Crate libpep 

libpep: Library for polymorphic pseudonymization and encryption

This library implements PEP cryptography based on ElGamal encrypted messages. It can be used to encrypt data and re-encrypt it for different keys without decrypting the data, while pseudonymizing encrypted identifiers in the data.

In the ElGamal scheme, a message M can be encrypted for a receiver which has public key Y associated with it, belonging to secret key y. Using the PEP cryptography, these encrypted messages can blindly be transcrypted from one key to another, by a central semi-trusted party, without the need to decrypt the message inbetween. Meanwhile, if the message contains an identifier of a data subject, this identifier can be pseudonymized. This enables end-to-end encrypted data sharing with built-in pseudonymization. Since at the time of initial encryption, the future recipient does not need to be specified, data sharing can be done asynchronously. This means that encrypted data can be stored long-term before it is shared at any point in the future.

This library provides both a core API for ElGamal encryption and the PEP primitives, and a core API for pseudonymization and rekeying (i.e. transcryption) of Pseudonyms and Attributes using this cryptographic concept.

The PEP framework was initially described in the article by Eric Verheul and Bart Jacobs, Polymorphic Encryption and Pseudonymisation in Identity Management and Medical Research. In Nieuw Archief voor Wiskunde (NAW), 5/18, nr. 3, 2017, p. 168-172. PDF

This library implements an extension of the PEP framework, called n-PEP, described in the article by Job Doesburg, Bernard van Gastel and Erik Poll (to be published).

Feature flags

Note: The python and wasm features are mutually exclusive. If both are enabled, neither binding module will be compiled. This is because PyO3 builds a cdylib that links to the Python interpreter, while wasm-bindgen builds a cdylib targeting WebAssembly - they have incompatible linking requirements.

Modules

arithmetic

Implementation of arithmetic operations on Curve25519 with Ristretto, using the curve25519-dalek library.

client

PEP client for encrypting and decrypting data using session keys or global public keys.

core

Low-level cryptographic primitives for ElGamal encryption and (n)-PEP operations. This module is intended for non-standard uses cases where the individual (n)-PEP primitives are needed.

data

factors

Cryptographic factors and secrets for pseudonymization, rekeying, and rerandomization.

keys

Key management for PEP encryption.

prelude

Prelude module for convenient imports.

transcryptor

PEP transcryptor system for pseudonymizing and rekeying encrypted data.

Macros

pep_json

Macro for creating PEPJSONValue objects with a JSON-like syntax.