首頁 探索 說明
登入
avadapal
/
duoram
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 60d125065d
分支列表 標籤列表
duoram
/
2p-preprocessing
/
ENCRYPTO_utils
/
crypto
/
djn.h

djn.h 6.1 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176 
  1. /**
    2. 

  2.  \file 		djn.h
    3. 

  3.  \author 	Daniel Demmler
    4. 

  4.  \copyright Copyright (C) 2019 ENCRYPTO Group, TU Darmstadt
    5. 

  5. 			This program is free software: you can redistribute it and/or modify
    6. 

  6.             it under the terms of the GNU Lesser General Public License as published
    7. 

  7.             by the Free Software Foundation, either version 3 of the License, or
    8. 

  8.             (at your option) any later version.
    9. 

  9.             ABY is distributed in the hope that it will be useful,
    10. 

  10.             but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11.             MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12. 

  12.             GNU Lesser General Public License for more details.
    13. 

  13.             You should have received a copy of the GNU Lesser General Public License
    14. 

  14.             along with this program. If not, see <http://www.gnu.org/licenses/>.
    15. 

  15. 

  16.  \brief
    17. 

  17.  libdjn - v0.9
    18. 

  18.  A library implementing the Damgaard Jurik Nielsen cryptosystem with s=1 (~Paillier).
    19. 

  19.  based on:
    20. 

  20.  libpaillier - A library implementing the Paillier cryptosystem.
    21. 

  21.  (http://hms.isi.jhu.edu/acsc/libpaillier/)
    22. 

  22.  */
    23. 

  23. 

  24. #ifndef _DJN_H_
    25. 

  25. #define _DJN_H_
    26. 

  26. #include <gmp.h>
    27. 

  27. 

  28. /*
    29. 

  29.  On memory handling:
    30. 

  30. 

  31.  At no point is any special effort made to securely "shred" sensitive
    32. 

  32.  memory or prevent it from being paged out to disk. This means that
    33. 

  33.  it is important that functions dealing with private keys and
    34. 

  34.  plaintexts (e.g., djn_keygen and djn_enc) only be run on
    35. 

  35.  trusted machines. The resulting ciphertexts and public keys,
    36. 

  36.  however, may of course be handled in an untrusted manner.
    37. 

  37. 

  38.  */
    39. 

  39. 

  40. /******
    41. 

  41.  TYPES
    42. 

  42.  *******/
    43. 

  43. 

  44. /*
    45. 

  45.  This represents a public key, which is the modulus n plus a generator h.
    46. 

  46.  */
    47. 

  47. struct djn_pubkey_t {
    48. 

  48. 	int bits; /* e.g., 1024 */
    49. 

  49. 	int rbits; /* e.g., 512 */
    50. 

  50. 	mpz_t n; /* public modulus n = p q */
    51. 

  51. 	mpz_t n_squared; /* cached to avoid recomputing */
    52. 

  52. 	mpz_t h; /* generator h = -x^2 mod n */
    53. 

  53. 	mpz_t h_s; /* h_s = h^n mod n^2 */
    54. 

  54. };
    55. 

  55. 

  56. /*
    57. 

  57.  This represents a Paillier private key; it needs to be used with a
    58. 

  58.  djn_pubkey_t to be meaningful. It includes the Carmichael
    59. 

  59.  function (lambda) of the modulus. The other value is kept for
    60. 

  60.  efficiency and should be considered private.
    61. 

  61.  */
    62. 

  62. struct djn_prvkey_t {
    63. 

  63. 	mpz_t lambda; /* lambda(n), i.e., lcm(p-1,q-1) */
    64. 

  64. 	mpz_t lambda_inverse; /* inverse of lambda (mod n)*/
    65. 

  65. 	mpz_t p; /* cached to avoid recomputing */
    66. 

  66. 	mpz_t q; /* cached to avoid recomputing */
    67. 

  67. 	mpz_t q_inverse; /* inverse of q (mod p) */
    68. 

  68. 	mpz_t q_squared_inverse; /* inverse of q^2 (mod p^2) */
    69. 

  69. 	mpz_t p_minusone; /* cached to avoid recomputing */
    70. 

  70. 	mpz_t q_minusone; /* cached to avoid recomputing */
    71. 

  71. 	mpz_t p_squared; /* cached to avoid recomputing */
    72. 

  72. 	mpz_t q_squared; /* cached to avoid recomputing */
    73. 

  73. 	mpz_t ordpsq; /* p^2-p */
    74. 

  74. 	mpz_t ordqsq; /* q^2-q */
    75. 

  75. };
    76. 

  76. 

  77. /*
    78. 

  78.  This is the type of the callback functions used to obtain the
    79. 

  79.  randomness needed by the probabilistic algorithms. The functions
    80. 

  80.  djn_get_rand_devrandom and djn_get_rand_devurandom
    81. 

  81.  (documented later) may be passed to any library function requiring a
    82. 

  82.  djn_get_rand_t, or you may implement your own. If you implement
    83. 

  83.  your own such function, it should fill in "len" random bytes in the
    84. 

  84.  array "buf".
    85. 

  85.  */
    86. 

  86. typedef void (*djn_get_rand_t)(void* buf, int len);
    87. 

  87. 

  88. /*****************
    89. 

  89.  BASIC OPERATIONS
    90. 

  90.  *****************/
    91. 

  91. 

  92. /*
    93. 

  93.  Generate a keypair of length modulusbits using randomness from the
    94. 

  94.  provided get_rand function. Space will be allocated for each of the
    95. 

  95.  keys, and the given pointers will be set to point to the new
    96. 

  96.  djn_pubkey_t and djn_prvkey_t structures. The functions
    97. 

  97.  djn_get_rand_devrandom and djn_get_rand_devurandom may be
    98. 

  98.  passed as the final argument.
    99. 

  99.  */
    100. 

  100. void djn_keygen(unsigned int modulusbits, djn_pubkey_t** pub, djn_prvkey_t** prv);
    101. 

  101. 

  102. /*
    103. 

  103.  Encrypt the given plaintext with the given public key using
    104. 

  104.  randomness from get_rand for blinding. If res is not null, its
    105. 

  105.  contents will be overwritten with the result. Otherwise, a new
    106. 

  106.  djn_ciphertext_t will be allocated and returned.
    107. 

  107.  */
    108. 

  108. void djn_encrypt(mpz_t res, djn_pubkey_t* pub, mpz_t pt);
    109. 

  109. 

  110. /*
    111. 

  111.  Encrypt the given plaintext with the given public key using
    112. 

  112.  randomness from get_rand for blinding. If res is not null, its
    113. 

  113.  contents will be overwritten with the result. Otherwise, a new
    114. 

  114.  djn_ciphertext_t will be allocated and returned.
    115. 

  115.  */
    116. 

  116. void djn_encrypt_crt(mpz_t res, djn_pubkey_t* pub, djn_prvkey_t* prv, mpz_t pt);
    117. 

  117. 

  118. /**
    119. 

  119.  * fixed base encryption. Requires pre-computed fixed base table.
    120. 

  120.  */
    121. 

  121. void djn_encrypt_fb(mpz_t res, djn_pubkey_t* pub, mpz_t plaintext);
    122. 

  122. 

  123. /*
    124. 

  124.  Decrypt the given ciphertext with the given key pair. If res is not
    125. 

  125.  null, its contents will be overwritten with the result. Otherwise, a
    126. 

  126.  new djn_plaintext_t will be allocated and returned.
    127. 

  127.  */
    128. 

  128. void djn_decrypt(mpz_t res, djn_pubkey_t* pub, djn_prvkey_t* prv, mpz_t ct);
    129. 

  129. 

  130. /**********************
    131. 

  131.  KEY IMPORT AND EXPORT
    132. 

  132.  **********************/
    133. 

  133. 

  134. /*
    135. 

  135.  Import or export public and private keys from or to hexadecimal,
    136. 

  136.  ASCII strings, which are suitable for I/O. Note that the
    137. 

  137.  corresponding public key is necessary to initialize a private key
    138. 

  138.  from a hex string. In all cases, the returned value is allocated for
    139. 

  139.  the caller and the values passed are unchanged.
    140. 

  140.  */
    141. 

  141. char* djn_pubkey_to_hex(djn_pubkey_t* pub);
    142. 

  142. char* djn_prvkey_to_hex(djn_prvkey_t* prv);
    143. 

  143. djn_pubkey_t* djn_pubkey_from_hex(char* str);
    144. 

  144. djn_prvkey_t* djn_prvkey_from_hex(char* str, djn_pubkey_t* pub);
    145. 

  145. 

  146. /********
    147. 

  147.  CLEANUP
    148. 

  148.  ********/
    149. 

  149. 

  150. /*
    151. 

  151.  These free the structures allocated and returned by various
    152. 

  152.  functions within library and should be used when the structures are
    153. 

  153.  no longer needed.
    154. 

  154.  */
    155. 

  155. void djn_freepubkey(djn_pubkey_t* pub);
    156. 

  156. void djn_freeprvkey(djn_prvkey_t* prv);
    157. 

  157. 

  158. /***********
    159. 

  159.  MISC STUFF
    160. 

  160.  ***********/
    161. 

  161. 

  162. /*
    163. 

  163.  Just a utility used internally when we need round a number of bits
    164. 

  164.  up the number of bytes necessary to hold them.
    165. 

  165.  */
    166. 

  166. #define PAILLIER_BITS_TO_BYTES(n) ((n) % 8 ? (n) / 8 + 1 : (n) / 8)
    167. 

  167. 

  168. void djn_pow_mod_n_crt(mpz_t res, const mpz_t b, const mpz_t e, const djn_pubkey_t* pub, const djn_prvkey_t* prv);
    169. 

  169. void djn_pow_mod_n_squared_crt(mpz_t res, const mpz_t b, const mpz_t e, const djn_pubkey_t* pub, const djn_prvkey_t* prv);
    170. 

  170. 

  171. /**
    172. 

  172.  * create full public key given only n and h (e.g., after a key exchange)
    173. 

  173.  */
    174. 

  174. void djn_complete_pubkey(unsigned int modulusbits, djn_pubkey_t** pub, mpz_t n, mpz_t h);
    175. 

  175. 

  176. #endif
    177.