1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159
#![doc = include_str!("../README.md")] #![warn(missing_docs, unused_imports)] /// Functions for generating random prime numbers. pub mod number_theory; /// Random number generation that is consistent with the dependencies' requirements. pub mod randomness; /// Partially homomorphic cryptosystems with one key. pub mod cryptosystems; /// Partially homomorphic threshold cryptosystems that require multiple parties to decrypt. pub mod threshold_cryptosystems; use crate::randomness::SecureRng; /// An asymmetric cryptosystem is a system of methods to encrypt plaintexts into ciphertexts, and /// decrypt those ciphertexts back into plaintexts. Anyone who has access to the public key can /// perform encryptions, but only those with the secret key can decrypt. /// /// The struct that implements an `AsymmetricCryptosystem` will hold the general parameters of that /// cryptosystem. Depending on the cryptosystem, those parameters could play an important role in /// deciding the level of security. As such, each cryptosystem should clearly indicate these. pub trait AsymmetricCryptosystem { /// The type of the plaintexts to be encrypted. type Plaintext; /// The type of the encrypted plaintexts. type Ciphertext; /// The type of the encryption key. type PublicKey; /// The type of the decryption key. type SecretKey; /// Generate a public and private key pair using a cryptographic RNG. fn generate_keys<R: rand_core::RngCore + rand_core::CryptoRng>( &self, rng: &mut SecureRng<R>, ) -> (Self::PublicKey, Self::SecretKey); /// Encrypt the plaintext using the public key and a cryptographic RNG. fn encrypt<R: rand_core::RngCore + rand_core::CryptoRng>( &self, plaintext: &Self::Plaintext, public_key: &Self::PublicKey, rng: &mut SecureRng<R>, ) -> Self::Ciphertext; /// Decrypt the ciphertext using the secret key and its related public key. fn decrypt( &self, rich_ciphertext: &RichCiphertext<Self::Ciphertext, Self::PublicKey>, secret_key: &Self::SecretKey, ) -> Self::Plaintext; } /// Some cryptosystems do not require the public key to decrypt, as all the necessary information /// is stored within the ciphertext and the secret key. For example, ElGamal when its group is /// hard-coded. pub trait DecryptDirectly { /// The type of the plaintexts to be encrypted. type Plaintext; /// The type of the encrypted plaintexts. type Ciphertext; /// The type of the decryption key. type SecretKey; /// Decrypt a ciphertext using the secret key directly, without requiring a rich ciphertext. fn decrypt_direct( &self, ciphertext: &Self::Ciphertext, secret_key: &Self::SecretKey, ) -> Self::Plaintext; } /// Rich representation of a ciphertext that associates it with the corresponding public key. /// This allows for performing homomorphic operations using operator overloading, among others. pub struct RichCiphertext<'pk, C, PK> { ciphertext: C, public_key: &'pk PK, } /// Functionality to easily turn a ciphertext into a rich ciphertext pub trait Enrichable<PK> { /// Enriches a ciphertext by associating it with a corresponding public key. fn enrich(self, public_key: &PK) -> RichCiphertext<Self, PK> where Self: Sized, { RichCiphertext { ciphertext: self, public_key, } } } /// General error that arises when decryption fails, for example because there were not enough /// distinct decryption shares to decrypt a threshold ciphertext. #[derive(Debug)] pub struct DecryptionError; /// An asymmetric threshold cryptosystem is a system of methods to encrypt plaintexts into /// ciphertexts, but instead of having a single secret key to decrypt them back into plaintexts, we /// require a given number of parties to decrypt with their own partial key. If enough parties /// partially decrypt, the resulting shares can be combined into the original plaintext. Still, /// anyone who has access to the public key can perform encryptions. /// /// We denote a threshold cryptosystem using a tuple like (t, n). This means that t parties can /// collectively decrypt, and that there are in total n partial keys. /// /// The struct that implements an `AsymmetricThresholdCryptosystem` will hold the general parameters /// of that cryptosystem. Depending on the cryptosystem, those parameters could play an important /// role in deciding the level of security. As such, each cryptosystem should clearly indicate /// these. pub trait AsymmetricThresholdCryptosystem { /// The type of the plaintexts to be encrypted. type Plaintext; /// The type of the encrypted plaintexts. type Ciphertext; /// The type of the encryption key. type PublicKey; /// The type of the partial key. type PartialKey; /// The type of a decryption share, which can be combined with $t - 1$ other shares to finish /// decryption. type DecryptionShare; /// Generate a public and private key pair using a cryptographic RNG. fn generate_keys<R: rand_core::RngCore + rand_core::CryptoRng>( &self, rng: &mut SecureRng<R>, ) -> (Self::PublicKey, Vec<Self::PartialKey>); /// Encrypt the plaintext using the public key and a cryptographic RNG. fn encrypt<R: rand_core::RngCore + rand_core::CryptoRng>( &self, plaintext: &Self::Plaintext, public_key: &Self::PublicKey, rng: &mut SecureRng<R>, ) -> Self::Ciphertext; /// Partially decrypt the ciphertext using a partial key and its related public key. fn partially_decrypt( &self, rich_ciphertext: &RichCiphertext<Self::Ciphertext, Self::PublicKey>, partial_key: &Self::PartialKey, ) -> Self::DecryptionShare; /// Combine t decryption shares belonging to distinct partial keys to finish decryption. fn combine( &self, decryption_shares: &[Self::DecryptionShare], public_key: &Self::PublicKey, ) -> Result<Self::Plaintext, DecryptionError>; }