shuffle

package

v1.2.0 Latest Latest Go to latest Published: Jan 25, 2022 License: MPL-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package shuffle implements Andrew Neff's verifiable shuffle proof scheme. Neff's shuffle proof algorithm as implemented here is described in the paper "Verifiable Mixing (Shuffling) of ElGamal Pairs", April 2004.

The PairShuffle type implements the general algorithm to prove the correctness of a shuffle of arbitrary ElGamal pairs. This will be the primary API of interest for most applications. For basic usage, the caller should first instantiate a PairShuffle object, then invoke PairShuffle.Init() to initialize the shuffle parameters, and finally invoke PairShuffle.Shuffle() to shuffle a list of ElGamal pairs, yielding a list of re-randomized pairs and a noninteractive proof of its correctness.

The SimpleShuffle type implements Neff's more restrictive "simple shuffle", which requires the prover to know the discrete logarithms of all the individual ElGamal ciphertexts involved in the shuffle. The general PairShuffle builds on this SimpleShuffle scheme, but SimpleShuffle may also be used by itself in situations that satisfy its assumptions, and is more efficient.

Index ¶

func Biffle(suite Suite, G, H kyber.Point, X, Y [2]kyber.Point, rand cipher.Stream) (Xbar, Ybar [2]kyber.Point, prover proof.Prover)
func BiffleVerifier(suite Suite, G, H kyber.Point, X, Y, Xbar, Ybar [2]kyber.Point) (verifier proof.Verifier)
func Shuffle(group kyber.Group, g, h kyber.Point, X, Y []kyber.Point, rand cipher.Stream) (XX, YY []kyber.Point, P proof.Prover)
func Verifier(group kyber.Group, g, h kyber.Point, X, Y, Xbar, Ybar []kyber.Point) proof.Verifier
type PairShuffle
type SimpleShuffle
type Suite

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Biffle ¶

func Biffle(suite Suite, G, H kyber.Point,
	X, Y [2]kyber.Point, rand cipher.Stream) (
	Xbar, Ybar [2]kyber.Point, prover proof.Prover)

Biffle is a binary shuffle ("biffle") for 2 ciphertexts based on general ZKPs.

func BiffleVerifier ¶

func BiffleVerifier(suite Suite, G, H kyber.Point,
	X, Y, Xbar, Ybar [2]kyber.Point) (
	verifier proof.Verifier)

BiffleVerifier returns a verifier of the biffle

func Shuffle ¶

func Shuffle(group kyber.Group, g, h kyber.Point, X, Y []kyber.Point,
	rand cipher.Stream) (XX, YY []kyber.Point, P proof.Prover)

Shuffle randomly shuffles and re-randomizes a set of ElGamal pairs, producing a correctness proof in the process. Returns (Xbar,Ybar), the shuffled and randomized pairs. If g or h is nil, the standard base point is used.

func Verifier ¶

func Verifier(group kyber.Group, g, h kyber.Point,
	X, Y, Xbar, Ybar []kyber.Point) proof.Verifier

Verifier produces a Sigma-protocol verifier to check the correctness of a shuffle.

Types ¶

type PairShuffle ¶

type PairShuffle struct {
	// contains filtered or unexported fields
}

PairShuffle creates a proof of the correctness of a shuffle of a series of ElGamal pairs.

The caller must first invoke Init() to establish the cryptographic parameters for the shuffle: in particular, the relevant cryptographic Group, and the number of ElGamal pairs to be shuffled.

The caller then may either perform its own shuffle, according to a permutation of the caller's choosing, and invoke Prove() to create a proof of its correctness; or alternatively the caller may simply invoke Shuffle() to pick a random permutation, compute the shuffle, and compute the correctness proof.

func (*PairShuffle) Init ¶

func (ps *PairShuffle) Init(grp kyber.Group, k int) *PairShuffle

Init creates a new PairShuffleProof instance for a k-element ElGamal pair shuffle. This protocol follows the ElGamal Pair Shuffle defined in section 4 of Andrew Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004.

func (*PairShuffle) Prove ¶

func (ps *PairShuffle) Prove(
	pi []int, g, h kyber.Point, beta []kyber.Scalar,
	X, Y []kyber.Point, rand cipher.Stream,
	ctx proof.ProverContext) error

Prove returns an error if the shuffle is not correct.

func (*PairShuffle) Verify ¶

func (ps *PairShuffle) Verify(
	g, h kyber.Point, X, Y, Xbar, Ybar []kyber.Point,
	ctx proof.VerifierContext) error

Verify ElGamal Pair Shuffle proofs.

type SimpleShuffle ¶

type SimpleShuffle struct {
	// contains filtered or unexported fields
}

SimpleShuffle is the "Simple k-shuffle" defined in section 3 of Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004.

func (*SimpleShuffle) Init ¶

func (ss *SimpleShuffle) Init(grp kyber.Group, k int) *SimpleShuffle

Init initializes the simple shuffle with the given group and the k parameter from the paper.

func (*SimpleShuffle) Prove ¶

func (ss *SimpleShuffle) Prove(G kyber.Point, gamma kyber.Scalar,
	x, y []kyber.Scalar, rand cipher.Stream,
	ctx proof.ProverContext) error

Prove the "Simple k-shuffle" defined in section 3 of Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004. The Scalar vector y must be a permutation of Scalar vector x but with all elements multiplied by common Scalar gamma.

func (*SimpleShuffle) Verify ¶

func (ss *SimpleShuffle) Verify(G, Gamma kyber.Point,
	ctx proof.VerifierContext) error

Verify for Neff simple k-shuffle proofs.

type Suite ¶

type Suite proof.Suite

Suite wraps the functionalities needed by the shuffle/ package. These are the same functionatlities needed by the proof/ package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL