pub struct VerifiableDecryption<G: Group> { /* private fields */ }
Expand description

Verifiable decryption for a certain Ciphertext in the ElGamal encryption scheme. Usable both for standalone proofs and in threshold encryption.

§Construction

Decryption is represented by a single group element – the result of combining a SecretKey scalar x with the random element of the ciphertext R (i.e., D = [x]R, the Diffie – Hellman construction). This element can retrieved using Self::as_element() and applied to a ciphertext using Self::decrypt() or Self::decrypt_to_element().

The decryption can be proven with the help of a standard LogEqualityProof. Indeed, to prove the validity of decryption, it is sufficient to prove dlog_R(D) = dlog_G(K), where G is the conventional group generator and K = [x]G is the public key for encryption.

§Examples

VerifiableDecryption can be used either within the threshold encryption scheme provided by the sharing module, or independently (for example, if another approach to secret sharing is used, or if the encryption key is not shared at all). An example of standalone usage is outlined below:

let mut rng = thread_rng();
let keys = Keypair::<Ristretto>::generate(&mut rng);
// Suppose the `keys` holder wants to prove decryption
// of the following ciphertext:
let ciphertext = keys.public().encrypt(42_u64, &mut rng);
let (decryption, proof) = VerifiableDecryption::new(
    ciphertext,
    &keys,
    &mut Transcript::new(b"decryption"),
    &mut rng,
);

// This proof can then be universally verified:
let candidate_decryption = CandidateDecryption::from(decryption);
let decryption = candidate_decryption.verify(
    ciphertext,
    keys.public(),
    &proof,
    &mut Transcript::new(b"decryption"),
)?;
assert_eq!(
    decryption.decrypt(ciphertext, &DiscreteLogTable::new(0..50)),
    Some(42)
);

Implementations§

source§

impl<G: Group> VerifiableDecryption<G>

source

pub fn new<R: CryptoRng + RngCore>( ciphertext: Ciphertext<G>, keys: &Keypair<G>, transcript: &mut Transcript, rng: &mut R ) -> (Self, LogEqualityProof<G>)

Creates a decryption for the specified ciphertext under keys together with a zero-knowledge proof of validity.

See CandidateDecryption::verify() for the verification counterpart.

source

pub fn as_element(&self) -> &G::Element

Returns the group element encapsulated in this decryption.

source

pub fn to_bytes(self) -> Vec<u8>

Serializes this decryption into bytes.

source

pub fn decrypt_to_element(&self, encrypted: Ciphertext<G>) -> G::Element

Decrypts the provided ciphertext and returns the produced group element.

As the ciphertext does not include a MAC or another way to assert integrity, this operation cannot fail. If the ciphertext is not produced properly (e.g., it targets another receiver), the returned group element will be garbage.

source

pub fn decrypt( &self, encrypted: Ciphertext<G>, lookup_table: &DiscreteLogTable<G> ) -> Option<u64>

Decrypts the provided ciphertext and returns the original encrypted value.

lookup_table is used to find encrypted values based on the original decrypted group element. That is, it must contain all valid plaintext values. If the value is not in the table, this method will return None.

Trait Implementations§

source§

impl<G: Clone + Group> Clone for VerifiableDecryption<G>
where G::Element: Clone,

source§

fn clone(&self) -> VerifiableDecryption<G>

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl<G: Debug + Group> Debug for VerifiableDecryption<G>
where G::Element: Debug,

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'de, G: Group> Deserialize<'de> for VerifiableDecryption<G>

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl<G: Group> From<VerifiableDecryption<G>> for CandidateDecryption<G>

source§

fn from(decryption: VerifiableDecryption<G>) -> Self

Converts to this type from the input type.
source§

impl<G: Group> Serialize for VerifiableDecryption<G>

source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
source§

impl<G: Copy + Group> Copy for VerifiableDecryption<G>
where G::Element: Copy,

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,