/* * Copyright 2019 Google Inc. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef EC_COMMUTATIVE_CIPHER_H_ #define EC_COMMUTATIVE_CIPHER_H_ #include <memory> #include <string> #include "third_party/private-join-and-compute/base/private_join_and_compute_export.h" #include "third_party/private-join-and-compute/src/crypto/big_num.h" #include "third_party/private-join-and-compute/src/crypto/context.h" #include "third_party/private-join-and-compute/src/crypto/ec_group.h" #include "third_party/private-join-and-compute/src/crypto/ec_point.h" #include "third_party/private-join-and-compute/src/util/status.inc" namespace private_join_and_compute { // ECCommutativeCipher class with the property that K1(K2(a)) = K2(K1(a)) // where K(a) is encryption with the key K. https://eprint.iacr.org/2008/356.pdf // // This class allows two parties to determine if they share the same value, // without revealing the sensitive value to each other. // // This class also allows homomorphically re-encrypting an ElGamal ciphertext // with an EC cipher key K. If the original ciphertext was an encryption of m, // then the re-encrypted ciphertext is effectively an encryption of K(m). This // re-encryption does not re-randomize the ciphertext, and so is only secure // when the underlying messages "m" are pseudorandom. // // The encryption is performed over an elliptic curve. // // This class is not thread-safe. // // Security: The provided bit security is half the number of bits of the // underlying curve. For example, using curve NID_secp224r1 gives 112 bit // security. // // Example: To generate a cipher with a new private key for the named curve // NID_secp224r1. The key can be securely stored and reused. // #include <openssl/obj_mac.h> // std::unique_ptr<ECCommutativeCipher> cipher = // ECCommutativeCipher::CreateWithNewKey( // NID_secp224r1, ECCommutativeCipher::HashType::SHA256); // string key_bytes = cipher->GetPrivateKeyBytes(); // // Example: To generate a cipher with an existing private key for the named // curve NID_secp224r1. // #include <openssl/obj_mac.h> // std::unique_ptr<ECCommutativeCipher> cipher = // ECCommutativeCipher::CreateFromKey( // NID_secp224r1, key_bytes, ECCommutativeCipher::HashType::SHA256); // // Example: To encrypt a message using a std::unique_ptr<ECCommutativeCipher> // cipher generated as above. // string encrypted_string = cipher->Encrypt("secret"); // // Example: To re-encrypt a message already encrypted by another party using a // std::unique_ptr<ECCommutativeCipher> cipher generated as above. // ::private_join_and_compute::StatusOr<string> double_encrypted_string = // cipher->ReEncrypt(encrypted_string); // // Example: To decrypt a message that has already been encrypted by the same // party using a std::unique_ptr<ECCommutativeCipher> cipher generated as // above. // ::private_join_and_compute::StatusOr<string> decrypted_string = // cipher->Decrypt(encrypted_string); // // Example: To re-encrypt a message that has already been encrypted using a // std::unique_ptr<CommutativeElGamal> ElGamal key: // ::private_join_and_compute::StatusOr<std::pair<string, string>> double_encrypted_string = // cipher->ReEncryptElGamalCiphertext(elgamal_ciphertext); class PRIVATE_COMPUTE_EXPORT ECCommutativeCipher { … }; } // namespace private_join_and_compute #endif // EC_COMMUTATIVE_CIPHER_H_
Codebase Browser
chromium