Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding reencryption command to DKG #251

Merged
merged 36 commits into from
Jul 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
cf2698c
structural change so DKG can accept reencryption commands
jbsv Apr 4, 2023
5c15807
attempt to tidy up the encryption code with the help of OCS
jbsv Apr 12, 2023
9492b5b
created Pedersen reencryption scenario
jbsv Apr 13, 2023
7aa55f0
temporary verifiable encrypt
jbsv Apr 25, 2023
ec32b7f
pederson test to reencrypt some data - part1
jbsv May 17, 2023
c6e89fd
working pederson test to reencrypt some data
jbsv May 24, 2023
2ec15f6
fixed lint warnings
jbsv May 30, 2023
2efa54a
fix go vet: avoid output like comment too long in libc
jbsv May 31, 2023
e73a8a3
clean up
jbsv Jun 5, 2023
3643363
fixed TestDKGInstance
jbsv Jun 5, 2023
b7776f8
reencryption works
jbsv Jun 5, 2023
e72586c
restaured comment length in go vet
jbsv Jun 5, 2023
1cea29e
reduce sonar warnings
jbsv Jun 5, 2023
df635fa
cleanups
jbsv Jun 5, 2023
5ce9b50
tidy up code after review
jbsv Jun 13, 2023
b336d30
finished clean up after review
jbsv Jun 14, 2023
14879bc
fix failing test
jbsv Jun 14, 2023
5807982
cleanups
jbsv Jun 5, 2023
2b7c529
align interfaces Encrypt/EncryptSecret
jbsv Jun 13, 2023
8f1ab3c
fix missing encryption tests
jbsv Jun 13, 2023
ee177b3
fix rebase whoops
jbsv Jun 14, 2023
e28af43
cleaned up dkg interface
jbsv Jun 19, 2023
0788a6e
changes after 1st review
jbsv Jun 21, 2023
a2a9480
improve coverage
jbsv Jun 21, 2023
80d6b7b
changes after review
jbsv Jun 26, 2023
86be3a6
more changes after review
jbsv Jun 26, 2023
127857e
improved coverage
jbsv Jun 27, 2023
be71904
reduce code smell
jbsv Jun 28, 2023
50ca841
typo
jbsv Jun 28, 2023
1fb4078
Merge pull request #255 from dedis/reencrypt-cli
jbsv Jun 28, 2023
8372319
Test threshold at DKG setup
jbsv Jul 18, 2023
aefac52
Refactor Reencrypt status
jbsv Jul 18, 2023
96596fd
Update threshold condition
jbsv Jul 19, 2023
6c8bc18
clean up after review
jbsv Jul 19, 2023
0f1fd03
tidy up threshold
jbsv Jul 19, 2023
f418006
Merge pull request #257 from dedis/reencrypt-cli2
jbsv Jul 19, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 23 additions & 3 deletions dkg/dkg.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,31 @@ type Actor interface {
// setup has not been done.
GetPublicKey() (kyber.Point, error)

Encrypt(message []byte) (K, C kyber.Point, remainder []byte, err error)
Decrypt(K, C kyber.Point) ([]byte, error)
// Encrypt encrypts the given message into kyber points
jbsv marked this conversation as resolved.
Show resolved Hide resolved
// using the DKG public key
// where K is the ephemeral DH (Diffie-Hellman) public key
// and Cs is the resulting, encrypted points
// or an error if encryption is not possible.
Encrypt(message []byte) (K kyber.Point, Cs []kyber.Point, err error)

// Decrypt decrypts a ciphertext (composed of a K and an array of C's)
// into the original message using the DKG internal private key
// where K is the ephemeral DH (Diffie-Hellman) public key
// and Cs is the encrypted points
Decrypt(K kyber.Point, Cs []kyber.Point) ([]byte, error)

// Reencrypt reencrypts generate a temporary key from the public key
// to be able to decrypt the message by the user's private key
Reencrypt(K kyber.Point, PK kyber.Point) (XhatEnc kyber.Point, err error)

// Reshare recreates the DKG with an updated list of participants.
Reshare(co crypto.CollectiveAuthority, newThreshold int) error

VerifiableDecrypt(ciphertexts []types.Ciphertext) ([][]byte, error)
// VerifiableEncrypt encrypts the given message into a ciphertext
// using the DKG public key and a verifiable encryption function.
VerifiableEncrypt(message []byte, GBar kyber.Point) (ciphertext types.Ciphertext, remainder []byte, err error)

// VerifiableDecrypt decrypts a pair of kyber points into the original message
// using the DKG internal private key and a verifiable encryption function.
VerifiableDecrypt(ciphertexts []types.Ciphertext) ([][]byte, error)
}
132 changes: 103 additions & 29 deletions dkg/pedersen/controller/action.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ var suite = suites.MustFind("Ed25519")
const separator = ":"
const authconfig = "dkgauthority"
const resolveActorFailed = "failed to resolve actor, did you call listen?: %v"
const malformedEncoded = "malformed encoded: %s"

type setupAction struct{}

Expand Down Expand Up @@ -81,14 +82,14 @@ type listenAction struct {
}

func (a listenAction) Execute(ctx node.Context) error {
var dkg dkg.DKG
var dkgObject dkg.DKG

err := ctx.Injector.Resolve(&dkg)
err := ctx.Injector.Resolve(&dkgObject)
if err != nil {
return xerrors.Errorf("failed to resolve dkg: %v", err)
}

actor, err := dkg.Listen()
actor, err := dkgObject.Listen()
if err != nil {
return xerrors.Errorf("failed to listen: %v", err)
}
Expand Down Expand Up @@ -188,12 +189,12 @@ func (a encryptAction) Execute(ctx node.Context) error {
return xerrors.Errorf("failed to decode message: %v", err)
}

k, c, remainder, err := actor.Encrypt(message)
k, cs, err := actor.Encrypt(message)
if err != nil {
return xerrors.Errorf("failed to encrypt: %v", err)
}

outStr, err := encodeEncrypted(k, c, remainder)
outStr, err := encodeEncrypted(k, cs)
if err != nil {
return xerrors.Errorf("failed to generate output: %v", err)
}
Expand All @@ -215,12 +216,12 @@ func (a decryptAction) Execute(ctx node.Context) error {

encrypted := ctx.Flags.String("encrypted")

k, c, err := decodeEncrypted(encrypted)
k, cs, err := decodeEncrypted(encrypted)
if err != nil {
return xerrors.Errorf("failed to decode encrypted str: %v", err)
}

decrypted, err := actor.Decrypt(k, c)
decrypted, err := actor.Decrypt(k, cs)
if err != nil {
return xerrors.Errorf("failed to decrypt: %v", err)
}
Expand All @@ -230,28 +231,95 @@ func (a decryptAction) Execute(ctx node.Context) error {
return nil
}

func encodeEncrypted(k, c kyber.Point, remainder []byte) (string, error) {
kbuff, err := k.MarshalBinary()
type reencryptAction struct{}

func (a reencryptAction) Execute(ctx node.Context) error {
var actor dkg.Actor

err := ctx.Injector.Resolve(&actor)
if err != nil {
return "", xerrors.Errorf("failed to marshal k: %v", err)
return xerrors.Errorf(resolveActorFailed, err)
}

encrypted := ctx.Flags.String("encrypted")

k, _, err := decodeEncrypted(encrypted)
if err != nil {
return xerrors.Errorf("failed to decode encrypted str: %v", err)
}

cbuff, err := c.MarshalBinary()
publicKey := ctx.Flags.String("pubk")

pk, err := decodePublicKey(publicKey)
if err != nil {
return "", xerrors.Errorf("failed to marshal c: %v", err)
return xerrors.Errorf("failed to decode public key str: %v", err)
}

encoded := hex.EncodeToString(kbuff) + separator +
hex.EncodeToString(cbuff) + separator +
hex.EncodeToString(remainder)
xhatenc, err := actor.Reencrypt(k, pk)
if err != nil {
return xerrors.Errorf("failed to reencrypt: %v", err)
}

outStr, err := encodeReencrypted(xhatenc)
if err != nil {
return xerrors.Errorf("failed to encode the reencryption data: %v", err)
}

fmt.Fprint(ctx.Out, outStr)

return nil
}

func encodeReencrypted(xhatenc kyber.Point) (string, error) {
buff, err := xhatenc.MarshalBinary()
if err != nil {
return "", xerrors.Errorf("failed to marshal xhatenc: %v", err)
}

encoded := hex.EncodeToString(buff)

return encoded, nil
}

func decodeEncrypted(str string) (k kyber.Point, c kyber.Point, err error) {
func decodePublicKey(str string) (pk kyber.Point, err error) {
pkbuff, err := hex.DecodeString(str)
if err != nil {
return nil, xerrors.Errorf(malformedEncoded, str)
}

pk = suite.Point()

err = pk.UnmarshalBinary(pkbuff)
if err != nil {
return nil, xerrors.Errorf("failed to unmarshal pk: %v", err)
}

return pk, nil
}

func encodeEncrypted(k kyber.Point, cs []kyber.Point) (string, error) {
kbuff, err := k.MarshalBinary()
if err != nil {
return "", xerrors.Errorf("failed to marshal k: %v", err)
}

encoded := hex.EncodeToString(kbuff)

for _, c := range cs {
cbuff, err := c.MarshalBinary()
if err != nil {
return "", xerrors.Errorf("failed to marshal c: %v", err)
}
encoded += separator + hex.EncodeToString(cbuff)
}

return encoded, nil
}

func decodeEncrypted(str string) (kyber.Point, []kyber.Point, error) {
parts := strings.Split(str, separator)
if len(parts) < 2 {
return nil, nil, xerrors.Errorf("malformed encoded: %s", str)
return nil, nil, xerrors.Errorf(malformedEncoded, str)
}

// Decode K
Expand All @@ -260,27 +328,33 @@ func decodeEncrypted(str string) (k kyber.Point, c kyber.Point, err error) {
return nil, nil, xerrors.Errorf("failed to decode k point: %v", err)
}

k = suite.Point()
k := suite.Point()

err = k.UnmarshalBinary(kbuff)
if err != nil {
return nil, nil, xerrors.Errorf("failed to unmarshal k point: %v", err)
}

// Decode C
cbuff, err := hex.DecodeString(parts[1])
if err != nil {
return nil, nil, xerrors.Errorf("failed to decode c point: %v", err)
}
// Decode Cs
cs := make([]kyber.Point, 0, len(parts)-1)

c = suite.Point()
for _, p := range parts[1:] {
cbuff, err := hex.DecodeString(p)
if err != nil {
return nil, nil, xerrors.Errorf("failed to decode c point: %v", err)
}

err = c.UnmarshalBinary(cbuff)
if err != nil {
return nil, nil, xerrors.Errorf("failed to unmarshal c point: %v", err)
c := suite.Point()

err = c.UnmarshalBinary(cbuff)
if err != nil {
return nil, nil, xerrors.Errorf("failed to unmarshal c point: %v", err)
}

cs = append(cs, c)
}

return k, c, nil
return k, cs, nil
}

// Verifiable encryption
Expand Down Expand Up @@ -394,7 +468,7 @@ func (a verifiableDecryptAction) Execute(ctx node.Context) error {

parts := strings.Split(ciphertextString, separator)
if len(parts)%5 != 0 {
return xerrors.Errorf("malformed encoded: %s", ciphertextString)
return xerrors.Errorf(malformedEncoded, ciphertextString)
}

batchSize := len(parts) / 5
Expand Down
Loading