arcis/utils/crypto/

key.rs

use crate::{
    core::circuits::boolean::{
        boolean_array::BooleanArray,
        boolean_value::{Boolean, BooleanValue},
        byte::Byte,
    },
    traits::FromLeBytes,
    utils::matrix::Matrix,
};

pub const X25519_PRIVATE_KEY_COUNT: usize = 251;
pub const RESCUE_KEY_COUNT: usize = 5;

/// This is the x25519 public key obtained by a clamped multiplication between the 0-private key
/// and the generator G. It corresponds to 2^254 * G (hence the logarithm with respect to basis G is
/// 2^254 mod \ell).
pub const DEFAULT_MXE_X25519_PUBLIC_KEY: [u8; 32] = [
    0x2f, 0xe5, 0x7d, 0xa3, 0x47, 0xcd, 0x62, 0x43, 0x15, 0x28, 0xda, 0xac, 0x5f, 0xbb, 0x29, 0x7,
    0x30, 0xff, 0xf6, 0x84, 0xaf, 0xc4, 0xcf, 0xc2, 0xed, 0x90, 0x99, 0x5f, 0x58, 0xcb, 0x3b, 0x74,
];

/// The Arcis Rescue key type. A key is an array of length 5 of secret-shared
/// elements of the finite field with p = 2^255 - 19 elements.
/// The client rescue key is obtained as
/// key = rescue_prime_hash(GetSharedSecret(mxe_x25519_private_key, public_key)),
/// while the mxe rescue key corresponds to 5 randomly generated secret-shared
/// elements of the field with p elements.
#[derive(Copy, Clone)]
pub struct RescueKey<T: Clone + Copy>([T; RESCUE_KEY_COUNT]);

impl<T: Clone + Copy> RescueKey<T> {
    pub fn new_from_inner(a: [T; RESCUE_KEY_COUNT]) -> Self {
        Self(a)
    }
    pub fn inner(&self) -> [T; RESCUE_KEY_COUNT] {
        self.0
    }
}

impl<T: Clone + Copy> From<RescueKey<T>> for Matrix<T> {
    fn from(key: RescueKey<T>) -> Self {
        Matrix::from(key.0.to_vec())
    }
}

macro_rules! impl_aes_key {
    ($t: ident, $byte_len:expr) => {
        /// The Arcis AES key type.
        #[derive(Clone)]
        pub struct $t<B: Boolean>([Byte<B>; $byte_len]);

        impl<B: Boolean> $t<B> {
            pub fn new_from_inner(a: [Byte<B>; $byte_len]) -> Self {
                Self(a)
            }
            pub fn inner(&self) -> [Byte<B>; $byte_len] {
                self.0
            }
        }
    };
}

impl_aes_key!(AES128Key, 16);
impl_aes_key!(AES192Key, 24);
impl_aes_key!(AES256Key, 32);

/// The Arcis private key type. A x25519 private key is a random element of the
/// finite field with ell = 2^252 + 27742317777372353535851937790883648493 elements.
/// In practice, one would generate the private key as 32 random bytes and then perform
/// a clamping operation (see e.g. [curve25519-dalek](https://github.com/dalek-cryptography/curve25519-dalek/blob/main/curve25519-dalek/src/scalar.rs#L1386) or [noble-curves](https://github.com/paulmillr/noble-curves/blob/main/src/ed25519.ts#L63))
/// which essentially results in a key with 251 random bits. For that reason we define the Arcis
/// private key as 251 secret-shared random bits.
#[derive(Copy, Clone)]
pub struct PrivateKey<B: Boolean>([B; X25519_PRIVATE_KEY_COUNT]);

impl<B: Boolean> PrivateKey<B> {
    pub fn new_from_inner(u: [B; X25519_PRIVATE_KEY_COUNT]) -> Self {
        Self(u)
    }
    pub fn inner(&self) -> [B; X25519_PRIVATE_KEY_COUNT] {
        self.0
    }
}

impl FromLeBytes for PrivateKey<bool> {
    fn from_le_bytes(bytes: [u8; 32]) -> Self {
        let bits = bytes
            .into_iter()
            .flat_map(|byte| Byte::from(byte).to_vec())
            .collect::<Vec<bool>>();
        // the Arcis Private Key are simply the bits 3..254 of the 32-byte random private key
        PrivateKey::new_from_inner(bits[3..254].to_vec().try_into().unwrap_or_else(
            |v: Vec<bool>| {
                panic!(
                    "Expected a Vec of length {} (found {})",
                    X25519_PRIVATE_KEY_COUNT,
                    v.len()
                )
            },
        ))
    }
}

impl<const N: usize> From<PrivateKey<BooleanValue>> for PrivateKey<BooleanArray<N>> {
    fn from(value: PrivateKey<BooleanValue>) -> Self {
        Self(
            value
                .inner()
                .into_iter()
                .map(BooleanArray::from)
                .collect::<Vec<BooleanArray<N>>>()
                .try_into()
                .unwrap_or_else(|v: Vec<BooleanArray<N>>| {
                    panic!("Expected a Vec of length 251 (found {})", v.len())
                }),
        )
    }
}

/// The Arcis public key type. A public key is a public (i.e., not secret-shared)
/// element of the finite field with p = 2^255 - 19 elements.
#[derive(Copy, Clone)]
pub struct PublicKey<T: Copy>(T);

impl<T: Copy> PublicKey<T> {
    pub fn new_from_inner(u: T) -> Self {
        Self(u)
    }
    pub fn inner(&self) -> T {
        self.0
    }
}

impl<T: FromLeBytes + Copy> Default for PublicKey<T> {
    fn default() -> Self {
        Self(T::from_le_bytes(DEFAULT_MXE_X25519_PUBLIC_KEY))
    }
}

// Randomly generated private key (consisting of 32 random bytes)
pub(crate) const MXE_X25519_PRIVATE_KEY: [u8; 32] = [
    198, 115, 252, 8, 36, 188, 14, 191, 134, 106, 91, 91, 255, 99, 166, 87, 194, 246, 162, 190,
    223, 44, 53, 49, 236, 108, 155, 138, 114, 200, 156, 168,
];

// Five randomly generated elements of the base field.
pub(crate) const MXE_RESCUE_KEY: [[u8; 32]; 5] = [
    [
        124, 219, 118, 100, 151, 174, 173, 201, 180, 159, 95, 202, 109, 154, 90, 104, 99, 221, 206,
        79, 44, 221, 182, 198, 143, 180, 180, 121, 78, 223, 238, 12,
    ],
    [
        158, 10, 32, 122, 234, 85, 113, 2, 69, 115, 151, 149, 163, 189, 216, 108, 160, 21, 118,
        154, 185, 199, 198, 251, 142, 193, 168, 98, 218, 59, 20, 9,
    ],
    [
        45, 115, 67, 23, 196, 46, 150, 202, 33, 22, 44, 144, 204, 34, 166, 30, 183, 63, 38, 213,
        166, 150, 234, 191, 201, 13, 79, 86, 171, 100, 140, 15,
    ],
    [
        209, 1, 108, 251, 175, 105, 199, 246, 83, 186, 72, 0, 15, 236, 105, 110, 5, 109, 41, 216,
        148, 98, 208, 128, 32, 47, 224, 93, 90, 176, 33, 2,
    ],
    [
        179, 142, 132, 221, 113, 147, 206, 83, 22, 121, 245, 155, 239, 204, 18, 158, 119, 190, 54,
        17, 28, 17, 247, 191, 151, 147, 118, 151, 38, 169, 21, 4,
    ],
];

// 16 randomly generated bytes.
pub(crate) const MXE_AES128_KEY: [u8; 16] = [
    124, 219, 118, 100, 151, 174, 173, 201, 180, 159, 95, 202, 109, 154, 90, 104,
];

// 24 randomly generated bytes.
pub(crate) const MXE_AES192_KEY: [u8; 24] = [
    124, 219, 118, 100, 151, 174, 173, 201, 180, 159, 95, 202, 109, 154, 90, 104, 124, 219, 118,
    100, 151, 174, 173, 201,
];

// 32 randomly generated bytes.
pub(crate) const MXE_AES256_KEY: [u8; 32] = [
    124, 219, 118, 100, 151, 174, 173, 201, 180, 159, 95, 202, 109, 154, 90, 104, 124, 219, 118,
    100, 151, 174, 173, 201, 180, 159, 95, 202, 109, 154, 90, 104,
];