threshold-elgamal 0.1.0

package/src/elgamal.test.ts

@@ -0,0 +1,42 @@
+import { describe, it, expect } from 'vitest';
+
+import { GROUPS } from './constants';
+import { generateParameters, encrypt, decrypt } from './elgamal';
+import { multiplyEncryptedValues } from './utils';
+
+describe('ElGamal: ', () => {
+    Object.entries(GROUPS).forEach(([groupName, groupInfo]) => {
+        const { primeBits, prime, generator } = groupInfo;
+        const { publicKey, privateKey } = generateParameters(primeBits);
+
+        it(`${primeBits}-bit encryption and decryption using ${groupName}`, () => {
+            const secret = 42;
+            const encryptedMessage = encrypt(
+                secret,
+                prime,
+                generator,
+                publicKey,
+            );
+            const decryptedMessage = decrypt(
+                encryptedMessage,
+                prime,
+                privateKey,
+            );
+
+            expect(decryptedMessage).toBe(secret);
+        });
+
+        it('homomorphic multiplication', () => {
+            const m1 = 12;
+            const m2 = 13;
+            const m1m2 = m1 * m2;
+
+            const e1 = encrypt(m1, prime, generator, publicKey);
+            const e2 = encrypt(m2, prime, generator, publicKey);
+            const e1e2 = multiplyEncryptedValues(e1, e2, prime);
+            const decryptedMessage = decrypt(e1e2, prime, privateKey);
+
+            expect(decryptedMessage).toBe(m1m2);
+        });
+    });
+});

package/src/elgamal.ts

@@ -0,0 +1,85 @@
+import { modPow, modInv } from 'bigint-mod-arith';
+
+import { GROUPS } from './constants';
+import type { EncryptedMessage, Parameters } from './types';
+import { getRandomBigIntegerInRange } from './utils';
+
+/**
+ * Generates the parameters for the ElGamal encryption, including the prime, generator,
+ * and key pair (public and private keys).
+ *
+ * @param {2048 | 3072 | 4096} primeBits - The bit length for the prime number. Supports 2048, 3072, or 4096 bits.
+ * @returns {Parameters} The generated parameters including the prime, generator, publicKey, and privateKey.
+ */
+export const generateParameters = (
+    primeBits: 2048 | 3072 | 4096 = 2048,
+): Parameters => {
+    let prime: bigint;
+    let generator: bigint;
+
+    switch (primeBits) {
+        case 2048:
+            prime = BigInt(GROUPS.ffdhe2048.prime);
+            generator = BigInt(GROUPS.ffdhe2048.generator);
+            break;
+        case 3072:
+            prime = BigInt(GROUPS.ffdhe3072.prime);
+            generator = BigInt(GROUPS.ffdhe3072.generator);
+            break;
+        case 4096:
+            prime = BigInt(GROUPS.ffdhe4096.prime);
+            generator = BigInt(GROUPS.ffdhe4096.generator);
+            break;
+        default:
+            throw new Error('Unsupported bit length');
+    }
+
+    const privateKey = getRandomBigIntegerInRange(2n, prime - 1n);
+    const publicKey = modPow(generator, privateKey, prime);
+
+    return { prime, generator, publicKey, privateKey };
+};
+/**
+ * Encrypts a secret using ElGamal encryption.
+ *
+ * @param {number} secret - The secret to be encrypted.
+ * @param {bigint} prime - The prime number used in the encryption system.
+ * @param {bigint} generator - The generator used in the encryption system.
+ * @param {bigint} publicKey - The public key used for encryption.
+ * @returns {EncryptedMessage} The encrypted secret, consisting of two BigIntegers (c1 and c2).
+ */
+export const encrypt = (
+    secret: number,
+    prime: bigint,
+    generator: bigint,
+    publicKey: bigint,
+): EncryptedMessage => {
+    if (secret >= Number(prime)) {
+        throw new Error('Message is too large for direct encryption');
+    }
+    const randomNumber = getRandomBigIntegerInRange(1n, prime - 1n);
+
+    const c1 = modPow(generator, randomNumber, prime);
+    const messageBigInt = BigInt(secret);
+    const c2 = (modPow(publicKey, randomNumber, prime) * messageBigInt) % prime;
+
+    return { c1, c2 };
+};
+
+/**
+ * Decrypts an ElGamal encrypted secret.
+ *
+ * @param {EncryptedMessage} secret - The encrypted secret to decrypt.
+ * @param {bigint} prime - The prime number used in the encryption system.
+ * @param {bigint} privateKey - The private key used for decryption.
+ * @returns {number} The decrypted secret as an integer.
+ */
+export const decrypt = (
+    encryptedMessage: EncryptedMessage,
+    prime: bigint,
+    privateKey: bigint,
+): number => {
+    const ax: bigint = modPow(encryptedMessage.c1, privateKey, prime);
+    const plaintext: bigint = (modInv(ax, prime) * encryptedMessage.c2) % prime;
+    return Number(plaintext);
+};

package/src/index.ts

@@ -0,0 +1,19 @@
+export { generateParameters, encrypt, decrypt } from './elgamal';
+
+export {
+    generateSingleKeyShare,
+    generateKeyShares,
+    combinePublicKeys,
+    createDecryptionShare,
+    combineDecryptionShares,
+    thresholdDecrypt,
+} from './thresholdElgamal';
+
+export { getRandomBigIntegerInRange, multiplyEncryptedValues } from './utils';
+
+export type {
+    EncryptedMessage,
+    Parameters,
+    KeyPair,
+    PartyKeyPair,
+} from './types';

package/src/testUtils.ts

@@ -0,0 +1,177 @@
+import { expect } from 'vitest';
+
+import { encrypt } from './elgamal';
+import {
+    generateKeyShares,
+    combinePublicKeys,
+    createDecryptionShare,
+    combineDecryptionShares,
+    thresholdDecrypt,
+    getGroup,
+} from './thresholdElgamal';
+import type { PartyKeyPair } from './types';
+import { multiplyEncryptedValues } from './utils';
+
+export const getRandomScore = (min = 1, max = 10): number =>
+    Math.floor(Math.random() * (max - min + 1)) + min;
+
+export const thresholdSetup = (
+    partiesCount: number,
+    threshold: number,
+    primeBits: 2048 | 3072 | 4096 = 2048,
+): {
+    keyShares: PartyKeyPair[];
+    combinedPublicKey: bigint;
+    prime: bigint;
+    generator: bigint;
+} => {
+    const { prime, generator } = getGroup(primeBits);
+    const keyShares = generateKeyShares(partiesCount, threshold, primeBits);
+    const publicKeys = keyShares.map((ks) => ks.partyPublicKey);
+    const combinedPublicKey = combinePublicKeys(publicKeys, prime);
+
+    return { keyShares, combinedPublicKey, prime, generator };
+};
+
+export const testSecureEncryptionAndDecryption = (
+    participantsCount: number,
+    threshold: number,
+    secret: number,
+): void => {
+    const { keyShares, combinedPublicKey, prime, generator } = thresholdSetup(
+        participantsCount,
+        threshold,
+    );
+    const encryptedMessage = encrypt(
+        secret,
+        prime,
+        generator,
+        combinedPublicKey,
+    );
+    const selectedDecryptionShares = keyShares
+        .sort(() => Math.random() - 0.5)
+        .slice(0, threshold)
+        .map((keyShare) =>
+            createDecryptionShare(
+                encryptedMessage,
+                keyShare.partyPrivateKey,
+                prime,
+            ),
+        );
+    const combinedDecryptionShares = combineDecryptionShares(
+        selectedDecryptionShares,
+        prime,
+    );
+    const decryptedMessage = thresholdDecrypt(
+        encryptedMessage,
+        combinedDecryptionShares,
+        prime,
+    );
+    expect(decryptedMessage).toBe(secret);
+};
+
+export const homomorphicMultiplicationTest = (
+    participantsCount: number,
+    threshold: number,
+    messages: number[],
+): void => {
+    const expectedProduct = messages.reduce(
+        (product, secret) => product * secret,
+        1,
+    );
+    const { keyShares, combinedPublicKey, prime, generator } = thresholdSetup(
+        participantsCount,
+        threshold,
+    );
+    const encryptedMessages = messages.map((secret) =>
+        encrypt(secret, prime, generator, combinedPublicKey),
+    );
+    const encryptedProduct = encryptedMessages.reduce(
+        (product, encryptedMessage) =>
+            multiplyEncryptedValues(product, encryptedMessage, prime),
+        { c1: 1n, c2: 1n },
+    );
+    const selectedDecryptionShares = keyShares
+        .sort(() => Math.random() - 0.5)
+        .slice(0, threshold)
+        .map((keyShare) =>
+            createDecryptionShare(
+                encryptedProduct,
+                keyShare.partyPrivateKey,
+                prime,
+            ),
+        );
+    const combinedDecryptionShares = combineDecryptionShares(
+        selectedDecryptionShares,
+        prime,
+    );
+    const decryptedProduct = thresholdDecrypt(
+        encryptedProduct,
+        combinedDecryptionShares,
+        prime,
+    );
+    expect(decryptedProduct).toBe(expectedProduct);
+};
+
+export const votingTest = (
+    participantsCount: number,
+    threshold: number,
+    candidatesCount: number,
+): void => {
+    const { keyShares, combinedPublicKey, prime, generator } = thresholdSetup(
+        participantsCount,
+        threshold,
+    );
+    const votesMatrix = Array.from({ length: participantsCount }, () =>
+        Array.from({ length: candidatesCount }, () => getRandomScore(1, 10)),
+    );
+    const expectedProducts = Array.from(
+        { length: candidatesCount },
+        (_, candidateIndex) =>
+            votesMatrix.reduce(
+                (product, votes) => product * votes[candidateIndex],
+                1,
+            ),
+    );
+    const encryptedVotesMatrix = votesMatrix.map((votes) =>
+        votes.map((vote) => encrypt(vote, prime, generator, combinedPublicKey)),
+    );
+    const encryptedProducts = Array.from(
+        { length: candidatesCount },
+        (_, candidateIndex) =>
+            encryptedVotesMatrix.reduce(
+                (product, encryptedVotes) =>
+                    multiplyEncryptedValues(
+                        product,
+                        encryptedVotes[candidateIndex],
+                        prime,
+                    ),
+                { c1: 1n, c2: 1n },
+            ),
+    );
+    const partialDecryptionsMatrix = encryptedProducts.map((product) =>
+        keyShares
+            .slice(0, threshold)
+            .map((keyShare) =>
+                createDecryptionShare(product, keyShare.partyPrivateKey, prime),
+            ),
+    );
+    const decryptedProducts = partialDecryptionsMatrix.map(
+        (decryptionShares) => {
+            const combinedDecryptionShares = combineDecryptionShares(
+                decryptionShares,
+                prime,
+            );
+            const encryptedProduct =
+                encryptedProducts[
+                    partialDecryptionsMatrix.indexOf(decryptionShares)
+                ];
+            return thresholdDecrypt(
+                encryptedProduct,
+                combinedDecryptionShares,
+                prime,
+            );
+        },
+    );
+    expect(decryptedProducts).toEqual(expectedProducts);
+};

package/src/thresholdElgamal.test.ts

@@ -0,0 +1,289 @@
+import { describe, it, expect } from 'vitest';
+
+import { encrypt } from './elgamal';
+import {
+    homomorphicMultiplicationTest,
+    testSecureEncryptionAndDecryption,
+    votingTest,
+} from './testUtils';
+import {
+    combinePublicKeys,
+    createDecryptionShare,
+    generateSingleKeyShare,
+    getGroup,
+    thresholdDecrypt,
+    combineDecryptionShares,
+} from './thresholdElgamal';
+import { PartyKeyPair } from './types';
+import { multiplyEncryptedValues } from './utils';
+
+// I already have modPow, modInv and getRandomBigIntegerInRange
+describe('Threshold ElGamal', () => {
+    describe('in a single secret scheme', () => {
+        describe('allows for secure encryption and decryption', () => {
+            it('with 2 participants and a threshold of 2', () => {
+                testSecureEncryptionAndDecryption(2, 2, 42);
+            });
+            it('with 20 participants and a threshold of 20', () => {
+                testSecureEncryptionAndDecryption(20, 20, 4243);
+            });
+
+            // Failing tests
+            // it('(t < n) with 3 participants and a threshold of 2', () => {
+            //     testSecureEncryptionAndDecryption(3, 2, 123);
+            // });
+            // it('(t < n) with 5 participants and a threshold of 3', () => {
+            //     testSecureEncryptionAndDecryption(5, 3, 255);
+            // });
+            // it('(t < n) with 7 participants and a threshold of 4', () => {
+            //     testSecureEncryptionAndDecryption(7, 4, 789);
+            // });
+        });
+        it('works for the 3,3 step-by-step README example', () => {
+            const primeBits = 2048; // Bit length of the prime modulus
+            const threshold = 3; // A scenario for 3 participants with a threshold of 3
+            const { prime, generator } = getGroup(2048);
+
+            // Each participant generates their public key share and private key individually
+            const participant1KeyShare: PartyKeyPair = generateSingleKeyShare(
+                1,
+                threshold,
+                primeBits,
+            );
+            const participant2KeyShare: PartyKeyPair = generateSingleKeyShare(
+                2,
+                threshold,
+                primeBits,
+            );
+            const participant3KeyShare: PartyKeyPair = generateSingleKeyShare(
+                3,
+                threshold,
+                primeBits,
+            );
+
+            // Combine the public keys to form a single public key
+            const combinedPublicKey = combinePublicKeys(
+                [
+                    participant1KeyShare.partyPublicKey,
+                    participant2KeyShare.partyPublicKey,
+                    participant3KeyShare.partyPublicKey,
+                ],
+                prime,
+            );
+
+            // Encrypt a message using the combined public key
+            const secret = 42;
+            const encryptedMessage = encrypt(
+                secret,
+                prime,
+                generator,
+                combinedPublicKey,
+            );
+
+            // Decryption shares
+            const decryptionShares = [
+                createDecryptionShare(
+                    encryptedMessage,
+                    participant1KeyShare.partyPrivateKey,
+                    prime,
+                ),
+                createDecryptionShare(
+                    encryptedMessage,
+                    participant2KeyShare.partyPrivateKey,
+                    prime,
+                ),
+                createDecryptionShare(
+                    encryptedMessage,
+                    participant3KeyShare.partyPrivateKey,
+                    prime,
+                ),
+            ];
+            // Combining the decryption shares into one, used to decrypt the message
+            const combinedDecryptionShares = combineDecryptionShares(
+                decryptionShares,
+                prime,
+            );
+
+            // Decrypting the message using the combined decryption shares
+            const thresholdDecryptedMessage = thresholdDecrypt(
+                encryptedMessage,
+                combinedDecryptionShares,
+                prime,
+            );
+            console.log(thresholdDecryptedMessage); // 42
+            expect(thresholdDecryptedMessage).toBe(secret);
+        });
+    });
+    describe('in a multiple secrets scheme', () => {
+        describe('supports homomorphic multiplication of encrypted messages', () => {
+            it('with 2 participants and a threshold of 2', () => {
+                homomorphicMultiplicationTest(2, 2, [3, 5]);
+            });
+            it('with 10 participants and a threshold of 10', () => {
+                homomorphicMultiplicationTest(
+                    10,
+                    10,
+                    [13, 24, 35, 46, 5, 6, 7, 8, 9, 10],
+                );
+            });
+
+            // Failing tests
+            // it('(t < n) with 3 participants and a threshold of 2', () => {
+            //     homomorphicMultiplicationTest(3, 2, [2, 3, 4]);
+            // });
+            // it('(t < n) with 5 participants and a threshold of 3', () => {
+            //     homomorphicMultiplicationTest(5, 3, [1, 2, 3, 4, 5]);
+            // });
+            // it('(t < n) with 10 participants and a threshold of 5', () => {
+            //     homomorphicMultiplicationTest(
+            //         10,
+            //         5,
+            //         [1, 2, 3, 4, 5, 6, 7, 8, 9, 10],
+            //     );
+            // });
+        });
+        describe('supports voting', () => {
+            it('with 2 participants, threshold of 2 and 2 candidates', () => {
+                votingTest(2, 2, 2);
+            });
+            it('with 5 participants, threshold of 5 and 3 candidates', () => {
+                votingTest(5, 5, 3);
+            });
+            it('with 7 participants, threshold of 7 and 7 candidates', () => {
+                votingTest(7, 7, 7);
+            });
+            it('with 6 participants, threshold of 6 and 8 candidates', () => {
+                votingTest(6, 6, 8);
+            });
+
+            // Failing tests
+            // it('(t < n) with 3 participants, threshold of 2 and 2 candidates', () => {
+            //     votingTest(3, 2, 2);
+            // });
+            // it('(t < n) with 7 participants, threshold of 5 and 3 candidates', () => {
+            //     votingTest(7, 5, 3);
+            // });
+        });
+        it('works for the 3, 3, 2 step-by-step README example', () => {
+            const primeBits = 2048; // Bit length of the prime modulus
+            const threshold = 3; // A scenario for 3 participants with a threshold of 3
+            const { prime, generator } = getGroup(2048);
+
+            // Each participant generates their public key share and private key individually
+            const participant1KeyShare = generateSingleKeyShare(
+                1,
+                threshold,
+                primeBits,
+            );
+            const participant2KeyShare = generateSingleKeyShare(
+                2,
+                threshold,
+                primeBits,
+            );
+            const participant3KeyShare = generateSingleKeyShare(
+                3,
+                threshold,
+                primeBits,
+            );
+
+            // Combine the public keys to form a single public key
+            const combinedPublicKey = combinePublicKeys(
+                [
+                    participant1KeyShare.partyPublicKey,
+                    participant2KeyShare.partyPublicKey,
+                    participant3KeyShare.partyPublicKey,
+                ],
+                prime,
+            );
+
+            // Participants cast their encrypted votes for two options
+            const voteOption1 = [6, 7, 1]; // Votes for option 1 by participants 1, 2, and 3
+            const voteOption2 = [10, 7, 4]; // Votes for option 2 by participants 1, 2, and 3
+
+            // Encrypt votes for both options
+            const encryptedVotesOption1 = voteOption1.map((vote) =>
+                encrypt(vote, prime, generator, combinedPublicKey),
+            );
+            const encryptedVotesOption2 = voteOption2.map((vote) =>
+                encrypt(vote, prime, generator, combinedPublicKey),
+            );
+
+            // Multiply encrypted votes together to aggregate
+            const aggregatedEncryptedVoteOption1 = encryptedVotesOption1.reduce(
+                (acc, curr) => multiplyEncryptedValues(acc, curr, prime),
+                { c1: 1n, c2: 1n },
+            );
+            const aggregatedEncryptedVoteOption2 = encryptedVotesOption2.reduce(
+                (acc, curr) => multiplyEncryptedValues(acc, curr, prime),
+                { c1: 1n, c2: 1n },
+            );
+
+            // Each participant creates a decryption share for both options.
+            // Notice that the shares are created for the aggregated, multiplied tally specifically,
+            // not the individual votes. This means that they can be used ONLY for decrypting the aggregated votes.
+            const decryptionSharesOption1 = [
+                createDecryptionShare(
+                    aggregatedEncryptedVoteOption1,
+                    participant1KeyShare.partyPrivateKey,
+                    prime,
+                ),
+                createDecryptionShare(
+                    aggregatedEncryptedVoteOption1,
+                    participant2KeyShare.partyPrivateKey,
+                    prime,
+                ),
+                createDecryptionShare(
+                    aggregatedEncryptedVoteOption1,
+                    participant3KeyShare.partyPrivateKey,
+                    prime,
+                ),
+            ];
+            const decryptionSharesOption2 = [
+                createDecryptionShare(
+                    aggregatedEncryptedVoteOption2,
+                    participant1KeyShare.partyPrivateKey,
+                    prime,
+                ),
+                createDecryptionShare(
+                    aggregatedEncryptedVoteOption2,
+                    participant2KeyShare.partyPrivateKey,
+                    prime,
+                ),
+                createDecryptionShare(
+                    aggregatedEncryptedVoteOption2,
+                    participant3KeyShare.partyPrivateKey,
+                    prime,
+                ),
+            ];
+
+            // Combine decryption shares and decrypt the aggregated votes for both options.
+            // Notice that the private keys of the participants never leave their possession.
+            // Only the decryption shares are shared with other participants.
+            const combinedDecryptionSharesOption1 = combineDecryptionShares(
+                decryptionSharesOption1,
+                prime,
+            );
+            const combinedDecryptionSharesOption2 = combineDecryptionShares(
+                decryptionSharesOption2,
+                prime,
+            );
+
+            const finalTallyOption1 = thresholdDecrypt(
+                aggregatedEncryptedVoteOption1,
+                combinedDecryptionSharesOption1,
+                prime,
+            );
+            const finalTallyOption2 = thresholdDecrypt(
+                aggregatedEncryptedVoteOption2,
+                combinedDecryptionSharesOption2,
+                prime,
+            );
+
+            console.log(
+                `Final tally for Option 1: ${finalTallyOption1}, Option 2: ${finalTallyOption2}`,
+            ); // 42, 280
+            expect(finalTallyOption1).toBe(42);
+            expect(finalTallyOption2).toBe(280);
+        });
+    });
+});