paillierp.key
Class PaillierKey

java.lang.Object
  paillierp.key.PaillierKey

All Implemented Interfaces:

java.io.Serializable

Direct Known Subclasses:

PaillierPrivateKey, PaillierThresholdKey

public class PaillierKey
extends java.lang.Object
implements java.io.Serializable

A simple public key for the generalized Paillier cryptosystem CS₁. This public key is intended to be extended for other private keys and for the Paillier Threshold scheme with the degree s to be fixed as 1.

The public key for the generalized Paillier cryptosystem CS_s constructed in Damgård et al. requires an n and g as defined as follows:

• n is an admissible RSA modulus, that is, the product of two odd primes p, q where p and q are of equal size, and p≠q. Ideally, gcd(n,φ(n))=1.
• g is an element of the multiplicative group Z^*_n^s+1 such that g=(1+n)^jx mod n^s+1 for some j relatively prime to n and x ∈ Z^*_n.

According to the paper, the choice of g does not affect the semantic security of the system. Further, to fix g would be sufficient and efficient. Following this simplification in the paper, we will choose g=n+1 always; hence in determining g, we fix j,x=1.

In this implementation, the user only chooses the n as the g is fixed. He can supply either the two primes or n itself, trusting that it a RSA modulus.

In addition, in this implementation the key also carries a random number generator with it. This is to facilitate the choosing of random numbers modulo n. The user has full freedom to change the random number generator to be as secure (or insecure) as one chooses.

Version:

1.0 03/25/10

Author:

James Garrity, Sean Hall

See Also:

Serialized Form

Field Summary

protected int	k Bit size of n.
protected static int	MAX_KEY_SIZE Maximum number of bits allowed for keysize.
protected java.math.BigInteger	n The modulus n, an RSA number.
protected java.math.BigInteger	nPlusOne Cached (n+1) to help encryption.
protected java.math.BigInteger	ns The cached value of ns.
protected java.math.BigInteger	nSPlusOne Cached value of ns+1.
protected java.util.Random	rnd Random number generator.
private static long	serialVersionUID This Serial ID

Constructor Summary

PaillierKey(java.math.BigInteger p, java.math.BigInteger q, long seed)
Creates a new public key from a given two odd primes p and q.

PaillierKey(java.math.BigInteger n, long seed)
Creates a new public key when given the modulus n.

PaillierKey(java.math.BigInteger n, java.util.Random rnd)
Creates a new public key when given the modulus n and a specified random number generator.

PaillierKey(byte[] b, long seed)
Creates a new private key using a byte encoding of a key.

Method Summary

boolean	canEncrypt() Describes if this key can be used to encrypt.
int	getK() Returns the size of n in bits.
java.math.BigInteger	getN() Returns the modulus n, which in essence is the public key.
java.math.BigInteger	getNPlusOne() Returns the cached value of n+1.
java.math.BigInteger	getNS() Returns the cached value of ns, to be used frequently in calculations.
java.math.BigInteger	getNSPlusOne() Returns the cached value of ns+1, to be used frequently in calculations.
PaillierKey	getPublicKey() Returns the simple public key.
java.math.BigInteger	getRandomModN() A special random number generator to find r in Zn.
java.math.BigInteger	getRandomModNSPlusOneStar() A special random number generator to find r in Z*n2.
java.math.BigInteger	getRandomModNStar() A special random number generator to find r in Z*n.
java.util.Random	getRnd() Returns the random number generator used for this key.
boolean	inModN(java.math.BigInteger a) Checks if a given number is in Zn.
static boolean	inModN(java.math.BigInteger a, java.math.BigInteger n) Checks if a given number is in Zn.
boolean	inModNS(java.math.BigInteger a) Checks if a given number is in Zns.
boolean	inModNSPlusOne(java.math.BigInteger a) Checks if a given number is in Zn2.
boolean	inModNSPlusOneStar(java.math.BigInteger a) Checks if a given number is in Z*n2.
boolean	inModNStar(java.math.BigInteger a) Checks if a given number is in Z*n.
static boolean	inModNStar(java.math.BigInteger a, java.math.BigInteger n) Checks if a given number is in Z*n.
boolean	isCiphertext(java.math.BigInteger c) Checks to see if c is a valid ciphertext, that is if it is in Zns+1.
boolean	isPlaintext(java.math.BigInteger m) Checks to see if m is a valid plaintext, that is if it is in Zns.
void	setRnd(long seed) Resets the random number generator for this key to be a SecureRandom random number generator, using the specified seed to help create it.
void	setRnd(java.util.Random rnd) Replaces the random number generator with a user-specified generator.
byte[]	toByteArray() Encodes this key into a byte array.
void	updateRnd() Resets the random number generator for this key, using a generated random number as the seed.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

serialVersionUID

private static final long serialVersionUID

This Serial ID

See Also:

Constant Field Values

n

protected java.math.BigInteger n

The modulus n, an RSA number.

ns

protected java.math.BigInteger ns

The cached value of n^s.

nSPlusOne

protected java.math.BigInteger nSPlusOne

Cached value of n^s+1.

nPlusOne

protected java.math.BigInteger nPlusOne

Cached (n+1) to help encryption. This is our value g, always set to n+1 for simplicity.

rnd

protected java.util.Random rnd

Random number generator.

k

protected int k

Bit size of n.

MAX_KEY_SIZE

protected static final int MAX_KEY_SIZE

Maximum number of bits allowed for keysize.

See Also:

Constant Field Values

Constructor Detail

PaillierKey

public PaillierKey(java.math.BigInteger n,
                   java.util.Random rnd)

Creates a new public key when given the modulus n and a specified random number generator.

Parameters:

n - a RSA modulus. That is, the product of two different odd primes

rnd - a specified random number generator

PaillierKey

public PaillierKey(java.math.BigInteger n,
                   long seed)

Creates a new public key when given the modulus n. This constructor will use the seed to create the public key with a SecureRandom random number generator.

Parameters:

n - a RSA modulus. That is, the product of two different odd primes.

seed - a long integer needed to start a random number generator

PaillierKey

public PaillierKey(java.math.BigInteger p,
                   java.math.BigInteger q,
                   long seed)

Creates a new public key from a given two odd primes p and q. This constructor will use the seed to create the public key with a SecureRandom random number generator.

Parameters:

p - an odd prime

q - another odd prime different from p

seed - a long integer needed to start a random number generator

PaillierKey

public PaillierKey(byte[] b,
                   long seed)

Creates a new private key using a byte encoding of a key.

Parameters:

b - Byte array of the necessary values of this private key

seed - a long integer needed to start a random number generator

See Also:

toByteArray()

Method Detail

getPublicKey

public PaillierKey getPublicKey()

Returns the simple public key. This is particularly for those with private keys wishing to return only the public key associated with the private key.

Returns:

the Paillier public key corresponding to this key

canEncrypt

public boolean canEncrypt()

Describes if this key can be used to encrypt. This method can be used to differentiate between a public and private key.

Returns:

'true' if it can encrypt

getN

public java.math.BigInteger getN()

Returns the modulus n, which in essence is the public key.

Returns:

the RSA modulus used in this public key

getNS

public java.math.BigInteger getNS()

Returns the cached value of n^s, to be used frequently in calculations.

Returns:

the RSA modulus to the s power

getNSPlusOne

public java.math.BigInteger getNSPlusOne()

Returns the cached value of n^s+1, to be used frequently in calculations.

Returns:

the square of the RSA modulus used in this key

getNPlusOne

public java.math.BigInteger getNPlusOne()

Returns the cached value of n+1. This is our value g, chosen always to be n+1 for simplicity.

Returns:

the value g associate with this public key; fixed here to always be n+1

getRnd

public java.util.Random getRnd()

Returns the random number generator used for this key.

Returns:

the random number generator

updateRnd

public void updateRnd()

Resets the random number generator for this key, using a generated random number as the seed.

setRnd

public void setRnd(long seed)

Resets the random number generator for this key to be a SecureRandom random number generator, using the specified seed to help create it.

Parameters:

seed - a long integer needed to start a new random number generator

setRnd

public void setRnd(java.util.Random rnd)

Replaces the random number generator with a user-specified generator.

Parameters:

rnd - a specified random number generator

getK

public int getK()

Returns the size of n in bits.

Returns:

the size of the modulus n

inModN

public static boolean inModN(java.math.BigInteger a,
                             java.math.BigInteger n)

Checks if a given number is in Z_n.

Parameters:

a - the BigInteger to be checked

n - the BigInteger modulus

Returns:

'true' iff a is non-negative and less than n

inModNStar

public static boolean inModNStar(java.math.BigInteger a,
                                 java.math.BigInteger n)

Checks if a given number is in Z^*n.

Parameters:

a - the BigInteger we are checking

Returns:

'true' iff a is non-negative, less than n, and relatively prime to n

getRandomModN

public java.math.BigInteger getRandomModN()

A special random number generator to find r in Z_n.

Returns:

a random integer less than n

getRandomModNStar

public java.math.BigInteger getRandomModNStar()

A special random number generator to find r in Z^*_n. In the Paillier cryptosystem, this is used to generate the random number for encryption.

Returns:

a random integer less than n and relatively prime to n

getRandomModNSPlusOneStar

public java.math.BigInteger getRandomModNSPlusOneStar()

A special random number generator to find r in Z^*_n². In the Paillier cryptosystem (threshold and generalized), this is used to generate a random ciphertext for proving multiplication, decryption, and decryption.

Returns:

a random integer less than n² and relatively prime to n²

inModNStar

public boolean inModNStar(java.math.BigInteger a)

Checks if a given number is in Z^*_n. In the Paillier cryptosystem, the random number must be in this multiplicative group.

Parameters:

a - the BigInteger we are checking

Returns:

'true' iff a is non-negative, less than n, and relatively prime to n

inModNSPlusOneStar

public boolean inModNSPlusOneStar(java.math.BigInteger a)

Checks if a given number is in Z^*_n². In the Paillier cryptosystem, the ciphertext must be in this multiplicative group.

Parameters:

a - the BigInteger we are checking

Returns:

'true' iff a is non-negative, less than n, and relatively prime to n²

inModN

public boolean inModN(java.math.BigInteger a)

Checks if a given number is in Z_n.

Parameters:

a - the BigInteger to be checked

Returns:

'true' iff a is non-negative and less than n

inModNS

public boolean inModNS(java.math.BigInteger a)

Checks if a given number is in Z_n^s. In the Paillier cryptosystem, messages to be encrypted must be in mod n^s.

Parameters:

a - the BigInteger to be checked

Returns:

'true' iff a is non-negative and less than n^s

isPlaintext

public boolean isPlaintext(java.math.BigInteger m)

Checks to see if m is a valid plaintext, that is if it is in Z_n^s.

Parameters:

m - the plaintext in question

Returns:

'true' iff m is non-negative and less than n^s

inModNSPlusOne

public boolean inModNSPlusOne(java.math.BigInteger a)

Checks if a given number is in Z_n². In the Paillier cryptosystem, ciphertext must be in mod n².

Parameters:

a - the BigInteger to be checked

Returns:

'true' iff a is non-negative and less than n.

isCiphertext

public boolean isCiphertext(java.math.BigInteger c)

Checks to see if c is a valid ciphertext, that is if it is in Z_n^s+1.

Parameters:

c - the ciphertext in question

Returns:

'true' iff c is non-negative and less than n^s+1

toByteArray

public byte[] toByteArray()

Encodes this key into a byte array. As this is a public key, the public modulo n will be encoded. The size of n is not recorded.

Returns:

a byte array containing the most necessary values of this key.

See Also:

PaillierKey(byte[], long), BigInteger.toByteArray()