blob: 240775b6e1e7c7d2d9191c2e28fca9f5e1f66bd3 [file] [log] [blame]
 Paillier
org.apache.pirk.encryption

Class Paillier

• java.lang.Object
• org.apache.pirk.encryption.Paillier
• All Implemented Interfaces:
java.io.Serializable

public final class Paillier
extends java.lang.Object
implements java.io.Serializable
Implementation of the Paillier cryptosystem.

The algorithm is as follows:

Let N=pq, be a RSA modulus where p,q are large primes of roughly the same length

The plaintext space is the additive group Z/NZ and the ciphertext space is the multiplicative group (Z/N^2 Z)*.

Public key: N, Private key: The factorization of N=pq.

Let lambda(N) be the Carmichael function of N (the exponent of the multiplicative group of units modulo N):

lambda(N) = lcm(p-1,q-1) = (p-1)(q-1)/gcd(p-1,q-1)

Encryption E(m) for a message m is as follows:

- Given N and m

- Select a random value r in (Z/NZ)*

- E(m) = (1 + mN)r^N mod N^2

Decryption D(c) for a ciphertext c is as follows:

- Given N, its factorization N=pq, and ciphertext c

- Set w = lambda(N)^-1 mod N

- Set x = c^(lambda(N))mod N^2

- Set y = (x-1)/N

- D(c) = yw mod N

Ref: Paillier, Pascal. "Public-Key Cryptosystems Based on Composite Degree Residuosity Classes." EUROCRYPT'99.

Serialized Form
• Constructor Summary

Constructors
Constructor and Description
Paillier(java.math.BigInteger p, java.math.BigInteger q, int bitLength)
Creates a Paillier algorithm with all parameters specified.
Paillier(int bitLength, int certainty)
Constructs a Paillier algorithm with generated keys.
Paillier(int bitLength, int certainty, int ensureBitSet)
Constructs a Paillier algorithm with generated keys and optionally ensures a certain bit is set in the modulus.
• Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type Method and Description
java.math.BigInteger decrypt(java.math.BigInteger c)
Returns the plaintext message for a given ciphertext.
java.math.BigInteger encrypt(java.math.BigInteger m)
Returns the encrypted value of m using a generated random value.
java.math.BigInteger encrypt(java.math.BigInteger m, java.math.BigInteger r)
Returns the ciphertext of a message using the given random value.
int getBitLength()
Returns the bit length of the modulus N.
java.math.BigInteger getLambdaN()
Returns the value of Carmichael's function at N.
java.math.BigInteger getN()
Returns the RSA modulus value N.
java.math.BigInteger getNSquared()
Returns the value of N2.
java.math.BigInteger getP()
Returns the value of the large prime p.
java.math.BigInteger getQ()
Returns the value of the large prime q.
• Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
• Constructor Detail

• Paillier

public Paillier(java.math.BigInteger p,
java.math.BigInteger q,
int bitLength)
Creates a Paillier algorithm with all parameters specified.
Parameters:
p - First large prime.
q - Second large prime.
bitLength - Bit length of the modulus N.
Throws:
java.lang.IllegalArgumentException - If p or q do not satisfy primality constraints.
• Paillier

public Paillier(int bitLength,
int certainty)
Constructs a Paillier algorithm with generated keys.

The generated keys p and q will have half the given modulus bit length, and the given prime certainty.

The probability that the generated keys represent primes will exceed (1 - (1/2)certainty). The execution time of this constructor is proportional to the value of this parameter.

Parameters:
bitLength - The bit length of the resulting modulus N.
certainty - The probability that the new p and q represent prime numbers.
Throws:
java.lang.IllegalArgumentException - If the certainty is less than the system allowed lower bound.
• Paillier

public Paillier(int bitLength,
int certainty,
int ensureBitSet)
Constructs a Paillier algorithm with generated keys and optionally ensures a certain bit is set in the modulus.

The generated keys p and q will have half the given modulus bit length, and the given prime certainty.

The probability that the generated keys represent primes will exceed (1 - (1/2)certainty). The execution time of this constructor is proportional to the value of this parameter.

When ensureBitSet > -1 the value of bit "ensureBitSet" in modulus N will be set.

Parameters:
bitLength - The bit length of the resulting modulus N.
certainty - The probability that the new p and q represent prime numbers.
ensureBitSet - index of bit in N to ensure is set.
Throws:
java.lang.IllegalArgumentException - If the certainty is less than the system allowed lower bound, or the index of ensureBitSet is greater than the bitLength.
• Method Detail

• getP

public java.math.BigInteger getP()
Returns the value of the large prime p.
Returns:
p.
• getQ

public java.math.BigInteger getQ()
Returns the value of the large prime q.
Returns:
q.
• getN

public java.math.BigInteger getN()
Returns the RSA modulus value N.
Returns:
N, the product of p and q.
• getNSquared

public java.math.BigInteger getNSquared()
Returns the value of N2.
Returns:
N squared.
• getLambdaN

public java.math.BigInteger getLambdaN()
Returns the value of Carmichael's function at N.

The Carmichael function of N is the least common multiple of p-1 and q-1,

Returns:
Carmichael's function at N.
• getBitLength

public int getBitLength()
Returns the bit length of the modulus N.
Returns:
the bit length, as an integer.
• encrypt

public java.math.BigInteger encrypt(java.math.BigInteger m)
throws PIRException
Returns the encrypted value of m using a generated random value.
Parameters:
m - the value to be encrypted.
Returns:
the encrypted value
Throws:
PIRException - If m is not less than @{code N}.
• encrypt

public java.math.BigInteger encrypt(java.math.BigInteger m,
java.math.BigInteger r)
throws PIRException
Returns the ciphertext of a message using the given random value.
Parameters:
m - the value to be encrypted.
r - the random value to use in the Pailler encryption.
Returns:
the encrypted value.
Throws:
PIRException - If m is not less than @{code N}.
• decrypt

public java.math.BigInteger decrypt(java.math.BigInteger c)
Returns the plaintext message for a given ciphertext.
Parameters:
c - an encrypted value.
Returns:
the corresponding plaintext value.