threshold-elgamal 0.1.11 → 0.1.12

package/dist/constants.d.ts

@@ -0,0 +1,23 @@
+export declare const GROUPS: {
+    readonly ffdhe2048: {
+        readonly primeBits: 2048;
+        readonly prime: 32317006071311007300153513477825163362488057133489075174588434139269806834136210002792056362640164685458556357935330816928829023080573472625273554742461245741026202527916572972862706300325263428213145766931414223654220941111348629991657478268034230553086349050635557712219187890332729569696129743856241741236237225197346402691855797767976823014625397933058015226858730761197532436467475855460715043896844940366130497697812854295958659597567051283852132784468522925504568272879113720098931873959143374175837826000278034973198552060607533234122603254684088120031105907484281003994966956119696956248629032338072839127039n;
+        readonly generator: 2n;
+        readonly modulus: 16158503035655503650076756738912581681244028566744537587294217069634903417068105001396028181320082342729278178967665408464414511540286736312636777371230622870513101263958286486431353150162631714106572883465707111827110470555674314995828739134017115276543174525317778856109593945166364784848064871928120870618118612598673201345927898883988411507312698966529007613429365380598766218233737927730357521948422470183065248848906427147979329798783525641926066392234261462752284136439556860049465936979571687087918913000139017486599276030303766617061301627342044060015552953742140501997483478059848478124314516169036419563519n;
+        readonly symmetricEquivalentBitsSecurity: 103;
+    };
+    readonly ffdhe3072: {
+        readonly primeBits: 3072;
+        readonly prime: 5809605995369958062758586654274580047791722104970656507438869740087793294939022179753100900150316602414836960597893531254315756065700170507943025794723871619068282822579148207659984331724286057133800207014820356957933334364535176201393094406964280368146360322417397201921556656310696298417414318434929392806928868314831784332237038568260988712237196665742900353512788403877776568945491183287529096888884348887176901995757588549340219807606149955056871781046117195453427070254533858964729101754281121787330325506574928503501334937579191349178901801866451262831560570379780282604068262795024384318599710948857446185134652829941527736472860172354516733867877780829051346167153594329592339252295871976889069885964128038593002336846153522149026229984394781638501125312676451837144945451331832522946684620954184360294871798125320434686136230055213248587935623124338652624786221871129902570119964134282018641257113252046271726747647n;
+        readonly generator: 2n;
+        readonly modulus: 2904802997684979031379293327137290023895861052485328253719434870043896647469511089876550450075158301207418480298946765627157878032850085253971512897361935809534141411289574103829992165862143028566900103507410178478966667182267588100696547203482140184073180161208698600960778328155348149208707159217464696403464434157415892166118519284130494356118598332871450176756394201938888284472745591643764548444442174443588450997878794274670109903803074977528435890523058597726713535127266929482364550877140560893665162753287464251750667468789595674589450900933225631415780285189890141302034131397512192159299855474428723092567326414970763868236430086177258366933938890414525673083576797164796169626147935988444534942982064019296501168423076761074513114992197390819250562656338225918572472725665916261473342310477092180147435899062660217343068115027606624293967811562169326312393110935564951285059982067141009320628556626023135863373823n;
+        readonly symmetricEquivalentBitsSecurity: 125;
+    };
+    readonly ffdhe4096: {
+        readonly primeBits: 4096;
+        readonly prime: 1044388881413152506673611132423542708364181673367771525125030890756881099188024532056304793061869328458723091803972939229793654985168401497491717574483844225116618212565649899896238061528255690984013755361148305106047581812557457571303413897964307070369153233034916545609049161117676542252417034306148432734874401682098205055813065377495410934435776008569464677021023433005437163880753068613673525551966829473007537177831003494630326494021352410947409155250518131329542947165352164089215019548909074312164647627938366550236314760864116934087960021077839688388383033906117940935023026686459274599124189299486771919466921436930468113859003854695674493896608503326776616230412252016237753188005160515672431703429026925450722225213972891936880551722374424500117253400391608019951133386097176734162660461073160502839490488652900367939577292447038637156268014222959401811270825513710710113193757653852931049810187522670964988718456427706279024201400130351029277257873323362974483425793829163819060563081096261611614988801585554385004830748976181157545121697905898543562330970182151097394600286811868072516047394404389555706298311761588649133904051123770516767707951778179308436153604841663369568605395358405635911568855382987714763476172799n;
+        readonly generator: 2n;
+        readonly modulus: 522194440706576253336805566211771354182090836683885762562515445378440549594012266028152396530934664229361545901986469614896827492584200748745858787241922112558309106282824949948119030764127845492006877680574152553023790906278728785651706948982153535184576616517458272804524580558838271126208517153074216367437200841049102527906532688747705467217888004284732338510511716502718581940376534306836762775983414736503768588915501747315163247010676205473704577625259065664771473582676082044607509774454537156082323813969183275118157380432058467043980010538919844194191516953058970467511513343229637299562094649743385959733460718465234056929501927347837246948304251663388308115206126008118876594002580257836215851714513462725361112606986445968440275861187212250058626700195804009975566693048588367081330230536580251419745244326450183969788646223519318578134007111479700905635412756855355056596878826926465524905093761335482494359228213853139512100700065175514638628936661681487241712896914581909530281540548130805807494400792777192502415374488090578772560848952949271781165485091075548697300143405934036258023697202194777853149155880794324566952025561885258383853975889089654218076802420831684784302697679202817955784427691493857381738086399n;
+        readonly symmetricEquivalentBitsSecurity: 150;
+    };
+};

package/dist/constants.js

@@ -0,0 +1,40 @@
+/*
+ The GROUPS object defines cryptographic parameters for different levels
+ of finite field Diffie-Hellman (FFDHE) key exchanges.
+ 
+ The parameters are standardized in RFC 7919 to ensure security,
+ interoperability, and a balance between computational efficiency
+ and resistance against cryptographic attacks.
+ 
+ Each subgroup (ffdhe2048, ffdhe3072, ffdhe4096) corresponds to a security
+ level, with larger primes offering stronger security but requiring more processing power.
+
+ Reference: https://datatracker.ietf.org/doc/rfc7919/
+ */
+export const GROUPS = {
+    // Parameters for 2048-bit prime modulus group
+    ffdhe2048: {
+        primeBits: 2048, // Size of the prime in bits, default security level suitable for current applications
+        prime: 32317006071311007300153513477825163362488057133489075174588434139269806834136210002792056362640164685458556357935330816928829023080573472625273554742461245741026202527916572972862706300325263428213145766931414223654220941111348629991657478268034230553086349050635557712219187890332729569696129743856241741236237225197346402691855797767976823014625397933058015226858730761197532436467475855460715043896844940366130497697812854295958659597567051283852132784468522925504568272879113720098931873959143374175837826000278034973198552060607533234122603254684088120031105907484281003994966956119696956248629032338072839127039n,
+        generator: 2n, // A small, primitive root modulo prime, used to generate public keys
+        // Same as `prime` in this context, used for modulo operations in encryption/decryption
+        modulus: 16158503035655503650076756738912581681244028566744537587294217069634903417068105001396028181320082342729278178967665408464414511540286736312636777371230622870513101263958286486431353150162631714106572883465707111827110470555674314995828739134017115276543174525317778856109593945166364784848064871928120870618118612598673201345927898883988411507312698966529007613429365380598766218233737927730357521948422470183065248848906427147979329798783525641926066392234261462752284136439556860049465936979571687087918913000139017486599276030303766617061301627342044060015552953742140501997483478059848478124314516169036419563519n,
+        symmetricEquivalentBitsSecurity: 103, // The estimated security level equivalent to symmetric key cryptography
+    },
+    // Parameters for 3072-bit prime modulus group
+    ffdhe3072: {
+        primeBits: 3072, // Provides higher security/complexity level
+        prime: 5809605995369958062758586654274580047791722104970656507438869740087793294939022179753100900150316602414836960597893531254315756065700170507943025794723871619068282822579148207659984331724286057133800207014820356957933334364535176201393094406964280368146360322417397201921556656310696298417414318434929392806928868314831784332237038568260988712237196665742900353512788403877776568945491183287529096888884348887176901995757588549340219807606149955056871781046117195453427070254533858964729101754281121787330325506574928503501334937579191349178901801866451262831560570379780282604068262795024384318599710948857446185134652829941527736472860172354516733867877780829051346167153594329592339252295871976889069885964128038593002336846153522149026229984394781638501125312676451837144945451331832522946684620954184360294871798125320434686136230055213248587935623124338652624786221871129902570119964134282018641257113252046271726747647n,
+        generator: 2n,
+        modulus: 2904802997684979031379293327137290023895861052485328253719434870043896647469511089876550450075158301207418480298946765627157878032850085253971512897361935809534141411289574103829992165862143028566900103507410178478966667182267588100696547203482140184073180161208698600960778328155348149208707159217464696403464434157415892166118519284130494356118598332871450176756394201938888284472745591643764548444442174443588450997878794274670109903803074977528435890523058597726713535127266929482364550877140560893665162753287464251750667468789595674589450900933225631415780285189890141302034131397512192159299855474428723092567326414970763868236430086177258366933938890414525673083576797164796169626147935988444534942982064019296501168423076761074513114992197390819250562656338225918572472725665916261473342310477092180147435899062660217343068115027606624293967811562169326312393110935564951285059982067141009320628556626023135863373823n,
+        symmetricEquivalentBitsSecurity: 125,
+    },
+    // Parameters for 4096-bit prime modulus group
+    ffdhe4096: {
+        primeBits: 4096, // High security/complexity level
+        prime: 1044388881413152506673611132423542708364181673367771525125030890756881099188024532056304793061869328458723091803972939229793654985168401497491717574483844225116618212565649899896238061528255690984013755361148305106047581812557457571303413897964307070369153233034916545609049161117676542252417034306148432734874401682098205055813065377495410934435776008569464677021023433005437163880753068613673525551966829473007537177831003494630326494021352410947409155250518131329542947165352164089215019548909074312164647627938366550236314760864116934087960021077839688388383033906117940935023026686459274599124189299486771919466921436930468113859003854695674493896608503326776616230412252016237753188005160515672431703429026925450722225213972891936880551722374424500117253400391608019951133386097176734162660461073160502839490488652900367939577292447038637156268014222959401811270825513710710113193757653852931049810187522670964988718456427706279024201400130351029277257873323362974483425793829163819060563081096261611614988801585554385004830748976181157545121697905898543562330970182151097394600286811868072516047394404389555706298311761588649133904051123770516767707951778179308436153604841663369568605395358405635911568855382987714763476172799n,
+        generator: 2n,
+        modulus: 522194440706576253336805566211771354182090836683885762562515445378440549594012266028152396530934664229361545901986469614896827492584200748745858787241922112558309106282824949948119030764127845492006877680574152553023790906278728785651706948982153535184576616517458272804524580558838271126208517153074216367437200841049102527906532688747705467217888004284732338510511716502718581940376534306836762775983414736503768588915501747315163247010676205473704577625259065664771473582676082044607509774454537156082323813969183275118157380432058467043980010538919844194191516953058970467511513343229637299562094649743385959733460718465234056929501927347837246948304251663388308115206126008118876594002580257836215851714513462725361112606986445968440275861187212250058626700195804009975566693048588367081330230536580251419745244326450183969788646223519318578134007111479700905635412756855355056596878826926465524905093761335482494359228213853139512100700065175514638628936661681487241712896914581909530281540548130805807494400792777192502415374488090578772560848952949271781165485091075548697300143405934036258023697202194777853149155880794324566952025561885258383853975889089654218076802420831684784302697679202817955784427691493857381738086399n,
+        symmetricEquivalentBitsSecurity: 150,
+    },
+};

package/dist/elgamal.d.ts

@@ -0,0 +1,28 @@
+import type { EncryptedMessage, Parameters } from './types';
+/**
+ * Generates the parameters for the ElGamal encryption, including the prime, generator,
+ * and key pair (public and private keys).
+ *
+ * @param {2048 | 3072 | 4096} primeBits - The bit length for the prime number. Supports 2048, 3072, or 4096 bits.
+ * @returns {Parameters} The generated parameters including the prime, generator, publicKey, and privateKey.
+ */
+export declare const generateParameters: (primeBits?: 2048 | 3072 | 4096) => Parameters;
+/**
+ * Encrypts a secret using ElGamal encryption.
+ *
+ * @param {number} secret - The secret to be encrypted.
+ * @param {bigint} prime - The prime number used in the encryption system.
+ * @param {bigint} generator - The generator used in the encryption system.
+ * @param {bigint} publicKey - The public key used for encryption.
+ * @returns {EncryptedMessage} The encrypted secret, consisting of two BigIntegers (c1 and c2).
+ */
+export declare const encrypt: (secret: number, prime: bigint, generator: bigint, publicKey: bigint) => EncryptedMessage;
+/**
+ * Decrypts an ElGamal encrypted secret.
+ *
+ * @param {EncryptedMessage} secret - The encrypted secret to decrypt.
+ * @param {bigint} prime - The prime number used in the encryption system.
+ * @param {bigint} privateKey - The private key used for decryption.
+ * @returns {number} The decrypted secret as an integer.
+ */
+export declare const decrypt: (encryptedMessage: EncryptedMessage, prime: bigint, privateKey: bigint) => number;

package/dist/elgamal.js

@@ -0,0 +1,65 @@
+import { modPow, modInv } from 'bigint-mod-arith';
+import { GROUPS } from './constants';
+import { getRandomBigIntegerInRange } from './utils';
+/**
+ * Generates the parameters for the ElGamal encryption, including the prime, generator,
+ * and key pair (public and private keys).
+ *
+ * @param {2048 | 3072 | 4096} primeBits - The bit length for the prime number. Supports 2048, 3072, or 4096 bits.
+ * @returns {Parameters} The generated parameters including the prime, generator, publicKey, and privateKey.
+ */
+export const generateParameters = (primeBits = 2048) => {
+    let prime;
+    let generator;
+    switch (primeBits) {
+        case 2048:
+            prime = BigInt(GROUPS.ffdhe2048.prime);
+            generator = BigInt(GROUPS.ffdhe2048.generator);
+            break;
+        case 3072:
+            prime = BigInt(GROUPS.ffdhe3072.prime);
+            generator = BigInt(GROUPS.ffdhe3072.generator);
+            break;
+        case 4096:
+            prime = BigInt(GROUPS.ffdhe4096.prime);
+            generator = BigInt(GROUPS.ffdhe4096.generator);
+            break;
+        default:
+            throw new Error('Unsupported bit length');
+    }
+    const privateKey = getRandomBigIntegerInRange(2n, prime - 1n);
+    const publicKey = modPow(generator, privateKey, prime);
+    return { prime, generator, publicKey, privateKey };
+};
+/**
+ * Encrypts a secret using ElGamal encryption.
+ *
+ * @param {number} secret - The secret to be encrypted.
+ * @param {bigint} prime - The prime number used in the encryption system.
+ * @param {bigint} generator - The generator used in the encryption system.
+ * @param {bigint} publicKey - The public key used for encryption.
+ * @returns {EncryptedMessage} The encrypted secret, consisting of two BigIntegers (c1 and c2).
+ */
+export const encrypt = (secret, prime, generator, publicKey) => {
+    if (secret >= Number(prime)) {
+        throw new Error('Message is too large for direct encryption');
+    }
+    const randomNumber = getRandomBigIntegerInRange(1n, prime - 1n);
+    const c1 = modPow(generator, randomNumber, prime);
+    const messageBigInt = BigInt(secret);
+    const c2 = (modPow(publicKey, randomNumber, prime) * messageBigInt) % prime;
+    return { c1, c2 };
+};
+/**
+ * Decrypts an ElGamal encrypted secret.
+ *
+ * @param {EncryptedMessage} secret - The encrypted secret to decrypt.
+ * @param {bigint} prime - The prime number used in the encryption system.
+ * @param {bigint} privateKey - The private key used for decryption.
+ * @returns {number} The decrypted secret as an integer.
+ */
+export const decrypt = (encryptedMessage, prime, privateKey) => {
+    const ax = modPow(encryptedMessage.c1, privateKey, prime);
+    const plaintext = (modInv(ax, prime) * encryptedMessage.c2) % prime;
+    return Number(plaintext);
+};

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { generateParameters, encrypt, decrypt } from './elgamal';
+export { generateSingleKeyShare, generateKeyShares, combinePublicKeys, createDecryptionShare, combineDecryptionShares, thresholdDecrypt, } from './thresholdElgamal';
+export { getRandomBigIntegerInRange, multiplyEncryptedValues } from './utils';
+export type { EncryptedMessage, Parameters, KeyPair, PartyKeyPair, } from './types';

package/dist/index.js

@@ -0,0 +1,3 @@
+export { generateParameters, encrypt, decrypt } from './elgamal';
+export { generateSingleKeyShare, generateKeyShares, combinePublicKeys, createDecryptionShare, combineDecryptionShares, thresholdDecrypt, } from './thresholdElgamal';
+export { getRandomBigIntegerInRange, multiplyEncryptedValues } from './utils';

package/dist/testUtils.d.ts

@@ -0,0 +1,11 @@
+import type { PartyKeyPair } from './types';
+export declare const getRandomScore: (min?: number, max?: number) => number;
+export declare const thresholdSetup: (partiesCount: number, threshold: number, primeBits?: 2048 | 3072 | 4096) => {
+    keyShares: PartyKeyPair[];
+    combinedPublicKey: bigint;
+    prime: bigint;
+    generator: bigint;
+};
+export declare const testSecureEncryptionAndDecryption: (participantsCount: number, threshold: number, secret: number) => void;
+export declare const homomorphicMultiplicationTest: (participantsCount: number, threshold: number, messages: number[]) => void;
+export declare const votingTest: (participantsCount: number, threshold: number, candidatesCount: number) => void;

package/dist/testUtils.js

@@ -0,0 +1,52 @@
+import { expect } from 'vitest';
+import { encrypt } from './elgamal';
+import { generateKeyShares, combinePublicKeys, createDecryptionShare, combineDecryptionShares, thresholdDecrypt, getGroup, } from './thresholdElgamal';
+import { multiplyEncryptedValues } from './utils';
+export const getRandomScore = (min = 1, max = 10) => Math.floor(Math.random() * (max - min + 1)) + min;
+export const thresholdSetup = (partiesCount, threshold, primeBits = 2048) => {
+    const { prime, generator } = getGroup(primeBits);
+    const keyShares = generateKeyShares(partiesCount, threshold, primeBits);
+    const publicKeys = keyShares.map((ks) => ks.partyPublicKey);
+    const combinedPublicKey = combinePublicKeys(publicKeys, prime);
+    return { keyShares, combinedPublicKey, prime, generator };
+};
+export const testSecureEncryptionAndDecryption = (participantsCount, threshold, secret) => {
+    const { keyShares, combinedPublicKey, prime, generator } = thresholdSetup(participantsCount, threshold);
+    const encryptedMessage = encrypt(secret, prime, generator, combinedPublicKey);
+    const selectedDecryptionShares = keyShares
+        .sort(() => Math.random() - 0.5)
+        .slice(0, threshold)
+        .map((keyShare) => createDecryptionShare(encryptedMessage, keyShare.partyPrivateKey, prime));
+    const combinedDecryptionShares = combineDecryptionShares(selectedDecryptionShares, prime);
+    const decryptedMessage = thresholdDecrypt(encryptedMessage, combinedDecryptionShares, prime);
+    expect(decryptedMessage).toBe(secret);
+};
+export const homomorphicMultiplicationTest = (participantsCount, threshold, messages) => {
+    const expectedProduct = messages.reduce((product, secret) => product * secret, 1);
+    const { keyShares, combinedPublicKey, prime, generator } = thresholdSetup(participantsCount, threshold);
+    const encryptedMessages = messages.map((secret) => encrypt(secret, prime, generator, combinedPublicKey));
+    const encryptedProduct = encryptedMessages.reduce((product, encryptedMessage) => multiplyEncryptedValues(product, encryptedMessage, prime), { c1: 1n, c2: 1n });
+    const selectedDecryptionShares = keyShares
+        .sort(() => Math.random() - 0.5)
+        .slice(0, threshold)
+        .map((keyShare) => createDecryptionShare(encryptedProduct, keyShare.partyPrivateKey, prime));
+    const combinedDecryptionShares = combineDecryptionShares(selectedDecryptionShares, prime);
+    const decryptedProduct = thresholdDecrypt(encryptedProduct, combinedDecryptionShares, prime);
+    expect(decryptedProduct).toBe(expectedProduct);
+};
+export const votingTest = (participantsCount, threshold, candidatesCount) => {
+    const { keyShares, combinedPublicKey, prime, generator } = thresholdSetup(participantsCount, threshold);
+    const votesMatrix = Array.from({ length: participantsCount }, () => Array.from({ length: candidatesCount }, () => getRandomScore(1, 10)));
+    const expectedProducts = Array.from({ length: candidatesCount }, (_, candidateIndex) => votesMatrix.reduce((product, votes) => product * votes[candidateIndex], 1));
+    const encryptedVotesMatrix = votesMatrix.map((votes) => votes.map((vote) => encrypt(vote, prime, generator, combinedPublicKey)));
+    const encryptedProducts = Array.from({ length: candidatesCount }, (_, candidateIndex) => encryptedVotesMatrix.reduce((product, encryptedVotes) => multiplyEncryptedValues(product, encryptedVotes[candidateIndex], prime), { c1: 1n, c2: 1n }));
+    const partialDecryptionsMatrix = encryptedProducts.map((product) => keyShares
+        .slice(0, threshold)
+        .map((keyShare) => createDecryptionShare(product, keyShare.partyPrivateKey, prime)));
+    const decryptedProducts = partialDecryptionsMatrix.map((decryptionShares) => {
+        const combinedDecryptionShares = combineDecryptionShares(decryptionShares, prime);
+        const encryptedProduct = encryptedProducts[partialDecryptionsMatrix.indexOf(decryptionShares)];
+        return thresholdDecrypt(encryptedProduct, combinedDecryptionShares, prime);
+    });
+    expect(decryptedProducts).toEqual(expectedProducts);
+};

package/dist/thresholdElgamal.d.ts

@@ -0,0 +1,75 @@
+import type { EncryptedMessage, PartyKeyPair } from './types';
+/**
+ * Retrieves the group parameters for a given prime bit length.
+ *
+ * @param {2048 | 3072 | 4096} primeBits - The bit length of the prime modulus (2048, 3072, or 4096).
+ * @returns {Object} The group parameters including prime and generator.
+ */
+export declare const getGroup: (primeBits: 2048 | 3072 | 4096) => {
+    prime: bigint;
+    generator: bigint;
+};
+/**
+ * Evaluates a polynomial at a given point using modular arithmetic.
+ *
+ * @param {bigint[]} polynomial - The coefficients of the polynomial.
+ * @param {number} x - The point at which to evaluate the polynomial.
+ * @param {bigint} prime - The prime modulus.
+ * @returns {bigint} The result of the polynomial evaluation.
+ */
+export declare const evaluatePolynomial: (polynomial: bigint[], x: number, prime: bigint) => bigint;
+/**
+ * Generates a single key share for a participant in a threshold ElGamal cryptosystem.
+ *
+ * @param {number} index - The unique index of the participant (starting from 1).
+ * @param {number} threshold - The minimum number of key shares required for decryption.
+ * @param {2048 | 3072 | 4096} primeBits - The bit length of the prime modulus (default: 2048).
+ * @returns {PartyKeyPair} The key share containing a private and public key share for the participant.
+ */
+export declare const generateSingleKeyShare: (index: number, threshold: number, primeBits?: 2048 | 3072 | 4096) => PartyKeyPair;
+/**
+ * Generates key shares for a threshold ElGamal cryptosystem.
+ *
+ * @param {number} n - The total number of key shares.
+ * @param {number} threshold - The minimum number of key shares required for decryption.
+ * @param {2048 | 3072 | 4096} primeBits - The bit length of the prime modulus (default: 2048).
+ * @returns {PartyKeyPair[]} An array of key shares, each containing a private and public key share.
+ */
+export declare const generateKeyShares: (n: number, threshold: number, primeBits?: 2048 | 3072 | 4096) => PartyKeyPair[];
+/**
+ * Combines multiple public keys into a single public key.
+ *
+ * @param {bigint[]} publicKeys - An array of public keys to combine.
+ * @param {bigint} prime - The prime modulus used in the ElGamal system.
+ * @returns {bigint} The combined public key.
+ */
+export declare const combinePublicKeys: (publicKeys: bigint[], prime: bigint) => bigint;
+/**
+ * Performs a partial decryption on a ciphertext using an individual's private key share.
+ *
+ * @param {EncryptedMessage} encryptedMessage - The encrypted secret.
+ * @param {bigint} partyPrivateKey - The private key share of the decrypting party.
+ * @param {bigint} prime - The prime modulus used in the ElGamal system.
+ * @returns {bigint} The result of the partial decryption.
+ */
+export declare const createDecryptionShare: (encryptedMessage: EncryptedMessage, partyPrivateKey: bigint, prime: bigint) => bigint;
+/**
+ * Combines partial decryptions from multiple parties into a single decryption factor.
+ *
+ * @param {bigint[]} decryptionShares - An array of partial decryption results.
+ * @param {bigint} prime - The prime modulus used in the ElGamal system.
+ * @returns {bigint} The combined decryption factor.
+ */
+export declare const combineDecryptionShares: (decryptionShares: bigint[], prime: bigint) => bigint;
+/**
+ * Decrypts an encrypted secret using the combined partial decryptions in a threshold ElGamal scheme.
+ *
+ * @param {{ c1: bigint; c2: bigint }} encryptedMessage - The encrypted secret components.
+ * @param {bigint} combinedDecryptionShares - The combined partial decryptions from all parties.
+ * @param {bigint} prime - The prime modulus used in the ElGamal system.
+ * @returns {number} The decrypted secret, assuming it was small enough to be directly encrypted.
+ */
+export declare const thresholdDecrypt: (encryptedMessage: {
+    c1: bigint;
+    c2: bigint;
+}, combinedDecryptionShares: bigint, prime: bigint) => number;

package/dist/thresholdElgamal.js

@@ -0,0 +1,117 @@
+import { modPow, modInv } from 'bigint-mod-arith';
+import { GROUPS } from './constants';
+import { generatePolynomial } from './utils';
+/**
+ * Retrieves the group parameters for a given prime bit length.
+ *
+ * @param {2048 | 3072 | 4096} primeBits - The bit length of the prime modulus (2048, 3072, or 4096).
+ * @returns {Object} The group parameters including prime and generator.
+ */
+export const getGroup = (primeBits) => {
+    switch (primeBits) {
+        case 2048:
+            return GROUPS.ffdhe2048;
+        case 3072:
+            return GROUPS.ffdhe3072;
+        case 4096:
+            return GROUPS.ffdhe4096;
+        default:
+            throw new Error('Unsupported bit length');
+    }
+};
+/**
+ * Evaluates a polynomial at a given point using modular arithmetic.
+ *
+ * @param {bigint[]} polynomial - The coefficients of the polynomial.
+ * @param {number} x - The point at which to evaluate the polynomial.
+ * @param {bigint} prime - The prime modulus.
+ * @returns {bigint} The result of the polynomial evaluation.
+ */
+export const evaluatePolynomial = (polynomial, x, prime) => {
+    let result = 0n;
+    for (let i = 0; i < polynomial.length; i++) {
+        result = (result + polynomial[i] * BigInt(x) ** BigInt(i)) % prime;
+    }
+    return result;
+};
+/**
+ * Generates a single key share for a participant in a threshold ElGamal cryptosystem.
+ *
+ * @param {number} index - The unique index of the participant (starting from 1).
+ * @param {number} threshold - The minimum number of key shares required for decryption.
+ * @param {2048 | 3072 | 4096} primeBits - The bit length of the prime modulus (default: 2048).
+ * @returns {PartyKeyPair} The key share containing a private and public key share for the participant.
+ */
+export const generateSingleKeyShare = (index, threshold, primeBits = 2048) => {
+    const group = getGroup(primeBits);
+    const prime = group.prime;
+    const generator = group.generator;
+    const polynomial = generatePolynomial(threshold, prime);
+    let partyPrivateKey = evaluatePolynomial(polynomial, index, prime);
+    // Ensure non-zero private key, adjusting index if necessary
+    while (partyPrivateKey === 0n) {
+        partyPrivateKey = evaluatePolynomial(polynomial, index + 1, prime);
+    }
+    const partyPublicKey = modPow(generator, partyPrivateKey, prime);
+    return { partyPrivateKey, partyPublicKey };
+};
+/**
+ * Generates key shares for a threshold ElGamal cryptosystem.
+ *
+ * @param {number} n - The total number of key shares.
+ * @param {number} threshold - The minimum number of key shares required for decryption.
+ * @param {2048 | 3072 | 4096} primeBits - The bit length of the prime modulus (default: 2048).
+ * @returns {PartyKeyPair[]} An array of key shares, each containing a private and public key share.
+ */
+export const generateKeyShares = (n, threshold, primeBits = 2048) => {
+    const keyShares = [];
+    for (let i = 1; i <= n; i++) {
+        const keyShare = generateSingleKeyShare(i, threshold, primeBits);
+        keyShares.push(keyShare);
+    }
+    return keyShares;
+};
+/**
+ * Combines multiple public keys into a single public key.
+ *
+ * @param {bigint[]} publicKeys - An array of public keys to combine.
+ * @param {bigint} prime - The prime modulus used in the ElGamal system.
+ * @returns {bigint} The combined public key.
+ */
+export const combinePublicKeys = (publicKeys, prime) => publicKeys.reduce((acc, current) => (acc * current) % prime, 1n);
+/**
+ * Performs a partial decryption on a ciphertext using an individual's private key share.
+ *
+ * @param {EncryptedMessage} encryptedMessage - The encrypted secret.
+ * @param {bigint} partyPrivateKey - The private key share of the decrypting party.
+ * @param {bigint} prime - The prime modulus used in the ElGamal system.
+ * @returns {bigint} The result of the partial decryption.
+ */
+export const createDecryptionShare = (encryptedMessage, partyPrivateKey, prime) => modPow(encryptedMessage.c1, partyPrivateKey, prime);
+/**
+ * Combines partial decryptions from multiple parties into a single decryption factor.
+ *
+ * @param {bigint[]} decryptionShares - An array of partial decryption results.
+ * @param {bigint} prime - The prime modulus used in the ElGamal system.
+ * @returns {bigint} The combined decryption factor.
+ */
+export const combineDecryptionShares = (decryptionShares, prime) => {
+    let result = 1n;
+    for (const partialDecryption of decryptionShares) {
+        result = (result * partialDecryption) % prime;
+    }
+    return result;
+};
+/**
+ * Decrypts an encrypted secret using the combined partial decryptions in a threshold ElGamal scheme.
+ *
+ * @param {{ c1: bigint; c2: bigint }} encryptedMessage - The encrypted secret components.
+ * @param {bigint} combinedDecryptionShares - The combined partial decryptions from all parties.
+ * @param {bigint} prime - The prime modulus used in the ElGamal system.
+ * @returns {number} The decrypted secret, assuming it was small enough to be directly encrypted.
+ */
+export const thresholdDecrypt = (encryptedMessage, combinedDecryptionShares, prime) => {
+    const combinedDecryptionInverse = modInv(combinedDecryptionShares, prime);
+    const plaintext = (encryptedMessage.c2 * combinedDecryptionInverse) % prime;
+    return Number(plaintext);
+};

package/dist/types.d.ts

@@ -0,0 +1,18 @@
+export type EncryptedMessage = {
+    c1: bigint;
+    c2: bigint;
+};
+export type Parameters = {
+    prime: bigint;
+    generator: bigint;
+    publicKey: bigint;
+    privateKey: bigint;
+};
+export type KeyPair = {
+    privateKey: bigint;
+    publicKey: bigint;
+};
+export type PartyKeyPair = {
+    partyPrivateKey: bigint;
+    partyPublicKey: bigint;
+};

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/dist/utils.d.ts

@@ -0,0 +1,25 @@
+import type { EncryptedMessage } from './types';
+/**
+ * Generates a random bigint within a specified range.
+ * @param {bigint} min - The minimum value (inclusive).
+ * @param {bigint} max - The maximum value (exclusive).
+ * @returns {bigint} A random bigint within the specified range.
+ */
+export declare const getRandomBigIntegerInRange: (min: bigint, max: bigint) => bigint;
+/**
+ * Performs homomorphic multiplication on two encrypted values, allowing for encrypted arithmetic operations.
+ * @param {EncryptedMessage} value1 - The first encrypted value.
+ * @param {EncryptedMessage} value2 - The second encrypted value.
+ * @param {bigint} prime - The prime modulus used in the encryption system.
+ * @returns {EncryptedMessage} The result of the multiplication, as a new encrypted message.
+ */
+export declare const multiplyEncryptedValues: (value1: EncryptedMessage, value2: EncryptedMessage, prime: bigint) => EncryptedMessage;
+/**
+ * Generates a random polynomial of a specified degree, to be used in Shamir's Secret Sharing scheme.
+ * The polynomial is of the form f(x) = a0 + a1*x + a2*x^2 + ... + a_{threshold-1}*x^{threshold-1},
+ * where a0 is the "master" secret, and the rest of the coefficients are randomly chosen.
+ * @param {number} threshold - The degree of the polynomial (also, the number of shares required to reconstruct the secret).
+ * @param {bigint} prime - The prime modulus used in the system, to ensure operations are performed in a finite field.
+ * @returns {bigint[]} An array representing the polynomial coefficients `[a0, a1, ..., a_{threshold-1}]`.
+ */
+export declare const generatePolynomial: (threshold: number, prime: bigint) => bigint[];

package/dist/utils.js

@@ -0,0 +1,45 @@
+import randomBigint from 'random-bigint';
+/**
+ * Generates a random bigint within a specified range.
+ * @param {bigint} min - The minimum value (inclusive).
+ * @param {bigint} max - The maximum value (exclusive).
+ * @returns {bigint} A random bigint within the specified range.
+ */
+export const getRandomBigIntegerInRange = (min, max) => {
+    const range = max - min + 1n;
+    // Determine the number of bits needed for the range
+    const bitsNeeded = range.toString(2).length;
+    // Generate a random bigint within the calculated bits
+    let num = randomBigint(bitsNeeded);
+    // Adjust the number to our range
+    num = num % range;
+    // Add the minimum to align with our desired range
+    return min + num;
+};
+/**
+ * Performs homomorphic multiplication on two encrypted values, allowing for encrypted arithmetic operations.
+ * @param {EncryptedMessage} value1 - The first encrypted value.
+ * @param {EncryptedMessage} value2 - The second encrypted value.
+ * @param {bigint} prime - The prime modulus used in the encryption system.
+ * @returns {EncryptedMessage} The result of the multiplication, as a new encrypted message.
+ */
+export const multiplyEncryptedValues = (value1, value2, prime) => {
+    const c1Multiplied = (value1.c1 * value2.c1) % prime;
+    const c2Multiplied = (value1.c2 * value2.c2) % prime;
+    return { c1: c1Multiplied, c2: c2Multiplied };
+};
+/**
+ * Generates a random polynomial of a specified degree, to be used in Shamir's Secret Sharing scheme.
+ * The polynomial is of the form f(x) = a0 + a1*x + a2*x^2 + ... + a_{threshold-1}*x^{threshold-1},
+ * where a0 is the "master" secret, and the rest of the coefficients are randomly chosen.
+ * @param {number} threshold - The degree of the polynomial (also, the number of shares required to reconstruct the secret).
+ * @param {bigint} prime - The prime modulus used in the system, to ensure operations are performed in a finite field.
+ * @returns {bigint[]} An array representing the polynomial coefficients `[a0, a1, ..., a_{threshold-1}]`.
+ */
+export const generatePolynomial = (threshold, prime) => {
+    const polynomial = [getRandomBigIntegerInRange(2n, prime - 1n)]; // constant term is the "master" private key
+    for (let i = 1; i < threshold; i++) {
+        polynomial.push(getRandomBigIntegerInRange(0n, prime - 1n)); // random coefficients
+    }
+    return polynomial;
+};

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "threshold-elgamal",
-    "version": "0.1.11",
+    "version": "0.1.12",
     "author": "Piotr Piech <piotr@piech.dev>",
     "license": "MIT",
     "description": "Threshold ElGamal encryption implementation in TypeScript",