cryptid 0.2.8

An implementation of the threshold ElGamal cryptosystem with zero-knowledge proofs, using Curve25519 as the group.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

use std::fmt::{Display, Formatter};
use std::error::Error;

use ring::digest;
use curve25519_dalek::scalar::Scalar as InternalDalekScalar;
use serde::{Serialize, Deserialize};
use num_bigint::BigUint;
use crate::curve::to_scalar;

type DalekScalar = InternalDalekScalar;

#[derive(Copy, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Scalar(DalekScalar);

impl Scalar {
    pub fn as_base64(&self) -> String {
        base64::encode(self.as_bytes())
    }

    pub fn as_bytes(&self) -> &[u8; 32] {
        self.0.as_bytes()
    }

    pub fn to_bytes(self) -> [u8; 32] {
        self.0.to_bytes()
    }

    pub fn max_size_bytes() -> usize {
        curve::scalar_max_size_bytes()
    }

    pub fn truncated(&self) -> Self {
        let mut vec = self.0.as_bytes().to_vec();
        vec.truncate(Scalar::max_size_bytes());
        to_scalar(BigUint::from_bytes_le(&vec))
    }
}

impl From<u32> for Scalar {
    fn from(n: u32) -> Self {
        Self(n.into())
    }
}

impl From<[u8; 32]> for Scalar {
    fn from(bytes: [u8; 32]) -> Self {
        Self(DalekScalar::from_bytes_mod_order(bytes).reduce())
    }
}

pub struct Hasher(digest::Context);

impl Hasher {
    pub fn sha_256() -> Self {
        Self(digest::Context::new(&digest::SHA256))
    }

    pub fn sha_512() -> Self {
        Self(digest::Context::new(&digest::SHA512))
    }

    pub fn update(mut self, data: &[u8]) -> Self {
        self.0.update(&data);
        self
    }

    pub fn finish(self) -> Digest {
        self.0.finish()
    }

    // NOTE: this will truncate the bytes of the hash. Use with care.
    pub fn finish_scalar(self) -> Scalar {
        let mut bytes = self.finish_vec();
        bytes.truncate(Scalar::max_size_bytes());
        curve::try_to_scalar(&bytes).unwrap()
    }

    pub fn finish_vec(self) -> Vec<u8> {
        self.finish().as_ref().to_vec()
    }
}

pub type Digest = digest::Digest;

#[derive(Clone, Copy, Debug)]
pub enum CryptoError {
    Unspecified(ring::error::Unspecified),
    KeyRejected(ring::error::KeyRejected),
    Encoding,
    Decoding,
    Misc,
    InvalidId,
    CommitmentDuplicated,
    CommitmentMissing,
    CommitmentPartMissing,
    ShareDuplicated,
    ShareRejected,
    KeygenMissing,
    AuthTagRejected,
}

impl Display for CryptoError {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{:?}", self)
    }
}

impl Error for CryptoError {}

pub mod elgamal;
mod curve;
pub mod zkp;
pub mod threshold;

#[cfg(test)]
mod tests {
    use crate::Hasher;
    use crate::curve::CurveElem;
    use std::convert::TryFrom;

    #[test]
    fn test_hash_encoding() {
        let msg = b"hello world";
        let scalar = Hasher::sha_256().update(msg).finish_scalar();
        CurveElem::try_from(scalar.truncated()).unwrap();
    }
}