Efficient pure-Rust library for the Paillier partially homomorphic encryption scheme, offering also packed encoding for...

Efficient pure-Rust library for the RAMP and Snips who implemented the KZen networks who contributed with implementations of many zero-knowledge proofs

Paillier

Efficient pure-Rust library for the Paillier partially homomorphic encryption scheme, offering also packed encoding for encrypting several values together as well as several zero-knowledge proofs related to typical use-cases. Supports several underlying arbitrary precision libraries, including RAMP and GMP.

Several companies have invested resources in the development of this library, including Snips who implemented the original version for use in their privacy-preserving analytics system, and KZen networks who contributed with implementations of many zero-knowledge proofs. See contributions below for more details.

Important: while we have followed recommendations regarding the scheme itself, some parts of this library have not yet been harden against non-cryptographic attacks such as side-channel attacks.

Installation

Some features are optional yet currently included by default. See Features below for more details. Note that the nightly toolchain is currently needed to build the library.

Using cargo

From source

Features

The library supports the following features. The default compilation is equivalent to

using GMP and including both key generation and zero-knowledge proofs.

Underlying arithmetic

The choice of underlying arithmetic library may be changed using features usegmp (default) and useramp. GMP generally offers slightly better performance but may be unavailable on some platforms or for some applications. Note that useramp does currently not support proofs, i.e. features useramp and proofs cannot be used together.

Key generation

Key generation feature keygen is included by default but if unneeded may safely be excluded to avoid extra dependencies.

Zero-knowledge proofs

Feature proofs includes various zero-knowledge proofs related to the typical use of Paillier encryption. Turned on by default but may safely be excluded if unneeded.

Benchmarks

Several benches are included, testing both the underlying arithmetic libraries as well as the operations of the scheme. All may be run using

and including either several arithmetic libraries and key generation as discussed above.

License

Forked from snipsco/rust-paillier with additional functionality. Licensed under either of

  • Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
  • MIT license (LICENSE-MIT or #404)

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Contributions

Several people have had a significant impact in the development of this library (in alphabetical order):

  • Gary Benattar (KZen networks)
  • Mario Cornejo (while at Snips)
  • Mathieu Poumeyrol (Snips)
  • Omer Shlomovits (KZen networks)

and several companies have invested resources:

  • Snips sponsored implementation of the original version
  • KZen networks sponsored extension of many zero-knowledge proofs

Reported uses

  • Snips: privacy-preserving analytics
  • KZen networks: multi-party signatures
Issues

Collection of the latest Issues

haochenuw

haochenuw

1

More of a question than an issue, but I was wondering what's the purpose of using EncodedCiphertext type to wrap the RawCiphertext? Also quite new to rust -- could you give pointers to help understand the syntax below? I understand that the first line is implementing the Encrypt trait, but not sure what the second and third line means.

txus

txus

0

First of all congratulations, this library is really cool and I love using it!

I wonder if it's possible to support signed integers and/or floats like Python's phe does here. Signed integers would allow for subtraction, which is really useful. Unfortunately I'm a bit new to cryptography so I don't know if there's any other design choices that prevent it.

ocrickard

ocrickard

9

Hello! Exciting framework, I'm trying to do some performance work on Paillier encryption, but I can't seem to compile this framework with the nightly Rust compiler. I followed the steps in the readme, and attempted to compile the framework using cargo build.

I see that there was one prior issue that was opened and closed related to frame build support (#26 I believe), however I am uncertain if this is the same underlying issue.

Here's my setup:

And here's the output of the build command:

mortendahl

mortendahl

0

Ramp does currently not support proofs due to the use of specific GMP features; should be relatively straight forward to find an abstraction that fixes this.

mortendahl

mortendahl

0

Big integers may internally be represented in the negative range due to the use of signed numbers. When these are exported, in the form of eg keys and ciphertexts, we should make sure to normalise everything to the positive range.

One possible issue by not ensuring this is data leakage another is simply for consistency.

mortendahl

mortendahl

1

The use of mod N in the proofs of correct decryption key might be a non-standard assumption that we should make sure is okay to use. Hardness of DCR implies hardness of RSA inversion but may not imply RSA indistinguishability, which might be needed for the simulation proofs to go through (alternatively the simulator may be adaptable).

In any case, this should be addressed before making the next release, defaulting to the conservative case if not resolution is found.

mortendahl

mortendahl

enhancement
0

By also having a reference to the corresponding encryption key in ciphertexts we can making homomorphic operations easier to read, ie c1 + c2 and c * 5 instead of Paillier::add(ek, c1, c2) and Paillier:mul(c, 5).

Implementation wise this could be done by simply redirecting to the existing Paillier method and implementing Add and Mul for ciphertexts.

Information - Updated Jun 22, 2022

Stars: 76
Forks: 51
Issues: 18

Orion is a cryptography library written in pure Rust

It aims to provide easy and usable crypto while trying to minimize the use of unsafe code

Orion is a cryptography library written in pure Rust

Rustls is a modern TLS library written in Rust

ring for cryptography and rustls-pemfile crate

Rustls is a modern TLS library written in Rust

Mundane is a Rust cryptography library backed by BoringSSL that is difficult

to misuse, ergonomic, and performant (in that order)

Mundane is a Rust cryptography library backed by BoringSSL that is difficult

SideFuzz: Fuzzing for side-channel vulnerabilities

SideFuzz is an adaptive fuzzer that uses a genetic-algorithm optimizer in combination with t-statistics to find side-channel (timing) vulnerabilities in cryptography compiled to How it...

SideFuzz: Fuzzing for side-channel vulnerabilities

Rustls is a modern TLS library written in Rust

ring for cryptography and rustls-pemfile crate

Rustls is a modern TLS library written in Rust

This repository holds a Rust port of Google's Tink cryptography library

This repository holds a Rust port of Google's RustCrypto crates – this repo focuses on making

This repository holds a Rust port of Google's Tink cryptography library

A cryptography library that is mainly implemented in Rust

I aim to implement bindings to other languages such as C/C++ and Python

A cryptography library that is mainly implemented in Rust

Created for Cryptography Class, Spring 2019

RSA works on both Linux And Windows

Created for Cryptography Class, Spring 2019

Cryptographic Sponges

Fractal: Post-Quantum and Transparent Recursive Proofs from Holography

Cryptographic Sponges

A collection of cryptography functions written in Rust

rustup -- curl --proto '=https' --tlsv1

A collection of cryptography functions written in Rust

RSA-key-encryption

A simple RSA cryptography library

RSA-key-encryption
Facebook Instagram Twitter GitHub Dribbble
Privacy