Merge remote-tracking branch 'origin/cggmp24/m' into m

.github/workflows/publish.yml

@@ -4,6 +4,7 @@ on:
       - 'v*'
       - 'key-share-v*'
       - 'cggmp21-keygen-v*'
+      - 'paillier-zk-v*'
   workflow_dispatch:
 
 name: Publish
@@ -35,9 +36,9 @@ jobs:
       && startsWith(github.ref_name, 'key-share-v')
     steps:
     - uses: actions/checkout@v3
-    - run: cargo publish -p key-share --token ${CRATES_TOKEN}
+    - run: cargo publish -p key-share
       env:
-        CRATES_TOKEN: ${{ secrets.CRATES_TOKEN }}
+        CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_TOKEN }}
 
   publish-cggmp21-keygen:
     name: Publish cggmp21-keygen
@@ -48,6 +49,19 @@ jobs:
       && startsWith(github.ref_name, 'cggmp21-keygen-v')
     steps:
     - uses: actions/checkout@v3
-    - run: cargo publish -p cggmp21-keygen --token ${CRATES_TOKEN}
+    - run: cargo publish -p cggmp21-keygen
       env:
-        CRATES_TOKEN: ${{ secrets.CRATES_TOKEN }}
+        CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_TOKEN }}
+
+  publish-paillier-zk:
+    name: Publish paillier-zk
+    environment: crates.io
+    runs-on: ubuntu-latest
+    if: >-
+      github.ref_type == 'tag'
+      && startsWith(github.ref_name, 'paillier-zk-v')
+    steps:
+    - uses: actions/checkout@v3
+    - run: cargo publish -p paillier-zk
+      env:
+        CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_TOKEN }}

.github/workflows/rust.yml

@@ -34,6 +34,7 @@ jobs:
         - key-share
         - cggmp21-keygen
         - cggmp21
+        - paillier-zk
     steps:
     - uses: actions/checkout@v3
     - uses: Swatinem/rust-cache@v2
@@ -90,6 +91,13 @@ jobs:
         cache-on-failure: "true"
     - name: Run clippy
       run: cargo clippy --all --all-features --lib --exclude cggmp21-tests -- --no-deps -D clippy::all -D clippy::unwrap_used -D clippy::expect_used
+  clippy-tests:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: Swatinem/rust-cache@v2
+      with:
+        cache-on-failure: "true"
     - name: Run clippy tests
       run: cargo clippy --tests --all-features --lib -- -D clippy::all
 

Cargo.toml

@@ -4,6 +4,7 @@ members = [
     "cggmp21",
     "cggmp21-keygen",
     "key-share",
+    "paillier-zk",
     "tests",
 ]
 exclude = [
@@ -14,12 +15,12 @@ exclude = [
 cggmp21 = { version = "0.6", path = "cggmp21" }
 cggmp21-keygen = { version = "0.5", path = "cggmp21-keygen" }
 key-share = { version = "0.6", path = "key-share", default-features = false }
+paillier-zk = { version = "0.4.1", path = "paillier-zk", default-features = false }
 
 generic-ec = { version = "0.4.1", default-features = false } 
 generic-ec-zkp = { version = "0.4.1", default-features = false } 
 round-based = { version = "0.4", default-features = false }
 
-paillier-zk = "0.4.1" 
 udigest = { version = "0.2.1", default-features = false }
 
 digest = { version = "0.10", default-features = false }

paillier-zk/CHANGELOG.md

@@ -0,0 +1,21 @@
+## v0.4.2
+* Update links in the crate settings, update readme [#53]
+
+[#53]: https://github.com/LFDT-Lockness/paillier-zk/pull/53
+
+## v0.4.1
+* Prettify code by using `#[udigest(as = ...)]` attribute [#51]
+
+[#51]: https://github.com/LFDT-Lockness/paillier-zk/pull/51
+
+## v0.4.0
+* security fix: derive challenges for zero-knowledge proof unambiguously
+
+## v0.3.0
+* Update `generic-ec` dep to v0.3 [#48]
+
+[#48]: https://github.com/LFDT-Lockness/paillier-zk/pull/48
+
+## v0.2.0
+
+All changes prior to this version were not documented

paillier-zk/Cargo.toml

@@ -0,0 +1,51 @@
+[package]
+name = "paillier-zk"
+version = "0.4.2"
+edition = "2021"
+license = "MIT OR Apache-2.0"
+description = "ZK-proofs for Paillier encryption scheme"
+repository = "https://github.com/LFDT-Lockness/cggmp21"
+categories = ["algorithms", "cryptography"]
+keywords = ["paillier", "zk-proofs", "zero-knowledge"]
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+generic-ec = { version = "0.4", features = ["udigest"] }
+rand_core = { version = "0.6", default-features = false }
+digest = "0.10"
+fast-paillier = "0.1"
+rug = { version = "1.21", default-features = false, features = ["integer", "rand"] }
+
+thiserror = "1"
+
+serde = { version = "1", features = ["derive"], optional = true }
+serde_with = { version = "3", default-features = false, features = ["macros"], optional = true }
+
+udigest = { version = "0.2.1", default-features = false, features = ["inline-struct", "derive"] }
+rand_hash = "0.1"
+
+[dev-dependencies]
+generic-ec = { version = "0.4", features = ["udigest", "all-curves"] }
+rand_dev = { version = "0.1", default-features = false }
+sha2 = { version = "0.10", default-features = false }
+
+subtle = { version = "2.4", default-features = false }
+zeroize = { version = "1.5", default-features = false }
+
+anyhow = "1"
+serde_json = "1"
+
+[features]
+default = []
+serde = ["dep:serde", "dep:serde_with", "generic-ec/serde", "rug/serde", "fast-paillier/serde"]
+
+# This features is exlusively used for `cargo test --doc`
+__internal_doctest = ["serde"]
+
+[[example]]
+name = "pregenerate"
+required-features = ["serde"]
+
+[package.metadata.docs.rs]
+all-features = true

paillier-zk/README.md

@@ -0,0 +1,15 @@
+![License](https://img.shields.io/crates/l/paillier-zk.svg)
+[![Docs](https://docs.rs/paillier-zk/badge.svg)](https://docs.rs/paillier-zk)
+[![Crates io](https://img.shields.io/crates/v/paillier-zk.svg)](https://crates.io/crates/paillier-zk)
+[![Discord](https://img.shields.io/discord/905194001349627914?logo=discord&logoColor=ffffff&label=Discord)][in Discord]
+
+[in Discord]: https://discordapp.com/channels/905194001349627914/1285268686147424388
+
+# paillier-zk
+
+This crate provides ZK-proofs for some properties about paillier encryption.
+See the module docs for the properties and examples of usage.
+
+This library is built on top of [fast-paillier](https://lib.rs/fast-paillier) crate.
+This crate and the underlying big integer implementation are reexported for the
+consumer to be able to use them, instead of trying to match a version.

paillier-zk/clippy.toml

@@ -0,0 +1 @@
+disallowed-methods = []

paillier-zk/examples/pregenerate.rs

@@ -0,0 +1,104 @@
+//! Pregenerates aux data and keys
+//!
+//! This example shows how aux data can be generated to set up proofs. Generated data is used by doctests.
+
+use anyhow::{Context, Result};
+use rug::{Complete, Integer};
+
+use paillier_zk::IntegerExt;
+
+fn main() -> Result<()> {
+    let mut rng = rand_core::OsRng;
+
+    // Generate Verifier's aux data
+    {
+        let p = generate_blum_prime(&mut rng, 1024);
+        let q = generate_blum_prime(&mut rng, 1024);
+        let n = (&p * &q).complete();
+
+        let (s, t) = {
+            let phi_n = (p.clone() - 1u8) * (q.clone() - 1u8);
+            let r = Integer::gen_invertible(&n, &mut rng);
+            let lambda = phi_n.random_below(&mut fast_paillier::utils::external_rand(&mut rng));
+
+            let t = r.square().modulo(&n);
+            let s = t.pow_mod_ref(&lambda, &n).unwrap().into();
+
+            (s, t)
+        };
+
+        let aux = paillier_zk::paillier_encryption_in_range::Aux {
+            s,
+            t,
+            rsa_modulo: n,
+            multiexp: None,
+            crt: None,
+        };
+
+        let aux_json = serde_json::to_vec_pretty(&aux).context("serialzie aux")?;
+        std::fs::write("./test-data/verifier_aux.json", aux_json).context("save aux")?;
+    }
+
+    // Generate a bunch of paillier keys
+    generate_paillier_key(
+        &mut rng,
+        Some("./test-data/prover_decryption_key.json".as_ref()),
+        Some("./test-data/prover_encryption_key.json".as_ref()),
+    )?;
+    generate_paillier_key(
+        &mut rng,
+        None, // "someone's" secret decryption key remains unknown
+        Some("./test-data/someone_encryption_key0.json".as_ref()),
+    )?;
+    generate_paillier_key(
+        &mut rng,
+        None, // "someone's" secret decryption key remains unknown
+        Some("./test-data/someone_encryption_key1.json".as_ref()),
+    )?;
+
+    Ok(())
+}
+
+fn generate_paillier_key(
+    rng: &mut impl rand_core::RngCore,
+    output_dk: Option<&std::path::Path>,
+    output_ek: Option<&std::path::Path>,
+) -> anyhow::Result<()> {
+    // 1536 bits primes used for paillier key achieve 128 bits security
+    let p = generate_blum_prime(rng, 1536);
+    let q = generate_blum_prime(rng, 1536);
+
+    let dk: fast_paillier::DecryptionKey =
+        fast_paillier::DecryptionKey::from_primes(p, q).context("generated p, q are invalid")?;
+    let ek = dk.encryption_key();
+
+    if let Some(path) = output_dk {
+        let dk_json = serde_json::to_vec_pretty(&dk).context("serialize decryption key")?;
+        std::fs::write(path, dk_json).context("save decryption key")?;
+    }
+
+    if let Some(path) = output_ek {
+        let ek_json = serde_json::to_vec_pretty(&ek).context("serialize encryption key")?;
+        std::fs::write(path, ek_json).context("save encryption key")?;
+    }
+
+    Ok(())
+}
+
+/// Note: Blum primes MUST NOT be used in real system
+///
+/// Blum primes are faster to generate so we use them for the tests, however they do not meet
+/// security requirements of the proofs. Safe primes MUST BE used intead of blum primes.
+///
+/// Safe primes can be generated using [`fast_paillier::utils::generate_safe_prime`]
+fn generate_blum_prime(rng: &mut impl rand_core::RngCore, bits_size: u32) -> Integer {
+    loop {
+        let mut n: Integer =
+            Integer::random_bits(bits_size, &mut fast_paillier::utils::external_rand(rng)).into();
+        n.set_bit(bits_size - 1, true);
+        n.next_prime_mut();
+        if n.mod_u(4) == 3 {
+            break n;
+        }
+    }
+}

paillier-zk/src/_doctest.rs

@@ -0,0 +1,10 @@
+/// Refer to `examples/pregenerate.rs` to see how data is pregenerated
+#[macro_export]
+macro_rules! load_pregenerated_data {
+    ($($name:ident: $type:ty),+$(,)?) => {$(
+        pub fn $name() -> $type {
+            const JSON: &str = include_str!(concat!("../test-data/", stringify!($name), ".json"));
+            serde_json::from_str(JSON).unwrap()
+        }
+    )+};
+}