Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

paillier-bigint

Package Overview
Dependencies
Maintainers
1
Versions
30
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

paillier-bigint

An implementation of the Paillier cryptosystem using native JS (stage 3) implementation of BigInt

  • 1.0.9
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

paillier-bigint

An implementation of the Paillier cryptosystem relying on the native JS (stage 3) implementation of BigInt. It can be used by any Web Browser or webview supporting BigInt and with Node.js (>=10.4.0). In the latter case, for multi-threaded primality tests (during key generation), you should use Node.js 11 or enable at runtime with node --experimental-worker with Node.js >=10.5.0.

The operations supported on BigInts are not constant time. BigInt can be therefore unsuitable for use in cryptography. Many platforms provide native support for cryptography, such as Web Cryptography API or Node.js Crypto.

The Paillier cryptosystem, named after and invented by Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. A notable feature of the Paillier cryptosystem is its homomorphic properties.

Homomorphic properties

Homomorphic addition of plaintexts

The product of two ciphertexts will decrypt to the sum of their corresponding plaintexts,

D( E(m1) · E(m2) ) mod n^2 = m1 + m2 mod n

The product of a ciphertext with a plaintext raising g will decrypt to the sum of the corresponding plaintexts,

D( E(m1) · g^(m2) ) mod n^2 = m1 + m2 mod n

(pseudo-)homomorphic multiplication of plaintexts

An encrypted plaintext raised to the power of another plaintext will decrypt to the product of the two plaintexts,

D( E(m1)^(m2) mod n^2 ) = m1 · m2 mod n,

D( E(m2)^(m1) mod n^2 ) = m1 · m2 mod n.

More generally, an encrypted plaintext raised to a constant k will decrypt to the product of the plaintext and the constant,

D( E(m1)^k mod n^2 ) = k · m1 mod n.

However, given the Paillier encryptions of two messages there is no known way to compute an encryption of the product of these messages without knowing the private key.

Key generation

  1. Define the bit length of the modulus n, or keyLength in bits.
  2. Choose two large prime numbers p and q randomly and independently of each other such that gcd( p·q, (p-1)(q-1) )=1 and n=p·q has a key length of keyLength. For instance:
    1. Generate a random prime p with a bit length of keyLength/2 + 1.
    2. Generate a random prime q with a bit length of keyLength/2.
    3. Repeat until the bitlength of n=p·q is keyLength.
  3. Compute λ = lcm(p-1, q-1) with lcm(a, b) = a·b / gcd(a, b).
  4. Select a generator g in Z* of n^2. g can be computed as follows (there are other ways):
    • Generate randoms α and β in Z* of n.
    • Compute g=( α·n + 1 ) β^n mod n^2.
  5. Compute μ=( L( g^λ mod n^2 ) )^(-1) mod n where L(x)=(x-1)/n.

The public (encryption) key is (n, g).

The private (decryption) key is (λ, μ).

Encryption

Let m in Z* of n be the clear-text message,

  1. Select random integer r in (1, n^2).

  2. Compute ciphertext as: c = g^m · r^n mod n^2

Decryption

Let c be the ciphertext to decrypt, where c in (0, n^2).

  1. Compute the plaintext message as: m = L( c^λ mod n^2 ) · μ mod n

Installation

paillier-bigint is distributed for web browsers and/or webviews supporting BigInt as an ES6 module or an IIFE file; and for Node.js (>=10.4.0), as a CJS module.

paillier-bigint can be imported to your project with npm:

npm install paillier-bigint

NPM installation defaults to the ES6 module for browsers and the CJS one for Node.js.

For web browsers, you can also directly download the minimised version of the IIFE file or the ES6 module from GitHub.

Usage

Every input number should be a string in base 10, an integer, or a bigint. All the output numbers are of type bigint.

An example with Node.js:

    // import paillier
    const paillier = require('paillier-bigint.js');

    // (asynchronous) creation of a random private, public key pair for the Paillier cryptosystem
    const {publicKey, privateKey} = await paillier.generateRandomKeys(3072);

    // optionally, you can create your public/private keys from known parameters
    const publicKey = new paillier.PublicKey(n, g);
    const privateKey = new paillier.PrivateKey(lambda, mu, p, q, publicKey);

    // encrypt m
    let c = publicKey.encrypt(m);

    // decrypt c
    let d = privateKey.decrypt(c);

    // homomorphic addition of two ciphertexts (encrypted numbers)
    let c1 = publicKey.encrypt(m1);
    let c2 = publicKey.encrypt(m2);
    let encryptedSum = publicKey.addition(c1, c2);
    let sum = privateKey.decrypt(encryptedSum); // m1 + m2

    // multiplication by k
    let c1 = publicKey.encrypt(m1);
    let encryptedMul = publicKey.multiply(c1, k);
    let mul = privateKey.decrypt(encryptedMul); // k · m1

From a browser, you can just load the module in a html page as:

    <script type="module">
        import * as paillier from 'paillier-bigint-latest.browser.mod.min.js';

        // (asynchronous) creation of a random private, public key pair for the Paillier cryptosystem
        paillier.generateRandomKeys(3072).then((keyPair) => {
            const publicKey = keyPair.publicKey;
            const privateKey = keyPair.privateKey;
            // ...
        });

        // You can also create your public/private keys from known parameters
        const publicKey = new paillier.PublicKey(n, g);
        const privateKey = new paillier.PrivateKey(lambda, mu, p, q, publicKey);

        // encrypt m is just
        let c = publicKey.encrypt(m);

        // decrypt c
        let d = privateKey.decrypt(c);

        // homomorphic addition of two ciphertexts (encrypted numbers)
        let c1 = publicKey.encrypt(m1);
        let c2 = publicKey.encrypt(m2);
        let encryptedSum = publicKey.addition(c1, c2);
        let sum = privateKey.decrypt(encryptedSum); // m1 + m2

        // multiplication by k
        let c1 = publicKey.encrypt(m1);
        let encryptedMul = publicKey.multiply(c1, k);
        let mul = privateKey.decrypt(encryptedMul); // k · m1
    </script>

Classes

PublicKey
PrivateKey

Constants

generateRandomKeysPromise

Generates a pair private, public key for the Paillier cryptosystem in synchronous mode

PublicKey

Class for a Paillier public key

PrivateKey

Class for Paillier private keys.

Typedefs

KeyPair : Object

PublicKey

Kind: global class

new PublicKey(n, g)

Creates an instance of class PaillierPublicKey

ParamTypeDescription
nbigint | stringBase10 | numberthe public modulo
gbigint | stringBase10 | numberthe public generator

publicKey.bitLength ⇒ number

Get the bit length of the public modulo

Kind: instance property of PublicKey
Returns: number - - bit length of the public modulo

publicKey.encrypt(m) ⇒ bigint

Paillier public-key encryption

Kind: instance method of PublicKey
Returns: bigint - - the encryption of m with this public key

ParamTypeDescription
mbigint | stringBase10 | numbera cleartext number

publicKey.addition(...ciphertexts) ⇒ bigint

Homomorphic addition

Kind: instance method of PublicKey
Returns: bigint - - the encryption of (m_1 + ... + m_2) with this public key

ParamTypeDescription
...ciphertextsbigint | numbern >= 2 ciphertexts (c_1,..., c_n) that are the encryption of (m_1, ..., m_n) with this public key

publicKey.multiply(c, k) ⇒ bigint

Pseudo-homomorphic Paillier multiplication

Kind: instance method of PublicKey
Returns: bigint - - the encryption of k·m with this public key

ParamTypeDescription
cbiginta number m encrypted with this public key
kbigint | stringBase10 | numbereither a cleartext message (number) or a scalar

PrivateKey

Kind: global class

new PrivateKey(lambda, mu, p, q, publicKey)

Creates an instance of class PaillierPrivateKey

ParamTypeDescription
lambdabigint | stringBase10 | number
mubigint | stringBase10 | number
pbigint | stringBase10 | numbera big prime
qbigint | stringBase10 | numbera big prime
publicKeyPaillierPublicKey

privateKey.bitLength ⇒ number

Get the bit length of the public modulo

Kind: instance property of PrivateKey
Returns: number - - bit length of the public modulo

privateKey.n ⇒ bigint

Get the public modulo n=p·q

Kind: instance property of PrivateKey
Returns: bigint - - the public modulo n=p·q

privateKey.decrypt(c) ⇒ bigint

Paillier private-key decryption

Kind: instance method of PrivateKey
Returns: bigint - - the decryption of c with this private key

ParamTypeDescription
cbigint | stringBase10a (big) number encrypted with the public key

generateRandomKeys ⇒ Promise

Generates a pair private, public key for the Paillier cryptosystem in synchronous mode

Kind: global constant
Returns: Promise - - a promise that resolves to a KeyPair of public, private keys

ParamTypeDescription
bitLengthnumberthe bit lenght of the public modulo
simplevariantbooleanuse the simple variant to compute the generator

PublicKey

Class for a Paillier public key

Kind: global constant

new PublicKey(n, g)

Creates an instance of class PaillierPublicKey

ParamTypeDescription
nbigint | stringBase10 | numberthe public modulo
gbigint | stringBase10 | numberthe public generator

publicKey.bitLength ⇒ number

Get the bit length of the public modulo

Kind: instance property of PublicKey
Returns: number - - bit length of the public modulo

publicKey.encrypt(m) ⇒ bigint

Paillier public-key encryption

Kind: instance method of PublicKey
Returns: bigint - - the encryption of m with this public key

ParamTypeDescription
mbigint | stringBase10 | numbera cleartext number

publicKey.addition(...ciphertexts) ⇒ bigint

Homomorphic addition

Kind: instance method of PublicKey
Returns: bigint - - the encryption of (m_1 + ... + m_2) with this public key

ParamTypeDescription
...ciphertextsbigint | numbern >= 2 ciphertexts (c_1,..., c_n) that are the encryption of (m_1, ..., m_n) with this public key

publicKey.multiply(c, k) ⇒ bigint

Pseudo-homomorphic Paillier multiplication

Kind: instance method of PublicKey
Returns: bigint - - the encryption of k·m with this public key

ParamTypeDescription
cbiginta number m encrypted with this public key
kbigint | stringBase10 | numbereither a cleartext message (number) or a scalar

PrivateKey

Class for Paillier private keys.

Kind: global constant

new PrivateKey(lambda, mu, p, q, publicKey)

Creates an instance of class PaillierPrivateKey

ParamTypeDescription
lambdabigint | stringBase10 | number
mubigint | stringBase10 | number
pbigint | stringBase10 | numbera big prime
qbigint | stringBase10 | numbera big prime
publicKeyPaillierPublicKey

privateKey.bitLength ⇒ number

Get the bit length of the public modulo

Kind: instance property of PrivateKey
Returns: number - - bit length of the public modulo

privateKey.n ⇒ bigint

Get the public modulo n=p·q

Kind: instance property of PrivateKey
Returns: bigint - - the public modulo n=p·q

privateKey.decrypt(c) ⇒ bigint

Paillier private-key decryption

Kind: instance method of PrivateKey
Returns: bigint - - the decryption of c with this private key

ParamTypeDescription
cbigint | stringBase10a (big) number encrypted with the public key

KeyPair : Object

Kind: global typedef
Properties

NameTypeDescription
publicKeyPublicKeya Paillier's public key
privateKeyPrivateKeythe associated Paillier's private key

Keywords

FAQs

Package last updated on 29 May 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc