Struct elastic_elgamal::VerifiableDecryption
source · [−]pub struct VerifiableDecryption<G: Group> { /* private fields */ }
Expand description
Verifiable decryption for a certain Ciphertext
in the ElGamal encryption scheme.
Usable both for standalone proofs and in threshold encryption.
Construction
Decryption is represented by a single group element – the result of combining
a SecretKey
scalar x
with the random element of the ciphertext R
(i.e., D = [x]R
, the Diffie – Hellman construction).
This element can retrieved using Self::as_element()
and applied to a ciphertext using
Self::decrypt()
or Self::decrypt_to_element()
.
The decryption can be proven with the help of a standard LogEqualityProof
. Indeed,
to prove the validity of decryption, it is sufficient to prove dlog_R(D) = dlog_G(K)
,
where G
is the conventional group generator and K = [x]G
is the public key for encryption.
Examples
VerifiableDecryption
can be used either within the threshold encryption scheme provided by
the sharing
module, or independently (for example, if another approach
to secret sharing is used, or if the encryption key is not shared at all).
An example of standalone usage is outlined below:
let mut rng = thread_rng();
let keys = Keypair::<Ristretto>::generate(&mut rng);
// Suppose the `keys` holder wants to prove decryption
// of the following ciphertext:
let ciphertext = keys.public().encrypt(42_u64, &mut rng);
let (decryption, proof) = VerifiableDecryption::new(
ciphertext,
&keys,
&mut Transcript::new(b"decryption"),
&mut rng,
);
// This proof can then be universally verified:
let candidate_decryption = CandidateDecryption::from(decryption);
let decryption = candidate_decryption.verify(
ciphertext,
keys.public(),
&proof,
&mut Transcript::new(b"decryption"),
)?;
assert_eq!(
decryption.decrypt(ciphertext, &DiscreteLogTable::new(0..50)),
Some(42)
);
Implementations
sourceimpl<G: Group> VerifiableDecryption<G>
impl<G: Group> VerifiableDecryption<G>
sourcepub fn new<R: CryptoRng + RngCore>(
ciphertext: Ciphertext<G>,
keys: &Keypair<G>,
transcript: &mut Transcript,
rng: &mut R
) -> (Self, LogEqualityProof<G>)
pub fn new<R: CryptoRng + RngCore>(
ciphertext: Ciphertext<G>,
keys: &Keypair<G>,
transcript: &mut Transcript,
rng: &mut R
) -> (Self, LogEqualityProof<G>)
Creates a decryption for the specified ciphertext
under keys
together with
a zero-knowledge proof of validity.
See CandidateDecryption::verify()
for the verification counterpart.
sourcepub fn as_element(&self) -> &G::Element
pub fn as_element(&self) -> &G::Element
Returns the group element encapsulated in this decryption.
sourcepub fn to_bytes(self) -> Vec<u8>ⓘNotable traits for Vec<u8, A>impl<A> Write for Vec<u8, A> where
A: Allocator,
pub fn to_bytes(self) -> Vec<u8>ⓘNotable traits for Vec<u8, A>impl<A> Write for Vec<u8, A> where
A: Allocator,
A: Allocator,
Serializes this decryption into bytes.
sourcepub fn decrypt_to_element(&self, encrypted: Ciphertext<G>) -> G::Element
pub fn decrypt_to_element(&self, encrypted: Ciphertext<G>) -> G::Element
Decrypts the provided ciphertext and returns the produced group element.
As the ciphertext does not include a MAC or another way to assert integrity, this operation cannot fail. If the ciphertext is not produced properly (e.g., it targets another receiver), the returned group element will be garbage.
sourcepub fn decrypt(
&self,
encrypted: Ciphertext<G>,
lookup_table: &DiscreteLogTable<G>
) -> Option<u64>
pub fn decrypt(
&self,
encrypted: Ciphertext<G>,
lookup_table: &DiscreteLogTable<G>
) -> Option<u64>
Decrypts the provided ciphertext and returns the original encrypted value.
lookup_table
is used to find encrypted values based on the original decrypted
group element. That is, it must contain all valid plaintext values. If the value
is not in the table, this method will return None
.
Trait Implementations
sourceimpl<G: Clone + Group> Clone for VerifiableDecryption<G> where
G::Element: Clone,
impl<G: Clone + Group> Clone for VerifiableDecryption<G> where
G::Element: Clone,
sourcefn clone(&self) -> VerifiableDecryption<G>
fn clone(&self) -> VerifiableDecryption<G>
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
sourceimpl<'de, G: Group> Deserialize<'de> for VerifiableDecryption<G>
impl<'de, G: Group> Deserialize<'de> for VerifiableDecryption<G>
sourcefn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
sourceimpl<G: Group> From<VerifiableDecryption<G>> for CandidateDecryption<G>
impl<G: Group> From<VerifiableDecryption<G>> for CandidateDecryption<G>
sourcefn from(decryption: VerifiableDecryption<G>) -> Self
fn from(decryption: VerifiableDecryption<G>) -> Self
Converts to this type from the input type.
sourceimpl<G: Group> Serialize for VerifiableDecryption<G>
impl<G: Group> Serialize for VerifiableDecryption<G>
impl<G: Copy + Group> Copy for VerifiableDecryption<G> where
G::Element: Copy,
Auto Trait Implementations
impl<G> RefUnwindSafe for VerifiableDecryption<G> where
<G as ElementOps>::Element: RefUnwindSafe,
impl<G> Send for VerifiableDecryption<G> where
<G as ElementOps>::Element: Send,
impl<G> Sync for VerifiableDecryption<G> where
<G as ElementOps>::Element: Sync,
impl<G> Unpin for VerifiableDecryption<G> where
<G as ElementOps>::Element: Unpin,
impl<G> UnwindSafe for VerifiableDecryption<G> where
<G as ElementOps>::Element: UnwindSafe,
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more