paillier

package

v1.1.7 Latest Latest Go to latest Published: Dec 25, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/luxfi/threshold

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func KeyGen(pl *pool.Pool) (pk *PublicKey, sk *SecretKey)
func ValidateN(n *saferith.Modulus) error
func ValidatePrime(p *saferith.Nat) error
type Ciphertext
type PublicKey
- func NewPublicKey(n *saferith.Modulus) *PublicKey
type SecretKey
- func NewSecretKey(pl *pool.Pool) *SecretKey
- func NewSecretKeyFromPrimes(P, Q *saferith.Nat) *SecretKey

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrPaillierLength = errors.New("wrong number bit length of Paillier modulus N")
	ErrPaillierEven   = errors.New("modulus N is even")
	ErrPaillierNil    = errors.New("modulus N is nil")
)

View Source

var (
	ErrPrimeBadLength = errors.New("prime factor is not the right length")
	ErrNotBlum        = errors.New("prime factor is not equivalent to 3 (mod 4)")
	ErrNotSafePrime   = errors.New("supposed prime factor is not a safe prime")
	ErrPrimeNil       = errors.New("prime is nil")
)

Functions ¶

func KeyGen ¶

func KeyGen(pl *pool.Pool) (pk *PublicKey, sk *SecretKey)

KeyGen generates a new PublicKey and it's associated SecretKey.

func ValidateN ¶

func ValidateN(n *saferith.Modulus) error

ValidateN performs basic checks to make sure the modulus is valid: - log₂(n) = params.BitsPaillier. - n is odd.

func ValidatePrime ¶

func ValidatePrime(p *saferith.Nat) error

ValidatePrime checks whether p is a suitable prime for Paillier. Checks: - log₂(p) ≡ params.BitsBlumPrime. - p ≡ 3 (mod 4). - q := (p-1)/2 is prime.

Types ¶

type Ciphertext ¶

type Ciphertext struct {
	// contains filtered or unexported fields
}

Ciphertext represents an integer of the for (1+N)ᵐρᴺ (mod N²), representing the encryption of m ∈ ℤₙˣ.

func (*Ciphertext) Add ¶

func (ct *Ciphertext) Add(pk *PublicKey, ct2 *Ciphertext) *Ciphertext

Add sets ct to the homomorphic sum ct ⊕ ct₂. ct ← ct•ct₂ (mod N²).

func (Ciphertext) Clone ¶

func (ct Ciphertext) Clone() *Ciphertext

Clone returns a deep copy of ct.

func (*Ciphertext) Domain ¶

func (*Ciphertext) Domain() string

Domain implements hash.WriterToWithDomain, and separates this type within hash.Hash.

func (*Ciphertext) Equal ¶

func (ct *Ciphertext) Equal(ctA *Ciphertext) bool

Equal check whether ct ≡ ctₐ (mod N²).

func (*Ciphertext) MarshalBinary ¶

func (ct *Ciphertext) MarshalBinary() ([]byte, error)

func (*Ciphertext) Mul ¶

func (ct *Ciphertext) Mul(pk *PublicKey, k *saferith.Int) *Ciphertext

Mul sets ct to the homomorphic multiplication of k ⊙ ct. ct ← ctᵏ (mod N²).

func (*Ciphertext) Nat ¶

func (ct *Ciphertext) Nat() *saferith.Nat

func (*Ciphertext) Randomize ¶

func (ct *Ciphertext) Randomize(pk *PublicKey, nonce *saferith.Nat) *saferith.Nat

Randomize multiplies the ciphertext's nonce by a newly generated one. ct ← ct ⋅ nonceᴺ (mod N²). If nonce is nil, a random one is generated. The receiver is updated, and the nonce update is returned.

func (*Ciphertext) UnmarshalBinary ¶

func (ct *Ciphertext) UnmarshalBinary(data []byte) error

func (*Ciphertext) WriteTo ¶

func (ct *Ciphertext) WriteTo(w io.Writer) (int64, error)

WriteTo implements io.WriterTo and should be used within the hash.Hash function.

type PublicKey ¶

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is a Paillier public key. It is represented by a modulus N.

func NewPublicKey ¶

func NewPublicKey(n *saferith.Modulus) *PublicKey

NewPublicKey returns an initialized paillier.PublicKey and caches N, N² and (N-1)/2.

func (*PublicKey) Clone ¶

func (pk *PublicKey) Clone() *PublicKey

Clone creates a deep copy of the PublicKey with independent internal state. This is useful to avoid race conditions when the key is accessed concurrently.

func (PublicKey) Domain ¶

func (PublicKey) Domain() string

Domain implements hash.WriterToWithDomain, and separates this type within hash.Hash.

func (PublicKey) Enc ¶

func (pk PublicKey) Enc(m *saferith.Int) (*Ciphertext, *saferith.Nat)

Enc returns the encryption of m under the public key pk. The nonce used to encrypt is returned.

The message m must be in the range [-(N-1)/2, …, (N-1)/2] and panics otherwise.

ct = (1+N)ᵐρᴺ (mod N²).

func (PublicKey) EncWithNonce ¶

func (pk PublicKey) EncWithNonce(m *saferith.Int, nonce *saferith.Nat) *Ciphertext

EncWithNonce returns the encryption of m under the public key pk. The nonce is not returned.

The message m must be in the range [-(N-1)/2, …, (N-1)/2] and panics otherwise

ct = (1+N)ᵐρᴺ (mod N²).

func (PublicKey) Equal ¶

func (pk PublicKey) Equal(other *PublicKey) bool

Equal returns true if pk ≡ other.

func (*PublicKey) Modulus ¶

func (pk *PublicKey) Modulus() *arith.Modulus

Modulus returns an arith.Modulus for N which may allow for accelerated exponentiation when this public key was generated from a secret key.

func (*PublicKey) ModulusSquared ¶

func (pk *PublicKey) ModulusSquared() *arith.Modulus

ModulusSquared returns an arith.Modulus for N² which may allow for accelerated exponentiation when this public key was generated from a secret key.

func (*PublicKey) N ¶

func (pk *PublicKey) N() *saferith.Modulus

N is the public modulus making up this key.

func (PublicKey) ValidateCiphertexts ¶

func (pk PublicKey) ValidateCiphertexts(cts ...*Ciphertext) bool

ValidateCiphertexts checks if all ciphertexts are in the correct range and coprime to N² ct ∈ [1, …, N²-1] AND GCD(ct,N²) = 1.

func (*PublicKey) WriteTo ¶

func (pk *PublicKey) WriteTo(w io.Writer) (int64, error)

WriteTo implements io.WriterTo and should be used within the hash.Hash function.

type SecretKey ¶

type SecretKey struct {
	*PublicKey
	// contains filtered or unexported fields
}

SecretKey is the secret key corresponding to a Public Paillier Key.

A public key is a modulus N, and the secret key contains the information needed to factor N into two primes, P and Q. This allows us to decrypt values encrypted using this modulus.

func NewSecretKey ¶

func NewSecretKey(pl *pool.Pool) *SecretKey

NewSecretKey generates primes p and q suitable for the scheme, and returns the initialized SecretKey.

func NewSecretKeyFromPrimes ¶

func NewSecretKeyFromPrimes(P, Q *saferith.Nat) *SecretKey

NewSecretKeyFromPrimes generates a new SecretKey. Assumes that P and Q are prime.

func (*SecretKey) Dec ¶

func (sk *SecretKey) Dec(ct *Ciphertext) (*saferith.Int, error)

Dec decrypts c and returns the plaintext m ∈ ± (N-2)/2. It returns an error if gcd(c, N²) != 1 or if c is not in [1, N²-1].

func (*SecretKey) DecWithRandomness ¶

func (sk *SecretKey) DecWithRandomness(ct *Ciphertext) (*saferith.Int, *saferith.Nat, error)

DecWithRandomness returns the underlying plaintext, as well as the randomness used.

func (SecretKey) GeneratePedersen ¶

func (sk SecretKey) GeneratePedersen() (*pedersen.Parameters, *saferith.Nat)

func (*SecretKey) P ¶

func (sk *SecretKey) P() *saferith.Nat

P returns the first of the two factors composing this key.

func (*SecretKey) Phi ¶

func (sk *SecretKey) Phi() *saferith.Nat

Phi returns ϕ = (P-1)(Q-1).

This is the result of the totient function ϕ(N), where N = P⋅Q is our public key. This function counts the number of units mod N.

This quantity is useful in ZK proofs.

func (*SecretKey) Q ¶

func (sk *SecretKey) Q() *saferith.Nat

Q returns the second of the two factors composing this key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL