cl

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 23, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

README

Castagnos and Laguillaumie homomorphic Scheme

A linearly homomorphic encryption scheme whose security relies on the hardness of the decisional Diffie-Hellman problem. This Golang library implements the scheme in CL15[1].

Guildline

This Library offers 5 public functions: NewCL, Encrypt, Decrypt, Add, MulConst.

Example
var BIG_FIELD_ORDER = "115792089237316195423570985008687907852837564279074904382605163141518161494337"
var bigPrime, _ = new(big.Int).SetString(BIG_FIELD_ORDER, 10)
var SAFE_PARAMETER = 1348
var cl *CL

// Generate a private key and the corresponding public key.
cl, _ = NewCL(big.NewInt(1024), 40, bigPrime, safeParameter, 40)

// Encrypt two plaintexts by the public key
plaintext1 := big.NewInt(3)
cipherMessege1, _ := cl.Encrypt(plaintext1.Bytes())

plaintext2 := big.NewInt(13)
cipherMessege2, _ := cl.Encrypt(plaintext2.Bytes())

// Do an operation of cipherMessege1 and cipherMessege2.
sum, _ := cl.Add(cipherMessege1, cipherMessege2)

// The result should be 3 + 13 = 16
decyptAddResult, _ := cl.Decrypt(sum)

// Do a scalar multiplication for cipherMessege1.
scalar := big.NewInt(5)
scalarResult, _ := cl.MulConst(cipherMessege1, scalar)

// The result should be 5 * 3 = 15
decyptscalarResult, _ := cl.Decrypt(scalarResult)

fmt.Println("The decryption of adding cipherMessege1 and cipherMessege2 to be", decyptAddResult)
fmt.Println("The decryption of cipherMessege1 by multiplying the scalar is", decyptscalarResult)

Remark:

  1. Generally speaking, the larger safeParameter is safer[Security Level].
  2. We improve the efficiency of this library. The following benchmarks are out of date.

Experiment

Our benchmarks were in local computation and ran on an Intel qualcore-i5 CPU 2.3 GHz and 16GB of RAM.

Security Level

The Table below is referenced by Improved Efficiency of a Linearly Homomorphic Cryptosystem.

+-----------------+---------------+------------------------------+
| Security Level  |  RSA modulus  |  fundamental discriminant ΔK |
+-----------------+---------------+------------------------------+
|          112    |          2048 |                         1348 |
|          128    |          3072 |                         1828 |
|          192    |          7680 |                         3598 |
|          256    |         15360 |                         5972 |
+-----------------+---------------+------------------------------+
Benchmark
+---------------+--------------------+-------------------+--------------------+--------------------+
|  Operation    |  Message space (256 bit)                                                         |
+---------------+--------------------+-------------------+--------------------+--------------------+
| Discriminant  |  1348 bit          | 1828 bit          | 3598 bit           | 5972 bit           |
| Encryption    |  0.18055360 s/op   | 0.28993402 s/op   | 1.023070955 s/op   | 2.942373759 s/op   |
| Decryption    |  0.10738896 s/op   | 0.20586519 s/op   | 1.562096359 s/op   | 4.416983586 s/op   |
| Add           |  0.24509818 s/op   | 0.57579160 s/op   | 3.016294212 s/op   |  -                 |
| EvalMul       |  0.34500619 s/op   | 0.55289621 s/op   | 2.368093142 s/op   |  -                 |
+---------------+--------------------+-------------------+--------------------+--------------------+

Reference

  1. Linearly Homomorphic Encryption from DDH

Other Library

  1. Class Groups

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (

	//ErrSmallSafeParameter is returned if SafeParameter /2 < the big-length of messagespace + 2
	ErrSmallSafeParameter = errors.New("small safe parameter")
	//ErrNoSplittingPrime is returned if we can not find any split prime in the list.
	//We can find any split prime in primeList, the possibility is 1 / 2^(len(primeList)).
	ErrNoSplittingPrime = errors.New("no splittable primes")
	//ErrFailedVerify is returned if we verify failed
	ErrFailedVerify = errors.New("failed verify")
	//ErrFailedGenerateG is returned if g is the identity element
	ErrFailedGenerateG = errors.New("failed generate non-identity g")
	//ErrNotBigPrime is returned if p is not a big prime
	ErrNotBigPrime = errors.New("not a big prime")
)
View Source 
var (

	// ErrDifferentBQForms is returned if the two quadratic forms are different
	ErrDifferentBQForms = errors.New("different binary quadratic Forms")
)
View Source 
var (
	//ErrInvalidMessage is returned if the message is invalid
	ErrInvalidMessage = errors.New("invalid message")
)
View Source 
var File_github_com_getamis_alice_crypto_homo_cl_message_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type CL 

type CL struct {
	*PublicKey
	// contains filtered or unexported fields
}

func NewCL 

func NewCL(c *big.Int, d uint32, p *big.Int, safeParameter int, distributionDistance uint) (*CL, error)

NewCL news the cl crypto. Please refer the following paper Fig. 2 for the key generation flow. https://pdfs.semanticscholar.org/fba2/b7806ea103b41e411792a87a18972c2777d2.pdf?_ga=2.188920107.1077232223.1562737567-609154886.1559798768

func (*CL) Decrypt 

func (c *CL) Decrypt(data []byte) ([]byte, error)

Decrypt computes the plaintext from the ciphertext

func (*CL) GetMtaProof 

func (c *CL) GetMtaProof(curve elliptic.Curve, beta *big.Int, b *big.Int) ([]byte, error)

func (*CL) GetPubKey 

func (c *CL) GetPubKey() homo.Pubkey

func (*CL) NewPubKeyFromBytes 

func (c *CL) NewPubKeyFromBytes(bs []byte) (homo.Pubkey, error)

func (*CL) VerifyMtaProof 

func (c *CL) VerifyMtaProof(bs []byte, curve elliptic.Curve, alpha *big.Int, k *big.Int) (*pt.ECPoint, error)

type EncryptedMessage 

type EncryptedMessage struct {
	M1    *binaryquadraticform.BQForm `protobuf:"bytes,1,opt,name=m1,proto3" json:"m1,omitempty"`
	M2    *binaryquadraticform.BQForm `protobuf:"bytes,2,opt,name=m2,proto3" json:"m2,omitempty"`
	Proof *ProofMessage               `protobuf:"bytes,3,opt,name=proof,proto3" json:"proof,omitempty"`
	// contains filtered or unexported fields
}

func (*EncryptedMessage) Descriptor deprecated 

func (*EncryptedMessage) Descriptor() ([]byte, []int)

Deprecated: Use EncryptedMessage.ProtoReflect.Descriptor instead.

func (*EncryptedMessage) GetM1 

func (x *EncryptedMessage) GetM1() *binaryquadraticform.BQForm

func (*EncryptedMessage) GetM2 

func (x *EncryptedMessage) GetM2() *binaryquadraticform.BQForm

func (*EncryptedMessage) GetProof 

func (x *EncryptedMessage) GetProof() *ProofMessage

func (*EncryptedMessage) ProtoMessage 

func (*EncryptedMessage) ProtoMessage()

func (*EncryptedMessage) ProtoReflect added in v1.0.2 

func (x *EncryptedMessage) ProtoReflect() protoreflect.Message

func (*EncryptedMessage) Reset 

func (x *EncryptedMessage) Reset()

func (*EncryptedMessage) String 

func (x *EncryptedMessage) String() string

type Hash 

type Hash struct {
	T1 *binaryquadraticform.BQForm `protobuf:"bytes,1,opt,name=t1,proto3" json:"t1,omitempty"`
	T2 *binaryquadraticform.BQForm `protobuf:"bytes,2,opt,name=t2,proto3" json:"t2,omitempty"`
	G  *binaryquadraticform.BQForm `protobuf:"bytes,3,opt,name=g,proto3" json:"g,omitempty"`
	F  *binaryquadraticform.BQForm `protobuf:"bytes,4,opt,name=f,proto3" json:"f,omitempty"`
	H  *binaryquadraticform.BQForm `protobuf:"bytes,5,opt,name=h,proto3" json:"h,omitempty"`
	P  []byte                      `protobuf:"bytes,6,opt,name=p,proto3" json:"p,omitempty"`
	Q  []byte                      `protobuf:"bytes,7,opt,name=q,proto3" json:"q,omitempty"`
	A  []byte                      `protobuf:"bytes,8,opt,name=a,proto3" json:"a,omitempty"`
	C  []byte                      `protobuf:"bytes,9,opt,name=c,proto3" json:"c,omitempty"`
	// contains filtered or unexported fields
}

func (*Hash) Descriptor deprecated 

func (*Hash) Descriptor() ([]byte, []int)

Deprecated: Use Hash.ProtoReflect.Descriptor instead.

func (*Hash) GetA 

func (x *Hash) GetA() []byte

func (*Hash) GetC 

func (x *Hash) GetC() []byte

func (*Hash) GetF 

func (x *Hash) GetF() *binaryquadraticform.BQForm

func (*Hash) GetG 

func (x *Hash) GetG() *binaryquadraticform.BQForm

func (*Hash) GetH 

func (x *Hash) GetH() *binaryquadraticform.BQForm

func (*Hash) GetP 

func (x *Hash) GetP() []byte

func (*Hash) GetQ 

func (x *Hash) GetQ() []byte

func (*Hash) GetT1 

func (x *Hash) GetT1() *binaryquadraticform.BQForm

func (*Hash) GetT2 

func (x *Hash) GetT2() *binaryquadraticform.BQForm

func (*Hash) ProtoMessage 

func (*Hash) ProtoMessage()

func (*Hash) ProtoReflect added in v1.0.2 

func (x *Hash) ProtoReflect() protoreflect.Message

func (*Hash) Reset 

func (x *Hash) Reset()

func (*Hash) String 

func (x *Hash) String() string

type ProofMessage 

type ProofMessage struct {
	Salt []byte                      `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"`
	U1   []byte                      `protobuf:"bytes,2,opt,name=u1,proto3" json:"u1,omitempty"`
	U2   []byte                      `protobuf:"bytes,3,opt,name=u2,proto3" json:"u2,omitempty"`
	T1   *binaryquadraticform.BQForm `protobuf:"bytes,4,opt,name=t1,proto3" json:"t1,omitempty"`
	T2   *binaryquadraticform.BQForm `protobuf:"bytes,5,opt,name=t2,proto3" json:"t2,omitempty"`
	// contains filtered or unexported fields
}

func (*ProofMessage) Descriptor deprecated 

func (*ProofMessage) Descriptor() ([]byte, []int)

Deprecated: Use ProofMessage.ProtoReflect.Descriptor instead.

func (*ProofMessage) GetSalt added in v1.0.2 

func (x *ProofMessage) GetSalt() []byte

func (*ProofMessage) GetT1 

func (x *ProofMessage) GetT1() *binaryquadraticform.BQForm

func (*ProofMessage) GetT2 

func (x *ProofMessage) GetT2() *binaryquadraticform.BQForm

func (*ProofMessage) GetU1 

func (x *ProofMessage) GetU1() []byte

func (*ProofMessage) GetU2 

func (x *ProofMessage) GetU2() []byte

func (*ProofMessage) ProtoMessage 

func (*ProofMessage) ProtoMessage()

func (*ProofMessage) ProtoReflect added in v1.0.2 

func (x *ProofMessage) ProtoReflect() protoreflect.Message

func (*ProofMessage) Reset 

func (x *ProofMessage) Reset()

func (*ProofMessage) String 

func (x *ProofMessage) String() string

type PubKeyMessage 

type PubKeyMessage struct {
	P     []byte                      `protobuf:"bytes,1,opt,name=p,proto3" json:"p,omitempty"`
	A     []byte                      `protobuf:"bytes,2,opt,name=a,proto3" json:"a,omitempty"`
	Q     []byte                      `protobuf:"bytes,3,opt,name=q,proto3" json:"q,omitempty"`
	G     *binaryquadraticform.BQForm `protobuf:"bytes,4,opt,name=g,proto3" json:"g,omitempty"`
	F     *binaryquadraticform.BQForm `protobuf:"bytes,5,opt,name=f,proto3" json:"f,omitempty"`
	H     *binaryquadraticform.BQForm `protobuf:"bytes,6,opt,name=h,proto3" json:"h,omitempty"`
	C     []byte                      `protobuf:"bytes,7,opt,name=c,proto3" json:"c,omitempty"`
	D     uint32                      `protobuf:"varint,8,opt,name=d,proto3" json:"d,omitempty"`
	Proof *ProofMessage               `protobuf:"bytes,9,opt,name=proof,proto3" json:"proof,omitempty"`
	// contains filtered or unexported fields
}

func (*PubKeyMessage) Descriptor deprecated 

func (*PubKeyMessage) Descriptor() ([]byte, []int)

Deprecated: Use PubKeyMessage.ProtoReflect.Descriptor instead.

func (*PubKeyMessage) GetA 

func (x *PubKeyMessage) GetA() []byte

func (*PubKeyMessage) GetC 

func (x *PubKeyMessage) GetC() []byte

func (*PubKeyMessage) GetD 

func (x *PubKeyMessage) GetD() uint32

func (*PubKeyMessage) GetF 

func (x *PubKeyMessage) GetF() *binaryquadraticform.BQForm

func (*PubKeyMessage) GetG 

func (x *PubKeyMessage) GetG() *binaryquadraticform.BQForm

func (*PubKeyMessage) GetH 

func (x *PubKeyMessage) GetH() *binaryquadraticform.BQForm

func (*PubKeyMessage) GetP 

func (x *PubKeyMessage) GetP() []byte

func (*PubKeyMessage) GetProof added in v1.0.2 

func (x *PubKeyMessage) GetProof() *ProofMessage

func (*PubKeyMessage) GetQ 

func (x *PubKeyMessage) GetQ() []byte

func (*PubKeyMessage) ProtoMessage 

func (*PubKeyMessage) ProtoMessage()

func (*PubKeyMessage) ProtoReflect added in v1.0.2 

func (x *PubKeyMessage) ProtoReflect() protoreflect.Message

func (*PubKeyMessage) Reset 

func (x *PubKeyMessage) Reset()

func (*PubKeyMessage) String 

func (x *PubKeyMessage) String() string

func (*PubKeyMessage) ToPubkey 

func (m *PubKeyMessage) ToPubkey() (*PublicKey, error)

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

* Paper: Linearly Homomorphic Encryption from DDH & Bandwidth-efficient threshold EC-DSA * s : an upper bound of 1/π(ln|ΔK|)|ΔK|^(1/2) i.e. In this implementation, we set it to be Ceil(1/π(ln|ΔK|))*([|ΔK|^(1/2)]+1). * p : message space (μ bits prime) * a : s*2^(distributionDistance) * o : an element in ideal class group of quadratic order * f : a generator of the subgroup of order p of ideal class group of quadratic order * g : o^b for some random b in [1,2^(distributionDistance)*s) * h : g^x, where x is the chosen private key, h is the public key Note: a = s*2^(40), d = 40, C = 1024.

func (*PublicKey) Add 

func (publicKey *PublicKey) Add(m1 []byte, m2 []byte) ([]byte, error)

Add represents homomorphic addition

func (*PublicKey) Encrypt 

func (publicKey *PublicKey) Encrypt(data []byte) ([]byte, error)

Encrypt is used to encrypt message

func (*PublicKey) GetMessageRange 

func (publicKey *PublicKey) GetMessageRange(fieldOrder *big.Int) *big.Int

func (*PublicKey) GetPubKeyProof added in v1.0.2 

func (pubKey *PublicKey) GetPubKeyProof() *ProofMessage

func (*PublicKey) MulConst 

func (publicKey *PublicKey) MulConst(m1 []byte, constant *big.Int) ([]byte, error)

MulConst multiplies an encrypted integer with a constant

func (*PublicKey) ToPubKeyBytes 

func (publicKey *PublicKey) ToPubKeyBytes() []byte

func (*PublicKey) ToPubKeyMessage 

func (publicKey *PublicKey) ToPubKeyMessage() *PubKeyMessage

func (*PublicKey) Verify added in v1.0.2 

func (pubKey *PublicKey) Verify() error

func (*PublicKey) VerifyEnc 

func (pubKey *PublicKey) VerifyEnc(bs []byte) error

type VerifyMtaMessage 

type VerifyMtaMessage struct {
	ProofBeta *zkproof.SchnorrProofMessage `protobuf:"bytes,1,opt,name=proofBeta,proto3" json:"proofBeta,omitempty"`
	ProofB    *zkproof.SchnorrProofMessage `protobuf:"bytes,2,opt,name=proofB,proto3" json:"proofB,omitempty"`
	// contains filtered or unexported fields
}

func (*VerifyMtaMessage) Descriptor deprecated 

func (*VerifyMtaMessage) Descriptor() ([]byte, []int)

Deprecated: Use VerifyMtaMessage.ProtoReflect.Descriptor instead.

func (*VerifyMtaMessage) GetProofB added in v1.0.2 

func (x *VerifyMtaMessage) GetProofB() *zkproof.SchnorrProofMessage

func (*VerifyMtaMessage) GetProofBeta added in v1.0.2 

func (x *VerifyMtaMessage) GetProofBeta() *zkproof.SchnorrProofMessage

func (*VerifyMtaMessage) ProtoMessage 

func (*VerifyMtaMessage) ProtoMessage()

func (*VerifyMtaMessage) ProtoReflect added in v1.0.2 

func (x *VerifyMtaMessage) ProtoReflect() protoreflect.Message

func (*VerifyMtaMessage) Reset 

func (x *VerifyMtaMessage) Reset()

func (*VerifyMtaMessage) String 

func (x *VerifyMtaMessage) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.