feat: added add_const, sub, sub_const, mul_const

Author: 10d9e

contracts/BigNum.sol

@@ -16,9 +16,9 @@ library BigNum {
     /// @notice the value for number 0 of a BigNumber instance.
     bytes constant ZERO = hex"0000000000000000000000000000000000000000000000000000000000000000";
     /// @notice the value for number 1 of a BigNumber instance.
-    bytes constant  ONE = hex"0000000000000000000000000000000000000000000000000000000000000001";
+    bytes constant ONE = hex"0000000000000000000000000000000000000000000000000000000000000001";
     /// @notice the value for number 2 of a BigNumber instance.
-    bytes constant  TWO = hex"0000000000000000000000000000000000000000000000000000000000000002";
+    bytes constant TWO = hex"0000000000000000000000000000000000000000000000000000000000000002";
 
     // ***************** BEGIN EXPOSED MANAGEMENT FUNCTIONS ******************
     /** @notice verify a BN instance

contracts/Paillier.sol

@@ -14,7 +14,8 @@ struct Ciphertext {
 /// @notice A struct to represent a public key
 /// @dev The public key is stored as a byte array
 struct PublicKey {
-    bytes value;
+    bytes n;
+    bytes g;
 }
 
 /// @title PrivateKey Struct
@@ -25,7 +26,7 @@ struct PrivateKey {
 }
 
 /// @title Paillier Cryptosystem Implementation
-/// @author The developer
+/// @author lodge
 /// @notice This contract provides basic operations for the Paillier cryptosystem
 /// @dev Uses the BigNum library for large number operations
 contract Paillier {
@@ -54,9 +55,9 @@ contract Paillier {
             BigNum.bitLength(b.value)
         );
         BigNumber memory pub_n = BigNumber(
-            publicKey.value,
+            publicKey.n,
             false,
-            BigNum.bitLength(publicKey.value)
+            BigNum.bitLength(publicKey.n)
         );
 
         // Calculate the encrypted sum as enc_a * enc_b % pub_n^2
@@ -68,13 +69,122 @@ contract Paillier {
         return enc_sum;
     }
 
+    /// @notice Adds a plaintext value to an encrypted value
+    /// @dev The function computes (Enc(a) * g^b % n^2) to add plaintext b to the encrypted value Enc(a)
+    /// @param a The encrypted value as a Ciphertext
+    /// @param b The plaintext value as a uint256
+    /// @param publicKey The public key as a PublicKey
+    /// @return enc_result The new encrypted value as a BigNumber
+    function add_const(
+        Ciphertext calldata a,
+        uint256 b,
+        PublicKey calldata publicKey
+    ) public view returns (BigNumber memory) {
+        BigNumber memory enc_a = BigNumber(
+            a.value,
+            false,
+            BigNum.bitLength(a.value)
+        );
+        BigNumber memory pub_n = BigNumber(
+            publicKey.n,
+            false,
+            BigNum.bitLength(publicKey.n)
+        );
+        BigNumber memory g = BigNumber(
+            publicKey.g,
+            false,
+            BigNum.bitLength(publicKey.g)
+        );
+        BigNumber memory enc_result = BigNum.mod(
+            BigNum.mul(enc_a, BigNum.pow(g, b)),
+            BigNum.pow(pub_n, 2)
+        );
+
+        return enc_result;
+    }
+
+    /// @notice Subtracts one encrypted value from another
+    /// @dev The function computes Enc(a) * Enc(b)^(-1) % n^2 by using Enc(b)^(n-1)
+    /// @param a The first encrypted value as a Ciphertext
+    /// @param b The second encrypted value as a Ciphertext
+    /// @param publicKey The public key as a PublicKey
+    /// @return enc_result The result of the subtraction as a BigNumber
+    function sub(
+        Ciphertext calldata a,
+        Ciphertext calldata b,
+        PublicKey calldata publicKey
+    ) public view returns (BigNumber memory) {
+        BigNumber memory enc_a = BigNumber(
+            a.value,
+            false,
+            BigNum.bitLength(a.value)
+        );
+        BigNumber memory enc_b = BigNumber(
+            b.value,
+            false,
+            BigNum.bitLength(b.value)
+        );
+        BigNumber memory pub_n = BigNumber(
+            publicKey.n,
+            false,
+            BigNum.bitLength(publicKey.n)
+        );
+
+        BigNumber memory modulus = BigNum.pow(pub_n, 2);
+        BigNumber memory neg_enc_b = BigNum.modexp(
+            enc_b,
+            BigNum.sub(pub_n, BigNum.one()),
+            modulus
+        );
+
+        BigNumber memory enc_result = BigNum.mod(enc_a.mul(neg_enc_b), modulus);
+        return enc_result;
+    }
+
+    /// @notice Subtracts a plaintext constant from an encrypted value
+    /// @dev The function computes Enc(a) * g^(-b) % n^2 by using g^(n-1)
+    /// @param a The encrypted value as a Ciphertext
+    /// @param b The plaintext constant as an int256
+    /// @param publicKey The public key as a PublicKey
+    /// @return enc_result The result of the subtraction as a BigNumber
+    function sub_const(
+        Ciphertext calldata a,
+        int256 b,
+        PublicKey calldata publicKey
+    ) public view returns (BigNumber memory) {
+        BigNumber memory enc_a = BigNumber(
+            a.value,
+            false,
+            BigNum.bitLength(a.value)
+        );
+        BigNumber memory pub_n = BigNumber(
+            publicKey.n,
+            false,
+            BigNum.bitLength(publicKey.n)
+        );
+        BigNumber memory g = BigNumber(
+            publicKey.g,
+            false,
+            BigNum.bitLength(publicKey.g)
+        );
+
+        BigNumber memory bb = BigNumber(abi.encodePacked(b), true, 256);
+        BigNumber memory inverse = BigNum.mod(bb, pub_n);
+        BigNumber memory modulus = BigNum.pow(pub_n, 2);
+        BigNumber memory enc_result = enc_a
+            .mul(BigNum.modexp(g, inverse, modulus))
+            .mod(modulus);
+
+        return enc_result;
+    }
+
     /// @notice Multiplies an encrypted value by a plaintext constant
     /// @dev The encrypted value is exponentiated to the plaintext constant and then taken modulo n^2
     /// @param a The encrypted value in bytes
     /// @param b The plaintext constant
     /// @param publicKey The public key in bytes
     /// @return enc_result The encrypted result as a BigNumber
-    function mul(
+    function mul_const(
         Ciphertext calldata a,
         uint256 b,
         PublicKey calldata publicKey
@@ -86,9 +196,9 @@ contract Paillier {
             BigNum.bitLength(a.value)
         );
         BigNumber memory pub_n = BigNumber(
-            publicKey.value,
+            publicKey.n,
             false,
-            BigNum.bitLength(publicKey.value)
+            BigNum.bitLength(publicKey.n)
         );
 
         // Calculate the encrypted result as enc_value^b % pub_n^2
@@ -112,9 +222,9 @@ contract Paillier {
         // Create BigNumber representations for the random value and the public key
         BigNumber memory rand = BigNumber(rnd, false, BigNum.bitLength(rnd));
         BigNumber memory pub_n = BigNumber(
-            publicKey.value,
+            publicKey.n,
             false,
-            BigNum.bitLength(publicKey.value)
+            BigNum.bitLength(publicKey.n)
         );
 
         // Calculate the encrypted zero as r^n % n^2
@@ -149,9 +259,9 @@ contract Paillier {
             BigNum.bitLength(privateKey.value)
         );
         BigNumber memory n = BigNumber(
-            publicKey.value,
+            publicKey.n,
             false,
-            BigNum.bitLength(publicKey.value)
+            BigNum.bitLength(publicKey.n)
         );
 
         // Decrypt the value using private key lambda

package.json

@@ -1,6 +1,6 @@
 {
   "name": "paillier-contracts",
-  "version": "1.0.4",
+  "version": "1.1.0",
   "description": "Paillier homomorphic encryption contract",
   "license": "The Unlicense",
   "author": {
@@ -24,4 +24,4 @@
     "bigint-conversion": "^2.4.3",
     "paillier-bigint": "^3.4.3"
   }
-}
+}

test/Paillier.ts

@@ -5,7 +5,8 @@ import { expect } from "chai";
 
 // Public key
 interface PublicKey {
-  value: string;
+  n: string;
+  g: string;
 }
 
 // Ciphertext
@@ -29,14 +30,15 @@ describe("Paillier", function () {
     };
 
     // Public key
-    const pub_n: PublicKey = {
-      value: ethers.toBeHex(publicKey.n),
+    const pubKey: PublicKey = {
+      n: ethers.toBeHex(publicKey.n),
+      g: ethers.toBeHex(publicKey.g),
     };
 
     // bit length will differ to what has been stated in this script.
     // if using 256-bit key, bit_length will be 264 as "0x" prefix may have been factored in
     // Now lets deploy the contract and test the addition
-    const enc_sum = await Paillier.add(enc_a, enc_b, pub_n);
+    const enc_sum = await Paillier.add(enc_a, enc_b, pubKey);
     const enc_sum_int = bigIntConversion.hexToBigint(enc_sum[0]);
 
     // Conversion to int for convenience
@@ -47,6 +49,68 @@ describe("Paillier", function () {
     expect(dec_sum).to.equal(3);
   });
 
+  it("should add a ciphertext and plaintext", async function () {
+    const { publicKey, privateKey } =
+      await paillierBigint.generateRandomKeys(256);
+    const Paillier = await ethers.deployContract("Paillier");
+    const a: bigint = BigInt(1);
+    const b: bigint = BigInt(2);
+    const enc_a = { value: ethers.toBeHex(publicKey.encrypt(a)) };
+    const enc_b = { value: ethers.toBeHex(publicKey.encrypt(b)) };
+
+    // Public key
+    const pubKey: PublicKey = {
+      n: ethers.toBeHex(publicKey.n),
+      g: ethers.toBeHex(publicKey.g),
+    };
+    const enc_sum = await Paillier.add_const(enc_a, b, pubKey);
+    const enc_sum_int = bigIntConversion.hexToBigint(enc_sum[0]);
+    const dec_sum = Number(privateKey.decrypt(enc_sum_int));
+    console.log("Decrypted Sum:", dec_sum);
+    expect(dec_sum).to.equal(3);
+  });
+
+  it("should subtract 2 ciphertexts", async function () {
+    const { publicKey, privateKey } =
+      await paillierBigint.generateRandomKeys(256);
+    const Paillier = await ethers.deployContract("Paillier");
+    const a: bigint = BigInt(5);
+    const b: bigint = BigInt(2);
+    const enc_a = { value: ethers.toBeHex(publicKey.encrypt(a)) };
+    const enc_b = { value: ethers.toBeHex(publicKey.encrypt(b)) };
+
+    // Public key
+    const pubKey: PublicKey = {
+      n: ethers.toBeHex(publicKey.n),
+      g: ethers.toBeHex(publicKey.g),
+    };
+    const enc_diff = await Paillier.sub(enc_a, enc_b, pubKey);
+    const enc_diff_int = bigIntConversion.hexToBigint(enc_diff[0]);
+    const dec_diff = Number(privateKey.decrypt(enc_diff_int));
+    console.log("Decrypted Difference:", dec_diff);
+    expect(dec_diff).to.equal(3);
+  });
+
+  it("should subtract a ciphertext and plaintext", async function () {
+    const { publicKey, privateKey } =
+      await paillierBigint.generateRandomKeys(256);
+    const Paillier = await ethers.deployContract("Paillier");
+    const a: bigint = BigInt(42);
+    const b: bigint = BigInt(5);
+    const enc_a = { value: ethers.toBeHex(publicKey.encrypt(a)) };
+
+    // Public key
+    const pubKey: PublicKey = {
+      n: ethers.toBeHex(publicKey.n),
+      g: ethers.toBeHex(publicKey.g),
+    };
+    const enc_diff = await Paillier.sub_const(enc_a, b, pubKey);
+    const enc_diff_int = bigIntConversion.hexToBigint(enc_diff[0]);
+    const dec_diff = Number(privateKey.decrypt(enc_diff_int));
+    console.log("Decrypted Difference:", dec_diff);
+    expect(dec_diff).to.equal(37);
+  });
+
   it("should encrypt zero", async function () {
     const { publicKey, privateKey } =
       await paillierBigint.generateRandomKeys(256);
@@ -55,8 +119,11 @@ describe("Paillier", function () {
     const rand = ethers.toBeHex(Math.floor(Math.random() * 1000000));
 
     // Public key
-    const pub_n = { value: ethers.toBeHex(publicKey.n) };
-    const enc_zero = await Paillier.encryptZero(rand, pub_n);
+    const pubKey: PublicKey = {
+      n: ethers.toBeHex(publicKey.n),
+      g: ethers.toBeHex(publicKey.g),
+    };
+    const enc_zero = await Paillier.encryptZero(rand, pubKey);
     const enc_zero_int = bigIntConversion.hexToBigint(enc_zero[0]);
     const dec_zero = Number(privateKey.decrypt(enc_zero_int));
     expect(dec_zero).to.equal(0);
@@ -72,8 +139,11 @@ describe("Paillier", function () {
     const enc_a = { value: ethers.toBeHex(publicKey.encrypt(a)) };
 
     // Public key
-    const pub_n = { value: ethers.toBeHex(publicKey.n) };
-    const enc_scalar = await Paillier.mul(enc_a, b, pub_n);
+    const pubKey: PublicKey = {
+      n: ethers.toBeHex(publicKey.n),
+      g: ethers.toBeHex(publicKey.g),
+    };
+    const enc_scalar = await Paillier.mul_const(enc_a, b, pubKey);
 
     // returns tuple so get first index
     const enc_scalar_int = bigIntConversion.hexToBigint(enc_scalar[0]);