Documentation ¶
Index ¶
- func DecryptCCAonG1(s pairing.Suite, private kyber.Point, c *Ciphertext) ([]byte, error)
- func DecryptCCAonG2(s pairing.Suite, private kyber.Point, c *Ciphertext) ([]byte, error)
- func DecryptCPAonG1(s pairing.Suite, private kyber.Point, c *CiphertextCPA) ([]byte, error)
- func H2Tag() []byte
- func H3Tag() []byte
- func H4Tag() []byte
- type Ciphertext
- type CiphertextCPA
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecryptCCAonG1 ¶ added in v1.2.0
DecryptCCAonG1 decrypts ciphertexts encrypted using EncryptCCAonG1 given a G2 "private" point
func DecryptCCAonG2 ¶ added in v1.2.0
DecryptCCAonG2 decrypts ciphertexts encrypted using EncryptCCAonG2 given a G1 "private" point
func DecryptCPAonG1 ¶ added in v1.2.0
DecryptCPAonG1 implements the CPA identity-based encryption scheme from https://crypto.stanford.edu/~dabo/pubs/papers/bfibe.pdf for more information about the scheme. SigGroup = G2 (large secret identities) KeyGroup = G1 (short master public keys) Decrypt:
- V XOR H2(e(U, did)) = V XOR H2(e(rP, s*Qid)) = V XOR H2(e(P, P)^(r*s*x)) = V XOR H2(GidT) = M
Types ¶
type Ciphertext ¶
type Ciphertext struct { // Random point rP U kyber.Point // Sigma attached to ID: sigma XOR H(rG_id) V []byte // ciphertext of the message M XOR H(sigma) W []byte }
func EncryptCCAonG1 ¶ added in v1.2.0
EncryptCCAonG1 implements the CCA identity-based encryption scheme from https://crypto.stanford.edu/~dabo/pubs/papers/bfibe.pdf for more information about the scheme. - master is the master key on G1 - "identities" (rounds) are on G2 - the Ciphertext.U point will be on G1 - ID is the ID towards which we encrypt the message - msg is the actual message - seed is the random seed to generate the random element (sigma) of the encryption The suite must produce points which implements the `HashablePoint` interface.
func EncryptCCAonG2 ¶ added in v1.2.0
EncryptCCAonG2 implements the CCA identity-based encryption scheme from https://crypto.stanford.edu/~dabo/pubs/papers/bfibe.pdf for more information about the scheme. - master is the master key on G2 - identities ("round") are on G1 - the Ciphertext.U point will be on G2 - ID is the ID towards which we encrypt the message - msg is the actual message - seed is the random seed to generate the random element (sigma) of the encryption The suite must produce points which implements the `HashablePoint` interface.
type CiphertextCPA ¶ added in v1.2.0
func EncryptCPAonG1 ¶ added in v1.2.0
func EncryptCPAonG1(s pairing.Suite, basePoint, public kyber.Point, ID, msg []byte) (*CiphertextCPA, error)
EncryptCPAonG1 implements the CPA identity-based encryption scheme from https://crypto.stanford.edu/~dabo/pubs/papers/bfibe.pdf for more information about the scheme. SigGroup = G2 (large secret identities) KeyGroup = G1 (short master public keys) P random generator of G1 dist master key: s, Ppub = s*P \in G1 H1: {0,1}^n -> G1 H2: GT -> {0,1}^n ID: Qid = H1(ID) = xP \in G2
secret did = s*Qid \in G2
Encrypt:
- random r scalar
- Gid = e(Ppub, r*Qid) == e(P, P)^(x*s*r) \in GT = GidT
- U = rP \in G1,
- V = M XOR H2(Gid)) = M XOR H2(GidT) \in {0,1}^n