diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..80a0c3a --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,69 @@ +# Contributing +This library is designed to prototype lattice-based cryptography. Our intent for this library is to be maintained by the community. We encourage anyone to add missing, frequently used features for lattice-based prototyping to this library, and we are happy to help with that process. + +More generally, all contributions such as bugfixes, documentation and tests are welcome. Please go ahead and submit your pull requests. + +## Choosing the right location +The qFALL library is divided into three repositories: [qFALL-math](https://github.com/qfall/math), [qFALL-tools](https://github.com/qfall/tools) and [qFALL-schemes](https://github.com/qfall/schemes). + +Please add new features to one of these repositories, roughly following these guidelines. +- If your feature implements a general mathematical function, then add your code to [qFALL-math](https://github.com/qfall/math). +- If your feature implements a fundamental primitive or shortcut that is commonly used in the construction of lattice-based schemes, e.g., G-trapdoors, then add your code to [qFALL-tools](https://github.com/qfall/tools). +- If you implement a construction, e.g., Kyber, then add your code to [qFALL-schemes](https://github.com/qfall/schemes). + +When in doubt, just submit your pull request to the repository you feel is best suited for your code. We will sort it. + +## Style Guide +Our style guide is based on the [rust standard](https://github.com/rust-lang/rfcs/blob/master/text/0505-api-comment-conventions.md). These rules summarise our style guidelines. +- Every function should be documented. A doc-comment includes a concise description of the function and an example. In case it receives parameters other than `self`, it also includes a description of every parameter, the output type, and behavior. If applicable, it also includes Error and Panic behavior and references to scientific literature. +- If the code of your function is not self-explanatory from your doc-comment, use inline-comments `//` to briefly describe the steps. +- A file should always have the copyright notice at the top, followed by a very brief inner doc-comment to summarise the purpose of this file, grouped up imports, implementations of all features, and finally tests of each feature in a separate test-module with a brief doc-comment for each test. +- Overall, any feature should get a descriptive but concise name s.t. it can be discovered intuitively. +- Code in our library needs to be formatted using `cargo fmt` and satisfy `clippy`'s standards. +- We aim for multiple tests per function, its unforeseen behavior, panic or error-cases to boost confidence in our implementations and ensure that modifications of a function only introduce intended changes of behavior. +- Last but not least, we would like to minimise the number of dependencies of all crates to keep them as slim and quickly compilable as possible. + +## Documentation +The documentation for each crate is available online and it can be generated locally by running the following command in the root directory of this repository. +```bash +cargo doc --open +``` + +Furthermore, here is an example of a doc-comment of a function that follows our guidelines. +```rust +impl Z { + /// Chooses a [`Z`] instance according to the discrete Gaussian distribution + /// in `[center - ⌈6 * s⌉ , center + ⌊6 * s⌋ ]`. + /// + /// This function samples discrete Gaussians according to the definition of + /// SampleZ in [GPV08](https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=d9f54077d568784c786f7b1d030b00493eb3ae35). + /// + /// Parameters: + /// - `n`: specifies the range from which is sampled + /// - `center`: specifies the position of the center with peak probability + /// - `s`: specifies the Gaussian parameter, which is proportional + /// to the standard deviation `sigma * sqrt(2 * pi) = s` + /// + /// Returns new [`Z`] sample chosen according to the specified discrete Gaussian + /// distribution or a [`MathError`] if the specified parameters were not chosen + /// appropriately, i.e. `s < 0`. + /// + /// # Examples + /// ``` + /// use qfall_math::integer::Z; + /// + /// let sample = Z::sample_discrete_gauss(0, 1).unwrap(); + /// ``` + /// + /// # Errors and Failures + /// - Returns a [`MathError`] of type [`InvalidIntegerInput`](MathError::InvalidIntegerInput) + /// if `s < 0`. + /// + /// This function implements SampleZ according to: + /// - \[1\] Gentry, Craig and Peikert, Chris and Vaikuntanathan, Vinod (2008). + /// Trapdoors for hard lattices and new cryptographic constructions. + /// In: Proceedings of the fortieth annual ACM symposium on Theory of computing. + /// + pub fn sample_discrete_gauss(center: impl Into, s: impl Into) -> Result {...} +} +``` diff --git a/Cargo.toml b/Cargo.toml index 5890495..79014b3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,7 +1,15 @@ [package] name = "qfall-schemes" version = "0.1.0" -edition = "2021" +edition = "2024" +rust-version = "1.85" # due to rand and rand_distr dependency +description = "Collection of prototype implementations of lattice-based cryptography" +readme = "README.md" +homepage = "https://qfall.github.io" +repository = "https://github.com/qfall/schemes" +license = "MPL-2.0" +keywords = ["prototype", "lattice", "cryptography"] +categories = ["cryptography", "mathematics", "development-tools::build-utils", "development-tools::testing", "development-tools::profiling"] autobenches = false # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/README.md b/README.md index 95efff6..077955f 100644 --- a/README.md +++ b/README.md @@ -1,71 +1,118 @@ # qFALL-schemes +[github](https://github.com/qfall/schemes) +[crates.io](https://crates.io/crates/qfall-schemes) +[docs.rs](https://docs.rs/qfall-schemes) +[tutorial](https://qfall.github.io/book) +[build](https://github.com/qfall/schemes/actions/workflows/push.yml) +[license](https://github.com/qfall/schemes/blob/dev/LICENSE) -[![made-with-rust](https://img.shields.io/badge/Made%20with-Rust-1f425f.svg)](https://www.rust-lang.org/) -[![CI](https://github.com/qfall/schemes/actions/workflows/push.yml/badge.svg?branch=dev)](https://github.com/qfall/schemes/actions/workflows/pull_request.yml) -[![License: MPL 2.0](https://img.shields.io/badge/License-MPL_2.0-brightgreen.svg)](https://opensource.org/licenses/MPL-2.0) +`qFALL` is a prototyping library for lattice-based cryptography. +This `schemes`-crate collects implementations of lattice-based constructions s.t. anyone can audit, modify, extend, or build on top of them to prototype more involved constructions or protocols. -This repository is currently being developed by the project group [qFALL - quantum resistant fast lattice library](https://cs.uni-paderborn.de/cuk/lehre/veranstaltungen/ws-2022-23/project-group-qfall) in the winter term 2022 and summer term 2023 by the Codes and Cryptography research group in Paderborn. +## Quick-Start +First, ensure that you use a Unix-like distribution (Linux or MacOS). Setup [WSL](https://learn.microsoft.com/en-us/windows/wsl/install) if you're using Windows. This is required due to this crate's dependency on FLINT. +Then, make sure your `rustc --version` is `1.85` or newer. -The main objective of this project is to provide researchers and students with the possibility to easily and quickly prototype (lattice-based) cryptography. +Furthermore, it's required that `m4`, a C-compiler such as `gcc`, and `make` are installed. +```bash +sudo apt-get install m4 gcc make +``` +Then, add you can add this crate to your project by executing the following command. +```bash +cargo add qfall-schemes +``` +- Find further information on [our website](https://qfall.github.io/). Also check out [`qfall-math`](https://crates.io/crates/qfall-math) and [`qfall-tools`](https://crates.io/crates/qfall-tools). +- Read the [documentation of this crate](https://docs.rs/qfall-schemes). +- We recommend [our tutorial](https://qfall.github.io/book) to start working with qFALL. -## Disclaimer +## What does qFALL-schemes offer? +qFALL-schemes collects prototype implementations of lattice-based constructions to audit, modify, extend, and reuse them more easily in more involved constructions or protocols. + +List of prototypes +- [Public Key Encryption](https://docs.rs/qfall-schemes/latest/qfall_schemes/pk_encryption/index.html) + - [LWE Encryption](https://docs.rs/qfall-schemes/latest/qfall_schemes/pk_encryption/struct.Regev.html) + - [Dual LWE Encryption](https://docs.rs/qfall-schemes/latest/qfall_schemes/pk_encryption/struct.DualRegev.html) + - [LPR Encryption](https://docs.rs/qfall-schemes/latest/qfall_schemes/pk_encryption/struct.LPR.html) + - [Ring-based LPR Encryption](https://docs.rs/qfall-schemes/latest/qfall_schemes/pk_encryption/struct.RingLPR.html) + - [K-PKE](https://docs.rs/qfall-schemes/latest/qfall_schemes/pk_encryption/struct.KPKE.html), which is the foundation of [CRYSTALS-Kyber](https://pq-crystals.org/kyber/) and [ML-KEM](https://csrc.nist.gov/pubs/fips/203/final) + - [CCA-secure Encryption](https://docs.rs/qfall-schemes/latest/qfall_schemes/pk_encryption/struct.CCSfromIBE.html) +- [Signatures](https://docs.rs/qfall-schemes/latest/qfall_schemes/signature/index.html) + - [Full-Domain Hash (FDH)](https://docs.rs/qfall-schemes/latest/qfall_schemes/signature/fdh/struct.FDHGPV.html) + - [Probabilistic FDH (PFDH)](https://docs.rs/qfall-schemes/latest/qfall_schemes/signature/pfdh/struct.PFDHGPV.html) + - [Ring-based FDH](https://docs.rs/qfall-schemes/latest/qfall_schemes/signature/fdh/struct.FDHGPVRing.html) +- [Identity Based Encryption](https://docs.rs/qfall-schemes/latest/qfall_schemes/identity_based_encryption/index.html) + - [From Dual LWE Encryption](https://docs.rs/qfall-schemes/latest/qfall_schemes/identity_based_encryption/struct.DualRegevIBE.html) +- [Hash Functions](https://docs.rs/qfall-schemes/latest/qfall_schemes/hash/index.html) + - [SIS-Hash Function](https://docs.rs/qfall-schemes/latest/qfall_schemes/hash/struct.SISHash.html) + - [SHA-256-based Hash](https://docs.rs/qfall-schemes/latest/qfall_schemes/hash/sha256/index.html) + +## Quick Examples +Kyber's Public-Key Encryption +```rust +use qfall_schemes::pk_encryption::{KPKE, PKEncryptionScheme}; +use qfall_math::integer::Z; + +// setup public parameters +let k_pke = KPKE::ml_kem_512(); + +// generate (pk, sk) pair +let (pk, sk) = k_pke.key_gen(); + +// encrypt a message +let msg = Z::from_utf8("Hello"); +let cipher = k_pke.enc(&pk, &msg); + +// decrypt the ciphertext +let m = k_pke.dec(&sk, &cipher); + +assert_eq!(msg, m); +``` -Currently, we are in the development phase and interfaces might change. -Feel free to check out the current progress, but be aware, that the content will -change in the upcoming weeks and months. An official release will most likely be published in the second half of 2023. +GPV-based Probabilistic Full-Domain Hash +```rust +use qfall_schemes::signature::{pfdh::PFDHGPV, SignatureScheme}; -## Quick-Start +let mut pfdh = PFDHGPV::setup(4, 113, 17, 128); -Please refer to [our website](https://qfall.github.io/) as central information point. +let msg = "Hello World!"; -To install and add our library to your project, please refer to [our tutorial](https://qfall.github.io/book/index.html). -It provides a step-by-step guide to install the required libraries and gives further insights in the usage of our crates. +let (pk, sk) = pfdh.key_gen(); +let sigma = pfdh.sign(msg.clone(), &sk, &pk); -## What does qFALL-schemes offer? +assert!(pfdh.vfy(msg.clone(), &sigma, &pk)); +``` -qFALL-schemes offers a variety of implementations of cryptographic schemes, constructions, and primitives. -We provide a brief overview in the following list. -For a more detailed description, please refer to [our tutorial section](https://qfall.github.io/book/crypto/features.html). - -Constructions - -- [Public Key Encryption](https://github.com/qfall/schemes/blob/dev/src/pk_encryption.rs) - - [LWE Encryption](https://github.com/qfall/schemes/blob/dev/src/pk_encryption/regev.rs) - - [Dual LWE Encryption](https://github.com/qfall/schemes/blob/dev/src/pk_encryption/dual_regev.rs) - - [LPR Encryption](https://github.com/qfall/schemes/blob/dev/src/pk_encryption/lpr.rs) - - [Ring-based LPR Encryption](https://github.com/qfall/schemes/blob/dev/src/pk_encryption/ring_lpr.rs) - - [Prototype of K-PKE](https://github.com/qfall/schemes/blob/dev/src/pk_encryption/k_pke.rs), which is the foundation of [CRYSTALS-Kyber](https://pq-crystals.org/kyber/) and [ML-KEM](https://csrc.nist.gov/pubs/fips/203/final) - - [CCA-secure Encryption](https://github.com/qfall/schemes/blob/dev/src/pk_encryption/ccs_from_ibe.rs) -- [Signatures](https://github.com/qfall/schemes/blob/dev/src/signature.rs) - - [Full-Domain Hash (FDH)](https://github.com/qfall/schemes/blob/dev/src/signature/fdh.rs) - - [Probabilistic FDH (PFDH)](https://github.com/qfall/schemes/blob/dev/src/signature/pfdh.rs) - - [Ring-based FDH](https://github.com/qfall/schemes/blob/dev/src/signature/fdh/gpv_ring.rs) -- [Identity Based Encryption](https://github.com/qfall/schemes/blob/dev/src/identity_based_encryption.rs) - - [From Dual LWE Encryption](https://github.com/qfall/schemes/blob/dev/src/identity_based_encryption/dual_regev_ibe.rs) -- [Hash Functions](https://github.com/qfall/schemes/blob/dev/src/hash.rs) - - [SIS-Hash Function](https://github.com/qfall/schemes/blob/dev/src/hash/sis.rs) - - [SHA-256-based Hash](https://github.com/qfall/schemes/blob/dev/src/hash/sha256.rs) +## SemVer and Backward Compatibility +As initial implementations of traits and prototypes can sometimes be optimized by changing the API, we give no API/interface stability guarantees for this crate. +We try to be mindful but we may reorganize code without warning in advance. +Therefore, it is recommended to fix the used version `version = "=x.y.z"` in your `Cargo.toml`. -## License +## Bugs +Please report bugs through the [GitHub issue tracker](https://github.com/qfall/schemes/issues). -This library is distributed under the **Mozilla Public License Version 2.0** which can be found here [License](https://github.com/qfall/schemes/blob/dev/LICENSE). -Permissions of this weak copyleft license are conditioned on making available source code of licensed files and modifications of those files under the same license (or in certain cases, one of the GNU licenses). Copyright and license notices must be preserved. Contributors provide an express grant of patent rights. However, a larger work using the licensed work may be distributed under different terms and without source code for files added in the larger work. +## Contributions +Contributors are: +- Marvin Beckmann +- Phil Milewski +- Jan Niklas Siemer -## Citing +A few reasons to merge your prototype into qFALL-schemes. +- In case of API changes, a version update of Rust or adapted formatting requirements, prototypes in this crate be kept executable and up-to-date. +- qFALL may benefit from your contribution as most prototypes are built with some optimisation in mind. We may consider integrating your optimisation into [`qfall-math`](https://crates.io/crates/qfall-math) and [`qfall-tools`](https://crates.io/crates/qfall-tools). +- We ensure that prototypes are properly formatted, modularised, and documented before merging s.t. prototypes yield a reusable resource to the community. +- Researchers and developers may benefit from the public exposure of their prototype (and the often associated paper). -Please use the following bibtex entry to cite [qFALL-schemes](https://github.com/qfall/schemes): +See [Contributing](https://github.com/qfall/schemes/blob/dev/CONTRIBUTING.md) for details on how to contribute. +## Citing +Please use the following bibtex entry to cite [qFALL](https://qfall.github.io). ```text -@misc{qFALL-schemes, - author = {Porzenheim, Laurens and Beckmann, Marvin and Kramer, Paul and Milewski, Phil and Moog, Sven and Schmidt, Marcel and Siemer, Niklas}, - title = {qFALL-schemes v0.0}, - howpublished = {Online: \url{https://github.com/qfall/schemes}}, - month = Mar, - year = 2023, - note = {University Paderborn, Codes and Cryptography} -} +TODO: Update to eprint ``` -## Get in Touch +## Dependencies +This project is based on [qfall-math](https://crates.io/crates/qfall-math) and [qfall-tools](https://crates.io/crates/qfall-tools), which build on top of the C-based, optimised math-library [FLINT](https://flintlib.org/). We utilise [serde](https://crates.io/crates/serde) and [serde_json](https://crates.io/crates/serde_json) to (de-)serialize objects to and from JSON. This crate relies on [criterion](https://crates.io/crates/criterion) for benchmarking purposes. An extensive list can be found in our `Cargo.toml` file. -One can contact the members of the project group with our mailing list `pg-qfall(at)lists.upb.de`. +## License +This library is distributed under the [Mozilla Public License Version 2.0](https://github.com/qfall/schemes/blob/dev/LICENSE). +Permissions of this weak copyleft license are conditioned on making the source code of licensed files and modifications of those files available under the same license (or in certain cases, under one of the GNU licenses). Copyright and license notices must be preserved. Contributors provide an express grant of patent rights. However, a larger work using the licensed work may be distributed under different terms and without source code for files added to the larger work. diff --git a/benches/k_pke.rs b/benches/k_pke.rs index 4925a1b..862c526 100644 --- a/benches/k_pke.rs +++ b/benches/k_pke.rs @@ -7,12 +7,12 @@ // Mozilla Foundation. See . use criterion::*; -use qfall_schemes::pk_encryption::PKEncryptionScheme; use qfall_schemes::pk_encryption::KPKE; +use qfall_schemes::pk_encryption::PKEncryptionScheme; -/// Performs a full-cycle of gen, enc, dec with [`KPKE`]. +/// Performs a full-cycle of key_gen, enc, dec with [`KPKE`]. fn kpke_cycle(k_pke: &KPKE) { - let (pk, sk) = k_pke.gen(); + let (pk, sk) = k_pke.key_gen(); let cipher = k_pke.enc(&pk, 1); let _ = k_pke.dec(&sk, &cipher); } @@ -29,17 +29,17 @@ fn bench_kpke_cycle_512(c: &mut Criterion) { c.bench_function("K-PKE cycle 512", |b| b.iter(|| kpke_cycle(&k_pke))); } -/// Benchmark [KPKE::gen] with [KPKE::ml_kem_512]. +/// Benchmark [KPKE::key_gen] with [KPKE::ml_kem_512]. fn bench_kpke_gen_512(c: &mut Criterion) { let k_pke = KPKE::ml_kem_512(); - c.bench_function("K-PKE gen 512", |b| b.iter(|| k_pke.gen())); + c.bench_function("K-PKE key_gen 512", |b| b.iter(|| k_pke.key_gen())); } /// Benchmark [KPKE::enc] with [KPKE::ml_kem_512]. fn bench_kpke_enc_512(c: &mut Criterion) { let k_pke = KPKE::ml_kem_512(); - let (pk, _) = k_pke.gen(); + let (pk, _) = k_pke.key_gen(); let msg = i64::MAX; c.bench_function("K-PKE enc 512", |b| b.iter(|| k_pke.enc(&pk, msg))); @@ -48,7 +48,7 @@ fn bench_kpke_enc_512(c: &mut Criterion) { /// Benchmark [KPKE::dec] with [KPKE::ml_kem_512]. fn bench_kpke_dec_512(c: &mut Criterion) { let k_pke = KPKE::ml_kem_512(); - let (pk, sk) = k_pke.gen(); + let (pk, sk) = k_pke.key_gen(); let cipher = k_pke.enc(&pk, i64::MAX); c.bench_function("K-PKE dec 512", |b| { @@ -72,17 +72,17 @@ fn bench_kpke_cycle_768(c: &mut Criterion) { c.bench_function("K-PKE cycle 768", |b| b.iter(|| kpke_cycle(&k_pke))); } -/// Benchmark [KPKE::gen] with [KPKE::ml_kem_768]. +/// Benchmark [KPKE::key_gen] with [KPKE::ml_kem_768]. fn bench_kpke_gen_768(c: &mut Criterion) { let k_pke = KPKE::ml_kem_768(); - c.bench_function("K-PKE gen 768", |b| b.iter(|| k_pke.gen())); + c.bench_function("K-PKE key_gen 768", |b| b.iter(|| k_pke.key_gen())); } /// Benchmark [KPKE::enc] with [KPKE::ml_kem_768]. fn bench_kpke_enc_768(c: &mut Criterion) { let k_pke = KPKE::ml_kem_768(); - let (pk, _) = k_pke.gen(); + let (pk, _) = k_pke.key_gen(); let msg = i64::MAX; c.bench_function("K-PKE enc 768", |b| b.iter(|| k_pke.enc(&pk, msg))); @@ -91,7 +91,7 @@ fn bench_kpke_enc_768(c: &mut Criterion) { /// Benchmark [KPKE::dec] with [KPKE::ml_kem_768]. fn bench_kpke_dec_768(c: &mut Criterion) { let k_pke = KPKE::ml_kem_768(); - let (pk, sk) = k_pke.gen(); + let (pk, sk) = k_pke.key_gen(); let cipher = k_pke.enc(&pk, i64::MAX); c.bench_function("K-PKE dec 768", |b| { @@ -115,17 +115,17 @@ fn bench_kpke_cycle_1024(c: &mut Criterion) { c.bench_function("K-PKE cycle 1024", |b| b.iter(|| kpke_cycle(&k_pke))); } -/// Benchmark [KPKE::gen] with [KPKE::ml_kem_1024]. +/// Benchmark [KPKE::key_gen] with [KPKE::ml_kem_1024]. fn bench_kpke_gen_1024(c: &mut Criterion) { let k_pke = KPKE::ml_kem_1024(); - c.bench_function("K-PKE gen 1024", |b| b.iter(|| k_pke.gen())); + c.bench_function("K-PKE key_gen 1024", |b| b.iter(|| k_pke.key_gen())); } /// Benchmark [KPKE::enc] with [KPKE::ml_kem_1024]. fn bench_kpke_enc_1024(c: &mut Criterion) { let k_pke = KPKE::ml_kem_1024(); - let (pk, _) = k_pke.gen(); + let (pk, _) = k_pke.key_gen(); let msg = i64::MAX; c.bench_function("K-PKE enc 1024", |b| b.iter(|| k_pke.enc(&pk, msg))); @@ -134,7 +134,7 @@ fn bench_kpke_enc_1024(c: &mut Criterion) { /// Benchmark [KPKE::dec] with [KPKE::ml_kem_1024]. fn bench_kpke_dec_1024(c: &mut Criterion) { let k_pke = KPKE::ml_kem_1024(); - let (pk, sk) = k_pke.gen(); + let (pk, sk) = k_pke.key_gen(); let cipher = k_pke.enc(&pk, i64::MAX); c.bench_function("K-PKE dec 1024", |b| { diff --git a/benches/pfdh.rs b/benches/pfdh.rs index 5dcc793..ba1c5d3 100644 --- a/benches/pfdh.rs +++ b/benches/pfdh.rs @@ -6,8 +6,8 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -use criterion::{criterion_group, Criterion}; -use qfall_schemes::signature::{pfdh::PFDHGPV, SignatureScheme}; +use criterion::{Criterion, criterion_group}; +use qfall_schemes::signature::{SignatureScheme, pfdh::PFDHGPV}; /// Performs a full instantiation with an additional signing and verifying of a signature. fn pfdh_cycle(n: i64) { @@ -15,7 +15,7 @@ fn pfdh_cycle(n: i64) { let m = "Hello World!"; - let (pk, sk) = pfdh.gen(); + let (pk, sk) = pfdh.key_gen(); let sigma = pfdh.sign(m.to_owned(), &sk, &pk); pfdh.vfy(m.to_owned(), &sigma, &pk); @@ -50,7 +50,7 @@ fn bench_pfdh_signature(c: &mut Criterion) { let m = "Hello World!"; - let (pk, sk) = pfdh.gen(); + let (pk, sk) = pfdh.key_gen(); c.bench_function("Signing PFDH n=8", |b| { b.iter(|| pfdh.sign(m.to_owned(), &sk, &pk)) diff --git a/benches/regev.rs b/benches/regev.rs index 10635a4..246e2c9 100644 --- a/benches/regev.rs +++ b/benches/regev.rs @@ -11,12 +11,12 @@ use qfall_math::integer::Z; use qfall_schemes::pk_encryption::PKEncryptionScheme; use qfall_schemes::pk_encryption::Regev; -/// Performs a full-cycle of gen, enc, dec with regev. +/// Performs a full-cycle of key_gen, enc, dec with regev. fn regev_cycle(n: i64) { let msg = Z::ONE; let regev = Regev::new_from_n(n); - let (pk, sk) = regev.gen(); + let (pk, sk) = regev.key_gen(); let cipher = regev.enc(&pk, &msg); let _ = regev.dec(&sk, &cipher); } diff --git a/src/hash.rs b/src/hash.rs index cfe7d6d..ff3013f 100644 --- a/src/hash.rs +++ b/src/hash.rs @@ -6,9 +6,9 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains implementations of hash functions. +//! Contains traits and implementations related to hash functions. //! -//! The main references are listed in the following: +//! References: //! - \[1\] Peikert, Chris (2016). //! A decade of lattice cryptography. //! In: Theoretical Computer Science 10.4. diff --git a/src/hash/sha256.rs b/src/hash/sha256.rs index 1a6c8a3..f9005d5 100644 --- a/src/hash/sha256.rs +++ b/src/hash/sha256.rs @@ -6,7 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains sha256 hashes into different domains. +//! Contains sha256-based hashes that hash into different domains. use super::HashInto; use qfall_math::traits::FromCoefficientEmbedding; @@ -260,7 +260,7 @@ impl HashInto for HashMatPolynomialRingZq { #[cfg(test)] mod tests_sha { - use super::{hash_to_mat_zq_sha256, hash_to_zq_sha256, sha256, Z}; + use super::{Z, hash_to_mat_zq_sha256, hash_to_zq_sha256, sha256}; use qfall_math::{ integer_mod_q::{MatZq, Zq}, traits::{Distance, Pow}, diff --git a/src/hash/sis.rs b/src/hash/sis.rs index 616e570..41ca51c 100644 --- a/src/hash/sis.rs +++ b/src/hash/sis.rs @@ -6,8 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains an implementation of the collision-resistant -//! SIS-based hash function. +//! Contains an implementation of the collision-resistant SIS hash function. use qfall_math::{error::MathError, integer::Z, integer_mod_q::MatZq, traits::MatrixDimensions}; use serde::{Deserialize, Serialize}; @@ -28,7 +27,7 @@ use serde::{Deserialize, Serialize}; /// use qfall_schemes::hash::SISHash; /// use qfall_math::integer_mod_q::MatZq; /// // setup public parameters and key pair -/// let hash = SISHash::gen(5, 18, 11).unwrap(); +/// let hash = SISHash::key_gen(5, 18, 11).unwrap(); /// /// // check provable collision-resistance of hash /// assert!(hash.check_security().is_ok()); @@ -61,13 +60,13 @@ impl SISHash { /// ``` /// use qfall_schemes::hash::SISHash; /// - /// let hash = SISHash::gen(5, 18, 11).unwrap(); + /// let hash = SISHash::key_gen(5, 18, 11).unwrap(); /// ``` /// /// # Errors and Failures /// - Returns a [`MathError`] of type [`InvalidIntegerInput`](MathError::InvalidIntegerInput) /// if `n <= 0`. - pub fn gen(n: impl Into, m: impl Into, q: impl Into) -> Result { + pub fn key_gen(n: impl Into, m: impl Into, q: impl Into) -> Result { let n: Z = n.into(); let m: Z = m.into(); let q: Z = q.into(); @@ -93,7 +92,7 @@ impl SISHash { /// # Examples /// ``` /// use qfall_schemes::hash::SISHash; - /// let hash = SISHash::gen(5, 18, 11).unwrap(); + /// let hash = SISHash::key_gen(5, 18, 11).unwrap(); /// /// assert!(hash.check_security().is_ok()); /// ``` @@ -139,7 +138,7 @@ impl SISHash { /// use qfall_schemes::hash::SISHash; /// use qfall_math::integer_mod_q::MatZq; /// use std::str::FromStr; - /// let hash = SISHash::gen(1, 3, 7).unwrap(); + /// let hash = SISHash::key_gen(1, 3, 7).unwrap(); /// let value = MatZq::from_str("[[1],[2],[3]] mod 7").unwrap(); /// /// hash.hash(&value); @@ -166,9 +165,9 @@ mod test_gen { /// Checks whether too small chosen `n` results in an error. #[test] fn invalid_n() { - let res_0 = SISHash::gen(0, 2, 2); - let res_1 = SISHash::gen(-1, 2, 2); - let res_2 = SISHash::gen(i64::MIN, 2, 2); + let res_0 = SISHash::key_gen(0, 2, 2); + let res_1 = SISHash::key_gen(-1, 2, 2); + let res_2 = SISHash::key_gen(i64::MIN, 2, 2); assert!(res_0.is_err()); assert!(res_1.is_err()); @@ -178,9 +177,9 @@ mod test_gen { /// Checks whether too small chosen `m` results in an error in the security check. #[test] fn insecure_m() { - let res_0 = SISHash::gen(1, 1, 4).unwrap(); - let res_1 = SISHash::gen(2, 2, 2).unwrap(); - let res_2 = SISHash::gen(4, 5, i64::MAX).unwrap(); + let res_0 = SISHash::key_gen(1, 1, 4).unwrap(); + let res_1 = SISHash::key_gen(2, 2, 2).unwrap(); + let res_2 = SISHash::key_gen(4, 5, i64::MAX).unwrap(); assert!(res_0.check_security().is_err()); assert!(res_1.check_security().is_err()); @@ -190,8 +189,8 @@ mod test_gen { /// Checks whether too small chosen `q` results in an error in the security check. #[test] fn insecure_q() { - let res_0 = SISHash::gen(10, 50, 6).unwrap(); - let res_1 = SISHash::gen(5, 50, 4).unwrap(); + let res_0 = SISHash::key_gen(10, 50, 6).unwrap(); + let res_1 = SISHash::key_gen(5, 50, 4).unwrap(); assert!(res_0.check_security().is_err()); assert!(res_1.check_security().is_err()); @@ -200,7 +199,7 @@ mod test_gen { /// Ensures that a working example returns a proper instance. #[test] fn working_example() { - let hash = SISHash::gen(5, 18, 11).unwrap(); + let hash = SISHash::key_gen(5, 18, 11).unwrap(); assert!(hash.check_security().is_ok()); assert_eq!(5, hash.key.get_num_rows()); @@ -211,12 +210,12 @@ mod test_gen { /// Ensures that the expected availability is provided. #[test] fn availability() { - let _ = SISHash::gen(4i8, 4i8, 4i8); - let _ = SISHash::gen(4i8, 4i16, 4i32); - let _ = SISHash::gen(4u8, 4i64, 4u16); - let _ = SISHash::gen(4u64, 4u32, 4); - let _ = SISHash::gen(Z::ONE, 4i64, 4u16); - let _ = SISHash::gen(Z::ONE, Z::from(2), Z::from(2)); + let _ = SISHash::key_gen(4i8, 4i8, 4i8); + let _ = SISHash::key_gen(4i8, 4i16, 4i32); + let _ = SISHash::key_gen(4u8, 4i64, 4u16); + let _ = SISHash::key_gen(4u64, 4u32, 4); + let _ = SISHash::key_gen(Z::ONE, 4i64, 4u16); + let _ = SISHash::key_gen(Z::ONE, Z::from(2), Z::from(2)); } } @@ -229,7 +228,7 @@ mod test_hash { #[should_panic] #[test] fn not_column_vec() { - let hash = SISHash::gen(1, 3, 7).unwrap(); + let hash = SISHash::key_gen(1, 3, 7).unwrap(); let value = MatZq::new(1, 3, 7); hash.hash(&value); @@ -239,7 +238,7 @@ mod test_hash { #[should_panic] #[test] fn mismatching_dimensions() { - let hash = SISHash::gen(1, 3, 7).unwrap(); + let hash = SISHash::key_gen(1, 3, 7).unwrap(); let value = MatZq::new(4, 1, 7); hash.hash(&value); @@ -249,7 +248,7 @@ mod test_hash { #[should_panic] #[test] fn mismatching_moduli() { - let hash = SISHash::gen(1, 3, 7).unwrap(); + let hash = SISHash::key_gen(1, 3, 7).unwrap(); let value = MatZq::new(3, 1, 8); hash.hash(&value); @@ -258,7 +257,7 @@ mod test_hash { /// Ensures that a working example returns a proper instance. #[test] fn working_example() { - let hash = SISHash::gen(5, 18, 11).unwrap(); + let hash = SISHash::key_gen(5, 18, 11).unwrap(); let value = MatZq::new(18, 1, 11); let res = hash.hash(&value); diff --git a/src/identity_based_encryption.rs b/src/identity_based_encryption.rs index 5606c3e..1c84d0f 100644 --- a/src/identity_based_encryption.rs +++ b/src/identity_based_encryption.rs @@ -6,12 +6,9 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module provides the trait a struct should implement if it is an -//! instance of a identity based public key encryption scheme. Furthermore, -//! it contains cryptographic schemes implementing the [`IBEScheme`] trait. +//! Contains traits and implementations related to Identity-Based Encryption (IBE) schemes. //! -//! The main references are listed in the following -//! and will be further referenced in submodules by these numbers: +//! References: //! - \[1\] Gentry, Craig and Peikert, Chris and Vaikuntanathan, Vinod (2008). //! Trapdoors for hard lattices and new cryptographic constructions. //! In: Proceedings of the fortieth annual ACM symposium on Theory of computing. diff --git a/src/identity_based_encryption/dual_regev_ibe.rs b/src/identity_based_encryption/dual_regev_ibe.rs index 78cf26e..dde4ecc 100644 --- a/src/identity_based_encryption/dual_regev_ibe.rs +++ b/src/identity_based_encryption/dual_regev_ibe.rs @@ -6,9 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains an implementation of the IND-CPA secure -//! identity based public key encryption scheme. The encryption scheme is based -//! on [`DualRegevIBE`]. +//! Contains an implementation of the IND-CPA secure IBE scheme based on [`DualRegevIBE`]. use super::IBEScheme; use crate::{ @@ -462,7 +460,7 @@ mod test_dual_regev_ibe { DualRegevIBE::new_from_n(1); } - /// Checks whether the full-cycle of gen, extract, enc, dec works properly + /// Checks whether the full-cycle of key_gen, extract, enc, dec works properly /// for message 0 and the default. #[test] fn cycle_zero_default() { @@ -478,7 +476,7 @@ mod test_dual_regev_ibe { assert_eq!(msg, m) } - /// Checks whether the full-cycle of gen, extract, enc, dec works properly + /// Checks whether the full-cycle of key_gen, extract, enc, dec works properly /// for message 1 and the default. #[test] fn cycle_one_default() { @@ -494,7 +492,7 @@ mod test_dual_regev_ibe { assert_eq!(msg, m) } - /// Checks whether the full-cycle of gen, extract, enc, dec works properly + /// Checks whether the full-cycle of key_gen, extract, enc, dec works properly /// for message 0 and small n. #[test] fn cycle_zero_small_n() { @@ -509,7 +507,7 @@ mod test_dual_regev_ibe { assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, extract, enc, dec works properly + /// Checks whether the full-cycle of key_gen, extract, enc, dec works properly /// for message 1 and small n. #[test] fn cycle_one_small_n() { diff --git a/src/lib.rs b/src/lib.rs index 6d324e0..d0600fe 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -6,28 +6,40 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! # What is qFALL-schemes? -//! qFall-schemes provides lattice-based cryptographic constructions to enable prototyping -//! based on the existing constructions. +//! `qFALL` is a prototyping library for lattice-based cryptography. +//! `qFALL-schemes` collects prototype implementations of lattice-based cryptography +//! s.t. anyone can audit, modify, extend, or build on top of them to prototype more involved constructions or protocols. +//! Among these are traits and implemented constructions of: +//! - [Public-Key Encryption schemes](pk_encryption) implementations such as [Regev's Encryption](pk_encryption::Regev), [its dual version](pk_encryption::DualRegev), [LPR](pk_encryption::LPR), or [K-PKE](pk_encryption::KPKE), +//! - [Signature schemes](signature) implementations such as GPV-based [FDH](signature::fdh) or [PFDH](signature::fdh), +//! - an [Identity-based Encryption](identity_based_encryption) from [Dual Regev](identity_based_encryption::DualRegevIBE), as well as +//! - [Hash functions](hash) such as the [SIS hash](hash::SISHash) or a [SHA256-based hash](hash::sha256). //! -//! Currently qFALL-schemes supports 3 main construction types: -//! - [Identity-Based Encryptions](identity_based_encryption::IBEScheme) -//! - [Public-Key Encryptions](pk_encryption::PKEncryptionScheme) -//! - [Signatures](signature::SignatureScheme) +//! The `qFALL` project contains two more crates called [`qFALL-math`](https://crates.io/crates/qfall-math) +//! and [`qFALL-tools`](https://crates.io/crates/qfall-tools) to support prototyping. +//! - Find further information on [our website](https://qfall.github.io/). +//! - We recommend [our tutorial](https://qfall.github.io/book) to start working with qFALL. //! -//! These are identified by traits and then implemented for specific constructions, e.g. -//! [`RingLPR`](pk_encryption::RingLPR). +//! ## Quick Example +//! ``` +//! use qfall_schemes::pk_encryption::{KPKE, PKEncryptionScheme}; +//! use qfall_math::integer::Z; //! -//! qfall-schemes is free software: you can redistribute it and/or modify it under -//! the terms of the Mozilla Public License Version 2.0 as published by the -//! Mozilla Foundation. See . +//! // setup public parameters +//! let k_pke = KPKE::ml_kem_512(); //! -//! ## Tutorial + Website -//! You can find a dedicated [tutorial](https://qfall.github.io/book/index.html) to qFALL-schemes on our [website](https://qfall.github.io/). -//! The tutorial explains the basic steps starting from installation and -//! continues with basic usage. -//! qfall-schemes is co-developed together with qFALL-math and qFALL-tools which provide the -//! foundation that is used to implement the cryptographic constructions. +//! // generate (pk, sk) pair +//! let (pk, sk) = k_pke.key_gen(); +//! +//! // encrypt a message +//! let msg = Z::from_utf8("Hello"); +//! let cipher = k_pke.enc(&pk, &msg); +//! +//! // decrypt the ciphertext +//! let m = k_pke.dec(&sk, &cipher); +//! +//! assert_eq!(msg, m); +//! ``` pub mod hash; pub mod identity_based_encryption; diff --git a/src/pk_encryption.rs b/src/pk_encryption.rs index bd12830..4fc84e2 100644 --- a/src/pk_encryption.rs +++ b/src/pk_encryption.rs @@ -6,12 +6,9 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module provides the trait a struct should implement if it is an -//! instance of a public key encryption scheme. Furthermore, it contains -//! cryptographic schemes implementing the [`PKEncryptionScheme`] or [`PKEncryptionSchemeMut`] trait. +//! Contains traits and implementations related to Public-Key Encryption (PKE) schemes. //! -//! The main references are listed in the following -//! and will be further referenced in submodules by these numbers: +//! References: //! - \[1\] Peikert, Chris (2016). //! A decade of lattice cryptography. //! In: Theoretical Computer Science 10.4. @@ -66,7 +63,7 @@ pub trait PKEncryptionScheme { /// Generates a public key pair `(pk, sk)` suitable for the specific scheme. /// /// Returns a tuple `(pk, sk)` consisting of [`Self::PublicKey`] and [`Self::SecretKey`]. - fn gen(&self) -> (Self::PublicKey, Self::SecretKey); + fn key_gen(&self) -> (Self::PublicKey, Self::SecretKey); /// Encrypts the provided `message` using the public key `pk`. /// @@ -97,7 +94,7 @@ pub trait PKEncryptionSchemeMut { /// Generates a public key pair `(pk, sk)` suitable for the specific scheme. /// /// Returns a tuple `(pk, sk)` consisting of [`Self::PublicKey`] and [`Self::SecretKey`]. - fn gen(&mut self) -> (Self::PublicKey, Self::SecretKey); + fn key_gen(&mut self) -> (Self::PublicKey, Self::SecretKey); /// Encrypts the provided `message` using the public key `pk`. /// diff --git a/src/pk_encryption/ccs_from_ibe.rs b/src/pk_encryption/ccs_from_ibe.rs index 50cc089..597d8df 100644 --- a/src/pk_encryption/ccs_from_ibe.rs +++ b/src/pk_encryption/ccs_from_ibe.rs @@ -6,8 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains a general implementation of an IND-CCA secure -//! public key encryption scheme constructed +//! Contains a generic implementation of an IND-CCA secure PKE scheme constructed //! via an [`IBEScheme`] and a [`SignatureScheme`]. use super::PKEncryptionSchemeMut; @@ -30,7 +29,7 @@ pub mod dual_regev_ibe_pfdh; /// use qfall_math::integer::Z; /// let mut scheme = CCSfromIBE::init_dr_pfdh_from_n(4); /// -/// let (pk, sk) = scheme.gen(); +/// let (pk, sk) = scheme.key_gen(); /// let cipher = scheme.enc(&pk, 0); /// let m = scheme.dec(&sk, &cipher); /// @@ -68,15 +67,15 @@ where /// use qfall_schemes::pk_encryption::{CCSfromIBE, PKEncryptionSchemeMut}; /// let mut scheme = CCSfromIBE::init_dr_pfdh_from_n(4); /// - /// let (pk, sk) = scheme.gen(); + /// let (pk, sk) = scheme.key_gen(); /// ``` - fn gen(&mut self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&mut self) -> (Self::PublicKey, Self::SecretKey) { let (pk, sk) = self.ibe.setup(); (pk.clone(), (pk, sk)) } /// Generates an encryption of `message` for the provided public key by following these steps: - /// - (vrfy_key, sign_key) = signature.gen() + /// - (vrfy_key, sign_key) = signature.key_gen() /// - c = ibe.enc(mpk, vrfy_key, message), i.e. encrypt `message` with respect to identity `vrfy_key` /// - sigma = signature.sign(c, sign_key, vrfy_key), i.e. sign message `c` /// @@ -93,11 +92,11 @@ where /// use qfall_schemes::pk_encryption::{CCSfromIBE, PKEncryptionSchemeMut}; /// let mut scheme = CCSfromIBE::init_dr_pfdh_from_n(4); /// - /// let (pk, sk) = scheme.gen(); + /// let (pk, sk) = scheme.key_gen(); /// let cipher = scheme.enc(&pk, 1); /// ``` fn enc(&mut self, pk: &Self::PublicKey, message: impl Into) -> Self::Cipher { - let (vrfy_key, sign_key) = self.signature.gen(); + let (vrfy_key, sign_key) = self.signature.key_gen(); let c = self.ibe.enc(pk, &vrfy_key.clone().into(), message); let sigma = self.signature.sign(c.to_string(), &sign_key, &vrfy_key); @@ -123,7 +122,7 @@ where /// use qfall_math::integer::Z; /// let mut scheme = CCSfromIBE::init_dr_pfdh_from_n(4); /// - /// let (pk, sk) = scheme.gen(); + /// let (pk, sk) = scheme.key_gen(); /// let cipher = scheme.enc(&pk, 1); /// let m = scheme.dec(&sk, &cipher); /// diff --git a/src/pk_encryption/ccs_from_ibe/dual_regev_ibe_pfdh.rs b/src/pk_encryption/ccs_from_ibe/dual_regev_ibe_pfdh.rs index b92e38d..50ca8be 100644 --- a/src/pk_encryption/ccs_from_ibe/dual_regev_ibe_pfdh.rs +++ b/src/pk_encryption/ccs_from_ibe/dual_regev_ibe_pfdh.rs @@ -99,27 +99,27 @@ mod test_ccs_from_ibe { use crate::pk_encryption::PKEncryptionSchemeMut; use qfall_math::integer::Z; - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and small n. #[test] fn cycle_zero() { let msg = Z::ZERO; let mut scheme = CCSfromIBE::init_dr_pfdh_from_n(4); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc(&pk, &msg); let m = scheme.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and small n. #[test] fn cycle_one() { let msg = Z::ONE; let mut scheme = CCSfromIBE::init_dr_pfdh_from_n(4); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc(&pk, &msg); let m = scheme.dec(&sk, &cipher); assert_eq!(msg, m); diff --git a/src/pk_encryption/dual_regev.rs b/src/pk_encryption/dual_regev.rs index 8a637b3..6ddf0c9 100644 --- a/src/pk_encryption/dual_regev.rs +++ b/src/pk_encryption/dual_regev.rs @@ -6,8 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains an implementation of the IND-CPA secure -//! public key Dual Regev encryption scheme. +//! Contains an implementation of the IND-CPA PKE scheme refered to as Dual Regev encryption. use super::{GenericMultiBitEncryption, PKEncryptionScheme}; use qfall_math::{ @@ -35,7 +34,7 @@ use serde::{Deserialize, Serialize}; /// use qfall_math::integer::Z; /// // setup public parameters and key pair /// let dual_regev = DualRegev::default(); -/// let (pk, sk) = dual_regev.gen(); +/// let (pk, sk) = dual_regev.key_gen(); /// /// // encrypt a bit /// let msg = Z::ZERO; // must be a bit, i.e. msg = 0 or 1 @@ -122,7 +121,9 @@ impl DualRegev { pub fn new_from_n(n: impl Into) -> Self { let n = n.into(); if n < 10 { - panic!("Choose n >= 10 as this function does not return parameters ensuring proper correctness of the scheme otherwise."); + panic!( + "Choose n >= 10 as this function does not return parameters ensuring proper correctness of the scheme otherwise." + ); } let mut m: Z; @@ -238,13 +239,13 @@ impl DualRegev { // α = o (1 / ( sqrt(n) * log n ) ) if self.alpha > 1 / (self.n.sqrt() * self.n.log(2).unwrap()) { return Err(MathError::InvalidIntegerInput(String::from( - "Correctness is not guaranteed as α >= 1 / (sqrt(n) * log n), but α < 1 / (sqrt(n) * log n) is required." + "Correctness is not guaranteed as α >= 1 / (sqrt(n) * log n), but α < 1 / (sqrt(n) * log n) is required.", ))); } // concentration bound with r=5 -> r * sqrt(m) * α > q/4 if 20 * self.m.sqrt() * &self.alpha > q { return Err(MathError::InvalidIntegerInput(String::from( - "Correctness is not guaranteed as 5 * sqrt(m) * α > q/4, but 5 * sqrt(m) * α <= q/4 is required." + "Correctness is not guaranteed as 5 * sqrt(m) * α > q/4, but 5 * sqrt(m) * α <= q/4 is required.", ))); } @@ -334,9 +335,9 @@ impl PKEncryptionScheme for DualRegev { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, DualRegev}; /// let dual_regev = DualRegev::default(); /// - /// let (pk, sk) = dual_regev.gen(); + /// let (pk, sk) = dual_regev.key_gen(); /// ``` - fn gen(&self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&self) -> (Self::PublicKey, Self::SecretKey) { // A <- Z_q^{n x m} let mat_a = MatZq::sample_uniform(&self.n, &self.m, &self.q); // x <- Z_2^m @@ -370,7 +371,7 @@ impl PKEncryptionScheme for DualRegev { /// ``` /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, DualRegev}; /// let dual_regev = DualRegev::default(); - /// let (pk, sk) = dual_regev.gen(); + /// let (pk, sk) = dual_regev.key_gen(); /// /// let cipher = dual_regev.enc(&pk, 1); /// ``` @@ -418,7 +419,7 @@ impl PKEncryptionScheme for DualRegev { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, DualRegev}; /// use qfall_math::integer::Z; /// let dual_regev = DualRegev::default(); - /// let (pk, sk) = dual_regev.gen(); + /// let (pk, sk) = dual_regev.key_gen(); /// let cipher = dual_regev.enc(&pk, 1); /// /// let m = dual_regev.dec(&sk, &cipher); @@ -523,53 +524,53 @@ mod test_dual_regev { use crate::pk_encryption::PKEncryptionScheme; use qfall_math::integer::Z; - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and small n. #[test] fn cycle_zero_small_n() { let msg = Z::ZERO; let dr = DualRegev::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and small n. #[test] fn cycle_one_small_n() { let msg = Z::ONE; let dr = DualRegev::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and larger n. #[test] fn cycle_zero_large_n() { let msg = Z::ZERO; let dr = DualRegev::new_from_n(50); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and larger n. #[test] fn cycle_one_large_n() { let msg = Z::ONE; let dr = DualRegev::new_from_n(50); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); @@ -580,7 +581,7 @@ mod test_dual_regev { fn modulus_application() { let messages = [2, 3, i64::MAX, i64::MIN]; let dr = DualRegev::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); for msg in messages { let msg_mod = Z::from(msg.rem_euclid(2)); @@ -608,7 +609,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = DualRegev::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -623,7 +624,7 @@ mod test_multi_bits { let msg = Z::ZERO; let scheme = DualRegev::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -641,7 +642,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = DualRegev::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); diff --git a/src/pk_encryption/dual_regev_discrete_gauss.rs b/src/pk_encryption/dual_regev_discrete_gauss.rs index 00b795f..04ca904 100644 --- a/src/pk_encryption/dual_regev_discrete_gauss.rs +++ b/src/pk_encryption/dual_regev_discrete_gauss.rs @@ -6,9 +6,8 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains an implementation of the IND-CPA secure -//! public key Dual Regev encryption scheme with an instantiation of the regularity lemma -//! via a discrete Gaussian distribution. +//! Contains an implementation of the IND-CPA PKE scheme refered to as Dual Regev encryption +//! with an instantiation of the regularity lemma using discrete Gaussians. use super::{GenericMultiBitEncryption, PKEncryptionScheme}; use qfall_math::{ @@ -38,7 +37,7 @@ use serde::{Deserialize, Serialize}; /// use qfall_math::integer::Z; /// // setup public parameters and key pair /// let dual_regev = DualRegevWithDiscreteGaussianRegularity::default(); -/// let (pk, sk) = dual_regev.gen(); +/// let (pk, sk) = dual_regev.key_gen(); /// /// // encrypt a bit /// let msg = Z::ZERO; // must be a bit, i.e. msg = 0 or 1 @@ -306,7 +305,7 @@ impl DualRegevWithDiscreteGaussianRegularity { // r >= ω( sqrt( log m ) ) if self.r < self.m.log(2).unwrap().sqrt() { return Err(MathError::InvalidIntegerInput(String::from( - "Security is not guaranteed as r < sqrt( log m ) and r >= ω(sqrt(log m)) is required." + "Security is not guaranteed as r < sqrt( log m ) and r >= ω(sqrt(log m)) is required.", ))); } @@ -355,9 +354,9 @@ impl PKEncryptionScheme for DualRegevWithDiscreteGaussianRegularity { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, DualRegevWithDiscreteGaussianRegularity}; /// let dual_regev = DualRegevWithDiscreteGaussianRegularity::default(); /// - /// let (pk, sk) = dual_regev.gen(); + /// let (pk, sk) = dual_regev.key_gen(); /// ``` - fn gen(&self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&self) -> (Self::PublicKey, Self::SecretKey) { // e <- SampleD over lattice Z^m, center 0 with Gaussian parameter r let vec_e = MatZq::sample_discrete_gauss(&self.m, 1, &self.q, 0, &self.r).unwrap(); // A <- Z_q^{n x m} @@ -388,7 +387,7 @@ impl PKEncryptionScheme for DualRegevWithDiscreteGaussianRegularity { /// ``` /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, DualRegevWithDiscreteGaussianRegularity}; /// let dual_regev = DualRegevWithDiscreteGaussianRegularity::default(); - /// let (pk, sk) = dual_regev.gen(); + /// let (pk, sk) = dual_regev.key_gen(); /// /// let cipher = dual_regev.enc(&pk, 1); /// ``` @@ -430,7 +429,7 @@ impl PKEncryptionScheme for DualRegevWithDiscreteGaussianRegularity { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, DualRegevWithDiscreteGaussianRegularity}; /// use qfall_math::integer::Z; /// let dual_regev = DualRegevWithDiscreteGaussianRegularity::default(); - /// let (pk, sk) = dual_regev.gen(); + /// let (pk, sk) = dual_regev.key_gen(); /// let cipher = dual_regev.enc(&pk, 1); /// /// let m = dual_regev.dec(&sk, &cipher); @@ -538,56 +537,56 @@ mod test_dual_regev { use crate::pk_encryption::PKEncryptionScheme; use qfall_math::integer::Z; - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and small n. #[test] fn cycle_zero_small_n() { let msg = Z::ZERO; let dr = DualRegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and small n. #[test] fn cycle_one_small_n() { let msg = Z::ONE; let dr = DualRegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and larger n. #[test] fn cycle_zero_large_n() { let msg = Z::ZERO; let dr = DualRegevWithDiscreteGaussianRegularity::new_from_n(30); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and larger n. #[test] fn cycle_one_large_n() { let msg = Z::ONE; let dr = DualRegevWithDiscreteGaussianRegularity::new_from_n(30); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); @@ -599,7 +598,7 @@ mod test_dual_regev { fn modulus_application() { let messages = [2, 3, i64::MAX, i64::MIN]; let dr = DualRegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); for msg in messages { let msg_mod = Z::from(msg.rem_euclid(2)); @@ -629,7 +628,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = DualRegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -644,7 +643,7 @@ mod test_multi_bits { let msg = Z::ZERO; let scheme = DualRegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -662,7 +661,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = DualRegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); diff --git a/src/pk_encryption/k_pke.rs b/src/pk_encryption/k_pke.rs index 356272b..7bc81d1 100644 --- a/src/pk_encryption/k_pke.rs +++ b/src/pk_encryption/k_pke.rs @@ -6,8 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains a naive implementation of the K-PKE scheme -//! used as foundation for ML-KEM. +//! Contains a naive implementation of the K-PKE scheme used as foundation for ML-KEM and Kyber. //! //! **WARNING:** This implementation is a toy implementation of the basics below //! ML-KEM and mostly supposed to showcase the prototyping capabilities of the `qFALL`-library. @@ -47,7 +46,7 @@ use serde::{Deserialize, Serialize}; /// let k_pke = KPKE::ml_kem_512(); /// /// // generate (pk, sk) pair -/// let (pk, sk) = k_pke.gen(); +/// let (pk, sk) = k_pke.key_gen(); /// /// // encrypt a message /// let msg = 250; @@ -62,7 +61,7 @@ use serde::{Deserialize, Serialize}; pub struct KPKE { q: ModulusPolynomialRingZq, // modulus (X^n + 1) mod p k: i64, // defines both dimensions of matrix A - eta_1: i64, // defines the binomial distribution of the secret and error drawn in `gen` + eta_1: i64, // defines the binomial distribution of the secret and error drawn in `key_gen` eta_2: i64, // defines the binomial distribution of the error drawn in `enc` d_u: i64, // defines the number of kept upper-order bits per entry of vector `u` d_v: i64, // defines the number of kept upper-order bits per entry of `v` @@ -127,9 +126,9 @@ impl PKEncryptionScheme for KPKE { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, KPKE}; /// let k_pke = KPKE::ml_kem_512(); /// - /// let (pk, sk) = k_pke.gen(); + /// let (pk, sk) = k_pke.key_gen(); /// ``` - fn gen(&self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&self) -> (Self::PublicKey, Self::SecretKey) { // 5 𝐀[𝑖,𝑗] ← SampleNTT(𝜌‖𝑗‖𝑖) // Reminder: NTT-representation, sampling and multiplication are not part of this prototype let mat_a = MatPolynomialRingZq::sample_uniform(self.k, self.k, &self.q); @@ -182,7 +181,7 @@ impl PKEncryptionScheme for KPKE { /// ``` /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, KPKE}; /// let k_pke = KPKE::ml_kem_512(); - /// let (pk, sk) = k_pke.gen(); + /// let (pk, sk) = k_pke.key_gen(); /// /// let c = k_pke.enc(&pk, 1); /// ``` @@ -249,7 +248,7 @@ impl PKEncryptionScheme for KPKE { /// ``` /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, KPKE}; /// let k_pke = KPKE::ml_kem_512(); - /// let (pk, sk) = k_pke.gen(); + /// let (pk, sk) = k_pke.key_gen(); /// let c = k_pke.enc(&pk, 1); /// /// let m = k_pke.dec(&sk, &c); @@ -272,7 +271,7 @@ impl PKEncryptionScheme for KPKE { #[cfg(test)] mod test_kpke { - use crate::pk_encryption::{k_pke::KPKE, PKEncryptionScheme}; + use crate::pk_encryption::{PKEncryptionScheme, k_pke::KPKE}; /// Ensures that [`KPKE`] works for all ML-KEM specifications by /// performing a round trip of several messages. @@ -283,7 +282,7 @@ mod test_kpke { let messages = [0, 1, 13, 255, 2047, 4294967295_u32]; for message in messages { - let (pk, sk) = k_pke.gen(); + let (pk, sk) = k_pke.key_gen(); let c = k_pke.enc(&pk, message); let m = k_pke.dec(&sk, &c); diff --git a/src/pk_encryption/lpr.rs b/src/pk_encryption/lpr.rs index 07e4959..e362e4f 100644 --- a/src/pk_encryption/lpr.rs +++ b/src/pk_encryption/lpr.rs @@ -6,8 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains an implementation of the IND-CPA secure -//! public key LPR encryption scheme. +//! Contains an implementation of the IND-CPA PKE refered to as LPR encryption. use super::{GenericMultiBitEncryption, PKEncryptionScheme}; use qfall_math::{ @@ -34,7 +33,7 @@ use serde::{Deserialize, Serialize}; /// use qfall_math::integer::Z; /// // setup public parameters and key pair /// let lpr = LPR::default(); -/// let (pk, sk) = lpr.gen(); +/// let (pk, sk) = lpr.key_gen(); /// /// // encrypt a bit /// let msg = Z::ZERO; // must be a bit, i.e. msg = 0 or 1 @@ -240,7 +239,7 @@ impl LPR { // α = o (1 / sqrt(n) * log^3 n )) if self.alpha > 1 / (factor * self.n.sqrt() * self.n.log(2).unwrap().pow(3).unwrap()) { return Err(MathError::InvalidIntegerInput(String::from( - "Correctness is not guaranteed as α >= 1 / (sqrt(n) * log^3 n), but α < 1 / (sqrt(n) * log^3 n) is required. Please check the documentation!" + "Correctness is not guaranteed as α >= 1 / (sqrt(n) * log^3 n), but α < 1 / (sqrt(n) * log^3 n) is required. Please check the documentation!", ))); } @@ -325,9 +324,9 @@ impl PKEncryptionScheme for LPR { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, LPR}; /// let lpr = LPR::default(); /// - /// let (pk, sk) = lpr.gen(); + /// let (pk, sk) = lpr.key_gen(); /// ``` - fn gen(&self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&self) -> (Self::PublicKey, Self::SecretKey) { // A <- Z_q^{n x n} let mat_a = MatZq::sample_uniform(&self.n, &self.n, &self.q); // s <- χ^n @@ -367,7 +366,7 @@ impl PKEncryptionScheme for LPR { /// ``` /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, LPR}; /// let lpr = LPR::default(); - /// let (pk, sk) = lpr.gen(); + /// let (pk, sk) = lpr.key_gen(); /// /// let cipher = lpr.enc(&pk, 1); /// ``` @@ -417,7 +416,7 @@ impl PKEncryptionScheme for LPR { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, LPR}; /// use qfall_math::integer::Z; /// let lpr = LPR::default(); - /// let (pk, sk) = lpr.gen(); + /// let (pk, sk) = lpr.key_gen(); /// let cipher = lpr.enc(&pk, 1); /// /// let m = lpr.dec(&sk, &cipher); @@ -524,56 +523,56 @@ mod test_lpr { use crate::pk_encryption::PKEncryptionScheme; use qfall_math::integer::Z; - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and small n. #[test] fn cycle_zero_small_n() { let msg = Z::ZERO; let lpr = LPR::default(); - let (pk, sk) = lpr.gen(); + let (pk, sk) = lpr.key_gen(); let cipher = lpr.enc(&pk, &msg); let m = lpr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and small n. #[test] fn cycle_one_small_n() { let msg = Z::ONE; let lpr = LPR::default(); - let (pk, sk) = lpr.gen(); + let (pk, sk) = lpr.key_gen(); let cipher = lpr.enc(&pk, &msg); let m = lpr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and larger n. #[test] fn cycle_zero_large_n() { let msg = Z::ZERO; let lpr = LPR::new_from_n(50); - let (pk, sk) = lpr.gen(); + let (pk, sk) = lpr.key_gen(); let cipher = lpr.enc(&pk, &msg); let m = lpr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and larger n. #[test] fn cycle_one_large_n() { let msg = Z::ONE; let lpr = LPR::new_from_n(50); - let (pk, sk) = lpr.gen(); + let (pk, sk) = lpr.key_gen(); let cipher = lpr.enc(&pk, &msg); let m = lpr.dec(&sk, &cipher); @@ -585,7 +584,7 @@ mod test_lpr { fn modulus_application() { let messages = [2, 3, i64::MAX, i64::MIN]; let dr = LPR::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); for msg in messages { let msg_mod = Z::from(msg.rem_euclid(2)); @@ -600,7 +599,7 @@ mod test_lpr { #[cfg(test)] mod test_multi_bits { - use super::{GenericMultiBitEncryption, PKEncryptionScheme, LPR}; + use super::{GenericMultiBitEncryption, LPR, PKEncryptionScheme}; use qfall_math::integer::Z; /// Checks whether the multi-bit encryption cycle works properly @@ -613,7 +612,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = LPR::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -628,7 +627,7 @@ mod test_multi_bits { let msg = Z::ZERO; let scheme = LPR::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -646,7 +645,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = LPR::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); diff --git a/src/pk_encryption/regev.rs b/src/pk_encryption/regev.rs index 7d4d9e6..d38d254 100644 --- a/src/pk_encryption/regev.rs +++ b/src/pk_encryption/regev.rs @@ -6,8 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains an implementation of the IND-CPA secure -//! public key Regev encryption scheme. +//! Contains an implementation of the IND-CPA PKE refered to as Regev encryption. use super::{GenericMultiBitEncryption, PKEncryptionScheme}; use qfall_math::{ @@ -35,7 +34,7 @@ use serde::{Deserialize, Serialize}; /// use qfall_math::integer::Z; /// // setup public parameters and key pair /// let regev = Regev::default(); -/// let (pk, sk) = regev.gen(); +/// let (pk, sk) = regev.key_gen(); /// /// // encrypt a bit /// let msg = Z::ZERO; // must be a bit, i.e. msg = 0 or 1 @@ -122,7 +121,9 @@ impl Regev { pub fn new_from_n(n: impl Into) -> Self { let n = n.into(); if n < 10 { - panic!("Choose n >= 10 as this function does not return parameters ensuring proper correctness of the scheme otherwise."); + panic!( + "Choose n >= 10 as this function does not return parameters ensuring proper correctness of the scheme otherwise." + ); } let mut m: Z; @@ -239,13 +240,13 @@ impl Regev { // α = o (1 / ( sqrt(n) * log n ) ) if self.alpha > 1 / (self.n.sqrt() * self.n.log(2).unwrap()) { return Err(MathError::InvalidIntegerInput(String::from( - "Correctness is not guaranteed as α >= 1 / (sqrt(n) * log n), but α < 1 / (sqrt(n) * log n) is required." + "Correctness is not guaranteed as α >= 1 / (sqrt(n) * log n), but α < 1 / (sqrt(n) * log n) is required.", ))); } // concentration bound with r=5 -> r * sqrt(m) * α > q/4 if 20 * self.m.sqrt() * &self.alpha > q { return Err(MathError::InvalidIntegerInput(String::from( - "Correctness is not guaranteed as 5 * sqrt(m) * α > q/4, but 5 * sqrt(m) * α <= q/4 is required." + "Correctness is not guaranteed as 5 * sqrt(m) * α > q/4, but 5 * sqrt(m) * α <= q/4 is required.", ))); } @@ -337,9 +338,9 @@ impl PKEncryptionScheme for Regev { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, Regev}; /// let regev = Regev::default(); /// - /// let (pk, sk) = regev.gen(); + /// let (pk, sk) = regev.key_gen(); /// ``` - fn gen(&self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&self) -> (Self::PublicKey, Self::SecretKey) { // A <- Z_q^{n x m} let mat_a = MatZq::sample_uniform(&self.n, &self.m, &self.q); // s <- Z_q^n @@ -375,7 +376,7 @@ impl PKEncryptionScheme for Regev { /// ``` /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, Regev}; /// let regev = Regev::default(); - /// let (pk, sk) = regev.gen(); + /// let (pk, sk) = regev.key_gen(); /// /// let cipher = regev.enc(&pk, 1); /// ``` @@ -414,7 +415,7 @@ impl PKEncryptionScheme for Regev { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, Regev}; /// use qfall_math::integer::Z; /// let regev = Regev::default(); - /// let (pk, sk) = regev.gen(); + /// let (pk, sk) = regev.key_gen(); /// let cipher = regev.enc(&pk, 1); /// /// let m = regev.dec(&sk, &cipher); @@ -520,53 +521,53 @@ mod test_regev { use crate::pk_encryption::PKEncryptionScheme; use qfall_math::integer::Z; - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and small n. #[test] fn cycle_zero_small_n() { let msg = Z::ZERO; let regev = Regev::default(); - let (pk, sk) = regev.gen(); + let (pk, sk) = regev.key_gen(); let cipher = regev.enc(&pk, &msg); let m = regev.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and small n. #[test] fn cycle_one_small_n() { let msg = Z::ONE; let regev = Regev::default(); - let (pk, sk) = regev.gen(); + let (pk, sk) = regev.key_gen(); let cipher = regev.enc(&pk, &msg); let m = regev.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and larger n. #[test] fn cycle_zero_large_n() { let msg = Z::ZERO; let regev = Regev::new_from_n(50); - let (pk, sk) = regev.gen(); + let (pk, sk) = regev.key_gen(); let cipher = regev.enc(&pk, &msg); let m = regev.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and larger n. #[test] fn cycle_one_large_n() { let msg = Z::ONE; let regev = Regev::new_from_n(50); - let (pk, sk) = regev.gen(); + let (pk, sk) = regev.key_gen(); let cipher = regev.enc(&pk, &msg); let m = regev.dec(&sk, &cipher); assert_eq!(msg, m); @@ -577,7 +578,7 @@ mod test_regev { fn modulus_application() { let messages = [2, 3, i64::MAX, i64::MIN]; let regev = Regev::default(); - let (pk, sk) = regev.gen(); + let (pk, sk) = regev.key_gen(); for msg in messages { let msg_mod = Z::from(msg.rem_euclid(2)); @@ -605,7 +606,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = Regev::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -620,7 +621,7 @@ mod test_multi_bits { let msg = Z::ZERO; let scheme = Regev::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -638,7 +639,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = Regev::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); diff --git a/src/pk_encryption/regev_discrete_gauss.rs b/src/pk_encryption/regev_discrete_gauss.rs index 01b0c19..7446e13 100644 --- a/src/pk_encryption/regev_discrete_gauss.rs +++ b/src/pk_encryption/regev_discrete_gauss.rs @@ -6,9 +6,8 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains an implementation of the IND-CPA secure -//! public key Regev encryption scheme with an instantiation of the regularity lemma -//! via a discrete Gaussian distribution. +//! Contains an implementation of the IND-CPA PKE refered to as Regev encryption +//! with an instantiation of the regularity lemma using discrete Gaussians. use super::{GenericMultiBitEncryption, PKEncryptionScheme}; use qfall_math::{ @@ -38,7 +37,7 @@ use serde::{Deserialize, Serialize}; /// use qfall_math::integer::Z; /// // setup public parameters and key pair /// let regev = RegevWithDiscreteGaussianRegularity::default(); -/// let (pk, sk) = regev.gen(); +/// let (pk, sk) = regev.key_gen(); /// /// // encrypt a bit /// let msg = Z::ZERO; // must be a bit, i.e. msg = 0 or 1 @@ -306,7 +305,7 @@ impl RegevWithDiscreteGaussianRegularity { // r >= ω( sqrt( log m ) ) if self.r < self.m.log(2).unwrap().sqrt() { return Err(MathError::InvalidIntegerInput(String::from( - "Security is not guaranteed as r < sqrt( log m ) and r >= ω(sqrt(log m)) is required." + "Security is not guaranteed as r < sqrt( log m ) and r >= ω(sqrt(log m)) is required.", ))); } @@ -356,9 +355,9 @@ impl PKEncryptionScheme for RegevWithDiscreteGaussianRegularity { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, RegevWithDiscreteGaussianRegularity}; /// let regev = RegevWithDiscreteGaussianRegularity::default(); /// - /// let (pk, sk) = regev.gen(); + /// let (pk, sk) = regev.key_gen(); /// ``` - fn gen(&self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&self) -> (Self::PublicKey, Self::SecretKey) { // s <- Z_q^n let vec_s = MatZq::sample_uniform(&self.n, 1, &self.q); @@ -392,7 +391,7 @@ impl PKEncryptionScheme for RegevWithDiscreteGaussianRegularity { /// ``` /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, RegevWithDiscreteGaussianRegularity}; /// let regev = RegevWithDiscreteGaussianRegularity::default(); - /// let (pk, sk) = regev.gen(); + /// let (pk, sk) = regev.key_gen(); /// /// let cipher = regev.enc(&pk, 1); /// ``` @@ -427,7 +426,7 @@ impl PKEncryptionScheme for RegevWithDiscreteGaussianRegularity { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, RegevWithDiscreteGaussianRegularity}; /// use qfall_math::integer::Z; /// let regev = RegevWithDiscreteGaussianRegularity::default(); - /// let (pk, sk) = regev.gen(); + /// let (pk, sk) = regev.key_gen(); /// let cipher = regev.enc(&pk, 1); /// /// let m = regev.dec(&sk, &cipher); @@ -534,56 +533,56 @@ mod test_regev { use crate::pk_encryption::PKEncryptionScheme; use qfall_math::integer::Z; - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and small n. #[test] fn cycle_zero_small_n() { let msg = Z::ZERO; let dr = RegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and small n. #[test] fn cycle_one_small_n() { let msg = Z::ONE; let dr = RegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 0 and larger n. #[test] fn cycle_zero_large_n() { let msg = Z::ZERO; let dr = RegevWithDiscreteGaussianRegularity::new_from_n(30); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); assert_eq!(msg, m); } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for message 1 and larger n. #[test] fn cycle_one_large_n() { let msg = Z::ONE; let dr = RegevWithDiscreteGaussianRegularity::new_from_n(30); - let (pk, sk) = dr.gen(); + let (pk, sk) = dr.key_gen(); let cipher = dr.enc(&pk, &msg); let m = dr.dec(&sk, &cipher); @@ -595,7 +594,7 @@ mod test_regev { fn modulus_application() { let messages = [2, 3, i64::MAX, i64::MIN]; let regev = RegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = regev.gen(); + let (pk, sk) = regev.key_gen(); for msg in messages { let msg_mod = Z::from(msg.rem_euclid(2)); @@ -625,7 +624,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = RegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -640,7 +639,7 @@ mod test_multi_bits { let msg = Z::ZERO; let scheme = RegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); @@ -658,7 +657,7 @@ mod test_multi_bits { let msg = Z::from(value); let scheme = RegevWithDiscreteGaussianRegularity::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let cipher = scheme.enc_multiple_bits(&pk, &msg); let m = scheme.dec_multiple_bits(&sk, &cipher); diff --git a/src/pk_encryption/ring_lpr.rs b/src/pk_encryption/ring_lpr.rs index da4b27b..ce30996 100644 --- a/src/pk_encryption/ring_lpr.rs +++ b/src/pk_encryption/ring_lpr.rs @@ -6,8 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module contains an implementation of the IND-CPA secure -//! public key Ring-LPR encryption scheme. +//! Contains an implementation of the IND-CPA PKE refered to as Ring-LPR encryption. use super::PKEncryptionScheme; use qfall_math::{ @@ -40,7 +39,7 @@ use serde::{Deserialize, Serialize}; /// use qfall_math::integer::Z; /// // setup public parameters and key pair /// let lpr = RingLPR::default(); -/// let (pk, sk) = lpr.gen(); +/// let (pk, sk) = lpr.key_gen(); /// /// // encrypt a bit /// let msg = Z::from(15); // must be at most n bits, i.e. for default 2^16 - 1 @@ -345,9 +344,9 @@ impl PKEncryptionScheme for RingLPR { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, RingLPR}; /// let lpr = RingLPR::default(); /// - /// let (pk, sk) = lpr.gen(); + /// let (pk, sk) = lpr.key_gen(); /// ``` - fn gen(&self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&self) -> (Self::PublicKey, Self::SecretKey) { // a <- R_q let a = PolynomialRingZq::sample_uniform(&self.q); // s <- χ @@ -385,7 +384,7 @@ impl PKEncryptionScheme for RingLPR { /// ``` /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, RingLPR}; /// let lpr = RingLPR::default(); - /// let (pk, sk) = lpr.gen(); + /// let (pk, sk) = lpr.key_gen(); /// /// let cipher = lpr.enc(&pk, 15); /// ``` @@ -434,7 +433,7 @@ impl PKEncryptionScheme for RingLPR { /// use qfall_schemes::pk_encryption::{PKEncryptionScheme, RingLPR}; /// use qfall_math::integer::Z; /// let lpr = RingLPR::default(); - /// let (pk, sk) = lpr.gen(); + /// let (pk, sk) = lpr.key_gen(); /// let cipher = lpr.enc(&pk, 212); /// /// let m = lpr.dec(&sk, &cipher); @@ -535,12 +534,12 @@ mod test_ring_lpr { use crate::pk_encryption::PKEncryptionScheme; use qfall_math::integer::Z; - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for several messages and small n. #[test] fn cycle_small_n() { let scheme = RingLPR::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let messages = [0, 1, 2, 15, 70, 256, 580, 1000, 4000, 8000, 65535]; for message in messages { @@ -551,12 +550,12 @@ mod test_ring_lpr { } } - /// Checks whether the full-cycle of gen, enc, dec works properly + /// Checks whether the full-cycle of key_gen, enc, dec works properly /// for several messages and larger n. #[test] fn cycle_large_n() { let scheme = RingLPR::new_from_n(64); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); let messages = [ 0, 1, @@ -588,7 +587,7 @@ mod test_ring_lpr { fn modulus_application() { let messages = [65536]; let scheme = RingLPR::default(); - let (pk, sk) = scheme.gen(); + let (pk, sk) = scheme.key_gen(); for msg in messages { let cipher = scheme.enc(&pk, msg); diff --git a/src/signature.rs b/src/signature.rs index 9992f85..814a5e4 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -6,10 +6,9 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This module provides the trait a struct should implement if it is an -//! instance of a signature scheme. Furthermore, it contains cryptographic signatures -//! implementing the [`SignatureScheme`] trait. +//! Contains traits and implementations related to signature schemes. //! +//! References: //! - \[1\] Gentry, Craig, Chris Peikert, and Vinod Vaikuntanathan. //! "Trapdoors for hard lattices and new cryptographic constructions." //! Proceedings of the fortieth annual ACM symposium on Theory of computing. 2008. @@ -21,7 +20,7 @@ pub mod pfdh; /// This trait should be implemented by every signature scheme. /// It captures the essential functionalities each signature scheme has to support. /// -/// Note: The gen does not take in the parameter `1^n`, as this is a public parameter, +/// Note: [`SignatureScheme::key_gen`] does not take in the parameter `1^n`, as this is a public parameter, /// which shall be defined by the struct implementing this trait. pub trait SignatureScheme { /// The type of the secret key. @@ -35,7 +34,7 @@ pub trait SignatureScheme { /// struct has, which implements this trait. /// /// Returns the public key and the secret key. - fn gen(&mut self) -> (Self::PublicKey, Self::SecretKey); + fn key_gen(&mut self) -> (Self::PublicKey, Self::SecretKey); /// Signs a message using the secret key (and potentially the public key). /// diff --git a/src/signature/fdh.rs b/src/signature/fdh.rs index 59fc222..a9eeb5d 100644 --- a/src/signature/fdh.rs +++ b/src/signature/fdh.rs @@ -6,9 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This Module contains a implementations of the full domain hash signature scheme, -//! which only has to be instantiated with a corresponding PSF, a storage and -//! a corresponding hash function. +//! Contains implementations of the (stateful) full domain hash signature scheme. //! //! The constructions follow the general definition of a hash-then-sign signature scheme //! that uses a hash function as in [\[1\]](<../index.html#:~:text=[1]>) and a PSF. @@ -29,7 +27,7 @@ //! //! let m = "Hello World!"; //! -//! let (pk, sk) = fdh.gen(); +//! let (pk, sk) = fdh.key_gen(); //! let sigma = fdh.sign(m.to_owned(), &sk, &pk); //! //! assert!(fdh.vfy(m.to_owned(), &sigma, &pk)); diff --git a/src/signature/fdh/gpv.rs b/src/signature/fdh/gpv.rs index 93154a9..b2fba1c 100644 --- a/src/signature/fdh/gpv.rs +++ b/src/signature/fdh/gpv.rs @@ -10,7 +10,7 @@ //! according to [\[1\]](<../index.html#:~:text=[1]>). use crate::{ - hash::{sha256::HashMatZq, HashInto}, + hash::{HashInto, sha256::HashMatZq}, signature::SignatureScheme, }; use qfall_math::{ @@ -45,7 +45,7 @@ use std::collections::HashMap; /// let m = "Hello World!"; /// /// let mut fdh = FDHGPV::setup(4, 113, 17); -/// let (pk, sk) = fdh.gen(); +/// let (pk, sk) = fdh.key_gen(); /// /// let sigma = fdh.sign(m.to_string(), &sk, &pk); /// @@ -110,7 +110,7 @@ impl SignatureScheme for FDHGPV { type Signature = MatZ; /// Generates a trapdoor by calling the `trap_gen` of the psf - fn gen(&mut self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&mut self) -> (Self::PublicKey, Self::SecretKey) { self.psf.trap_gen() } /// Firstly checks if the message has been signed before, and if, return that @@ -146,7 +146,7 @@ impl SignatureScheme for FDHGPV { #[cfg(test)] mod test_fdh { - use crate::signature::{fdh::gpv::FDHGPV, SignatureScheme}; + use crate::signature::{SignatureScheme, fdh::gpv::FDHGPV}; use qfall_math::{integer::Z, rational::Q, traits::Pow}; /// Ensure that the generated signature is valid. @@ -160,7 +160,7 @@ mod test_fdh { let q = Z::from(2).pow(&k).unwrap(); let mut fdh = FDHGPV::setup(n, &q, &s); - let (pk, sk) = fdh.gen(); + let (pk, sk) = fdh.key_gen(); for i in 0..10 { let m = format!("Hello World! {i}"); @@ -178,7 +178,7 @@ mod test_fdh { let mut fdh = FDHGPV::setup(5, 1024, 10); let m = "Hello World!"; - let (pk, sk) = fdh.gen(); + let (pk, sk) = fdh.key_gen(); let _ = fdh.sign(m.to_owned(), &sk, &pk); assert!(fdh.storage.contains_key(m)) @@ -191,7 +191,7 @@ mod test_fdh { // fill one entry in the HashMap let m = "Hello World!"; - let (pk, sk) = fdh.gen(); + let (pk, sk) = fdh.key_gen(); let _ = fdh.sign(m.to_owned(), &sk, &pk); let fdh_string = serde_json::to_string(&fdh).expect("Unable to create a json object"); diff --git a/src/signature/fdh/gpv_ring.rs b/src/signature/fdh/gpv_ring.rs index 0dc4793..802f217 100644 --- a/src/signature/fdh/gpv_ring.rs +++ b/src/signature/fdh/gpv_ring.rs @@ -10,7 +10,7 @@ //! according to [\[1\]](<../index.html#:~:text=[1]>). use crate::{ - hash::{sha256::HashMatPolynomialRingZq, HashInto}, + hash::{HashInto, sha256::HashMatPolynomialRingZq}, signature::SignatureScheme, }; use qfall_math::{ @@ -19,7 +19,7 @@ use qfall_math::{ rational::Q, }; use qfall_tools::{ - primitive::psf::{PSFGPVRing, PSF}, + primitive::psf::{PSF, PSFGPVRing}, sample::g_trapdoor::gadget_parameters::GadgetParametersRing, }; use serde::{Deserialize, Serialize}; @@ -54,7 +54,7 @@ use std::collections::HashMap; /// } /// /// let mut fdh = FDHGPVRing::setup(N, MODULUS, compute_s()); -/// let (pk, sk) = fdh.gen(); +/// let (pk, sk) = fdh.key_gen(); /// let m = &format!("Hello World!"); /// let sigma = fdh.sign(m.to_owned(), &sk, &pk); /// assert!( @@ -130,7 +130,7 @@ impl SignatureScheme for FDHGPVRing { type Signature = MatPolyOverZ; /// Generates a trapdoor by calling the `trap_gen` of the psf - fn gen(&mut self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&mut self) -> (Self::PublicKey, Self::SecretKey) { self.psf.trap_gen() } @@ -167,7 +167,7 @@ impl SignatureScheme for FDHGPVRing { #[cfg(test)] mod test_fdh { - use crate::signature::{fdh::gpv_ring::FDHGPVRing, SignatureScheme}; + use crate::signature::{SignatureScheme, fdh::gpv_ring::FDHGPVRing}; use qfall_math::rational::Q; const MODULUS: i64 = 512; @@ -180,7 +180,7 @@ mod test_fdh { #[test] fn ensure_valid_signature_is_generated() { let mut fdh = FDHGPVRing::setup(N, MODULUS, compute_s()); - let (pk, sk) = fdh.gen(); + let (pk, sk) = fdh.key_gen(); for i in 0..10 { let m = &format!("Hello World! {i}"); @@ -202,7 +202,7 @@ mod test_fdh { let mut fdh = FDHGPVRing::setup(N, MODULUS, compute_s()); let m = "Hello World!"; - let (pk, sk) = fdh.gen(); + let (pk, sk) = fdh.key_gen(); let sign_1 = fdh.sign(m.to_owned(), &sk, &pk); let sign_2 = fdh.sign(m.to_owned(), &sk, &pk); @@ -217,7 +217,7 @@ mod test_fdh { // fill one entry in the HashMap let m = "Hello World!"; - let (pk, sk) = fdh.gen(); + let (pk, sk) = fdh.key_gen(); let _ = fdh.sign(m.to_owned(), &sk, &pk); let fdh_string = serde_json::to_string(&fdh).expect("Unable to create a json object"); diff --git a/src/signature/pfdh.rs b/src/signature/pfdh.rs index 8d6f0ec..9a1c1b7 100644 --- a/src/signature/pfdh.rs +++ b/src/signature/pfdh.rs @@ -6,7 +6,7 @@ // the terms of the Mozilla Public License Version 2.0 as published by the // Mozilla Foundation. See . -//! This Module contains a general implementation of the probabilistic full domain +//! Contains a generic implementation of the probabilistic full domain //! hash signature scheme. //! //! The constructions follow the general definition of a hash-then-sign signature scheme @@ -31,7 +31,7 @@ //! //! let m = "Hello World!"; //! -//! let (pk, sk) = pfdh.gen(); +//! let (pk, sk) = pfdh.key_gen(); //! let sigma = pfdh.sign(m.to_owned(), &sk, &pk); //! //! assert!(pfdh.vfy(m.to_owned(), &sigma, &pk)); diff --git a/src/signature/pfdh/gpv.rs b/src/signature/pfdh/gpv.rs index 44c5ec0..3227e69 100644 --- a/src/signature/pfdh/gpv.rs +++ b/src/signature/pfdh/gpv.rs @@ -10,7 +10,7 @@ //! according to [\[1\]](<../index.html#:~:text=[1]>). use crate::{ - hash::{sha256::HashMatZq, HashInto}, + hash::{HashInto, sha256::HashMatZq}, signature::SignatureScheme, }; use qfall_math::{ @@ -45,7 +45,7 @@ use qfall_tools::{ /// /// let m = "Hello World!"; /// -/// let (pk, sk) = pfdh.gen(); +/// let (pk, sk) = pfdh.key_gen(); /// let sigma = pfdh.sign(m.to_owned(), &sk, &pk); /// /// assert!(pfdh.vfy(m.to_owned(), &sigma, &pk)); @@ -115,7 +115,7 @@ impl SignatureScheme for PFDHGPV { type Signature = (MatZ, Z); /// Generates a trapdoor by calling the `trap_gen` of the psf - fn gen(&mut self) -> (Self::PublicKey, Self::SecretKey) { + fn key_gen(&mut self) -> (Self::PublicKey, Self::SecretKey) { self.psf.trap_gen() } @@ -146,7 +146,7 @@ impl SignatureScheme for PFDHGPV { #[cfg(test)] mod test_pfdh { - use crate::signature::{pfdh::gpv::PFDHGPV, SignatureScheme}; + use crate::signature::{SignatureScheme, pfdh::gpv::PFDHGPV}; use qfall_math::{integer::Z, rational::Q, traits::Pow}; /// Ensure that the generated signature is valid. @@ -160,7 +160,7 @@ mod test_pfdh { let q = Z::from(2).pow(&k).unwrap(); let mut pfdh = PFDHGPV::setup(n, &q, &s, 128); - let (pk, sk) = pfdh.gen(); + let (pk, sk) = pfdh.key_gen(); for i in 0..10 { let m = format!("Hello World! {i}");