Crate elgamal

source ·
Expand description

§Elgamal Public Key Encryption

This document represents an executable specification of the Elgamal Public Key Encryption scheme.

At the basis of the encryption scheme is a prime order group $\mathbb{G}$ with the same interface as defined in [draft-oprf].

Enums§

  • Error
    Any of the given algorithms may fail if the given arguments result in invalid group operations.

Functions§

  • add_ciphertexts
    Elgamal ciphertexts under the same encryption key enjoy an additive homomorphism, i.e. if c1 = Enc(ek, m1) and c2 = Enc(pk, m2), then we can define an addition operation + such that Dec(dk, c1 + c2) = m1 + m2.
  • decrypt
    To decrypt an Elgamal ciphertext, the holder of the decryption key can multiply the auxillary component of the ciphertext by the decryption key, thus reproducing the blinding element that was calculated during encryption. Adding the negation of this blinding to the blinded message component of the ciphertext recovers the encrypted message.
  • encrypt
    To encrypt a message (a group element) under encryption key ek, the encryption key randomized by scalar muliplication with randomizer. The result is used as a blinding element by adding it to the message using the group operation. To allow for decryption, the ciphertext also includes as an auxillary component the result of scalar multiplication of the generator by the randomizer that was used in the blinding.
  • generate_keys
    To generate a pair of encryption and decryption keys, first the decryption key is drawn uniformly at random from the set of scalars. Then the corresponding encryption key is generated by scalar multiplication of the group generator with the decryption key.
  • rerandomize
    Given the correct public encryption key, it is possible to rerandomize Elgamal ciphertexts without changing the message that is encrypted. To do so, the encryption is multiplied by the fresh randomizer and the result is added to the blinded message component of the ciphertext.
  • scalar_mul_ciphertext
    Since addition as described above is defined via component-wise application of the group operation, repeated addition of a ciphertext with itself can be expressed via componentwise scalar multiplication of the ciphertext.

Type Aliases§

  • Ciphertext
    An Elgamal encryption of a message M under public key PK is a pair of group elements (c0, c1) where
  • DecryptionKey
    An Elgamal private decryption key is a scalar $dk$ of base group $\mathcal{G}$.
  • EncryptionKey
    An Elgamal encryption key is a group element in $`\mathcal{G}$.
  • Plaintext
    An Elgamal plaintext is a member of the base group.