README.md
Showing 54 of 54 total issues
Line length Open
Open
To convince a verifier that a prover knows some secret without revealing the actual secret, a zero-knowledge proof of knowledge can be used. This requires to follow special sigma protocols which include some (three-move) interactions between the verifier and the prover where the prover makes a commitment and the verifier answers with some random challenge the prover needs to respond to.- Read upRead up
- Exclude checks
Line length Open
Open
The respective implementations of the homomorphic ElGamal cryptosystem using distributed keys and non-interactive zero-knowledge proofs of knowledge can be found here: [Finite Fields](src/ff-elgamal) and [Elliptic Curves](src/ec-elgamal)- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
4. Encode the message `m`: `mh = g^m mod p`- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
2. `E(m1) * E(m2) = (g^(r1+r2), h^(r1+r2) * g^(m1+m2)) = E(m1 + m2)`- Read upRead up
- Exclude checks
Line length Open
Open
As shown above, the library can be used with a single key pair `(sk, h)`. To use the system with not only one but multiple parties (each party `i` having its own key pair `(sk_i, h_i)`), the key generation and decryption algorithms need to be adjusted. The encryption step however stays the same.- Read upRead up
- Exclude checks
Line length Open
Open
`src/ec-elgamal` uses the **curve25519** in Weierstrass form, which is not yet supported by the `elliptic` package used in this project to operate on elliptic curves. Since the required pull request has not been merged yet, this curve is manually added to the elliptic library.- Read upRead up
- Exclude checks
Line length Open
Open
[8] Feng Hao: **Schnorr Non-interactive Zero-Knowledge Proof.** RFC 8235: 1-13 (2017) - [RFC](https://tools.ietf.org/html/rfc8235), [PDF](https://tools.ietf.org/pdf/rfc8235.pdf), [dblp](https://dblp.org/rec/journals/rfc/rfc8235)- Read upRead up
- Exclude checks
Line length Open
Open
- **Non-Interactive Zero-Knowledge Proofs of Knowledge**: Proof of secret key knowledge and vote and decryption correctness- Read upRead up
- Exclude checks
Line length Open
Open
3. Create a new version using `npm version [<newversion> | major | minor | patch] -m "Upgarde to %s for...`- Read upRead up
- Exclude checks
Line length Open
Open
[1] Ronald Cramer, Rosario Gennaro, Berry Schoenmakers: **A secure and optimally efficient multi-authority election scheme.** European Transactions on Telecommunications 8(5): 481-490 (1997) - [PDF](https://www.win.tue.nl/~berry/papers/euro97.pdf), [dblp](https://dblp.org/rec/journals/ett/CramerGS97.html)- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
2. Compute `s^(-1)` (multiplicative inverse of s)- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
3. Create a new version using `npm version [<newversion> | major | minor | patch] -m "Upgarde to %s for...`- Read upRead up
- Exclude checks
Line length Open
Open
The Chaum-Pedersen Proof [7] is used for proving that the decryption (`m = (a^sk)^-1 * b` with cipher (`a`, `b`)) was done using the corresponding private key `sk` to the public key `h = g^sk` used for the encryption. It is a proof of discrete logarithm equality of `log_g(g^sk) = log_h(h^r)`.- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
3. `E(m3) = E(m1 + m2) = (E(m1)_a * E(m2)_a, E(m1)_b * E(m2)_b)`- Read upRead up
- Exclude checks
Line length Open
Open
If you'd like to have a more detailed explanation of the cryptography (encryption & proofs) used in this library (project), please have a look at our [report](report.pdf).- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
2. You can authenticate to GitHub Packages with npm by either editing your per-user `~/.npmrc` file to include your personal access token or by logging in to npm on the command line using your username and personal access token.- Read upRead up
- Exclude checks
Line length Open
Open
2.1. To authenticate with your personal access token include the following line in your `~/.npmrc` file:- Read upRead up
- Exclude checks
Line length Open
Open
- **Note.** The command will only work if the repository is clean. No uncommited changes.- Read upRead up
- Exclude checks
Line length Open
Open
[9] David Bernhard, Bogdan Warinschi: **Cryptographic Voting - A Gentle Introduction.** IACR Cryptology ePrint Archive 2016: 765 (2016) - [PDF](https://eprint.iacr.org/2016/765.pdf), [dblp](https://dblp.org/rec/journals/iacr/BernhardW16)- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
3. `d_i = a^sk_i mod p` with cipher `(a, b)`- Read upRead up
- Exclude checks
Line length Open
Open
The library is divided into two parts: [Finite Fields](src/ff-elgamal) and [Elliptic Curves](src/ec-elgamal). Both parts mainly consist of the following modules:- Read upRead up
- Exclude checks
Line length Open
Open
[5] Mihir Bellare, Phillip Rogaway: **Random Oracles are Practical: A Paradigm for Designing Efficient Protocols.** ACM Conference on Computer and Communications Security 1993: 62-73 - [PDF](https://cseweb.ucsd.edu/~mihir/papers/ro.pdf), [dblp]( https://dblp.org/rec/conf/ccs/BellareR93)- Read upRead up
- Exclude checks
Line length Open
Open
[6] Claus-Peter Schnorr: **Efficient Signature Generation by Smart Cards.** J. Cryptology 4(3): 161-174 (1991) - [PDF](https://www.researchgate.net/profile/Claus_Schnorr/publication/227088517_Efficient_signature_generation_by_smart_cards/links/0046353849579ce09c000000/Efficient-signature-generation-by-smart-cards.pdf), [dblp](ttps://dblp.org/rec/journals/joc/Schnorr91)- Read upRead up
- Exclude checks
Line length Open
Open
The encrypted message is created as before (see 1). Due to 2, encrypted messages can be added as show in 3.- Read upRead up
- Exclude checks
Line length Open
Open
After the (distributed) key generation as described above, the Schnorr Proof [8] is used to prove that a party knows the corresponding secret key `sk` to the published public key `h = g^sk`. It is a proof of knowledge of a discrete logarithm of `sk = log_g(g^sk)`.- Read upRead up
- Exclude checks
Line length Open
Open
`npm install` will automatically run `copyCustomCurve.sh` in it's `"postinstall"` task.- Read upRead up
- Exclude checks
Line length Open
Open
[3] Amos Fiat, Adi Shamir: **How to Prove Yourself: Practical Solutions to Identification and Signature Problems.** CRYPTO 1986: 186-194 - [PDF](https://link.springer.com/content/pdf/10.1007%2F3-540-47721-7_12.pdf), [dblp](https://dblp.uni-trier.de/rec/html/conf/crypto/FiatS86)- Read upRead up
- Exclude checks
Inline HTML Open
Open
The ElGamal cryptosystem [2] is a public key cryptosystem defined over cyclic groups and is based on the difficulty of finding the discrete logarithm. This library uses cyclic groups and their modulo operations. To make the system safe, it uses a multiplicative prime-order group Z<sub>P</sub><sup>*</sup> where `p = 2*q + 1` and `q` are both prime numbers and `p` needs to be chosen very large.- Read upRead up
- Exclude checks
Line length Open
Open
> _A cryptographic library developed for electronic voting using TypeScript. It includes an implementation of the ElGamal cryptosystem using finite fields and elliptic curves combined with non-interactive zero-knowledge proofs of knowledge and distributed key generation._- Read upRead up
- Exclude checks
Line length Open
Open
The ElGamal cryptosystem [2] is a public key cryptosystem defined over cyclic groups and is based on the difficulty of finding the discrete logarithm. This library uses cyclic groups and their modulo operations. To make the system safe, it uses a multiplicative prime-order group Z<sub>P</sub><sup>*</sup> where `p = 2*q + 1` and `q` are both prime numbers and `p` needs to be chosen very large.- Read upRead up
- Exclude checks
Line length Open
Open
This library uses a setting where `n` out of `n` keys need to be present for decrypting a cipher [9]. To create a key pair, each party `1 <= i <= n` individually picks a secret key and generates the public key as shown before (see 1). All the public keys are then combined to one public key used for encryption (see 2). To decrypt a cipher, two steps are needed. First, each party uses its private key `sk_i` to create a decrypted share `d_i` (see 3). Then, these shares are combined to get the plaintext `m` (see 4).- Read upRead up
- Exclude checks
Line length Open
Open
Such interactive proof systems can be made non-interactive by applying the Fiat-Shamir heuristic [3] by using a cryptographic hash function as a random oracle for computing the challenge of the verifier. According to [4], the Fiat-Shamir transformation is "weak" (e.g., under certain circumstances, a proof might be verified correctly even the initial commitment was tapered with) when only the commitment is hashed (as described in [5]). However, it is considered "strong" [4], if the statement to be proved is also hashed (as suggested in [5, 6]). Thus, this library hashes both the statement to be proved and the commitment when generating the challenge.- Read upRead up
- Exclude checks
Line length Open
Open
1. You need a personal access token to publish, install, and delete packages in GitHub Packages. The personal access token requires the following scopes: `read:packages, write:packages`.- Read upRead up
- Exclude checks
Line length Open
Open
By default, GitHub Packages publishes a package in the GitHub repository you specify in the name field of the `package.json` file. For example, you would publish this package named `@meck93/evote-crypto` to the meck93/evote-crypto GitHub repository.- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
4. `m = b / (d_1 * ... * d_i * ... * d_n) mod p` (where `x/y = x*y^-1` with `y^-1` being the multiplicative inverse of `y`)- Read upRead up
- Exclude checks
Ordered list item prefix Open
Open
2. Add the following line to your `package.json`.- Read upRead up
- Exclude checks
Line length Open
Open
The Fiat-Shamir transformation is applied to the Schnorr [6], Chaum Pedersen [7], and Disjuntive Chaum-Pedersen protocols as depicted in the following sections.- Read upRead up
- Exclude checks
Line length Open
Open
> _**This material is provided "as is", with absolutely no warranty expressed or implied. Any use is at your own risk.**_- Read upRead up
- Exclude checks
Line length Open
Open
4. `m = b / (d_1 * ... * d_i * ... * d_n) mod p` (where `x/y = x*y^-1` with `y^-1` being the multiplicative inverse of `y`)- Read upRead up
- Exclude checks
Line length Open
Open
This is done via the script `copyCustomCurve.sh`. **You should not have to run this manually**.- Read upRead up
- Exclude checks
Line length Open
Open
2. You can authenticate to GitHub Packages with npm by either editing your per-user `~/.npmrc` file to include your personal access token or by logging in to npm on the command line using your username and personal access token.- Read upRead up
- Exclude checks
Line length Open
Open
[2] Taher El Gamal: **A public key cryptosystem and a signature scheme based on discrete logarithms.** IEEE Trans. Information Theory 31(4): 469-472 (1985) - [PDF](https://caislab.kaist.ac.kr/lecture/2010/spring/cs548/basic/B02.pdf), [dblp](https://dblp.uni-trier.de/rec/html/journals/tit/Elgamal85)- Read upRead up
- Exclude checks
Line length Open
Open
[4] David Bernhard, Olivier Pereira, Bogdan Warinschi: **How not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios.** IACR Cryptology ePrint Archive 2016: 771 (2016) - [PDF](https://eprint.iacr.org/2016/771.pdf), [dblp](https://dblp.org/rec/journals/iacr/BernhardPW16)- Read upRead up
- Exclude checks
Line length Open
Open
[7] David Chaum, Torben P. Pedersen: **Wallet Databases with Observers.** CRYPTO 1992: 89-105 - [PDF](https://www.chaum.com/publications/Wallet_Databases.pdf), [dblp](https://dblp.org/rec/conf/crypto/ChaumP92)- Read upRead up
- Exclude checks
Inline HTML Open
Open
The ElGamal cryptosystem [2] is a public key cryptosystem defined over cyclic groups and is based on the difficulty of finding the discrete logarithm. This library uses cyclic groups and their modulo operations. To make the system safe, it uses a multiplicative prime-order group Z<sub>P</sub><sup>*</sup> where `p = 2*q + 1` and `q` are both prime numbers and `p` needs to be chosen very large.- Read upRead up
- Exclude checks
Line length Open
Open
Homomorphic encryption is used to perform computations on ciphertexts (here for addition) as if the computation was executed on plaintexts. This is the reason why `g^m` is used instead of just `m` during the encryption (encoding step).- Read upRead up
- Exclude checks
Line length Open
Open
The Disjunctive Chaum-Pedersen Proof is used for proving that one out of two statements is true without revealing which one is correct. Here, this proof is used to prove that an encrypted vote (0 or 1) is either 0 or 1 while not revealing the vote's actual value.- Read upRead up
- Exclude checks