paillierp
Class PaillierThreshold

java.lang.Object
  paillierp.AbstractPaillier
      paillierp.PaillierThreshold

public class PaillierThreshold
extends AbstractPaillier

A simple implementation of the threshold Paillier encryption scheme CS₁. This is based on the scheme given in Generalization of Paillier's Public-Key System with Applications to Electronic Voting by Damgård et al. with the parameter s fixed at 1.

With most of the methods already defined in AbstractPaillier, this class provides the essential methods of encryption and decryption in the threshold Paillier encryption scheme, as well as a few test/diagnostic methods.

Threshold Paillier Encryption Scheme

The Paillier encryption scheme is a probabilistic asymmetric encryption scheme with homomorphic properties for both addition and multiplication. It takes plaintext i less than n to compute the encryption E(i,r) for a random r. Damgård et al. constructed an extension of their generalized scheme to allow thresholding, a property which generates a set of l private keys instead of one, of which w≥l/2 private keys must cooperate in decrypting a ciphertext to generate a valid plaintext.

The Math: The threshold Paillier encryption scheme takes a PaillierKey n to encrypt a plaintext i in Z_n^s by choosing a random r∈Z_n^* by simply computing (n+1)ⁱrⁿ mod n^s+1. If decryption server i is given a PaillierPrivateThresholdKey s_i, raising a ciphertext c to the power 2Δs_i (where Δ=l!)to produce a partial decryption c_i. Working with at least w-1 other decryption servers, each obtains a list of at least w partial decryptions. By raising partial decryption c_i to the exponent 2λ_0,i then multiplying each ciphertext together, we arrive at the value c'=c^4Δ2d. This is possible because the key generation used a polynomial f of degree w where f(0) = d. By using the Lagrange method for interpolating values of a polynomial, we need at least w points to find d. Using the method devised in the paper, we can use c'get the original message m mod n^s.

Note that the value d is kept secret in the decryption of any message. Only when one has w secret keys s_i can one construct a method to find d. Otherwise, during the decryption process, d is hidden as an exponent. Note also that the random number generator is included in the key object. (The default is SecureRandom.)

Future expansions will include support for encrypting arbitrary length strings/byte arrays to avoid padding issues, and support for padding.

Author:

Murat Kantarcioglu, Sean Hall, James Garrity

See Also:

AbstractPaillier

Field Summary

protected PaillierPrivateThresholdKey

deckey Private Key allowing decryption; should be same as public key.

Fields inherited from class paillierp.AbstractPaillier

decryptMode, encryptMode, key, notReadyForDecryption, notReadyForEncryption

Constructor Summary

PaillierThreshold()
Default constructor.

PaillierThreshold(PaillierKey key)
Constructs a new encryption object which uses the specified key for encryption.

PaillierThreshold(PaillierPrivateThresholdKey key)
Constructs a new encryption/decryption object which uses the specified key for both encryption and decryption.

PaillierThreshold(PaillierThresholdKey key)
Constructs a new encryption object which uses the specified key for encryption.

Method Summary

java.math.BigInteger	combineShares(DecryptionZKP... shares) This function combines the shares of the decryption to get the final decryption, all the while checking to make sure that each ZKP proves a good partial decryption of the correct ciphertext.
java.math.BigInteger	combineShares(PartialDecryption... shares) This function combines the shares of the decryption to get the final decryption, assumes that the shares are valid.
PartialDecryption	decrypt(java.math.BigInteger c) Partially decrypts the given ciphertext c < n2 using the share of the private key.
java.math.BigInteger	decryptOnly(java.math.BigInteger c) Partially decrypts the given ciphertext c < n2 using the share of the private key.
DecryptionZKP	decryptProof(java.math.BigInteger c) Partially decrypts the given ciphertext c < n2 using the share of the private key.
PaillierPrivateThresholdKey	getPrivateKey() The private key for the Paillier system with thresholding is the RSA modulo n and the secret share si
PaillierThresholdKey	getPublicThresholdKey() The public key of the Paillier threshold system, which includes the values n and the public values v and {vi}.
void	setDecryptEncrypt(PaillierPrivateThresholdKey key) Sets the mode for this object to decrypt and encrypt using the provided key.
(package private) void	setDecryption(PaillierPrivateThresholdKey key) Sets the mode for this object to decrypt and will use the provided key to decrypt only.
(package private) void	setEncryption(PaillierKey key) Sets the mode for this object to encrypt and will use the provided key to encrypt messages.
(package private) void	setEncryption(PaillierThresholdKey key) Sets the mode for this object to encrypt and will use the provided key to encrypt messages.

Methods inherited from class paillierp.AbstractPaillier

add, add, encrypt, encrypt, encrypt, encrypt, encrypt, encryptone, encryptProof, encryptzero, getPublicKey, multiply, multiply, multiply, multiplyProof, randomize, randomize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

deckey

protected PaillierPrivateThresholdKey deckey

Private Key allowing decryption; should be same as public key.

Constructor Detail

PaillierThreshold

public PaillierThreshold()

Default constructor. This constructor can be used if there is no need to generate public/private key pair.

PaillierThreshold

public PaillierThreshold(PaillierThresholdKey key)

Constructs a new encryption object which uses the specified key for encryption.

Parameters:

key - Public key used for encryption

PaillierThreshold

public PaillierThreshold(PaillierPrivateThresholdKey key)

Constructs a new encryption/decryption object which uses the specified key for both encryption and decryption.

Parameters:

key - Private key used for decryption and encryption

PaillierThreshold

public PaillierThreshold(PaillierKey key)

Constructs a new encryption object which uses the specified key for encryption.

Parameters:

key - Public key used for encryption

Method Detail

setEncryption

void setEncryption(PaillierKey key)

Sets the mode for this object to encrypt and will use the provided key to encrypt messages.

Parameters:

key - Public key which this class will use to encrypt

setEncryption

void setEncryption(PaillierThresholdKey key)

Sets the mode for this object to encrypt and will use the provided key to encrypt messages.

Parameters:

key - Public key which this class will use to encrypt

setDecryption

void setDecryption(PaillierPrivateThresholdKey key)

Sets the mode for this object to decrypt and will use the provided key to decrypt only. (Encryption will continue to be done using the key provided in setEncryption(PaillierKey).)

Parameters:

key - Private key which this class will use to decrypt

setDecryptEncrypt

public void setDecryptEncrypt(PaillierPrivateThresholdKey key)

Sets the mode for this object to decrypt and encrypt using the provided key.

Parameters:

key - Private key which this class will use to encrypt and decrypt

getPublicThresholdKey

public PaillierThresholdKey getPublicThresholdKey()

The public key of the Paillier threshold system, which includes the values n and the public values v and {v_i}. This object must already be in decrypt mode to return these values.

Returns:

The public key n and public values

getPrivateKey

public PaillierPrivateThresholdKey getPrivateKey()

The private key for the Paillier system with thresholding is the RSA modulo n and the secret share s_i

Returns:

The private key; null if not in decrypt mode

decryptOnly

public java.math.BigInteger decryptOnly(java.math.BigInteger c)

Partially decrypts the given ciphertext c < n² using the share of the private key. Returns only the decrypted value with no ID attached.

Parameters:

c - ciphertext as BigInteger

Returns:

the decrypted share c_i

decrypt

public PartialDecryption decrypt(java.math.BigInteger c)

Partially decrypts the given ciphertext c < n² using the share of the private key.

Parameters:

c - ciphertext as BigInteger

Returns:

the decrypted share c_i

decryptProof

public DecryptionZKP decryptProof(java.math.BigInteger c)

Partially decrypts the given ciphertext c < n² using the share of the private key. This then gives a non-interactive Zero Knowledge Proof that the partial decryption is truly this share's contribution to the decryption of c.

Parameters:

c - ciphertext as BigInteger

Returns:

the decrypted share c_i

combineShares

public java.math.BigInteger combineShares(PartialDecryption... shares)

This function combines the shares of the decryption to get the final decryption, assumes that the shares are valid.

Parameters:

shares - a collection of at least w partial decryptions of the same ciphertext

Returns:

the decrypted value combined using the shares.

combineShares

public java.math.BigInteger combineShares(DecryptionZKP... shares)

This function combines the shares of the decryption to get the final decryption, all the while checking to make sure that each ZKP proves a good partial decryption of the correct ciphertext.

Parameters:

shares - a collection of at least w partial decryptions (with ZKP) of the same ciphertext

Returns:

the decrypted value combined using the shares.