kyber: go.dedis.ch/kyber/shuffle Index | Files

package shuffle

import "go.dedis.ch/kyber/shuffle"

Package shuffle implements Andrew Neff's verifiable shuffle proof scheme. Neff's shuffle proof algorithm as implemented here is described in the paper "Verifiable Mixing (Shuffling) of ElGamal Pairs", April 2004.

The PairShuffle type implements the general algorithm to prove the correctness of a shuffle of arbitrary ElGamal pairs. This will be the primary API of interest for most applications. For basic usage, the caller should first instantiate a PairShuffle object, then invoke PairShuffle.Init() to initialize the shuffle parameters, and finally invoke PairShuffle.Shuffle() to shuffle a list of ElGamal pairs, yielding a list of re-randomized pairs and a noninteractive proof of its correctness.

The SimpleShuffle type implements Neff's more restrictive "simple shuffle", which requires the prover to know the discrete logarithms of all the individual ElGamal ciphertexts involved in the shuffle. The general PairShuffle builds on this SimpleShuffle scheme, but SimpleShuffle may also be used by itself in situations that satisfy its assumptions, and is more efficient.

Index

Package Files

biffle.go pair.go simple.go

func Biffle Uses

func Biffle(suite Suite, G, H kyber.Point,
    X, Y [2]kyber.Point, rand cipher.Stream) (
    Xbar, Ybar [2]kyber.Point, prover proof.Prover)

Biffle is a binary shuffle ("biffle") for 2 ciphertexts based on general ZKPs.

func BiffleVerifier Uses

func BiffleVerifier(suite Suite, G, H kyber.Point,
    X, Y, Xbar, Ybar [2]kyber.Point) (
    verifier proof.Verifier)

BiffleVerifier returns a verifier of the biffle

func Shuffle Uses

func Shuffle(group kyber.Group, g, h kyber.Point, X, Y []kyber.Point,
    rand cipher.Stream) (XX, YY []kyber.Point, P proof.Prover)

Shuffle randomly shuffles and re-randomizes a set of ElGamal pairs, producing a correctness proof in the process. Returns (Xbar,Ybar), the shuffled and randomized pairs. If g or h is nil, the standard base point is used.

func Verifier Uses

func Verifier(group kyber.Group, g, h kyber.Point,
    X, Y, Xbar, Ybar []kyber.Point) proof.Verifier

Verifier produces a Sigma-protocol verifier to check the correctness of a shuffle.

type PairShuffle Uses

type PairShuffle struct {
    // contains filtered or unexported fields
}

PairShuffle creates a proof of the correctness of a shuffle of a series of ElGamal pairs.

The caller must first invoke Init() to establish the cryptographic parameters for the shuffle: in particular, the relevant cryptographic Group, and the number of ElGamal pairs to be shuffled.

The caller then may either perform its own shuffle, according to a permutation of the caller's choosing, and invoke Prove() to create a proof of its correctness; or alternatively the caller may simply invoke Shuffle() to pick a random permutation, compute the shuffle, and compute the correctness proof.

func (*PairShuffle) Init Uses

func (ps *PairShuffle) Init(grp kyber.Group, k int) *PairShuffle

Init creates a new PairShuffleProof instance for a k-element ElGamal pair shuffle. This protocol follows the ElGamal Pair Shuffle defined in section 4 of Andrew Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004.

func (*PairShuffle) Prove Uses

func (ps *PairShuffle) Prove(
    pi []int, g, h kyber.Point, beta []kyber.Scalar,
    X, Y []kyber.Point, rand cipher.Stream,
    ctx proof.ProverContext) error

Prove returns an error if the shuffle is not correct.

func (*PairShuffle) Verify Uses

func (ps *PairShuffle) Verify(
    g, h kyber.Point, X, Y, Xbar, Ybar []kyber.Point,
    ctx proof.VerifierContext) error

Verify ElGamal Pair Shuffle proofs.

type SimpleShuffle Uses

type SimpleShuffle struct {
    // contains filtered or unexported fields
}

SimpleShuffle is the "Simple k-shuffle" defined in section 3 of Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004.

func (*SimpleShuffle) Init Uses

func (ss *SimpleShuffle) Init(grp kyber.Group, k int) *SimpleShuffle

Init initializes the simple shuffle with the given group and the k parameter from the paper.

func (*SimpleShuffle) Prove Uses

func (ss *SimpleShuffle) Prove(G kyber.Point, gamma kyber.Scalar,
    x, y []kyber.Scalar, rand cipher.Stream,
    ctx proof.ProverContext) error

Prove the "Simple k-shuffle" defined in section 3 of Neff, "Verifiable Mixing (Shuffling) of ElGamal Pairs", 2004. The Scalar vector y must be a permutation of Scalar vector x but with all elements multiplied by common Scalar gamma.

func (*SimpleShuffle) Verify Uses

func (ss *SimpleShuffle) Verify(G, Gamma kyber.Point,
    ctx proof.VerifierContext) error

Verify for Neff simple k-shuffle proofs.

type Suite Uses

type Suite proof.Suite

Suite wraps the functionalities needed by the shuffle/ package. These are the same functionatlities needed by the proof/ package.

Package shuffle imports 6 packages (graph). Updated 2019-11-20. Refresh now. Tools for package owners.