Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
paillier-bigint
Advanced tools
An implementation of the Paillier cryptosystem using native JS (ECMA 2020) implementation of BigInt
An implementation of the Paillier cryptosystem relying on the native JS implementation of BigInt.
It can be used by any Web Browser or webview supporting BigInt and with Node.js (>=10.4.0). In the latter case, for multi-threaded primality tests, you should use Node.js v11 or newer or enable at runtime with node --experimental-worker
with Node.js version >= 10.5.0 and < 11.
The operations supported on BigInts are not constant time. BigInt can be therefore unsuitable for use in cryptography. Many platforms provide native support for cryptography, such as Web Cryptography API or Node.js Crypto.
The Paillier cryptosystem, named after and invented by Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. A notable feature of the Paillier cryptosystem is its homomorphic properties.
The product of two ciphertexts will decrypt to the sum of their corresponding plaintexts,
D( E(m1) · E(m2) ) mod n2 = m1 + m2 mod n
The product of a ciphertext with a plaintext raising g will decrypt to the sum of the corresponding plaintexts,
D( E(m1) · gm2 ) mod n2 = m1 + m2 mod n
An encrypted plaintext raised to the power of another plaintext will decrypt to the product of the two plaintexts,
D( E(m1)m2 mod n2 ) = m1 · m2 mod n,
D( E(m2)m1 mod n2 ) = m1 · m2 mod n.
More generally, an encrypted plaintext raised to a constant k will decrypt to the product of the plaintext and the constant,
D( E(m1)k mod n2 ) = k · m1 mod n.
However, given the Paillier encryptions of two messages there is no known way to compute an encryption of the product of these messages without knowing the private key.
n
, or keyLength
in bits.p
and q
randomly and independently of each other such that gcd( p·q, (p-1)(q-1) )=1
and n=p·q
has a key length of keyLength. For instance:
p
with a bit length of keyLength/2 + 1
.q
with a bit length of keyLength/2
.n=p·q
is keyLength
.λ
, g
and μ
. Among other ways, it can be done as follows:
λ = lcm(p-1, q-1)
with lcm(a, b) = a·b / gcd(a, b)
.α
and β
in Z*
of n
, and select generator g
in Z*
of n**2
as g = ( α·n + 1 ) β**n mod n**2
.μ = ( L( g^λ mod n**2 ) )**(-1) mod n
where L(x)=(x-1)/n
.λ = (p-1, q-1)
g = n+1
μ = λ**(-1) mod n
The public (encryption) key is (n, g).
The private (decryption) key is (λ, μ).
Let m
in [0, n)
be the clear-text message,
Select random integer r
in Z*
of n
.
Compute ciphertext as: c = g**m · r**n mod n**2
Let c
be the ciphertext to decrypt, where c
in (0, n**2)
.
m = L( c**λ mod n**2 ) · μ mod n
paillier-bigint
can be imported to your project with npm
:
npm install paillier-bigint
Then either require (Node.js CJS):
const paillierBigint = require('paillier-bigint')
or import (JavaScript ES module):
import * as paillierBigint from 'paillier-bigint'
The appropriate version for browser or node is automatically exported.
You can also download the IIFE bundle, the ESM bundle or the UMD bundle and manually add it to your project, or, if you have already imported paillier-bigint
to your project, just get the bundles from node_modules/paillier-bigint/dist/bundles/
.
An example of usage could be:
async function paillierTest () {
// (asynchronous) creation of a random private, public key pair for the Paillier cryptosystem
const { publicKey, privateKey } = await paillierBigint.generateRandomKeys(3072)
// Optionally, you can create your public/private keys from known parameters
// const publicKey = new paillierBigint.PublicKey(n, g)
// const privateKey = new paillierBigint.PrivateKey(lambda, mu, publicKey)
const m1 = 12345678901234567890n
const m2 = 5n
// encryption/decryption
const c1 = publicKey.encrypt(m1)
console.log(privateKey.decrypt(c1)) // 12345678901234567890n
// homomorphic addition of two ciphertexts (encrypted numbers)
const c2 = publicKey.encrypt(m2)
const encryptedSum = publicKey.addition(c1, c2)
console.log(privateKey.decrypt(encryptedSum)) // m1 + m2 = 12345678901234567895n
// multiplication by k
const k = 10n
const encryptedMul = publicKey.multiply(c1, k)
console.log(privateKey.decrypt(encryptedMul)) // k · m1 = 123456789012345678900n
}
paillierTest()
Consider using bigint-conversion if you need to convert from/to bigint to/from unicode text, hex, buffer.
FAQs
An implementation of the Paillier cryptosystem using native JS (ECMA 2020) implementation of BigInt
The npm package paillier-bigint receives a total of 17,604 weekly downloads. As such, paillier-bigint popularity was classified as popular.
We found that paillier-bigint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.