paillier-bigint
Advanced tools
Comparing version 3.0.6 to 3.1.0
{ | ||
"name": "paillier-bigint", | ||
"version": "3.0.6", | ||
"version": "3.1.0", | ||
"description": "An implementation of the Paillier cryptosystem using native JS (ECMA 2020) implementation of BigInt", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -22,7 +22,7 @@ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) | ||
**D( E(m1) · E(m2) ) mod n^2 = m1 + m2 mod n** | ||
**D( E(m<sub>1</sub>) · E(m<sub>2</sub>) ) mod n<sup>2</sup> = m<sub>1</sub> + m<sub>2</sub> mod n** | ||
The product of a ciphertext with a plaintext raising g will decrypt to the sum of the corresponding plaintexts, | ||
**D( E(m1) · g^(m2) ) mod n^2 = m1 + m2 mod n** | ||
**D( E(m<sub>1</sub>) · g<sup>m<sub>2</sub></sup> ) mod n<sup>2</sup> = m<sub>1</sub> + m<sub>2</sub> mod n** | ||
@@ -33,5 +33,5 @@ ### (pseudo-)homomorphic multiplication of plaintexts | ||
**D( E(m1)^(m2) mod n^2 ) = m1 · m2 mod n**, | ||
**D( E(m<sub>1</sub>)<sup>m<sub>2</sub></sup> mod n<sup>2</sup> ) = m<sub>1</sub> · m<sub>2</sub> mod n**, | ||
**D( E(m2)^(m1) mod n^2 ) = m1 · m2 mod n**. | ||
**D( E(m<sub>2</sub>)<sup>m<sub>1</sub></sup> mod n<sup>2</sup> ) = m<sub>1</sub> · m<sub>2</sub> mod n**. | ||
@@ -41,3 +41,3 @@ More generally, an encrypted plaintext raised to a constant k will decrypt to the product of the plaintext and the | ||
**D( E(m1)^k mod n^2 ) = k · m1 mod n**. | ||
**D( E(m<sub>1</sub>)<sup>k</sup> mod n<sup>2</sup> ) = k · m<sub>1</sub> mod n**. | ||
@@ -54,7 +54,11 @@ However, given the Paillier encryptions of two messages there is no known way to compute an encryption of the product of | ||
3. Repeat until the bitlength of `n=p·q` is `keyLength`. | ||
3. Compute `λ = lcm(p-1, q-1)` with `lcm(a, b) = a·b / gcd(a, b)`. | ||
4. Select a generator `g` in `Z*` of `n^2`. `g` can be computed as follows (there are other ways): | ||
* Generate randoms `α` and `β` in `Z*` of `n`. | ||
* Compute `g=( α·n + 1 ) β^n mod n^2`. | ||
5. Compute `μ=( L( g^λ mod n^2 ) )^(-1) mod n` where `L(x)=(x-1)/n`. | ||
3. Compute parameters `λ`, `g` and `μ`. Among other ways, it can be done as follows: | ||
1. Standard approach: | ||
1. Compute `λ = lcm(p-1, q-1)` with `lcm(a, b) = a·b / gcd(a, b)`. | ||
2. Generate randoms `α` and `β` in `Z*` of `n`, and select generator `g` in `Z*` of `n**2` as `g = ( α·n + 1 ) β**n mod n**2`. | ||
3. Compute `μ = ( L( g^λ mod n**2 ) )**(-1) mod n` where `L(x)=(x-1)/n`. | ||
2. If using p,q of equivalent length, a simpler variant would be: | ||
1. `λ = (p-1, q-1)` | ||
2. `g = n+1` | ||
3. `μ = λ**(-1) mod n` | ||
@@ -68,10 +72,10 @@ The **public** (encryption) **key** is **(n, g)**. | ||
1. Select random integer `r` in `(1, n^2)`. | ||
1. Select random integer `r` in `(1, n)`. | ||
2. Compute ciphertext as: **`c = g^m · r^n mod n^2`** | ||
2. Compute ciphertext as: **`c = g**m · r**n mod n**2`** | ||
## Decryption | ||
Let `c` be the ciphertext to decrypt, where `c` in `(0, n^2)`. | ||
Let `c` be the ciphertext to decrypt, where `c` in `(0, n**2)`. | ||
1. Compute the plaintext message as: **`m = L( c^λ mod n^2 ) · μ mod n`** | ||
1. Compute the plaintext message as: **`m = L( c**λ mod n**2 ) · μ mod n`** | ||
@@ -78,0 +82,0 @@ ## Installation |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
51717
355