The threshold Damgard-Jurik scheme is a generalization of the Paillier cryptoscheme, but with an increased ciphertext space. More...

#include <gmp.h>
#include "hcs_random.h"

Include dependency graph for djcs_t.h:

Go to the source code of this file.

Data Structures
struct	djcs_t_auth_server
	Details that a decryption server is required to keep track of. More...

struct	djcs_t_public_key
	Public key for use in the Threshold Damgard-Jurik system. More...

struct	djcs_t_private_key
	Private key for use in the Threshold Damgard-Jurik system. More...

Functions
djcs_t_public_key *	djcs_t_init_public_key (void)
	Initialise a djcs_t_public_key and return a pointer to the newly created structure. More...

djcs_t_private_key *	djcs_t_init_private_key (void)
	Initialise a djcs_private_key and return a pointer to the newly created structure. More...

void	djcs_t_generate_key_pair (djcs_t_public_key pk, djcs_t_private_key vk, hcs_random *hr, const unsigned long s, const unsigned long bits, const unsigned long l, const unsigned long w)
	Initialise a key pair with modulus size `bits`. More...

void	djcs_t_encrypt (djcs_t_public_key pk, hcs_random hr, mpz_t rop, mpz_t plain1)
	Encrypt a value `plain1`, and set `rop` to the encrypted result. More...

void	djcs_t_reencrypt (djcs_t_public_key pk, hcs_random hr, mpz_t rop, mpz_t op)
	Reencrypt an encrypted value `op`. More...

void	djcs_t_ep_add (djcs_t_public_key *pk, mpz_t rop, mpz_t cipher1, mpz_t plain1)
	Add a plaintext value `plain1` to an encrypted value `cipher1`, storing the result in `rop`. More...

void	djcs_t_ee_add (djcs_t_public_key *pk, mpz_t rop, mpz_t cipher1, mpz_t cipher2)
	Add an encrypted value `cipher2` to an encrypted value `cipher1`, storing the result in `rop`. More...

void	djcs_t_ep_mul (djcs_t_public_key *pk, mpz_t rop, mpz_t cipher1, mpz_t plain1)
	Multiply a plaintext value `plain1` with an encrypted value `cipher1`, storing the result in `rop`. More...

mpz_t *	djcs_t_init_polynomial (djcs_t_private_key vk, hcs_random hr)
	Allocate and initialise the values in a random polynomial. More...

void	djcs_t_compute_polynomial (djcs_t_private_key vk, mpz_t coeff, mpz_t rop, const unsigned long x)
	Compute a polynomial P(x) for a given x value in the required finite field. More...

void	djcs_t_free_polynomial (djcs_t_private_key vk, mpz_t coeff)
	Frees a given polynomial (array of mpz_t values) and all associated data. More...

djcs_t_auth_server *	djcs_t_init_auth_server (void)
	Initialise a djcs_t_auth_server and return a pointer to the newly created structure. More...

void	djcs_t_set_auth_server (djcs_t_auth_server *au, mpz_t si, unsigned long i)
	Set the internal values for the server `au`. More...

void	djcs_t_share_decrypt (djcs_t_private_key vk, djcs_t_auth_server au, mpz_t rop, mpz_t cipher1)
	For a given ciphertext `cipher1`, compute the server `au's` share and store the result in the variable `rop`. More...

void	djcs_t_share_combine (djcs_t_private_key vk, mpz_t rop, mpz_t c)
	Combine an array of shares `c`, storing the result in `rop`. More...

void	djcs_t_free_auth_server (djcs_t_auth_server *au)
	Frees a djcs_t_auth_server and all associated memory. More...

void	djcs_t_clear_public_key (djcs_t_public_key *pk)
	Clears all data in a djcs_t_public_key. More...

void	djcs_t_clear_private_key (djcs_t_private_key *vk)
	Clears all data in a djcs_t_private_key. More...

void	djcs_t_free_public_key (djcs_t_public_key *pk)
	Frees a djcs_t_public_key and all associated memory. More...

void	djcs_t_free_private_key (djcs_t_private_key *vk)
	Frees a djcs_t_private_key and all associated memory. More...

Detailed Description

The threshold Damgard-Jurik scheme is a generalization of the Paillier cryptoscheme, but with an increased ciphertext space.

All mpz_t values can be aliases unless otherwise stated.

Warning: All indexing for the servers and polynomial functions should be zero-indexed, as is usual when working with c arrays. The functions themselves correct for this internally, and 1-indexing servers may result in incorrect results.

Function Documentation

djcs_t_public_key* djcs_t_init_public_key ( void )

Initialise a djcs_t_public_key and return a pointer to the newly created structure.

Returns: A pointer to an initialised djcs_t_public_key, NULL on allocation failure

djcs_t_private_key* djcs_t_init_private_key ( void )

Initialise a djcs_private_key and return a pointer to the newly created structure.

Returns: A pointer to an initialise djcs_t_private_key, NULL on allocation failure

void djcs_t_generate_key_pair	(	djcs_t_public_key *	pk,
		djcs_t_private_key *	vk,
		hcs_random *	hr,
		const unsigned long	s,
		const unsigned long	bits,
		const unsigned long	l,
		const unsigned long	w
	)

Initialise a key pair with modulus size bits.

It is required that pk and vk are initialised before calling this function. pk and vk are expected to not be NULL.

In practice the bits value should usually be greater than 2048 to ensure sufficient security.

Whilst s is variable and can be any value upto a minimum of 32 bits, beware when calling the function with large values. The modulus grows exponentially given s, so even small values greater than 7 will incur massive performance penalties, and increase the risk of overflow (~40 million digits for the modulus for this to occur).

Warning: This function attempts to allocate memory, so calling this twice in succession with the same keys will cause your program to lose a pointer to this allocated memory, resulting in a memory leak. If you wish to call this function in this manner, ensure djcs_t_clear_public_key and/or djcs_t_clear_private_key are called prior.

void djcs_t_encrypt	(	djcs_t_public_key *	pk,
		hcs_random *	hr,
		mpz_t	rop,
		mpz_t	plain1
	)

Encrypt a value plain1, and set rop to the encrypted result.

Parameters

pk	A pointer to an initialised djcs_t_public_key
hr	A pointer to an initialised hcs_random
rop	mpz_t where the encrypted result is stored
plain1	mpz_t to be encrypted

void djcs_t_reencrypt	(	djcs_t_public_key *	pk,
		hcs_random *	hr,
		mpz_t	rop,
		mpz_t	op
	)

Reencrypt an encrypted value op.

Upon decryption, this newly encrypted value, rop, will retain the same value as op.

Parameters

pk	A pointer to an initialised djcs_t_public_key
hr	A pointer to an initialised hcs_random
rop	mpz_t where the newly encrypted value is stored
op	mpz_t to be reencrypted

void djcs_t_ep_add	(	djcs_t_public_key *	pk,
		mpz_t	rop,
		mpz_t	cipher1,
		mpz_t	plain1
	)

Add a plaintext value plain1 to an encrypted value cipher1, storing the result in rop.

Parameters

pk	A pointer to an initialised djcs_t_public_key
rop	mpz_t where the newly encrypted value is stored
cipher1	mpz_t to be added together
plain1	mpz_t to be added together

void djcs_t_ee_add	(	djcs_t_public_key *	pk,
		mpz_t	rop,
		mpz_t	cipher1,
		mpz_t	cipher2
	)

Add an encrypted value cipher2 to an encrypted value cipher1, storing the result in rop.

Parameters

pk	A pointer to an initialised djcs_t_public_key.
rop	mpz_t where the newly encrypted value is stored
cipher1	mpz_t to be added together
cipher2	mpz_t to be added together

void djcs_t_ep_mul	(	djcs_t_public_key *	pk,
		mpz_t	rop,
		mpz_t	cipher1,
		mpz_t	plain1
	)

Multiply a plaintext value plain1 with an encrypted value cipher1, storing the result in rop.

Parameters

pk	A pointer to an initialised djcs_t_public_key
rop	Where the new encrypted result is stored
cipher1	The encrypted value which is to be multipled to
plain1	The plaintext value which is to be multipled

mpz_t* djcs_t_init_polynomial	(	djcs_t_private_key *	vk,
		hcs_random *	hr
	)

Allocate and initialise the values in a random polynomial.

The length of this polynomial is taken from values in vk, specifically it will be of length vk->w. The polynomial functions are to be used by a single trusted party, for which once the required computation is completed, the polynomial can be discarded.

Parameters

vk	v pointer to an initialised djcs_t_private_key
hr	A pointer to an initialised hcs_random type

Returns: A polynomial coefficient list on success, else NULL

void djcs_t_compute_polynomial	(	djcs_t_private_key *	vk,
		mpz_t *	coeff,
		mpz_t	rop,
		const unsigned long	x
	)

Compute a polynomial P(x) for a given x value in the required finite field.

The coefficients should be given as a list of mpz_t values, computed via the djcs_t_init_polynomial function.

Parameters

vk	A pointer to an initialised djcs_t_private_key
coeff	A pointer to a list of coefficients of a polynomial
rop	mpz_t where the result is stored
x	The value to calculate the polynomial at

void djcs_t_free_polynomial	(	djcs_t_private_key *	vk,
		mpz_t *	coeff
	)

Frees a given polynomial (array of mpz_t values) and all associated data.

The same private key which was used to generate these values should be used as an argument.

Parameters

vk	A pointer to an initialised djcs_t_private_key
coeff	A pointer to a list of coefficients of a polynomial

djcs_t_auth_server* djcs_t_init_auth_server ( void )

Initialise a djcs_t_auth_server and return a pointer to the newly created structure.

Returns: A pointer to an initialised djcs_t_auth_server, NULL on allocation failure

void djcs_t_set_auth_server	(	djcs_t_auth_server *	au,
		mpz_t	si,
		unsigned long	i
	)

Set the internal values for the server au.

si is the secret polynomial share for the given value, i. These values should be shared in a secret and secure way and not given out publicly. The index given to each server should be unique.

Parameters

au	A pointer to an initialised djcs_t_auth_server
si	The value of a secret polynomial evaluated at `i`
i	The servers given index

void djcs_t_share_decrypt	(	djcs_t_private_key *	vk,
		djcs_t_auth_server *	au,
		mpz_t	rop,
		mpz_t	cipher1
	)

For a given ciphertext cipher1, compute the server au's share and store the result in the variable rop.

These shares can be managed, and then combined when sufficient shares have been accumulated using the djcs_t_share_combine function.

Parameters

vk	A pointer to an initialised djcs_t_private_key
au	A pointer to an initialised djcs_t_auth_server
rop	mpz_t where the calculated share is stored
cipher1	mpz_t which stores the ciphertext to decrypt

void djcs_t_share_combine	(	djcs_t_private_key *	vk,
		mpz_t	rop,
		mpz_t *	c
	)

Combine an array of shares c, storing the result in rop.

The array c must be managed by the caller, and is expected to be at least of length vk->l. If it is greater, only the first vk->l values are scanned. If a share is not present, then the value is expected to be 0. If reusing the same array for a number of decryptions, ensure that the array is zeroed between each combination.

Todo:: Potentially construct a proper type for storing a list of shares to ensure these functions are called in the correct way.

Precondition: vk->l <= length(c)

Parameters

vk	A pointer to an initialised djcs_t_private_key
rop	mpz_t where the combined decrypted result is stored
c	array of share values

void djcs_t_free_auth_server ( djcs_t_auth_server * au )

Frees a djcs_t_auth_server and all associated memory.

Parameters

au	A pointer to an initialised djcs_t_auth_server

void djcs_t_clear_public_key ( djcs_t_public_key * pk )

Clears all data in a djcs_t_public_key.

This does not free memory in the keys, only putting it into a state whereby they can be safely used to generate new key values.

Parameters

pk	A pointer to an initialised djcs_t_public_key

void djcs_t_clear_private_key ( djcs_t_private_key * vk )

Clears all data in a djcs_t_private_key.

This does not free memory in the keys, only putting it into a state whereby they can be safely used to generate new key values.

Parameters

vk	A pointer to an initialised djcs_t_private_key

void djcs_t_free_public_key ( djcs_t_public_key * pk )

Frees a djcs_t_public_key and all associated memory.

The key memory is not zeroed, so one must call djcs_t_clear_public_key if it is required. one does not need to call djcs_t_clear_public_key before using this function.

Parameters

pk	A pointer to an initialised djcs_t_public_key

void djcs_t_free_private_key ( djcs_t_private_key * vk )

Frees a djcs_t_private_key and all associated memory.

The key memory is not zeroed, so one must call djcs_t_clear_private_key if it is required. one does not need to call djcs_t_clear_private_key before using this function.

Parameters

vk	v pointer to an initialised djcs_t_private_key

Data Structures

Functions

Detailed Description

Function Documentation