Struct elastic_elgamal::VerifiableDecryption

source · []
pub struct VerifiableDecryption<G: Group> { /* private fields */ }
Expand description

Verifiable decryption for a certain Ciphertext in the ElGamal encryption scheme. Usable both for standalone proofs and in threshold encryption.

Construction

Decryption is represented by a single group element – the result of combining a SecretKey scalar x with the random element of the ciphertext R (i.e., D = [x]R, the Diffie – Hellman construction). This element can retrieved using Self::as_element() and applied to a ciphertext using Self::decrypt() or Self::decrypt_to_element().

The decryption can be proven with the help of a standard LogEqualityProof. Indeed, to prove the validity of decryption, it is sufficient to prove dlog_R(D) = dlog_G(K), where G is the conventional group generator and K = [x]G is the public key for encryption.

Examples

VerifiableDecryption can be used either within the threshold encryption scheme provided by the sharing module, or independently (for example, if another approach to secret sharing is used, or if the encryption key is not shared at all). An example of standalone usage is outlined below:

let mut rng = thread_rng();
let keys = Keypair::<Ristretto>::generate(&mut rng);
// Suppose the `keys` holder wants to prove decryption
// of the following ciphertext:
let ciphertext = keys.public().encrypt(42_u64, &mut rng);
let (decryption, proof) = VerifiableDecryption::new(
    ciphertext,
    &keys,
    &mut Transcript::new(b"decryption"),
    &mut rng,
);

// This proof can then be universally verified:
let candidate_decryption = CandidateDecryption::from(decryption);
let decryption = candidate_decryption.verify(
    ciphertext,
    keys.public(),
    &proof,
    &mut Transcript::new(b"decryption"),
)?;
assert_eq!(
    decryption.decrypt(ciphertext, &DiscreteLogTable::new(0..50)),
    Some(42)
);

Implementations

Creates a decryption for the specified ciphertext under keys together with a zero-knowledge proof of validity.

See CandidateDecryption::verify() for the verification counterpart.

Returns the group element encapsulated in this decryption.

Serializes this decryption into bytes.

Decrypts the provided ciphertext and returns the produced group element.

As the ciphertext does not include a MAC or another way to assert integrity, this operation cannot fail. If the ciphertext is not produced properly (e.g., it targets another receiver), the returned group element will be garbage.

Decrypts the provided ciphertext and returns the original encrypted value.

lookup_table is used to find encrypted values based on the original decrypted group element. That is, it must contain all valid plaintext values. If the value is not in the table, this method will return None.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Deserialize this value from the given Serde deserializer. Read more

Converts to this type from the input type.

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.