Skip to main content

Triple

pubhubs::common::elgamal

Struct Triple 

Source 
pub struct Triple {
    ek: RistrettoPoint,
    ct: RistrettoPoint,
    pk: RistrettoPoint,
}
Expand description

ElGamal ciphertext - the result of PublicKey::encrypt.

The associated public key is remembered to allow rerandomization, but this public key is not authenticated in any way. This means that anyone intercepting a triple may modify the public key without detection (but this does not cause the triple to be decryptable to the same plaintext by another public key.)

Fields§

§ek: RistrettoPoint

Ephemeral key

§ct: RistrettoPoint

Ciphertext,

§pk: RistrettoPoint

Public key

Implementations§

Source§

impl Triple

Source

pub fn decrypt(self, sk: &PrivateKey) -> RistrettoPoint

Decrypts the triple using the given private key sk. If the triple was encrypted for a different private key, the result is a random point.

Source

pub fn decrypt_and_check_pk(self, sk: &PrivateKey) -> Option<RistrettoPoint>

Decrypts the triple using the given private key sk if the triple claims to be encrypted for the associated public key; returns None otherwise.

Warning This function can’t check whether the triple’s public key pk has been tampered with.

While tampering cannot be prevented, the plaintext of a triple with spoofed pk can be garbled, using Self::rerandomize.

Source

pub fn spoof_pk(self, pk: PublicKey) -> Triple

Changes the public key of this triple, likely resulting in garbage down the road.

Used for demonstration purposes.

Source

pub fn rerandomize(self) -> Triple

Changes the appearance of the ciphertext, but leaves the plaintext and the target public key unaltered. If the public key was spoofed, the plaintext is garbled.

use pubhubs::common::elgamal::{PrivateKey, random_point, random_scalar};
use curve25519_dalek::{
    ristretto::RistrettoPoint,
    constants::RISTRETTO_BASEPOINT_TABLE as B,
};

let M = random_point();
let sk = PrivateKey::random();
let pk = sk.public_key();

let r1 = random_scalar();
let r2 = random_scalar();

// Rerandomization leaves the plaintext unchanged:
let trip = pk.encrypt_with_random(r1, M).rerandomize_with_random(r2);
assert_eq!(trip, pk.encrypt_with_random(r1+r2,M));

// But if the public key was spoofed, the plaintext is garbled:
let sk2 = PrivateKey::random();
let pk2 = sk2.public_key().clone();
let trip = pk.encrypt_with_random(r1, M).spoof_pk(pk2).rerandomize_with_random(r2);

assert_eq!(trip.clone().decrypt_and_check_pk(&sk2),
    Some(M + B * &(r1 * (sk.as_scalar()-sk2.as_scalar()))));

// Indeed, if sk =/= sk2, then  r1(sk - sk2)B will be some random unknowable Ristretto
// point, because r1 should be a random scalar that has been thrown away.
Source

pub fn rerandomize_with_random(self, r: Scalar) -> Triple

Like Self::rerandomize, but you can specify the random scalar used - which you shouldn’t except to make deterministic tests.

Source

pub fn rsk_with_s(self, s: &Scalar) -> WithS<'_>

Like rsk but taking the parameters s and k thusly: rsk_with_s(s).and_k(k).

Source

pub fn rsk(self, params: impl Params) -> Triple

Changes the given ciphertext according to the params provided:

  • Multiplies the underlying plaintext by params.s();

  • Multiplies the target public/private key by params.k();

  • Rerandomizes the ciphertext using the scalar params.r().

    If the public key self.pk was spoofed, the resulting plaintext is garbled, provided the scalar params.r() was random.

If you only need to specify s and k, use triple.rsk_with_s(s).and_k(k) instead.

Trait Implementations§

Source§

impl Clone for Triple

Source§

fn clone(&self) -> Triple

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Triple

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for Triple

Source§

fn deserialize<D: Deserializer<'de>>(d: D) -> Result<Self, D::Error>

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Encoding<96> for Triple

Source§

fn from_bytes(bytes: [u8; 96]) -> Option<Triple>

Decodes Some(object) from bytes if bytes encodes some object of type Self; otherwise returns None.
Source§

fn to_bytes(&self) -> [u8; 96]

Encodes self as [u8; N].
Source§

fn from_slice(slice: &[u8]) -> Option<Self>

Like Self::from_bytes, but reads [u8; N] from slice. Returns None if slice.len()!=N or when the slice is not a valid encoding.
Source§

fn copy_to_slice(&self, slice: &mut [u8]) -> Option<()>

Copies the encoding of self into slice. Returns None when slice.len()!=N.
Source§

fn from_hex(hex: &str) -> Option<Self>

Like Self::from_bytes, but reads the [u8; N] from the 2*N-digit hex string hex. The case of the hex digits is ignored.
Source§

fn to_hex(&self) -> String

Returns the 2*N-digit lower-case hex representation of self.
Source§

unsafe fn from_ptr(ptr: *const u8) -> Option<Self>

Loads object from the N-byte buffer pointed to by ptr. Read more
Source§

unsafe fn copy_to_ptr(self, ptr: *mut u8)

Writes the N-byte representation of this object to the memory location ptr. Read more
Source§

impl PartialEq for Triple

Source§

fn eq(&self, other: &Triple) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<'de> Serialize for Triple

Source§

fn serialize<S: Serializer>(&self, s: S) -> Result<S::Ok, S::Error>

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for Triple

Source§

impl StructuralPartialEq for Triple

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PayloadTrait for T
where T: Serialize + DeserializeOwned + Debug,

Source§

type JsonType = T

Source§

fn to_payload(&self) -> Payload<&T>

Used when creating requests
Source§

fn into_payload(self) -> Payload<T>

Used when forming responses
Source§

fn from_payload(payload: Payload<T>) -> Result<T, Error>

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,