ElGamal encryption and related cryptographic protocols with pluggable crypto backend.
While the logic in this crate relies on standard cryptographic assumptions (complexity of discrete log and computational / decisional Diffie–Hellman problems in certain groups), it has not been independently verified for correctness or absence of side-channel attack vectors. Use at your own risk.
ElGamal encryption is not a good choice for general-purpose public-key encryption since it is vulnerable to chosen-ciphertext attacks. For security, decryption operations should be limited on the application level.
Ciphertextprovides ElGamal encryption. This and other protocols use
Keypairto represent participants’ keys.
- Besides basic encryption,
PublicKeyalso provides zero-knowledge proofs of zero encryption and of Boolean value encryption. These are useful in higher-level protocols, e.g., re-encryption.
- Zero-knowledge range proofs for ElGamal ciphertexts are provided via
RangeProofs and a high-level
sharingmodule exposes a threshold encryption scheme based on Feldman’s verifiable secret sharing, including verifiable distributed decryption.
appmodule provides higher-level protocols utilizing zero-knowledge proofs and ElGamal encryption, such as provable encryption of m-of-n choice and a simple version of quadratic voting.
Curve25519Subgroupimplementations based on Curve25519 using
Genericimplementation allowing to plug in any elliptic curve group conforming to the traits specified by the
elliptic-curvecrate. For example, the secp256k1 curve can be used via the
(on by default)
Enables support of types from
std, such as the
Error trait and the
(off by default)
Imports hash maps and sets from the eponymous crate
instead of using ones from the Rust std library. This feature is necessary
std feature is disabled.
(off by default)
implementations for most types in the crate.
Group scalars, elements and wrapper key types are serialized to human-readable formats
(JSON, YAML, TOML, etc.) as strings that represent corresponding byte buffers using
base64-url encoding without padding. For binary formats, byte buffers are serialized directly.
For complex types (e.g., participant states from the
sharing module), self-consistency
checks are not performed on deserialization. That is, deserialization of such types
should only be performed from a trusted source or in the presence of additional integrity
“Elastic” refers to pluggable backends, configurable params for threshold encryption,
and the construction of zero-knowledge
RingProofs (a proof consists of
a variable number of rings, each of which consists of a variable number of admissible values).
elastic_elgamal is also one of autogenerated Docker container names.
High-level applications for proofs defined in this crate.
Candidate for a
VerifiableDecryption that is not yet verified. This presentation should be
used for decryption data retrieved from an untrusted source.
Ciphertext for ElGamal encryption.
Ciphertext together with fully retained information about the encrypted value and
randomness used to create the ciphertext.
Lookup table for discrete logarithms.
Zero-knowledge proof of equality of two discrete logarithms in different bases, aka Chaum–Pedersen protocol.
Zero-knowledge proof of possession of one or more secret scalars.
Public key for ElGamal encryption and related protocols.
Decomposition of an integer range
0..n into one or more sub-ranges. Decomposing the range
RangeProofs with size / computational complexity
Zero-knowledge proof that an ElGamal ciphertext encrypts a value into a certain range
Zero-knowledge proof that the one or more encrypted values is each in the a priori known set of admissible values. (Admissible values may differ among encrypted values.)
Secret key for ElGamal encryption and related protocols. This is a thin wrapper around
Zero-knowledge proof that an ElGamal-encrypted value is equal to a sum of squares of one or more other ElGamal-encrypted values.