paillier cryptosystem

Author: RadicalRafi

README.md

@@ -0,0 +1,4 @@
+## Gaillier
+
+Gaillier is a Golang implementation of [Paillier Cryptosystem](https://www.wikiwand.com/en/Paillier_cryptosystem)
+

gaillier/gaillier.go

@@ -0,0 +1,141 @@
+/*
+	This package implements a Paillier cryptosystem
+
+	Provides primitives for Public & Private Key Generation /  Encryption / Decryption
+	Provides Functions to operate on the Cyphertext according to Paillier algorithm
+
+	@author: radicalrafi
+	@license: Apache 2.0
+
+*/
+
+package gaillier
+
+import (
+	"crypto/rand"
+	"errors"
+	"io"
+	"math/big"
+)
+
+//Errors definition
+
+/* The Paillier crypto system picks two keys p & q and denotes n = p*q
+Messages have to be in the ring Z/nZ (integers modulo n)
+Therefore a Message can't be bigger than n
+*/
+var ErrLongMessage = errors.New("Gaillier Error #1: Message is too long for The Public-Key Size \n Message should be smaller than Key size you choose")
+
+//constants
+
+var one = big.NewInt(1)
+
+//Key structs
+
+type PubKey struct {
+	KeyLen int
+	N      *big.Int //n = p*q (where p & q are two primes)
+	G      *big.Int //g random integer in Z\*\n^2
+	Nsq    *big.Int //N^2
+}
+
+type PrivKey struct {
+	KeyLen int
+	PubKey
+	L *big.Int //lcm((p-1)*(q-1))
+	U *big.Int //L^-1 modulo n mu = U = (L(g^L mod N^2)^-1)
+}
+
+func GenerateKeyPair(random io.Reader, bits int) (*PubKey, *PrivKey, error) {
+
+	p, err := rand.Prime(random, bits/2)
+
+	if err != nil {
+		return nil, nil, err
+	}
+
+	q, err := rand.Prime(random, bits/2)
+
+	if err != nil {
+		return nil, nil, err
+	}
+
+	//N = p*q
+
+	n := new(big.Int).Mul(p, q)
+
+	nSq := new(big.Int).Mul(n, n)
+
+	g := new(big.Int).Add(n, one)
+
+	//p-1
+	pMin := new(big.Int).Sub(p, one)
+	//q-1
+	qMin := new(big.Int).Sub(q, one)
+	//(p-1)*(q-1)
+	l := new(big.Int).Mul(pMin, qMin)
+	//l^-1 mod n
+	u := new(big.Int).ModInverse(l, n)
+	pub := &PubKey{KeyLen: bits, N: n, Nsq: nSq, G: g}
+	return pub, &PrivKey{PubKey: *pub, KeyLen: bits, L: l, U: u}, nil
+}
+
+/*
+	Encrypt :function to encrypt the message into a paillier cipher text
+	using the following rule :
+	cipher = g^m * r^n mod n^2
+	* r is random integer such as 0 <= r <= n
+	* m is the message
+*/
+func Encrypt(pubkey *PubKey, message []byte) ([]byte, error) {
+
+	r, err := rand.Prime(rand.Reader, pubkey.KeyLen)
+	if err != nil {
+		return nil, err
+	}
+
+	m := new(big.Int).SetBytes(message)
+	if pubkey.N.Cmp(m) < 1 {
+		return nil, ErrLongMessage
+	}
+	//c = g^m * r^nmod n^2
+
+	//g^m
+	gm := new(big.Int).Exp(pubkey.G, m, pubkey.Nsq)
+	//r^n
+	rn := new(big.Int).Exp(r, pubkey.N, pubkey.Nsq)
+	//prod = g^m * r^n
+	prod := new(big.Int).Mul(gm, rn)
+
+	c := new(big.Int).Mod(prod, pubkey.Nsq)
+
+	return c.Bytes(), nil
+}
+
+/*
+	Decrypts a given ciphertext following the rule:
+	m = L(c^lambda mod n^2).mu mod n
+	* lambda : L
+	* mu : U
+
+*/
+func Decrypt(privkey *PrivKey, cipher []byte) ([]byte, error) {
+
+	c := new(big.Int).SetBytes(cipher)
+
+	if privkey.Nsq.Cmp(c) < 1 {
+		return nil, ErrLongMessage
+	}
+
+	//c^l mod n^2
+	a := new(big.Int).Exp(c, privkey.L, privkey.Nsq)
+
+	//L(x) = x-1 / n we compute L(a)
+	l := new(big.Int).Div(new(big.Int).Sub(a, one), privkey.N)
+
+	//computing m
+	m := new(big.Int).Mod(new(big.Int).Mul(l, privkey.U), privkey.N)
+
+	return m.Bytes(), nil
+
+}

gaillier_test.go

@@ -0,0 +1,56 @@
+package main
+
+import (
+	"crypto/rand"
+	"math/big"
+	"testing"
+
+	"github.com/radicalrafi/gomorph/gaillier"
+)
+
+func TestKeyGen(t *testing.T) {
+	puba, priva, err1 := gaillier.GenerateKeyPair(rand.Reader, 1024)
+	pubb, privb, err2 := gaillier.GenerateKeyPair(rand.Reader, 2048)
+	pubc, privc, err3 := gaillier.GenerateKeyPair(rand.Reader, 4096)
+
+	if err1 != nil || err2 != nil || err3 != nil {
+		t.Errorf("Error Generating Keypair :\n Size:1024  %v\nSize:2048  %v\nSize 4096  %v\n", err1, err2, err3)
+	}
+	if puba.KeyLen != 1024 || priva.KeyLen != 1024 {
+		t.Errorf("Error generating correct keypair of size 1024 byte got %d want 1024", puba.KeyLen)
+	}
+	if pubb.KeyLen != 2048 || privb.KeyLen != 2048 {
+		t.Errorf("Error generating correct keypair of size 1024 byte got %d want 2048", puba.KeyLen)
+	}
+	if pubc.KeyLen != 4096 || privc.KeyLen != 4096 {
+		t.Errorf("Error generating correct keypair of size 1024 byte got %d want 4096", puba.KeyLen)
+	}
+
+}
+func TestEncryptDecrypt(t *testing.T) {
+
+	case1 := new(big.Int).SetInt64(9132)
+	case2 := new(big.Int).SetInt64(1492)
+
+	pub, priv, err := gaillier.GenerateKeyPair(rand.Reader, 512)
+
+	if err != nil {
+		t.Errorf("Error Generating Keypair")
+	}
+	encCase1, errCase1 := gaillier.Encrypt(pub, case1.Bytes())
+	encCase2, errCase2 := gaillier.Encrypt(pub, case2.Bytes())
+
+	if errCase1 != nil || errCase2 != nil {
+		t.Errorf("Error encrypting keypair %v \n %v", errCase1, errCase2)
+	}
+
+	d1, errDec1 := gaillier.Decrypt(priv, encCase1)
+	d2, errDec2 := gaillier.Decrypt(priv, encCase2)
+
+	decCase1 := new(big.Int).SetBytes(d1)
+	decCase2 := new(big.Int).SetBytes(d2)
+	if decCase1.Cmp(case1) != 0 || decCase2.Cmp(case2) != 0 {
+		t.Errorf("Error Decrypting the message %v \n %v", errDec1, errDec2)
+	}
+
+}

run.go

@@ -0,0 +1,28 @@
+package main
+
+import (
+	"crypto/rand"
+	"fmt"
+
+	"github.com/radicalrafi/gomorph/gaillier"
+)
+
+func main() {
+
+	os := rand.Reader
+	/*
+		m, n, err := primes.GenPrimes(1024, rand.Reader)
+		fmt.Println(m, n, err)
+
+		if m.ProbablyPrime(1000) == false {
+			fmt.Println("m is not a prime")
+		}
+		fmt.Println(m.BitLen(), n.BitLen())
+	*/
+	a, b, err := gaillier.GenerateKeyPair(os, 1024)
+	fmt.Println(a.G, a.N, b, err)
+	h := []byte{'1', '2', '3'}
+	kp, err := gaillier.Encrypt(a, h)
+	deckp, err := gaillier.Decrypt(b, kp)
+	fmt.Println(string(deckp), err)
+}