mortendahl / rust-paillier Goto Github PK

A pure-Rust implementation of the Paillier encryption scheme

License: Other

Rust 100.00%

secure-computation homomorphic-encryption paillier zero-knowledge cryptography

rust-paillier's Introduction

Paillier

Efficient pure-Rust library for the Paillier partially homomorphic encryption scheme, offering also packed encoding for encrypting several values together as well as several zero-knowledge proofs related to typical use-cases. Supports several underlying arbitrary precision libraries, including RAMP and GMP.

Several companies have invested resources in the development of this library, including Snips who implemented the original version for use in their privacy-preserving analytics system, and KZen networks who contributed with implementations of many zero-knowledge proofs. See contributions below for more details.

Important: while we have followed recommendations regarding the scheme itself, some parts of this library have not yet been harden against non-cryptographic attacks such as side-channel attacks.

extern crate paillier;
use paillier::*;

fn main() {

  // generate a fresh keypair and extract encryption and decryption keys
  let (ek, dk) = Paillier::keypair().keys();

  // encrypt four values
  let c1 = Paillier::encrypt(&ek, 10);
  let c2 = Paillier::encrypt(&ek, 20);
  let c3 = Paillier::encrypt(&ek, 30);
  let c4 = Paillier::encrypt(&ek, 40);

  // add all of them together
  let c = Paillier::add(&ek,
    &Paillier::add(&ek, &c1, &c2),
    &Paillier::add(&ek, &c3, &c4)
  );

  // multiply the sum by 2
  let d = Paillier::mul(&ek, &c, 2);

  // decrypt final result
  let m: u64 = Paillier::decrypt(&dk, &d);
  println!("decrypted total sum is {}", m);

}

Installation

Some features are optional yet currently included by default. See Features below for more details. Note that the nightly toolchain is currently needed to build the library.

Using cargo

[dependencies]
paillier = { version="0.2" }

From source

git clone https://github.com/mortendahl/rust-paillier
cd rust-paillier
cargo build --release

Features

The library supports the following features. The default compilation is equivalent to

cargo build --release --no-default-features --features "usegmp keygen proofs"

using GMP and including both key generation and zero-knowledge proofs.

Underlying arithmetic

The choice of underlying arithmetic library may be changed using features usegmp (default) and useramp. GMP generally offers slightly better performance but may be unavailable on some platforms or for some applications. Note that useramp does currently not support proofs, i.e. features useramp and proofs cannot be used together.

Key generation

Key generation feature keygen is included by default but if unneeded may safely be excluded to avoid extra dependencies.

extern crate paillier;
use paillier::*;

fn main() {

  // generate a fresh keypair and extract encryption and decryption keys
  let (ek, dk) = Paillier::keypair().keys();

  ...

}

Zero-knowledge proofs

Feature proofs includes various zero-knowledge proofs related to the typical use of Paillier encryption. Turned on by default but may safely be excluded if unneeded.

Benchmarks

Several benches are included, testing both the underlying arithmetic libraries as well as the operations of the scheme. All may be run using

cargo bench

and including either several arithmetic libraries and key generation as discussed above.

License

Forked from snipsco/rust-paillier with additional functionality. Licensed under either of

Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Contributions

Several people have had a significant impact in the development of this library (in alphabetical order):

Gary Benattar (KZen networks)
Mario Cornejo (while at Snips)
Mathieu Poumeyrol (Snips)
Omer Shlomovits (KZen networks)

and several companies have invested resources:

Snips sponsored implementation of the original version
KZen networks sponsored extension of many zero-knowledge proofs

Reported uses

Snips: privacy-preserving analytics
KZen networks: multi-party signatures

rust-paillier's People

Contributors

Stargazers

Watchers

rust-paillier's Issues

zero knowledge range proof

A zk range proof in which the prover and verifier posses common paillier ciphertext and the prover proves that the decrypted ciphertext is in a certain range. The complete proof as well as reference to the original proof and security proof can be found in https://eprint.iacr.org/2017/552.pdf , Appendix A.

As part of this proof we need to add functionalities : "encrypt_with_chosen_randomness" and "encrypt_with_precomputed_randomness"

tests for encrypt with dk?

I saw in the benchmarks there are two options for encryption: one takes an "ek" and the other takes a "dk". It seems the dk version is faster. However, I didn't find the dk version of the encryption used anywhere else. Is it possible to add examples / tests for it?

I am on the ZenGo fork. Somehow I couldn't find a "submit issue" button on the homepage of the fork in github. So I posted the issue here.

Port functionality from UTexas Java implementation

Library: http://www.cs.utdallas.edu/dspl/cgi-bin/pailliertoolbox/

Updating ring to ^0.16.5

Trying to use with Private ID and I get the following error

$ cargo build
    Updating crates.io index
error: failed to select a version for `ring`.
    ... required by package `rustls v0.16.0`
    ... which is depended on by `rustls-native-certs v0.1.0`
    ... which is depended on by `tonic v0.1.1`
    ... which is depended on by `protocol-rpc v0.1.0 (/private/home/ssengupta/projects/tmp/Private-ID-1/protocol-rpc)`
versions that meet the requirements `^0.16.5` are: 0.16.12, 0.16.20, 0.16.19, 0.16.18, 0.16.17, 0.16.16, 0.16.15, 0.16.14, 0.16.13, 0.16.11, 0.16.10, 0.16.9, 0.16.7, 0.16.6, 0.16.5

the package `ring` links to the native library `ring-asm`, but it conflicts with a previous package which links to `ring-asm` as well:
package `ring v0.13.5`
    ... which is depended on by `paillier v0.2.0`
    ... which is depended on by `crypto v0.1.0 (/private/home/ssengupta/projects/tmp/Private-ID-1/crypto)`
    ... which is depended on by `protocol v0.1.0 (/private/home/ssengupta/projects/tmp/Private-ID-1/protocol)`
    ... which is depended on by `protocol-rpc v0.1.0 (/private/home/ssengupta/projects/tmp/Private-ID-1/protocol-rpc)`

Proof of correct decryption

Proof simply takes the form of the randomness that was used.

What is the correct name for this type of proof? Sometimes revealing both the plaintext and randomness is not what we want.

Feature Request: Proof of Membership

I was wondering if it would be possible to add support for "proof of membership" in addition to the current existing range proof.

Details on implementing a proof-of-membership is here: https://paillier.daylightingsociety.org/Paillier_Zero_Knowledge_Proof.pdf

As an example of why this is useful, consider using Paillier homomorphic addition as part of a voting system where votes are kept anonymous.

Consider an example where we have three candidates. Each voter would encode their vote in the form: 0001 0000 0000 to vote for candidate-1, 0000 0001 0000 for candidate-2, and 0000 0000 0001 for candidate 3. Using Paillier, we could sum all the encrypted votes together and obtain a result, while keeping each individual vote secret. However, without a "proof of membership", a malicious voter might cast a malicious vote 01110 0000 0000. A "proof of membership" would allow us to verify a vote is within the set ['0001 0000 0000', '0000 0000 1000', '0000 0000 0001'] and thwart malicious votes.

Serialization

Proper implementation of export/import of keys and ciphertexts.

Ramp support for proofs

Ramp does currently not support proofs due to the use of specific GMP features; should be relatively straight forward to find an abstraction that fixes this.

optimize code against side-channel attacks

make sure implementation behaviour is uniform in respect to secret data

note: LINK : fatal error LNK1181: cannot open input file 'gmp.lib'

Environment

> cargo --version
cargo 1.49.0 (d00d64df9 2020-12-05)
> rustup toolchain list 
stable-x86_64-pc-windows-msvc (default)
nightly-x86_64-pc-windows-msvc
1.41.0-x86_64-pc-windows-msvc

compile the demo in README.md with cargo +nightly run

Error

> cargo +nightly run
error: linking with `link.exe` failed: exit code: 1181
  |
  # many notes
  = note: LINK : fatal error LNK1181: cannot open input file 'gmp.lib'


error: aborting due to previous error

error: could not compile `paillier-demo`

To learn more, run the command again with --verbose.

Expect

install gmp.lib before the lib build, so that it could link.

Refactoring of existing benches

Benches are not working due to the work done on the simplification.
They also need to be refactored (or deleted for some of them).

https://github.com/mortendahl/rust-paillier/tree/dev/benches

No short-circuiting in correct key proof

iter::any and iter::all will short-circuit; replace with fold?

update documentation

README
docs
citations
examples

Fix ramp/framp support

Currently waiting for these crates to compile again (after breaking change to rust?) See #27

Use of mod N instead of mod N^2 in proofs

The use of mod N in the proofs of correct decryption key might be a non-standard assumption that we should make sure is okay to use. Hardness of DCR implies hardness of RSA inversion but may not imply RSA indistinguishability, which might be needed for the simulation proofs to go through (alternatively the simulator may be adaptable).

In any case, this should be addressed before making the next release, defaulting to the conservative case if not resolution is found.

Ciphertext-Plaintext addition

Hi! New to rust and I saw that the library implements adding a ciphertext with a plaintext. However, the following code reports an error:

  let c1 = Paillier::encrypt(&ek, 10);

  let p1 = RawPlaintext::from(BigInt::from(20));

  // add all of them together
  let c = Paillier::add(&ek, &c1, &p1);

and it says

16 | let c = Paillier::add(&ek, &c1, &p1);
| ^^^^^^^^^^^^^ the trait paillier::Add<EncryptionKey, &EncodedCiphertext<u64>, &paillier::RawPlaintext<'_>, _> is not implemented for paillier::Paillier

Could you kindly advise on how I can add a plaintext to a ciphertext in this library? Thanks!

Better structure for interactive proofs

At the moment we have proof files that are self self contained with all relevant methods fo the interactive proof. A better idea is to work with modules and structs, for example define Prover, Verifier structs with the relevant method

Readme Example Fails

Hi, I was trying out the library and noticed that it does not compile on my system.

I see the following error:

The following warnings were emitted during compilation:

warning: [email protected]: xcrun: error: unable to lookup item 'PlatformVersion' from command line tools installation
warning: [email protected]: xcrun: error: unable to lookup item 'PlatformVersion' in SDK '/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk'

error: failed to run custom build command for `ring v0.13.5`

Caused by:
  process didn't exit successfully: `/Users/shreyaslondhe/Desktop/dev/aerius-repos/paillier-native-test/target/debug/build/ring-28913207c50bd536/build-script-build` (exit status: 101)
  --- stdout
  CARGO: /Users/shreyaslondhe/.rustup/toolchains/stable-aarch64-apple-darwin/bin/cargo
  CARGO_CFG_PANIC: unwind
  CARGO_CFG_TARGET_ARCH: aarch64
  CARGO_CFG_TARGET_ENDIAN: little
  CARGO_CFG_TARGET_ENV: 
  CARGO_CFG_TARGET_FAMILY: unix
  CARGO_CFG_TARGET_FEATURE: aes,crc,dit,dotprod,dpb,dpb2,fcma,fhm,flagm,fp16,frintts,jsconv,lor,lse,neon,paca,pacg,pan,pmuv3,ras,rcpc,rcpc2,rdm,sb,sha2,sha3,ssbs,vh
  CARGO_CFG_TARGET_HAS_ATOMIC: 128,16,32,64,8,ptr
  CARGO_CFG_TARGET_OS: macos
  CARGO_CFG_TARGET_POINTER_WIDTH: 64
  CARGO_CFG_TARGET_VENDOR: apple
  CARGO_CFG_UNIX: 
  CARGO_ENCODED_RUSTFLAGS: 
  CARGO_FEATURE_DEFAULT: 1
  CARGO_FEATURE_DEV_URANDOM_FALLBACK: 1
  CARGO_FEATURE_USE_HEAP: 1
  CARGO_HOME: /Users/shreyaslondhe/.cargo
  CARGO_MAKEFLAGS: -j --jobserver-fds=7,8 --jobserver-auth=7,8
  CARGO_MANIFEST_DIR: /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5
  CARGO_MANIFEST_LINKS: ring-asm
  CARGO_PKG_AUTHORS: Brian Smith <[email protected]>
  CARGO_PKG_DESCRIPTION: Safe, fast, small crypto using Rust.
  CARGO_PKG_HOMEPAGE: 
  CARGO_PKG_LICENSE: 
  CARGO_PKG_LICENSE_FILE: LICENSE
  CARGO_PKG_NAME: ring
  CARGO_PKG_README: doc/link-to-readme.md
  CARGO_PKG_REPOSITORY: https://github.com/briansmith/ring
  CARGO_PKG_RUST_VERSION: 
  CARGO_PKG_VERSION: 0.13.5
  CARGO_PKG_VERSION_MAJOR: 0
  CARGO_PKG_VERSION_MINOR: 13
  CARGO_PKG_VERSION_PATCH: 5
  CARGO_PKG_VERSION_PRE: 
  COLORTERM: truecolor
  COMMAND_MODE: unix2003
  DEBUG: true
  DYLD_FALLBACK_LIBRARY_PATH: /Users/shreyaslondhe/Desktop/dev/aerius-repos/paillier-native-test/target/debug/deps:/Users/shreyaslondhe/Desktop/dev/aerius-repos/paillier-native-test/target/debug:/Users/shreyaslondhe/.rustup/toolchains/stable-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib:/Users/shreyaslondhe/.rustup/toolchains/stable-aarch64-apple-darwin/lib:/Users/shreyaslondhe/lib:/usr/local/lib:/usr/lib
  GIT_ASKPASS: /Applications/Visual Studio Code.app/Contents/Resources/app/extensions/git/dist/askpass.sh
  HOME: /Users/shreyaslondhe
  HOMEBREW_CELLAR: /opt/homebrew/Cellar
  HOMEBREW_PREFIX: /opt/homebrew
  HOMEBREW_REPOSITORY: /opt/homebrew
  HOST: aarch64-apple-darwin
  INFOPATH: /opt/homebrew/share/info:/opt/homebrew/share/info:
  LANG: en_US.UTF-8
  LC_CTYPE: UTF-8
  LESS: -R
  LOGNAME: shreyaslondhe
  LSCOLORS: Gxfxcxdxbxegedabagacad
  LS_COLORS: di=1;36:ln=35:so=32:pi=33:ex=31:bd=34;46:cd=34;43:su=30;41:sg=30;46:tw=30;42:ow=30;43
  MANPATH: /Users/shreyaslondhe/.nvm/versions/node/v18.18.0/share/man:/opt/homebrew/share/man:/usr/share/man:/usr/local/share/man:/Users/shreyaslondhe/.nvm/versions/node/v18.18.0/share/man:/opt/homebrew/share/man::
  MallocNanoZone: 0
  NUM_JOBS: 8
  NVM_BIN: /Users/shreyaslondhe/.nvm/versions/node/v18.18.0/bin
  NVM_CD_FLAGS: -q
  NVM_DIR: /Users/shreyaslondhe/.nvm
  NVM_INC: /Users/shreyaslondhe/.nvm/versions/node/v18.18.0/include/node
  OLDPWD: /Users/shreyaslondhe/Desktop/dev/aerius-repos/paillier-native-test
  OPT_LEVEL: 0
  ORIGINAL_XDG_CURRENT_DESKTOP: undefined
  OUT_DIR: /Users/shreyaslondhe/Desktop/dev/aerius-repos/paillier-native-test/target/debug/build/ring-eec1d7616f91249a/out
  P9K_SSH: 0
  P9K_TTY: old
  PAGER: less
  PATH: /Users/shreyaslondhe/.pyenv/shims:/Users/shreyaslondhe/.nvm/versions/node/v18.18.0/bin:/Users/shreyaslondhe/Library/Python/3.9/bin:/opt/homebrew/opt/[email protected]/bin:/Users/shreyaslondhe/.local/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Users/shreyaslondhe/.nvm/versions/node/v18.18.0/bin:/Users/shreyaslondhe/Library/Python/3.9/bin:/opt/homebrew/opt/[email protected]/bin:/Users/shreyaslondhe/.local/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/Users/shreyaslondhe/.cargo/bin:/Users/shreyaslondhe/.succinct/bin:/Users/shreyaslondhe/.foundry/bin:/Users/shreyaslondhe/.sp1/bin:/Users/shreyaslondhe/.local/bin:/Users/shreyaslondhe/.local/bin
  PROFILE: debug
  PWD: /Users/shreyaslondhe/Desktop/dev/aerius-repos/paillier-native-test
  RING_NIGHTLY_MISUSE: 1
  RUSTC: /Users/shreyaslondhe/.rustup/toolchains/stable-aarch64-apple-darwin/bin/rustc
  RUSTDOC: /Users/shreyaslondhe/.rustup/toolchains/stable-aarch64-apple-darwin/bin/rustdoc
  RUSTUP_HOME: /Users/shreyaslondhe/.rustup
  RUSTUP_TOOLCHAIN: stable-aarch64-apple-darwin
  RUST_RECURSION_COUNT: 1
  SHELL: /bin/zsh
  SHLVL: 3
  SSH_AUTH_SOCK: /private/tmp/com.apple.launchd.VvoNpUJWz1/Listeners
  TARGET: aarch64-apple-darwin
  TERM: xterm-256color
  TERM_PROGRAM: vscode
  TERM_PROGRAM_VERSION: 1.87.1
  TERM_SESSION_ID: D54F9A70-8475-4C94-8B18-2D80B8A60E3E
  TMPDIR: /var/folders/m6/phxysytx5g3c98m4rb4m532h0000gn/T/
  USER: shreyaslondhe
  USER_ZDOTDIR: /Users/shreyaslondhe
  VSCODE_GIT_ASKPASS_EXTRA_ARGS: 
  VSCODE_GIT_ASKPASS_MAIN: /Applications/Visual Studio Code.app/Contents/Resources/app/extensions/git/dist/askpass-main.js
  VSCODE_GIT_ASKPASS_NODE: /Applications/Visual Studio Code.app/Contents/Frameworks/Code Helper (Plugin).app/Contents/MacOS/Code Helper (Plugin)
  VSCODE_GIT_IPC_HANDLE: /var/folders/m6/phxysytx5g3c98m4rb4m532h0000gn/T/vscode-git-72633ac52f.sock
  VSCODE_INJECTION: 1
  VSCODE_NONCE: d47d723e-9097-49c4-8f86-6223727bb8bc
  XPC_FLAGS: 0x0
  XPC_SERVICE_NAME: 0
  ZDOTDIR: /Users/shreyaslondhe
  ZSH: /Users/shreyaslondhe/.oh-my-zsh
  _: /Users/shreyaslondhe/.cargo/bin/cargo
  _P9K_SSH_TTY: /dev/ttys007
  _P9K_TTY: /dev/ttys007
  __CFBundleIdentifier: com.microsoft.VSCode
  __CF_USER_TEXT_ENCODING: 0x1F5:0x0:0x0
  OPT_LEVEL = Some("0")
  TARGET = Some("aarch64-apple-darwin")
  HOST = Some("aarch64-apple-darwin")
  cargo:rerun-if-env-changed=CC_aarch64-apple-darwin
  CC_aarch64-apple-darwin = None
  cargo:rerun-if-env-changed=CC_aarch64_apple_darwin
  CC_aarch64_apple_darwin = None
  cargo:rerun-if-env-changed=HOST_CC
  HOST_CC = None
  cargo:rerun-if-env-changed=CC
  CC = None
  cargo:rerun-if-env-changed=CC_ENABLE_DEBUG_OUTPUT
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  DEBUG = Some("true")
  cargo:warning=xcrun: error: unable to lookup item 'PlatformVersion' from command line tools installation
  cargo:warning=xcrun: error: unable to lookup item 'PlatformVersion' in SDK '/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk'
  cargo:rerun-if-env-changed=CFLAGS_aarch64-apple-darwin
  CFLAGS_aarch64-apple-darwin = None
  cargo:rerun-if-env-changed=CFLAGS_aarch64_apple_darwin
  CFLAGS_aarch64_apple_darwin = None
  cargo:rerun-if-env-changed=HOST_CFLAGS
  HOST_CFLAGS = None
  cargo:rerun-if-env-changed=CFLAGS
  CFLAGS = None
  running "cc" "-O0" "-ffunction-sections" "-fdata-sections" "-fPIC" "-gdwarf-2" "-fno-omit-frame-pointer" "--target=arm64-apple-darwin" "-mmacosx-version-min=11.0" "-I" "include" "-Wall" "-Wextra" "-pedantic" "-pedantic-errors" "-Wall" "-Wextra" "-Wcast-align" "-Wcast-qual" "-Wenum-compare" "-Wfloat-equal" "-Wformat=2" "-Winline" "-Winvalid-pch" "-Wmissing-declarations" "-Wmissing-field-initializers" "-Wmissing-include-dirs" "-Wredundant-decls" "-Wshadow" "-Wsign-compare" "-Wundef" "-Wuninitialized" "-Wwrite-strings" "-fno-strict-aliasing" "-fvisibility=hidden" "-Wno-cast-align" "-fstack-protector" "-gfull" "-D_XOPEN_SOURCE=700" "-c" "-o/Users/shreyaslondhe/Desktop/dev/aerius-repos/paillier-native-test/target/debug/build/ring-eec1d7616f91249a/out/aesv8-armx-linux64.o" "/Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S"

  --- stderr
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:21:1: error: unknown directive
  .hidden GFp_aes_hw_set_encrypt_key
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:22:1: error: unknown directive
  .type GFp_aes_hw_set_encrypt_key,%function
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:186:1: error: unknown directive
  .size GFp_aes_hw_set_encrypt_key,.-GFp_aes_hw_set_encrypt_key
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:188:1: error: unknown directive
  .hidden GFp_aes_hw_encrypt
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:189:1: error: unknown directive
  .type GFp_aes_hw_encrypt,%function
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:216:1: error: unknown directive
  .size GFp_aes_hw_encrypt,.-GFp_aes_hw_encrypt
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:218:1: error: unknown directive
  .hidden GFp_aes_hw_decrypt
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:219:1: error: unknown directive
  .type GFp_aes_hw_decrypt,%function
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:246:1: error: unknown directive
  .size GFp_aes_hw_decrypt,.-GFp_aes_hw_decrypt
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:248:1: error: unknown directive
  .hidden GFp_aes_hw_ctr32_encrypt_blocks
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:249:1: error: unknown directive
  .type GFp_aes_hw_ctr32_encrypt_blocks,%function
  ^
  /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/pregenerated/aesv8-armx-linux64.S:428:1: error: unknown directive
  .size GFp_aes_hw_ctr32_encrypt_blocks,.-GFp_aes_hw_ctr32_encrypt_blocks
  ^
  thread 'main' panicked at /Users/shreyaslondhe/.cargo/registry/src/index.crates.io-6f17d22bba15001f/ring-0.13.5/build.rs:645:9:
  execution failed
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...

Any help is much appreciated, thanks :)

zero knowledge proof for encryption of same value under two different keys

Statement is C1, C2. Prover wants to prove knowledge of x,r1,r2 such that
C1 = (1+N1)^x *r1^N1 mod N1^2 and C2 = (1+N2)^x *r2^N2 mod N2^2:

prover first message: choose alpha, r3, r4, where 0<= alpha < min(N1,N2), 0<r3< N1, 0<r4< N2 compute:
D1= (1+N1)^alpha *r3^N1 mod N1^2 and D2 = (1+N2)^alpha *r4^N2 mod N2^2,
send D1,D2

verifier sends a random challenge e

prover computes: z = alpha + ex, s1 = r3r1^e mod N1, s2 = r4r2^e mod N2
sends z,s1,s2

verifier checks:
Enc_N1(z mod N1, s1) = C1^e*D1
Enc_N2(z mod N2, s2) = C2^e*D2

purpose of wrapping RawCiphertext via EncodedCiphertext?

More of a question than an issue, but I was wondering what's the purpose of using EncodedCiphertext type to wrap the RawCiphertext? Also quite new to rust -- could you give pointers to help understand the syntax below? I understand that the first line is implementing the Encrypt trait, but not sure what the second and third line means.

impl<EK> Encrypt<EK, u64, EncodedCiphertext<u64>> for Paillier
where
    for<'p, 'c> Self: Encrypt<EK, RawPlaintext<'p>, RawCiphertext<'c>>,
{
                 // more code here
        }
    }
}

Fix packed coding

Should be straight-forward. There is no way of specifying component size now after the simplification so simply use the component data type as an indicator.

zero knowledge proof for correct message

In the case that the message space size is small (a message can be only one of a few possibilities ), it is possible to create a "ring" like structure that proves that the encrypted value is a message from the message space without revealing the message.
Reference: https://paillier.daylightingsociety.org/Paillier_Zero_Knowledge_Proof.pdf

Only export unsigned numbers

Big integers may internally be represented in the negative range due to the use of signed numbers. When these are exported, in the form of eg keys and ciphertexts, we should make sure to normalise everything to the positive range.

One possible issue by not ensuring this is data leakage another is simply for consistency.

Supporting signed integers and floats

First of all congratulations, this library is really cool and I love using it!

I wonder if it's possible to support signed integers and/or floats like Python's phe does here. Signed integers would allow for subtraction, which is really useful. Unfortunately I'm a bit new to cryptography so I don't know if there's any other design choices that prevent it.

Benches for Zero Knowledge Proof

The purpose of this task is to add benches for Zero Knowledge Proof.

Strategy for dealing with precomputed material

Right now everything is being added to DecryptionKey, however it's getting messy and it would be nice to only precompute what's actually needed.

Reference encryption key in ciphertexts

By also having a reference to the corresponding encryption key in ciphertexts we can making homomorphic operations easier to read, ie c1 + c2 and c * 5 instead of Paillier::add(ek, c1, c2) and Paillier:mul(c, 5).

Implementation wise this could be done by simply redirecting to the existing Paillier method and implementing Add and Mul for ciphertexts.

Failure to compile frame with nightly compiler

Hello! Exciting framework, I'm trying to do some performance work on Paillier encryption, but I can't seem to compile this framework with the nightly Rust compiler. I followed the steps in the readme, and attempted to compile the framework using cargo build.

I see that there was one prior issue that was opened and closed related to frame build support (#26 I believe), however I am uncertain if this is the same underlying issue.

Here's my setup:

Default host: x86_64-apple-darwin

installed toolchains
--------------------

stable-x86_64-apple-darwin
nightly-x86_64-apple-darwin (default)

active toolchain
----------------

nightly-x86_64-apple-darwin (default)
rustc 1.35.0-nightly (8159f389f 2019-04-06)

And here's the output of the build command:

$ cargo build
warning: An explicit [[bench]] section is specified in Cargo.toml which currently
disables Cargo from automatically inferring other benchmark targets.
This inference behavior will change in the Rust 2018 edition and the following
files will be included as a benchmark target:

* /Users/ocrickard/src/rust-paillier/benches/helpers.rs
* /Users/ocrickard/src/rust-paillier/benches/macros.rs

This is likely to break cargo build or cargo test as these files may not be
ready to be compiled as a benchmark target today. You can future-proof yourself
and disable this warning by adding `autobenches = false` to your [package]
section. You may also move the files to a location where Cargo would not
automatically infer them to be a target, such as in subfolders.

For more information on this warning you can consult
https://github.com/rust-lang/cargo/issues/5330
   Compiling framp v0.3.7
error[E0432]: unresolved import `alloc::heap`
  --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/mem.rs:18:5
   |
18 | use alloc::heap;
   |     ^^^^^^^^^^^ no `heap` in the root

error[E0433]: failed to resolve: could not find `heap` in `alloc`
    --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:3614:46
     |
3614 |             ptr: unsafe { Unique::new(alloc::heap::EMPTY as *mut Limb) },
     |                                              ^^^^ could not find `heap` in `alloc`

error[E0407]: method `step` is not a member of trait `std::iter::Step`
    --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:3688:5
     |
3688 | /     fn step(&self, by: &Int) -> Option<Int> {
3689 | |         Some(self + by)
3690 | |     }
     | |_____^ not a member of trait `std::iter::Step`

error[E0407]: method `steps_between_by_one` is not a member of trait `std::iter::Step`
    --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:3707:5
     |
3707 | /     fn steps_between_by_one(start: &Self, end: &Self) -> Option<usize> {
3708 | |         Self::steps_between(start, end, &Self::one())
3709 | |     }
     | |_____^ not a member of trait `std::iter::Step`

error[E0407]: method `is_negative` is not a member of trait `std::iter::Step`
    --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:3711:5
     |
3711 | /     fn is_negative(&self) -> bool {
3712 | |         self.sign() < 0
3713 | |     }
     | |_____^ not a member of trait `std::iter::Step`

error[E0658]: use of unstable library feature 'ptr_internals': use NonNull instead and consider PhantomData<T> (if you also use #[may_dangle]), Send, and/or Sync
  --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:32:5
   |
32 | use std::ptr::Unique;
   |     ^^^^^^^^^^^^^^^^
   |
   = help: add #![feature(ptr_internals)] to the crate attributes to enable

error[E0658]: use of unstable library feature 'raw_vec_internals': implementation detail
  --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:45:5
   |
45 | use alloc::raw_vec::RawVec;
   |     ^^^^^^^^^^^^^^^^^^^^^^
   |
   = help: add #![feature(raw_vec_internals)] to the crate attributes to enable

error[E0658]: use of unstable library feature 'ptr_internals': use NonNull instead and consider PhantomData<T> (if you also use #[may_dangle]), Send, and/or Sync
   --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:126:10
    |
126 |     ptr: Unique<Limb>,
    |          ^^^^^^^^^^^^
    |
    = help: add #![feature(ptr_internals)] to the crate attributes to enable

error[E0658]: use of unstable library feature 'raw_vec_internals': implementation detail
   --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:155:36
    |
155 |     fn with_raw_vec<F: FnOnce(&mut RawVec<Limb>)>(&mut self, f: F) {
    |                                    ^^^^^^^^^^^^
    |
    = help: add #![feature(raw_vec_internals)] to the crate attributes to enable

error[E0658]: use of unstable library feature 'raw_vec_internals': implementation detail
   --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:158:27
    |
158 |             let mut vec = RawVec::from_raw_parts(self.ptr.as_ptr(), old_cap);
    |                           ^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: add #![feature(raw_vec_internals)] to the crate attributes to enable

error[E0658]: use of unstable library feature 'ptr_internals': use NonNull instead and consider PhantomData<T> (if you also use #[may_dangle]), Send, and/or Sync
   --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:165:24
    |
165 |             self.ptr = Unique::new(vec.ptr());
    |                        ^^^^^^^^^^^
    |
    = help: add #![feature(ptr_internals)] to the crate attributes to enable

error[E0658]: use of unstable library feature 'raw_vec_internals': implementation detail
   --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:979:22
    |
979 |                 drop(RawVec::from_raw_parts(self.ptr.as_ptr(),
    |                      ^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: add #![feature(raw_vec_internals)] to the crate attributes to enable

error[E0658]: use of unstable library feature 'ptr_internals': use NonNull instead and consider PhantomData<T> (if you also use #[may_dangle]), Send, and/or Sync
    --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:3614:27
     |
3614 |             ptr: unsafe { Unique::new(alloc::heap::EMPTY as *mut Limb) },
     |                           ^^^^^^^^^^^
     |
     = help: add #![feature(ptr_internals)] to the crate attributes to enable

error[E0050]: method `steps_between` has 3 parameters but the declaration in trait `std::iter::Step::steps_between` has 2
    --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:3692:29
     |
3692 |     fn steps_between(start: &Int, end: &Int, by: &Int) -> Option<usize> {
     |                             ^^^^^^^^^^^^^^^^^^^^^^^^^ expected 2 parameters, found 3
     |
     = note: `steps_between` from trait: `fn(&Self, &Self) -> std::option::Option<usize>`

error[E0046]: not all trait items implemented, missing: `add_usize`
    --> /Users/ocrickard/.cargo/registry/src/github.com-1ecc6299db9ec823/framp-0.3.7/src/int.rs:3687:1
     |
3687 | impl std::iter::Step for Int {
     | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ missing `add_usize` in implementation
     |
     = note: `add_usize` from trait: `fn(&Self, usize) -> std::option::Option<Self>`

error: aborting due to 15 previous errors

Some errors occurred: E0046, E0050, E0407, E0432, E0433, E0658.
For more information about an error, try `rustc --explain E0046`.
error: Could not compile `framp`.

To learn more, run the command again with --verbose.

Introduce data-parallelism with Rayon

The purpose of this task is to introduce data-parallelism with Rayon at first in the zero knowedge proof (refactored with the use of iterator).

Comparison benches will be posted.

zero-knowledge proof for correct construction of ciphertext

To prove a ciphertext is constructed correctly such that :
C = Enc(m,r) = g^m r^N mod N^2

Verifier commits to a random string com(e) of length t bits
Prover creates t encryptions using {m_i , r_i} and sends to the Verifier the vector of encryptions [C_1,...,C_t]
Verifier decommits to e
4.1) if e_i = 0: the Prover sends {m_i , r_i}
4.2) if e_i= 1: the Prover sends {m', r'} = {m + m_i, r*r_i}
Verifier checks C_i = Enc{m_i, r_i} for zero bits and Enc(m', r') = C*C_i otherwise

C is constructed correctly with probability 1-1/2^t

Improve number theoretic algorithms

Algorithms for EGCD and inverses could be optimised, and more variants could be introduced (eg only GCD).