• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/*
2 * Copyright 2019 Google LLC.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     https://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16syntax = "proto3";
17
18package private_join_and_compute.proto;
19
20import "private_join_and_compute/crypto/proto/big_num.proto";
21
22option java_multiple_files = true;
23
24// Public key for Camenisch-Shoup encryption scheme. All the fields are
25// serialized BigNums.
26//
27// n is a strong RSA modulus: n = p * q where p, q are large safe primes.
28// g is a random n^s-th residue mod n^(s+1): g = r^n mod n^(s+1) for a random r.
29// ys[i] = g^xs[i] mod n^(s+1) for a random x, where x is the secret key. We
30// allow multiple ys, thereby enabling encrypting multiple messages in a single
31// ciphertext.
32//
33// To encrypt a batch of  messages ms, where each ms[i] < n^s:
34// u = g^r mod n^(s+1) for a random r;
35// es[i] = (1 + n)^m * ys[i]^r mod n^(s+1);
36// Ciphertext = (u, e).
37message CamenischShoupPublicKey {
38  bytes n = 1;
39  bytes g = 2;
40  // The public key for each component. There will be one secret key in xs for
41  // each ys, and one ciphertext component es (though optionally fewer).
42  BigNumVector ys = 3;
43  // n^(s+1) is the modulus for the scheme. n^s is the message space.
44  uint64 s = 4;
45}
46
47// Secret key for Camenisch-Shoup encryption scheme. All the fields are
48// serialized BigNums.
49//
50// For public key (n, s, g, ys):
51// ys[i] = g^xs[i] mod n^(s+1).
52//
53// To decrypt a ciphertext (u,es):
54// ms[i] = ((es[i]/u^xs[i] - 1) mod n^(s+1)) / n.
55message CamenischShoupPrivateKey {
56  BigNumVector xs = 1;
57}
58
59// Ciphertext of Camenisch-Shoup encryption scheme. All the fields are
60// serialized BigNums.
61//
62// For public key (n, s, g, ys), messages ms, and randomness r:
63// u = g^r mod n^(s+1);
64// es[i] = (1 + n)^ms[i] * ys[i]^r mod n^(s+1).
65message CamenischShoupCiphertext {
66  bytes u = 1;
67  BigNumVector es = 2;
68}