implementation of the paillier crypto system with libgcrypt More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_util_lib.h"

Include dependency graph for crypto_paillier.c:

Functions
void	GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey public_key, struct GNUNET_CRYPTO_PaillierPrivateKey private_key)
	Create a freshly generated paillier public key. More...

int	GNUNET_CRYPTO_paillier_encrypt1 (const struct GNUNET_CRYPTO_PaillierPublicKey public_key, const gcry_mpi_t m, int desired_ops, struct GNUNET_CRYPTO_PaillierCiphertext ciphertext)
	Encrypt a plaintext with a paillier public key. More...

int	GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey public_key, const gcry_mpi_t m, int desired_ops, struct GNUNET_CRYPTO_PaillierCiphertext ciphertext)
	Encrypt a plaintext with a paillier public key. More...

void	GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey private_key, const struct GNUNET_CRYPTO_PaillierPublicKey public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, gcry_mpi_t m)
	Decrypt a paillier ciphertext with a private key. More...

int	GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey public_key, const struct GNUNET_CRYPTO_PaillierCiphertext c1, const struct GNUNET_CRYPTO_PaillierCiphertext c2, struct GNUNET_CRYPTO_PaillierCiphertext result)
	Compute a ciphertext that represents the sum of the plaintext in c1 and c2. More...

int	GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c)
	Get the number of remaining supported homomorphic operations. More...

Detailed Description

implementation of the paillier crypto system with libgcrypt

Author: Florian Dold; Christian Fuchs

Definition in file crypto_paillier.c.

Function Documentation

◆ GNUNET_CRYPTO_paillier_encrypt1()

int GNUNET_CRYPTO_paillier_encrypt1	(	const struct GNUNET_CRYPTO_PaillierPublicKey *	public_key,
		const gcry_mpi_t	m,
		int	desired_ops,
		struct GNUNET_CRYPTO_PaillierCiphertext *	ciphertext
	)

Encrypt a plaintext with a paillier public key.

Parameters

	public_key	Public key to use.
	m	Plaintext to encrypt.
	desired_ops	How many homomorphic ops the caller intends to use
[out]	ciphertext	Encryption of plaintext with public_key.

Returns: guaranteed number of supported homomorphic operations >= 1, or desired_ops, in case that is lower, or -1 if less than one homomorphic operation is possible

Definition at line 121 of file crypto_paillier.c.

 {
   int possible_opts;
   gcry_mpi_t n_square;
   gcry_mpi_t r;
   gcry_mpi_t c;
   gcry_mpi_t n;
   gcry_mpi_t tmp1;
   gcry_mpi_t tmp2;
   unsigned int highbit;
  
   /* determine how many operations we could allow, if the other number
      has the same length. */
   GNUNET_assert (NULL != (tmp1 = gcry_mpi_set_ui (NULL, 1)));
   GNUNET_assert (NULL != (tmp2 = gcry_mpi_set_ui (NULL, 2)));
   gcry_mpi_mul_2exp (tmp1, tmp1, GNUNET_CRYPTO_PAILLIER_BITS);
  
   /* count number of possible operations
      this would be nicer with gcry_mpi_get_nbits, however it does not return
      the BITLENGTH of the given MPI's value, but the bits required
      to represent the number as MPI. */
   for (possible_opts = -2; gcry_mpi_cmp (tmp1, m) > 0; possible_opts++)
     gcry_mpi_div (tmp1, NULL, tmp1, tmp2, 0);
   gcry_mpi_release (tmp1);
   gcry_mpi_release (tmp2);
  
   if (possible_opts < 1)
     possible_opts = 0;
   /* soft-cap by caller */
   possible_opts = (desired_ops < possible_opts) ? desired_ops : possible_opts;
  
   ciphertext->remaining_ops = htonl (possible_opts);
  
   GNUNET_CRYPTO_mpi_scan_unsigned (&n,
                                    public_key,
                                    sizeof(struct
                                           GNUNET_CRYPTO_PaillierPublicKey));
   highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1;
   while ((! gcry_mpi_test_bit (n, highbit)) &&
          (0 != highbit))
     highbit--;
   if (0 == highbit)
   {
     /* invalid public key */
     GNUNET_break_op (0);
     gcry_mpi_release (n);
     return GNUNET_SYSERR;
   }
   GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
   GNUNET_assert (0 != (r = gcry_mpi_new (0)));
   GNUNET_assert (0 != (c = gcry_mpi_new (0)));
   gcry_mpi_mul (n_square, n, n);
  
   /* generate r < n (without bias) */
   do
   {
     gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM);
   }
   while (gcry_mpi_cmp (r, n) >= 0);
  
   /* c = (n+1)^m mod n^2 */
   /* c = n + 1 */
   gcry_mpi_add_ui (c, n, 1);
   /* c = (n+1)^m mod n^2 */
   gcry_mpi_powm (c, c, m, n_square);
   /* r <- r^n mod n^2 */
   gcry_mpi_powm (r, r, n, n_square);
   /* c <- r*c mod n^2 */
   gcry_mpi_mulm (c, r, c, n_square);
  
   GNUNET_CRYPTO_mpi_print_unsigned (ciphertext->bits,
                                     sizeof ciphertext->bits,
                                     c);
  
   gcry_mpi_release (n_square);
   gcry_mpi_release (n);
   gcry_mpi_release (r);
   gcry_mpi_release (c);
  
   return possible_opts;
 }

References ciphertext, GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_SYSERR, and m.

Here is the call graph for this function:

Functions

Detailed Description

Function Documentation

◆ GNUNET_CRYPTO_paillier_encrypt1()