You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

github.com/xtaci/hppk

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/xtaci/hppk

v1.1.0
Source
Go
Version published
Created
Source

HPPK: Homomorphic Polynomial Public-key Cryptography

348665850-c2575c66-4f87-42a9-8b86-e81991de03c0

GoDoc Go Report Card CreatedAt

Overview

HPPK is an implementation of a Homomorphic Polynomial Public Key (HPPK) system, designed for both Key Encapsulation Mechanisms (KEM) and Digital Signatures (DS). This cryptographic protocol leverages the properties of polynomials to create secure, efficient methods for key exchange and message signing.

The main objectives of HPPK are to provide:

  • Secure key encapsulation: Facilitating the secure exchange of symmetric keys.
  • Robust digital signatures: Ensuring the authenticity and integrity of messages.

For a detailed explanation of the underlying theory and security proofs, please refer to the research paper.

Features

  • Homomorphic Encryption: Allows computations on ciphertexts that result in encrypted outcomes, which match the operations performed on the plaintexts.
  • Polynomial-Based Cryptography: Utilizes polynomials to create robust public and private keys.
  • Efficient Key Encapsulation Mechanism (KEM): Securely exchanges symmetric keys.
  • Strong Digital Signatures (DS): Provides authentication and integrity verification of messages.
  • Scalable and Efficient: Suitable for various applications, ranging from small-scale systems to large, complex networks.

348681154-37b88d3c-9bd6-4436-9837-1a0b078e5ac1

Installation

$ go install github.com/xtaci/hppk/cmd/hppktool
$ hppktool
HPPK key management tool.
Supports key generation, signing, verification, and secret encryption.

Usage:
  hppktool [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  encrypt     Encrypts a message from standard input
  help        Help about any command
  keygen      Generate an HPPK private/public key pair
  sign        Sign a message from standard input
  verify      Verify a message from standard input

Flags:
  -h, --help     help for hppktool
  -s, --silent   Suppress non-essential messages

Use "hppktool [command] --help" for more information about a command.

Using Library

To use HPPK, you need to have Go installed. You can download and install Go from the official website.

  • Clone the repository:

    git clone https://github.com/xtaci/hppk.git
cd hppk

  • Build the project:

    go build

Usage

Generating Keys

To generate a new pair of private and public keys:

package main

import (
    "fmt"
    "github.com/xtaci/hppk"
)

func main() {
    privateKey, err := hppk.GenerateKey(5)
    if err != nil {
        fmt.Println("Error generating keys:", err)
        return
    }
    fmt.Println("Private Key:", privateKey)
    fmt.Println("Public Key:", privateKey.PublicKey)
}

Encryption

To encrypt a message using the public key:

package main

import (
    "fmt"
    "github.com/xtaci/hppk"
)

func main() {
    privKey, err := hppk.GenerateKey(10)
    if err != nil {
        panic(err)
    }
    pubKey := privKey.Public()

    message := []byte("hello world")
    kem, err := hppk.Encrypt(pubKey, message)
    if err != nil {
        panic(err)
    }
    fmt.Printf("Encrypted KEM: %+v\n", kem)
}

Decryption

To decrypt the encrypted values using the private key:

package main

import (
    "fmt"
    "github.com/xtaci/hppk"
)

func main() {
    privKey, err := hppk.GenerateKey(10)
    if err != nil {
        panic(err)
    }
    pubKey := privKey.Public()

    message := []byte("hello world")
    kem, err := hppk.Encrypt(pubKey, message)
    if err != nil {
        panic(err)
    }

    decryptedMessage, err := privKey.Decrypt(kem)
    if err != nil {
        panic(err)
    }
    fmt.Printf("Decrypted Message: %s\n", decryptedMessage)
}

Signing

package main

import (
    "crypto/sha256"
    "fmt"
    "github.com/xtaci/hppk"
)

func main() {
    privKey, err := hppk.GenerateKey(10)
    if err != nil {
        panic(err)
    }

    digest := sha256.Sum256([]byte("hello world"))
    signature, err := privKey.Sign(digest[:])
    if err != nil {
        panic(err)
    }
    fmt.Printf("Signature: %+v\n", signature)
}

Verification

package main

import (
    "crypto/sha256"
    "fmt"
    "github.com/xtaci/hppk"
)

func main() {
    privKey, err := hppk.GenerateKey(10)
    if err != nil {
        panic(err)
    }
    pubKey := privKey.Public()

    digest := sha256.Sum256([]byte("hello world"))
    signature, err := privKey.Sign(digest[:])
    if err != nil {
        panic(err)
    }

    isValid := hppk.VerifySignature(signature, digest[:], pubKey)
    fmt.Printf("Signature valid: %v\n", isValid)
}

Contributing

Contributions are welcome! Please open an issue or submit a pull request for any improvements, bug fixes, or additional features.

License

This project is licensed under the GPLv3 License. See the LICENSE file for details.

References

For more detailed information, please refer to the research paper.

Acknowledgments

Special thanks to the authors of the research paper for their groundbreaking work on HPPK and its applications in KEM and DS.

FAQs

Package last updated on 14 Aug 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published

Research

/

Security News

Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published

Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.

By Kush Pandya  -  Jul 23, 2025