3 unstable releases

0.2.0 Sep 16, 2021
0.1.1 Sep 25, 2020
0.1.0 Sep 22, 2020

#1265 in Cryptography


Used in 5 crates (via nash-mpc)

MIT license

73KB
1.5K SLoC

Note: Nash is not the original creator of this repository. Several organizations have forked it. Our fork provides abstractions that work over arbitrary BigInt representation.

Paillier

Build Status Latest version License: MIT/Apache2

Efficient pure-Rust library for the Paillier partially homomorphic encryption scheme, offering also packed encoding for encrypting several values together as well as several zero-knowledge proofs related to typical use-cases. Supports several underlying arbitrary precision libraries, including RAMP and GMP.

Several companies have invested resources in the development of this library, including Snips who implemented the original version for use in their privacy-preserving analytics system, and KZen networks who contributed with implementations of many zero-knowledge proofs. See contributions below for more details.

Important: while we have followed recommendations regarding the scheme itself, some parts of this library have not yet been harden against non-cryptographic attacks such as side-channel attacks.

extern crate paillier;
use paillier::*;

fn main() {

  // generate a fresh keypair and extract encryption and decryption keys
  let (ek, dk) = Paillier::keypair().keys();

  // encrypt four values
  let c1 = Paillier::encrypt(&ek, 10);
  let c2 = Paillier::encrypt(&ek, 20);
  let c3 = Paillier::encrypt(&ek, 30);
  let c4 = Paillier::encrypt(&ek, 40);

  // add all of them together
  let c = Paillier::add(&ek,
    &Paillier::add(&ek, &c1, &c2),
    &Paillier::add(&ek, &c3, &c4)
  );

  // multiply the sum by 2
  let d = Paillier::mul(&ek, &c, 2);

  // decrypt final result
  let m: u64 = Paillier::decrypt(&dk, &d);
  println!("decrypted total sum is {}", m);

}

Installation

Some features are optional yet currently included by default. See Features below for more details. Note that the nightly toolchain is currently needed to build the library.

Using cargo

[dependencies]
paillier = { version="0.2" }

From source

git clone https://github.com/mortendahl/rust-paillier
cd rust-paillier
cargo build --release

Features

The library supports the following features. The default compilation is equivalent to

cargo build --release --no-default-features --features "usegmp keygen proofs"

using GMP and including both key generation and zero-knowledge proofs.

Underlying arithmetic

The choice of underlying arithmetic library may be changed using features usegmp (default) and useramp. GMP generally offers slightly better performance but may be unavailable on some platforms or for some applications. Note that useramp does currently not support proofs, i.e. features useramp and proofs cannot be used together.

Key generation

Key generation feature keygen is included by default but if unneeded may safely be excluded to avoid extra dependencies.

extern crate paillier;
use paillier::*;

fn main() {

  // generate a fresh keypair and extract encryption and decryption keys
  let (ek, dk) = Paillier::keypair().keys();

  ...

}

Zero-knowledge proofs

Feature proofs includes various zero-knowledge proofs related to the typical use of Paillier encryption. Turned on by default but may safely be excluded if unneeded.

Benchmarks

Several benches are included, testing both the underlying arithmetic libraries as well as the operations of the scheme. All may be run using

cargo bench

and including either several arithmetic libraries and key generation as discussed above.

License

Forked from snipsco/rust-paillier with additional functionality. Licensed under either of

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Contributions

Several people have had a significant impact in the development of this library (in alphabetical order):

and several companies have invested resources:

  • Snips sponsored implementation of the original version
  • KZen networks sponsored extension of many zero-knowledge proofs

Reported uses

Dependencies

~1.8–2.9MB
~59K SLoC