fullysec

package
v0.0.0-...-ccc7482 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2022 License: Apache-2.0 Imports: 13 Imported by: 9

Documentation

Overview

Package fullysec includes fully secure schemes for functional encryption of inner products.

All implementations in this package are based on the reference paper by Agrawal, Libert and Stehlé (see https://eprint.iacr.org/2015/608.pdf), and offer adaptive security under chosen-plaintext attacks (IND-CPA security).

The reference scheme is public key, which means that no master secret key is required for the encryption.

For instantiation from the decisional Diffie-Hellman assumption (DDH), see struct Damgard (and its multi-input variant DamgardMulti, which is a secret key scheme, because a part of the secret key is required for the encryption).

For instantiation from learning with errors (LWE), see struct LWE.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DMCFEDecrypt 

func DMCFEDecrypt(ciphers []*bn256.G1, keyShares []data.VectorG2, y data.Vector, label string,
	bound *big.Int) (*big.Int, error)

DMCFEDecrypt is to be called by a party that wants to decrypt a message - to compute inner product of x and y. It needs ciphertexts from all clients and key shares from all clients. The label is a string under which vector x has been encrypted (each client encrypted x_i under this label). The value bound specifies the bound of the output (solution will be in the interval (-bound, bound)) and can be nil.

Types

type DMCFEClient 

type DMCFEClient struct {
	Idx          int
	ClientSecKey *big.Int
	ClientPubKey *bn256.G1
	Share        data.Matrix
	S            data.Vector
}

DMCFEClient is to be instantiated by the client. Idx presents index of the client.

func NewDMCFEClient 

func NewDMCFEClient(idx int) (*DMCFEClient, error)

NewDMCFEClient is to be called by the party that wants to encrypt number x_i. The decryptor will be able to compute inner product of x and y where x = (x_1,...,x_l) and y is publicly known vector y = (y_1,...,y_l). Value idx presents index of the party, where it is assumed that if there are n clients, its indexes are in [0, n-1]

func (*DMCFEClient) DeriveKeyShare 

func (c *DMCFEClient) DeriveKeyShare(y data.Vector) (data.VectorG2, error)

DeriveKeyShare generates client's key share. Decryptor needs shares from all clients.

func (*DMCFEClient) Encrypt 

func (c *DMCFEClient) Encrypt(x *big.Int, label string) (*bn256.G1, error)

Encrypt encrypts number x under some label.

func (*DMCFEClient) SetShare 

func (c *DMCFEClient) SetShare(pubKeys []*bn256.G1) error

SetShare sets a shared key for client c, based on the public keys of all the clients involved in the scheme. It assumes that Idx of a client indicates which is the corresponding public key in pubKeys. Shared keys are such that each client has a random key but all the shared keys sum to 0.

type Damgard 

type Damgard struct {
	Params *DamgardParams
}

Damgard represents a scheme instantiated from the DDH assumption based on DDH variant of: Agrawal, Shweta, Libert, and Stehle: "Fully secure functional encryption for inner products, from standard assumptions".

func NewDamgard 

func NewDamgard(l, modulusLength int, bound *big.Int) (*Damgard, error)

NewDamgard configures a new instance of the scheme. It accepts the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded.

It returns an error in case the scheme could not be properly configured, or if precondition l * bound² is >= order of the cyclic group.

func NewDamgardFromParams 

func NewDamgardFromParams(params *DamgardParams) *Damgard

NewDamgardFromParams takes configuration parameters of an existing Damgard scheme instance, and reconstructs the scheme with same configuration parameters. It returns a new Damgard instance.

func NewDamgardPrecomp 

func NewDamgardPrecomp(l, modulusLength int, bound *big.Int) (*Damgard, error)

NewDamgardPrecomp configures a new instance of the scheme based on precomputed prime numbers and generators. It accepts the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded. The modulus length should be one of values 1024, 1536, 2048, 2560, 3072, or 4096. The precomputed prime numbers and generators were simply obtained by running NewDamgard function.

It returns an error in case the scheme could not be properly configured, or if precondition l * bound² is >= order of the cyclic group.

func (*Damgard) Decrypt 

func (d *Damgard) Decrypt(cipher data.Vector, key *DamgardDerivedKey, y data.Vector) (*big.Int, error)

Decrypt accepts the encrypted vector, functional encryption key, and a plaintext vector y. It returns the inner product of x and y. If decryption failed, error is returned.

func (*Damgard) DeriveKey 

func (d *Damgard) DeriveKey(masterSecKey *DamgardSecKey, y data.Vector) (*DamgardDerivedKey, error)

DeriveKey takes master secret key and input vector y, and returns the functional encryption key. In case the key could not be derived, it returns an error.

func (*Damgard) Encrypt 

func (d *Damgard) Encrypt(x, masterPubKey data.Vector) (data.Vector, error)

Encrypt encrypts input vector x with the provided master public key. It returns a ciphertext vector. If encryption failed, error is returned.

func (*Damgard) GenerateMasterKeys 

func (d *Damgard) GenerateMasterKeys() (*DamgardSecKey, data.Vector, error)

GenerateMasterKeys generates a master secret key and master public key for the scheme. It returns an error in case master keys could not be generated.

type DamgardDecMultiClient 

type DamgardDecMultiClient struct {
	// number of encryptors
	Idx int
	*DamgardMulti
	ClientPubKey *big.Int
	ClientSecKey *big.Int
	Share        data.Matrix
}

DamgardDecMultiClient represents a client in a decentralized multi client variant of the underlying multi client (dmagard_multi) scheme based. The decentralization is based on Abdalla, Benhamouda, Kohlweiss,and Waldner: "Decentralizing Inner-Product Functional Encryption". The participants in the scheme are clients without a central authority. They interactively generate private keys for each client so that client i can encrypt vector x_i. The scheme allows the clients to interactively generate a key_Y, depending on a matrix Y with rows y_i, so that given key_y and the ciphertext the decryptor can compute value Σ_i <x_i, y_i> (sum of dot products).

func NewDamgardDecMultiClient 

func NewDamgardDecMultiClient(idx int, damgardMulti *DamgardMulti) (*DamgardDecMultiClient, error)

NewDamgardDecMultiClient configures a new client in the decentralized scheme based on a underlying DamgardMulti scheme. It accepts the identification of the client (an integer from [0, numClients)) and the underlying DamgardMulti scheme (which contains all the shared parameters)

It returns an error in case the scheme cannot be properly initialized.

func (*DamgardDecMultiClient) DeriveKeyShare 

func (c *DamgardDecMultiClient) DeriveKeyShare(secKey *DamgardDecMultiSecKey, y data.Matrix) (*DamgardDecMultiDerivedKeyPart, error)

DeriveKeyShare is run by a client. It takes a secret key and a matrix y comprised of input vectors, and returns a part of the functional encryption key. In case the key could not be derived, it returns an error.

func (*DamgardDecMultiClient) Encrypt 

func (c *DamgardDecMultiClient) Encrypt(x data.Vector, key *DamgardDecMultiSecKey) (data.Vector, error)

Encrypt generates a ciphertext from the input vector x with the provided secret key. If encryption failed, error is returned.

func (*DamgardDecMultiClient) GenerateKeys 

func (c *DamgardDecMultiClient) GenerateKeys() (*DamgardDecMultiSecKey, error)

GenerateKeys generates the secret key for each client.

It returns an error in case master keys could not be generated.

func (*DamgardDecMultiClient) SetShare 

func (c *DamgardDecMultiClient) SetShare(pubKeys []*big.Int) error

SetShare sets a shared key for client c, based on the public keys of all the clients involved in the scheme. It assumes that Idx of a client indicates which is the corresponding public key in pubKeys. Shared keys are such that each client has a random key but all the shared keys sum to 0.

type DamgardDecMultiDec 

type DamgardDecMultiDec struct {
	*DamgardMulti
}

DamgardDecMultiDec represents a decryptor for the decentralized variant of the underlying multi input Damgard scheme.

func NewDamgardDecMultiDec 

func NewDamgardDecMultiDec(damgardMulti *DamgardMulti) *DamgardDecMultiDec

NewDamgardDecMultiDec takes the underlying DamgardMulti and instantiates a new DamgardDecMultiDec struct.

func (*DamgardDecMultiDec) Decrypt 

func (dc *DamgardDecMultiDec) Decrypt(cipher []data.Vector, partKeys []*DamgardDecMultiDerivedKeyPart, y data.Matrix) (*big.Int, error)

Decrypt accepts an array of ciphertexts comprised of encrypted vectors, an array of partial functional encryption keys, and a matrix y representing the inner-product vectors. It returns the sum of inner products. If decryption failed, an error is returned.

type DamgardDecMultiDerivedKeyPart 

type DamgardDecMultiDerivedKeyPart struct {
	KeyPart    *DamgardDerivedKey
	OTPKeyPart *big.Int
}

DamgardDecMultiDerivedKeyPart is functional encryption key for decentralized Damgrad Scheme.

type DamgardDecMultiSecKey 

type DamgardDecMultiSecKey struct {
	OtpKey data.Vector
	// contains filtered or unexported fields
}

DamgardDecMultiSecKey is a secret key that each client has.

type DamgardDerivedKey 

type DamgardDerivedKey struct {
	Key1 *big.Int
	Key2 *big.Int
}

DamgardDerivedKey is a functional encryption key for Damgard scheme.

type DamgardMulti 

type DamgardMulti struct {
	// number of clients
	NumClients int
	Bound      *big.Int
	*Damgard
}

DamgardMulti is a struct in DamgardMulti scheme, that holds all the shared parameters, and can represent the central authority or the decryptor.

func NewDamgardMulti 

func NewDamgardMulti(numClients, l, modulusLength int, bound *big.Int) (*DamgardMulti, error)

NewDamgardMulti configures a new instance of the scheme. It accepts the number of clients, the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded. It generates all the remaining parameters to be shared.

It returns an error in case the underlying Damgard scheme instances could not be properly instantiated.

func NewDamgardMultiFromParams 

func NewDamgardMultiFromParams(numClients int, bound *big.Int, params *DamgardParams) *DamgardMulti

NewDamgardMultiFromParams takes the number of clients, bound and configuration parameters of an existing Damgard scheme instance, and reconstructs the scheme with same configuration parameters.

It returns a new DamgardMulti instance.

func NewDamgardMultiPrecomp 

func NewDamgardMultiPrecomp(numClients, l, modulusLength int, bound *big.Int) (*DamgardMulti, error)

NewDamgardMultiPrecomp configures a new instance of the scheme based on precomputed prime numbers and generators. It accepts the number of clients, the length of input vectors l, the bit length of the modulus (we are operating in the Z_p group), and a bound by which coordinates of input vectors are bounded. It generates all the remaining parameters to be shared. The modulus length should be one of values 1024, 1536, 2048, 2560, 3072, or 4096. The precomputed prime numbers and generators were simply obtained by running NewDamgard function.

It returns an error in case the underlying Damgard scheme instances could not be properly instantiated.

func (*DamgardMulti) Decrypt 

func (dm *DamgardMulti) Decrypt(cipher []data.Vector, key *DamgardMultiDerivedKey, y data.Matrix) (*big.Int, error)

Decrypt accepts an array of ciphers, i.e. an array of encrypted vectors, functional encryption key, and a matrix y describing the inner-product. It returns the sum of inner products Σ_i <x_i, y_i>. If decryption failed, error is returned.

func (*DamgardMulti) DeriveKey 

func (dm *DamgardMulti) DeriveKey(secKey *DamgardMultiSecKeys, y data.Matrix) (*DamgardMultiDerivedKey, error)

DeriveKey takes master secret key and a matrix y comprised of input vectors, and returns the functional encryption key. In case the key could not be derived, it returns an error.

func (*DamgardMulti) GenerateMasterKeys 

func (dm *DamgardMulti) GenerateMasterKeys() (*DamgardMultiSecKeys, error)

GenerateMasterKeys generates keys and one time pads for all the clients.

It returns an error in case values could not be generated.

type DamgardMultiClient 

type DamgardMultiClient struct {
	Bound *big.Int
	*Damgard
}

DamgardMultiClient represents a single client for the DamgardMulti scheme.

func NewDamgardMultiClientFromParams 

func NewDamgardMultiClientFromParams(bound *big.Int, params *DamgardParams) *DamgardMultiClient

NewDamgardMultiClientFromParams takes the bound and configuration parameters of an underlying Damgard scheme instance, and instantiates a new DamgardMultiClient.

It returns a new DamgardMultiClient instance.

func (*DamgardMultiClient) Encrypt 

func (e *DamgardMultiClient) Encrypt(x data.Vector, pubKey, otp data.Vector) (data.Vector, error)

Encrypt generates a ciphertext from the input vector x with the provided public key of the underlying Damgard scheme and one-time pad otp (which are a part of the secret key). It returns the ciphertext vector. If the encryption failed, error is returned.

type DamgardMultiDerivedKey 

type DamgardMultiDerivedKey struct {
	Keys []*DamgardDerivedKey
	Z    *big.Int // Σ <u_i, y_i> where u_i is OTP key for i-th client
}

DamgardMultiDerivedKey is a functional encryption key for DamgardMulti scheme.

type DamgardMultiSecKeys 

type DamgardMultiSecKeys struct {
	Msk []*DamgardSecKey
	Mpk data.Matrix
	Otp data.Matrix
}

DamgardMultiSecKeys is a struct containing keys and one time pads for all the clients in the Damgard multi input scheme.

type DamgardParams 

type DamgardParams struct {
	L     int
	Bound *big.Int
	G     *big.Int
	H     *big.Int
	P     *big.Int
	Q     *big.Int
}

DamgardParams includes public parameters for the Damgard inner product scheme. L (int): The length of vectors to be encrypted. Bound (int): The value by which coordinates of vectors x and y are bounded. G (int): Generator of a cyclic group Z_P: G**(Q) = 1 (mod P). H (int): Generator of a cyclic group Z_P: H**(Q) = 1 (mod P). P (int): Modulus - we are operating in a cyclic group Z_P. Q (int): Multiplicative order of G and H.

type DamgardSecKey 

type DamgardSecKey struct {
	S data.Vector
	T data.Vector
}

DamgardSecKey is a secret key for Damgard scheme.

type FHIPE 

type FHIPE struct {
	Params *FHIPEParams
}

FHIPE represents a Function Hiding Inner Product Encryption scheme based on the paper by Kim, Lewi, Mandal, Montgomery, Roy, Wu: "Function-Hiding Inner Product Encryption is Practical". It allows to encrypt a vector x and derive a secret key based on an inner product vector y so that a deryptor can decrypt the inner product <x,y> without revealing x or y. The struct contains the shared choice for parameters on which the functionality of the scheme depend.

func NewFHIPE 

func NewFHIPE(l int, boundX, boundY *big.Int) (*FHIPE, error)

NewFHIPE configures a new instance of the scheme. It accepts the length of input vectors l, a bound by which the coordinates of encryption vectors are bounded, and similarly a bound by which the coordinates of inner product vectors are bounded.

It returns an error in case the scheme could not be properly configured, or if the possible decryption value is to big.

func NewFHIPEFromParams 

func NewFHIPEFromParams(params *FHIPEParams) *FHIPE

NewFHIPEFromParams takes configuration parameters of an existing FHIPE scheme instance, and reconstructs the scheme with same configuration parameters. It returns a new FHIPE instance.

func (*FHIPE) Decrypt 

func (d *FHIPE) Decrypt(cipher *FHIPECipher, key *FHIPEDerivedKey) (*big.Int, error)

Decrypt accepts the ciphertext and functional encryption key. It returns the inner product of x and y. If decryption failed, an error is returned.

func (*FHIPE) DeriveKey 

func (d *FHIPE) DeriveKey(y data.Vector, masterKey *FHIPESecKey) (*FHIPEDerivedKey, error)

DeriveKey takes a master key and input vector y, and returns a functional encryption key. In case the key could not be derived, it returns an error.

func (*FHIPE) Encrypt 

func (d *FHIPE) Encrypt(x data.Vector, masterKey *FHIPESecKey) (*FHIPECipher, error)

Encrypt encrypts input vector x with the provided master key and returns a ciphertext. If encryption failed, error is returned.

func (*FHIPE) GenerateMasterKey 

func (d *FHIPE) GenerateMasterKey() (*FHIPESecKey, error)

GenerateMasterKey generates a master secret key for the scheme. It returns an error in case master key could not be generated.

type FHIPECipher 

type FHIPECipher struct {
	C1 *bn256.G2
	C2 data.VectorG2
}

FHIPECipher is a functional encryption ciphertext for FHIPE scheme.

type FHIPEDerivedKey 

type FHIPEDerivedKey struct {
	K1 *bn256.G1
	K2 data.VectorG1
}

FHIPEDerivedKey is a functional encryption key for FHIPE scheme.

type FHIPEParams 

type FHIPEParams struct {
	L      int
	BoundX *big.Int
	BoundY *big.Int
}

FHIPEParams holds common parameters used in the scheme. These are: L (int): The length of vectors to be encrypted. BoundX (int): The value by which coordinates of encrypted vectors x are bounded. BoundY (int): The value by which coordinates of inner product vectors y are bounded.

type FHIPESecKey 

type FHIPESecKey struct {
	G1    *bn256.G1
	G2    *bn256.G2
	B     data.Matrix
	BStar data.Matrix
}

FHIPESecKey is a secret key for FHIPE scheme.

type FHMultiIPE 

type FHMultiIPE struct {
	Params *FHMultiIPEParams
}

FHMultiIPE represents a Function Hiding Multi-input Inner Product Encryption scheme based on the paper by P. Datta, T. Okamoto, and J. Tomida: "Full-Hiding (Unbounded) Multi-Input Inner Product Functional Encryption from the 𝒌-Linear Assumption". It allows clients to encrypt vectors {x_1,...,x_m} and derive a secret key based on an inner product vectors {y_1,...,y_m} so that a decryptor can decrypt the sum of inner products <x_1,y_1> + ... + <x_m, y_m> without revealing vectors x_i or y_i. The scheme is slightly modified from the original one to achieve a better performance. The difference is in storing the secret master key as matrices B, BStar, instead of matrices of elliptic curve elements g_1^B, g_2^BStar. This replaces elliptic curves operations with matrix multiplication.

This struct contains the shared choice for parameters on which the functionality of the scheme depend.

func NewFHMultiIPE 

func NewFHMultiIPE(secLevel, numClients, vecLen int, boundX, boundY *big.Int) *FHMultiIPE

NewFHMultiIPE configures a new instance of the scheme. See struct FHMultiIPEParams for the description of the parameters. It returns a new FHMultiIPE instance.

func NewFHMultiIPEFromParams 

func NewFHMultiIPEFromParams(params *FHMultiIPEParams) *FHMultiIPE

NewFHMultiIPEFromParams takes configuration parameters of an existing FHMultiIPE scheme instance, and reconstructs the scheme with the same configuration parameters. It returns a new FHMultiIPE instance.

func (*FHMultiIPE) Decrypt 

func (f *FHMultiIPE) Decrypt(cipher data.MatrixG1, key data.MatrixG2, pubKey *bn256.GT) (*big.Int, error)

Decrypt accepts the ciphertext as a matrix whose rows are encryptions of vectors x_1,...,x_m and a functional encryption key corresponding to vectors y_1,...,y_m. It returns the sum of inner products <x_1,y_1> + ... + <x_m, y_m>. If decryption failed, an error is returned.

func (FHMultiIPE) DeriveKey 

func (f FHMultiIPE) DeriveKey(y data.Matrix, secKey *FHMultiIPESecKey) (data.MatrixG2, error)

DeriveKey takes a matrix y whose rows are input vector y_1,...,y_m and master secret key, and returns the functional encryption key. That is a key that for encrypted x_1,...,x_m allows to calculate the sum of inner products <x_1,y_1> + ... + <x_m, y_m>. In case the key could not be derived, it returns an error.

func (FHMultiIPE) Encrypt 

func (f FHMultiIPE) Encrypt(x data.Vector, partSecKey data.Matrix) (data.VectorG1, error)

Encrypt encrypts input vector x with the provided part of the master secret key. It returns a ciphertext vector. If encryption failed, error is returned.

func (FHMultiIPE) GenerateKeys 

func (f FHMultiIPE) GenerateKeys() (*FHMultiIPESecKey, *bn256.GT, error)

GenerateKeys generates a pair of master secret key and public key for the scheme. It returns an error in case keys could not be generated.

type FHMultiIPEParams 

type FHMultiIPEParams struct {
	SecLevel   int
	NumClients int
	VecLen     int
	BoundX     *big.Int
	BoundY     *big.Int
}

FHMultiIPEParams represents configuration parameters for the FHMultiIPE scheme instance. SecLevel (int): The parameter defines the security assumption of the scheme, so called k-Lin assumption, where k is the specified SecLevel. NumClients (int): The number of clients participating VecLen (int): The length of vectors that clients encrypt. BoundX (int): The value by which the coordinates of encrypted vectors are bounded. BoundY (int): The value by which the coordinates of inner product vectors are bounded.

type FHMultiIPESecKey 

type FHMultiIPESecKey struct {
	BHat     []data.Matrix
	BStarHat []data.Matrix
}

FHMultiIPESecKey represents a master secret key in FHMultiIPE scheme.

type LWE 

type LWE struct {
	Params *LWEParams
}

LWE represents a scheme instantiated from the LWE problem. Based on the LWE variant of: Agrawal, Shweta, Libert, and Stehle: "Fully secure functional encryption for inner products, from standard assumptions".

func NewLWE 

func NewLWE(l, n int, boundX, boundY *big.Int) (*LWE, error)

NewLWE configures a new instance of the scheme. It accepts the length of input vectors l, the main security parameter n, the message space size boundX, and the inner product vector space size boundY. The function sets up the remaining public parameters as it is suggested in the paper by Agrawal, Shweta, Libert, and Stehle: "Fully secure functional encryption for inner products, from standard assumptions". Note that this is a prototype implementation and should not be used in production before security testing against various known attacks has been performed. Unfortunately, no such (theoretical) evaluation exists yet in the literature.

It returns an error in case public parameters of the scheme could not be generated.

func (*LWE) Decrypt 

func (s *LWE) Decrypt(cipher, zY, y data.Vector) (*big.Int, error)

Decrypt accepts an encrypted vector cipher, functional encryption key zX, and plaintext vector x, and calculates the inner product of x and y. If decryption failed (for instance with input data that violates the configured bound or malformed ciphertext or keys), error is returned.

func (*LWE) DeriveKey 

func (s *LWE) DeriveKey(y data.Vector, Z data.Matrix) (data.Vector, error)

DeriveKey accepts input vector y and master secret key Z, and derives a functional encryption key. In case of malformed secret key or input vector that violates the configured bound, it returns an error.

func (*LWE) Encrypt 

func (s *LWE) Encrypt(x data.Vector, U data.Matrix) (data.Vector, error)

Encrypt encrypts vector y using public key U. It returns the resulting ciphertext vector. In case of malformed public key or input vector that violates the configured bound, it returns an error.

func (*LWE) GeneratePublicKey 

func (s *LWE) GeneratePublicKey(Z data.Matrix) (data.Matrix, error)

GeneratePublicKey accepts a master secret key Z and generates a corresponding master public key. Public key is a matrix of l*m elements. In case of a malformed secret key the function returns an error.

func (*LWE) GenerateSecretKey 

func (s *LWE) GenerateSecretKey() (data.Matrix, error)

GenerateSecretKey generates a secret key for the scheme. The secret key is a matrix with dimensions l*m.

In case secret key could not be generated, it returns an error.

type LWEParams 

type LWEParams struct {
	L int // Length of data vectors for inner product

	N int // Main security parameters of the scheme
	M int // Number of samples

	BoundX *big.Int // Message space size
	BoundY *big.Int // Inner product vector space size

	// Modulus for the resulting inner product.
	// K depends on the parameters L, P and V and is computed by the scheme.
	K *big.Int

	// Modulus for ciphertext and keys.
	// Must be significantly larger than K.
	Q *big.Int

	// standard deviation for the noise terms in the encryption process
	SigmaQ *big.Float
	// precomputed LSigmaQ = SigmaQ / (1/2log(2)) needed for sampling
	LSigmaQ *big.Int
	// standard deviation for first half of the matrix for sampling private key
	Sigma1 *big.Float
	// precomputed LSigma1 = Sigma1 / (1/2log(2)) needed for sampling
	LSigma1 *big.Int
	// standard deviation for second half of the matrix for sampling private key
	Sigma2 *big.Float
	// precomputed LSigma2 = Sigma2 / (1/2log(2)) needed for sampling
	LSigma2 *big.Int
	// Matrix A of dimensions M*N is a public parameter of the scheme
	A data.Matrix
}

LWEParams represents parameters for the fully secure LWE scheme.

type Paillier 

type Paillier struct {
	Params *PaillierParams
}

Paillier represents a scheme based on the Paillier variant by Agrawal, Shweta, Libert, and Stehle": "Fully secure functional encryption for inner products, from standard assumptions".

func NewPaillier 

func NewPaillier(l, lambda, bitLen int, boundX, boundY *big.Int) (*Paillier, error)

NewPaillier configures a new instance of the scheme. It accepts the length of input vectors l, security parameter lambda, the bit length of prime numbers (giving security to the scheme, it should be such that factoring two primes with such a bit length takes at least 2^lambda operations), and boundX and boundY by which coordinates of input vectors and inner product vectors are bounded. If you are not sure how to choose lambda and bitLen, setting lambda = 128, bitLen = 1024 will result in a scheme that is believed to have 128 bit security.

It returns an error in the case the scheme could not be properly configured, or if the precondition boundX, boundY < (n / l)^(1/2) is not satisfied.

func NewPaillierFromParams 

func NewPaillierFromParams(params *PaillierParams) *Paillier

NewPaillierFromParams takes configuration parameters of an existing Paillier scheme instance, and reconstructs the scheme with same configuration parameters. It returns a new Paillier instance.

func (*Paillier) Decrypt 

func (s *Paillier) Decrypt(cipher data.Vector, key *big.Int, y data.Vector) (*big.Int, error)

Decrypt accepts the encrypted vector, functional encryption key, and a vector y. It returns the inner product of x and y.

func (*Paillier) DeriveKey 

func (s *Paillier) DeriveKey(masterSecKey data.Vector, y data.Vector) (*big.Int, error)

DeriveKey accepts master secret key masterSecKey and input vector y, and derives a functional encryption key for the inner product with y. In case of malformed secret key or input vector that violates the configured bound, it returns an error.

func (*Paillier) Encrypt 

func (s *Paillier) Encrypt(x, masterPubKey data.Vector) (data.Vector, error)

Encrypt encrypts input vector x with the provided master public key. It returns a ciphertext vector. If encryption failed, error is returned.

func (*Paillier) GenerateMasterKeys 

func (s *Paillier) GenerateMasterKeys() (data.Vector, data.Vector, error)

GenerateMasterKeys generates a master secret key and a master public key for the scheme. It returns an error in case master keys could not be generated.

type PaillierMulti 

type PaillierMulti struct {
	NumClients int
	BoundX     *big.Int
	BoundY     *big.Int
	*Paillier
}

PaillierMulti is a struct in PaillierMulti scheme, that holds all the shared parameters, and can represent the central authority or the decryptor.

func NewPaillierMulti 

func NewPaillierMulti(numClients, l, lambda, bitLength int, boundX, boundY *big.Int) (*PaillierMulti, error)

NewPaillierMulti configures a new instance of the scheme. It accepts the number of clients, the length of input vectors l, security parameter lambda (for number of bits of security the bit length of primes p and q to be generated (the scheme is operating in the Z_{(pq)^2} group), and a bound by which coordinates of input vectors are bounded. It generates all the remaining parameters to be shared. If you are not sure how to choose lambda and bitLen, setting lambda = 128, bitLen = 1024 will result in a scheme that is believed to have 128 bit security.

It returns an error in case the underlying Paillier scheme instances could not be properly instantiated.

func NewPaillierMultiFromParams 

func NewPaillierMultiFromParams(numClients int, boundX, boundY *big.Int, params *PaillierParams) *PaillierMulti

NewPaillierMultiFromParams takes the number of clients, bound and configuration parameters of an existing Paillier scheme instance, and reconstructs the scheme with the same configuration parameters.

It returns a new PaillierMulti instance.

func (*PaillierMulti) Decrypt 

func (dm *PaillierMulti) Decrypt(cipher []data.Vector, key *PaillierMultiDerivedKey, y data.Matrix) (*big.Int, error)

Decrypt accepts an array of ciphers, i.e. an array of encrypted vectors, functional encryption key, and a matrix y describing the inner-product. It returns the sum of inner products Σ_i <x_i, y_i>. If decryption failed, error is returned.

func (*PaillierMulti) DeriveKey 

func (dm *PaillierMulti) DeriveKey(secKey *PaillierMultiSecKeys, y data.Matrix) (*PaillierMultiDerivedKey, error)

DeriveKey takes master secret key and a matrix y comprised of input vectors, and returns the functional encryption key. In case the key could not be derived, it returns an error.

func (*PaillierMulti) GenerateMasterKeys 

func (dm *PaillierMulti) GenerateMasterKeys() (*PaillierMultiSecKeys, error)

GenerateMasterKeys generates keys and one time pads for all the clients. It returns an error in case values could not be generated.

type PaillierMultiClient 

type PaillierMultiClient struct {
	BoundX *big.Int
	BoundY *big.Int
	*Paillier
}

PaillerMultiClient represents a single client for the PaillierMulti scheme.

func NewPaillierMultiClientFromParams 

func NewPaillierMultiClientFromParams(params *PaillierParams, boundX, boundY *big.Int) *PaillierMultiClient

NewPaillierMultiClientFromParams takes the bounds and configuration parameters of an underlying Paillier scheme instance, and instantiates a new PaillierMultiClient.

It returns a new PaillierMultiClient instance.

func (*PaillierMultiClient) Encrypt 

func (e *PaillierMultiClient) Encrypt(x data.Vector, pubKey, otp data.Vector) (data.Vector, error)

Encrypt generates a ciphertext from the input vector x with the provided public key of the underlying Paillier scheme and one-time pad otp (which are a part of the secret key). It returns the ciphertext vector. If the encryption failed, error is returned.

type PaillierMultiDerivedKey 

type PaillierMultiDerivedKey struct {
	Keys []*big.Int
	Z    *big.Int // Σ <u_i, y_i> where u_i is OTP key for i-th client
}

PaillierMultiDerivedKey is a functional encryption key for PaillierMulti scheme.

type PaillierMultiSecKeys 

type PaillierMultiSecKeys struct {
	Msk data.Matrix
	Mpk data.Matrix
	Otp data.Matrix
}

PaillierMultiSecKeys is a struct containing keys and one time pads for all the clients in the Paillier multi input scheme.

type PaillierParams 

type PaillierParams struct {
	L       int        // Length of data vectors for inner product
	N       *big.Int   // a big integer, a product of two safe primes
	NSquare *big.Int   // N^2 a modulus for computations
	BoundX  *big.Int   // a bound on the entries of the input vector
	BoundY  *big.Int   // a bound on the entries of the inner product vector
	Sigma   *big.Float // the standard deviation for the sampling a secret key
	LSigma  *big.Int   // precomputed Sigma/(1/2log(2)) needed for sampling
	Lambda  int        // security parameter
	G       *big.Int   // generator of the 2n-th residues subgroup of Z_N^2*
}

PaillierParams represents parameters for the fully secure Paillier scheme.

type PartFHIPE 

type PartFHIPE struct {
	Params *PartFHIPEParams
}

PartFHIPE represents a partially function hiding inner product FE scheme. A partially function hiding scheme is a public key FE scheme that allows to encrypt vectors and produce FE keys to be able to decrypt only the inner product of the encryption and chosen vector without revealing the encrypted or FE key vector. Public key encryption allows to encrypt only vectors from a chosen subspace. This way a functional encryption key does not reveal its corresponding inner product vector. Decryption of a ciphertext using FE key can be done without knowing the function. Additionally, owner of the secret key can encrypt any vector.

The scheme is based on the paper by Romain Gay: "A New Paradigm for Public-Key Functional Encryption for Degree-2 Polynomials".

func NewPartFHIPE 

func NewPartFHIPE(l int, bound *big.Int) (*PartFHIPE, error)

NewPartFHIPE configures a new instance of the scheme. It accepts the length of input vectors l, and a bound by which the absolute values of the coordinates of input vectors are bounded.

It returns an error in case the scheme could not be properly configured, or if precondition 2* l * bound² is >= order of the cyclic group.

func NewPartFHIPEFromParams 

func NewPartFHIPEFromParams(params *PartFHIPEParams) *PartFHIPE

NewPartFHIPEFromParams takes configuration parameters of an existing PartFHIPE instance, and reconstructs the scheme with the same configuration parameters. It returns a new PartFHIPE instance.

func (*PartFHIPE) Decrypt 

func (d *PartFHIPE) Decrypt(cipher data.VectorG1, feKey data.VectorG2) (*big.Int, error)

Decrypt accepts the encrypted vector and functional encryption key. It returns the inner product of x and y. If decryption failed, error is returned.

func (*PartFHIPE) DeriveKey 

func (d *PartFHIPE) DeriveKey(y data.Vector, secKey *PartFHIPESecKey) (data.VectorG2, error)

DeriveKey takes input vector y and master secret key, and returns the functional encryption key. In case the key could not be derived, it returns an error.

func (*PartFHIPE) Encrypt 

func (d *PartFHIPE) Encrypt(t data.Vector, pubKey *PartFHIPEPubKey) (data.VectorG1, error)

Encrypt on input vector t encrypts vector x = Mt with the provided public key (matrix M is specified in the public key). It returns a ciphertext vector. Entries of Mt should not be greater then bound. If encryption fails, an error is returned.

func (*PartFHIPE) GenerateKeys 

func (d *PartFHIPE) GenerateKeys(M data.Matrix) (*PartFHIPEPubKey, *PartFHIPESecKey, error)

GenerateKeys generates a master secret key and public key for the scheme. A matrix M needs to be specified so that the generated public key will allow to encrypt arbitrary vector in the span on the columns of M. It returns an error in case the keys could not be generated.

func (*PartFHIPE) PartDecrypt 

func (d *PartFHIPE) PartDecrypt(cipher data.VectorG1, feKey data.VectorG2) (*bn256.GT, error)

PartDecrypt accepts the encrypted vector and functional encryption key. It returns the value d*bn256.GT where d is the inner product of x and y. To obtain a final result, calculating the discrete logarithm is needed.

func (*PartFHIPE) SecEncrypt 

func (d *PartFHIPE) SecEncrypt(x data.Vector, pubKey *PartFHIPEPubKey, secKey *PartFHIPESecKey) (data.VectorG1, error)

SecEncrypt encrypts an arbitrary vector x using master secret key and public key. It returns a ciphertext vector. If encryption failed, an error is returned.

type PartFHIPEParams 

type PartFHIPEParams struct {
	L     int
	Bound *big.Int
}

PartFHIPEParams includes public parameters for the partially function hiding inner product scheme. L (int): The length of vectors to be encrypted. Bound (*big.Int): The value by which coordinates of vectors x and y are bounded.

type PartFHIPEPubKey 

type PartFHIPEPubKey struct {
	A   data.VectorG1
	Ua  data.VectorG1
	VtM data.MatrixG1
	M   data.Matrix
	MG1 data.MatrixG1
}

PartFHIPEPubKey is a public key for the partially function hiding inner product scheme.

type PartFHIPESecKey 

type PartFHIPESecKey struct {
	B data.Vector
	V data.Matrix
	U data.Matrix
}

PartFHIPESecKey is a secret key for the partially function hiding inner product scheme.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.