rlwe is a fast, lightweight, and easy-to-use library for doing cryptography involving the ring learning with errors (RLWE) problem.
Note that the library makes no pretensions about being safe from side-channel attacks and should not be used in a production environment. Rather, it is intended to be used in an academic setting.
Specifically, the library implements the ...
- Fan-Vercauterean fully homomorphic cryptosystem
- NewHope-Simple key exchange without reconciliation
- Ring-TESLA digital signature algorithm
- Knuth-Yao algorithm for fast discrete noise sampling over a Gaussian distribution
For anyone without significant background on RLWE, I would recommend checking out these links:
- Homomorphic Encryption from RLWE
- Microsoft's SEAL Library Manual
- N1 Analytic's Blog on Homomorphic Encryption using RLWE
However, it is possible to still use this library without in-depth knowledge of how the RLWE cryptographic system works. This is because most of the algorithmic details have been abstracted away.
Here's an example of what you can do with this library:
namespace fv = rlwe::fv;
// Set up some parameters for the FV cryptosystem
fv::KeyParameters params(1024, 12289, 2);
// Randomly generate the private key using the given parameters
fv::PrivateKey priv = fv::GeneratePrivateKey(params);
// Using the private key, generate a corresponding public key
fv::PublicKey pub = fv::GeneratePublicKey(priv);
// Encode some plaintext integer as a polynomial in the plaintext ring
// The coefficients of the polynomial are equal to the binary representation of the integer
fv::Plaintext ptx = fv::EncodeInteger(1337, params);
// Encrypt the plaintext using the public key
fv::Ciphertext ctx = fv::Encrypt(ptx, pub);
[...]
// Decrypt the plaintext using the private key
fv::Plaintext dptx = fv::Decrypt(ctx, priv);
// Prints "1337"
std::cout << fv::DecodeInteger(dptx) << std::endl;It's recommended you do an out-of-source build & install.
After cloning into this repository, run:
mkdir build && cd build
cmake ..
make
make install
Internally, rlwe uses NTL for doing fast polynomial arithmetic.
All keys, plaintexts, and ciphertexts store their polynomials as NTL:ZZX objects.
However, these polynomials are in the ring Z_q/(f) where f is a cyclotomic polynomial of the form x^n + 1.
Whenever operations are performed on them, they are usually converted to NTL::ZZ_pX and a temporary modulus is pushed until the operation completes.
The ring-TESLA implementation requires both a hashing function and an encoding function. The hashing function used is SHA-256, as specified in the paper, and the encoding function uses the ChaCha20 stream cipher, with the key being the function input. The libsodium library was used to provide secure & fast implementations of these algorithms. libsodium is also used to procure cryptographically secure random data.
The NewHope and NewHope-Simple key exchanges both require implementations of the SHA-3 and SHAKE-128 hashing algorithms. A modified version of the keccak-tiny library has been included in the source code for this purpose, although it is likely to be replaced in the future.