. These are the same functionatlities needed by the proof/ package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL