feat: added example ERC20 contract

Author: 10d9e

README.md

@@ -23,7 +23,11 @@ To use this smart contract, you need to deploy it on the Ethereum blockchain. Yo
 
 # Use Cases
 
-The Paillier cryptosystem, which is homomorphic with respect to addition and multiplication, can be applied in various blockchain-based applications that require privacy-preserving computation. Here are five possible applications with corresponding example Solidity code snippets:
+The Paillier cryptosystem, which is homomorphic with respect to addition and multiplication, can be applied in various blockchain-based applications that require privacy-preserving computation. 
+
+Included is a comprehensive [DiscreteERC20](contracts/examples/DiscreteERC20.sol) contract, demonstrating the library's homomorphic properties with an Ethereum Token, preserving transaction privacy onchain.
+
+Here are five possible applications with corresponding example Solidity code snippets:
 
 ## Private Voting System
 

contracts/Paillier.sol

@@ -209,13 +209,52 @@ contract Paillier {
         return enc_result;
     }
 
+    function div_const(
+        Ciphertext calldata a,
+        uint256 b,
+        PublicKey calldata publicKey
+    ) public view returns (BigNumber memory) {
+        BigNumber memory enc_value = BigNumber(
+            a.value,
+            false,
+            BigNum.bitLength(a.value)
+        );
+        BigNumber memory pub_n = BigNumber(
+            publicKey.n,
+            true,
+            BigNum.bitLength(publicKey.n)
+        );
+
+        BigNumber memory bb = BigNumber(abi.encodePacked(b), false, 256);
+        BigNumber memory bi = BigNumber(abi.encodePacked(b), false, 256);
+
+        BigNumber memory modulus = BigNum.pow(pub_n, 2);
+
+        // BigNumber memory inverse = BigNum.mod(BigNum.mod(bb, pub_n), modulus);
+
+        // Fermat's Little Theorem: a^(p-1) ≡ 1 (mod p)
+        // Therefore, a^(p-2) is the modular inverse of a mod p
+        //return pow(a, p - 2, p)
+        // ciphertext.modPow(plaintext, public_key.modulus);
+        BigNumber memory inverse = BigNum.modexp(bb, bi, pub_n, modulus);
+
+        // Calculate the encrypted result as enc_value^b % pub_n^2
+        BigNumber memory enc_result = BigNum.modexp(
+            enc_value,
+            inverse,
+            modulus
+        );
+
+        return enc_result;
+    }
+
     /// @notice Encrypts zero using a random value and a public key
     /// @dev The encryption is performed as r^n % n^2, where r is the random value
     /// @param rnd The random value in bytes
     /// @param publicKey The public key in bytes
     /// @return enc_zero The encrypted zero as a BigNumber
     function encryptZero(
-        bytes calldata rnd,
+        bytes memory rnd,
         PublicKey calldata publicKey
     ) public view returns (BigNumber memory) {
         // Create BigNumber representations for the random value and the public key

contracts/examples/DiscreteERC20.sol

@@ -0,0 +1,221 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import "../Paillier.sol";
+
+/// @title DiscreteERC20: An ERC20 token contract with encrypted balances using the Paillier cryptosystem
+/// @dev This contract demonstrates an example of an ERC20 token where balances are encrypted to preserve user privacy.
+contract DiscreteERC20 {
+    /// @dev Instance of the Paillier contract for cryptographic operations
+    Paillier private paillier;
+
+    /// @dev Public key structure used for the Paillier encryption
+    PublicKey public publicKey;
+
+    /// @notice An event emitted when a transfer of tokens is made
+    /// @param from Address sending the tokens
+    /// @param to Address receiving the tokens
+    /// @param value Amount of tokens transferred, represented as encrypted data
+    event Transfer(address indexed from, address indexed to, Ciphertext value);
+
+    /// @notice An event emitted when a spender is approved to spend tokens
+    /// @param owner Address owning the tokens
+    /// @param spender Address authorized to spend the tokens
+    /// @param value Amount of tokens approved, represented as encrypted data
+    event Approval(
+        address indexed owner,
+        address indexed spender,
+        Ciphertext value
+    );
+
+    /// @notice An event emitted when a balance request is initiated
+    /// @param account Address whose balance is being requested
+    event RequestBalance(address indexed account);
+
+    /// @notice An event emitted in response to a balance request
+    /// @param account Address whose balance was requested
+    /// @param balance The balance of the account (unencrypted for event)
+    event ResponseBalance(address indexed account, uint balance);
+
+    /// @dev The total supply of tokens, encrypted
+    Ciphertext public totalSupply;
+
+    /// @dev Mapping of encrypted balances per address
+    mapping(address => Ciphertext) public balanceOf;
+
+    /// @dev Nested mapping to manage encrypted allowances
+    mapping(address => mapping(address => Ciphertext)) public allowance;
+
+    /// @notice The name of the token
+    string public name;
+
+    /// @notice The symbol of the token
+    string public symbol;
+
+    /// @notice The number of decimals the token uses
+    uint8 public decimals;
+
+    /// @notice Constructor to set initial token details and cryptographic components
+    /// @param _name Name of the token
+    /// @param _symbol Symbol of the token
+    /// @param _decimals Number of decimal places the token uses
+    /// @param _paillier Address of the Paillier contract
+    /// @param _publicKey Public key for the Paillier encryption
+    constructor(
+        string memory _name,
+        string memory _symbol,
+        uint8 _decimals,
+        address _paillier,
+        PublicKey memory _publicKey
+    ) {
+        name = _name;
+        symbol = _symbol;
+        decimals = _decimals;
+        paillier = Paillier(_paillier);
+        publicKey = _publicKey;
+        totalSupply = _zero();
+    }
+
+    /// @notice Emits an event to request the balance of the sender
+    function requestBalance() external {
+        emit RequestBalance(msg.sender);
+    }
+
+    /// @notice Emits an event with the response balance for a specified address
+    /// @param target The address whose balance is being reported
+    /// @param balance The balance of the specified address
+    function responseBalance(address target, uint balance) external {
+        emit ResponseBalance(target, balance);
+    }
+
+    /// @notice Transfers encrypted tokens to a specified address
+    /// @param recipient The address to receive the tokens
+    /// @param amount The amount of tokens to transfer, represented as encrypted data
+    /// @return success A boolean value indicating success of the transfer
+    function transfer(
+        address recipient,
+        Ciphertext calldata amount
+    ) external returns (bool success) {
+        require(
+            keccak256(abi.encodePacked(balanceOf[msg.sender].value)) !=
+                keccak256(bytes("")),
+            "DiscreteERC20: transfer from the zero address"
+        );
+
+        if (
+            keccak256(abi.encodePacked(balanceOf[recipient].value)) ==
+            keccak256(bytes(""))
+        ) {
+            balanceOf[recipient] = amount;
+        } else {
+            balanceOf[recipient] = this._add(balanceOf[recipient], amount);
+        }
+        balanceOf[msg.sender] = this._sub(balanceOf[msg.sender], amount);
+        emit Transfer(msg.sender, recipient, amount);
+        return true;
+    }
+
+    /// @notice Approves a spender to use a specified amount of the owner's tokens
+    /// @param spender The address authorized to spend the tokens
+    /// @param amount The amount of tokens they are authorized to use, represented as encrypted data
+    /// @return success A boolean value indicating success of the approval
+    function approve(
+        address spender,
+        Ciphertext calldata amount
+    ) external returns (bool success) {
+        allowance[msg.sender][spender] = amount;
+        emit Approval(msg.sender, spender, amount);
+        return true;
+    }
+
+    /// @notice Transfers tokens from one address to another using an allowance
+    /// @param sender The address from which tokens are transferred
+    /// @param recipient The address to which tokens are transferred
+    /// @param amount The amount of tokens to transfer, represented as encrypted data
+    /// @return success A boolean value indicating success of the transfer
+    function transferFrom(
+        address sender,
+        address recipient,
+        Ciphertext calldata amount
+    ) external returns (bool success) {
+        allowance[sender][msg.sender] = this._sub(
+            allowance[sender][msg.sender],
+            amount
+        );
+        balanceOf[sender] = this._sub(balanceOf[sender], amount);
+        balanceOf[recipient] = this._add(balanceOf[recipient], amount);
+        emit Transfer(sender, recipient, amount);
+        return true;
+    }
+
+    /// @dev Internal function to mint new encrypted tokens
+    /// @param to The address to receive the newly minted tokens
+    /// @param amount The amount of tokens to mint, represented as encrypted data
+    function _mint(address to, Ciphertext calldata amount) internal {
+        if (
+            keccak256(abi.encodePacked(balanceOf[to].value)) ==
+            keccak256(bytes(""))
+        ) {
+            balanceOf[to] = amount;
+        } else {
+            balanceOf[to] = this._add(balanceOf[to], amount);
+        }
+        totalSupply = this._add(totalSupply, amount);
+        emit Transfer(address(0), to, amount);
+    }
+
+    /// @dev Internal function to burn encrypted tokens
+    /// @param from The address from which tokens are burned
+    /// @param amount The amount of tokens to burn, represented as encrypted data
+    function _burn(address from, Ciphertext calldata amount) internal {
+        balanceOf[from] = this._sub(balanceOf[from], amount);
+        totalSupply = this._sub(totalSupply, amount);
+        emit Transfer(from, address(0), amount);
+    }
+
+    /// @notice External function to mint new encrypted tokens
+    /// @param to The address to receive the newly minted tokens
+    /// @param amount The amount of tokens to mint, represented as encrypted data
+    function mint(address to, Ciphertext calldata amount) external {
+        _mint(to, amount);
+    }
+
+    /// @notice External function to burn encrypted tokens
+    /// @param from The address from which tokens are burned
+    /// @param amount The amount of tokens to burn, represented as encrypted data
+    function burn(address from, Ciphertext calldata amount) external {
+        _burn(from, amount);
+    }
+
+    /// @dev Internal function to generate an encrypted zero value using randomness
+    /// @return A Ciphertext structure representing an encrypted value of zero
+    function _zero() public view returns (Ciphertext memory) {
+        bytes memory rnd = abi.encodePacked(
+            block.timestamp,
+            blockhash(block.number - 1)
+        );
+        return Ciphertext(paillier.encryptZero(rnd, publicKey).val);
+    }
+
+    /// @dev Internal function to add two encrypted values
+    /// @param a The first encrypted value
+    /// @param b The second encrypted value
+    /// @return The result of the addition, represented as encrypted data
+    function _add(
+        Ciphertext calldata a,
+        Ciphertext calldata b
+    ) public view returns (Ciphertext memory) {
+        return Ciphertext(paillier.add(a, b, publicKey).val);
+    }
+
+    /// @dev Internal function to subtract one encrypted value from another
+    /// @param a The encrypted value to subtract from
+    /// @param b The encrypted value to subtract
+    /// @return The result of the subtraction, represented as encrypted data
+    function _sub(
+        Ciphertext calldata a,
+        Ciphertext calldata b
+    ) public view returns (Ciphertext memory) {
+        return Ciphertext(paillier.sub(a, b, publicKey).val);
+    }
+}

package.json

@@ -24,4 +24,4 @@
     "bigint-conversion": "^2.4.3",
     "paillier-bigint": "^3.4.3"
   }
-}
+}