I am aiming to achieve additive homomorphism for relatively small integer encryption using EC-Elgamal and to effectively recreate the functionality described in this paper. I was wondering if there was any work done in this direction and if anyone could advise me on how to attain such functionality using sjcl.
I am aware that addition on EC-Elgamal is only possible over the points on the curve and that (r)mapping is required which is briefly mentioned in the paper, hence I am looking for advice on both, mapping function and combining ciphertexts.
Adding the snippet for completeness:
// generated, once globally, public key shared with everyone, the private key used for homomorphic decryptionvar keys0 = sjcl.ecc.elGamal.generateKeys(256);
// every user generates it's own key for encryptionvar keys1 = sjcl.ecc.elGamal.generateKeys(256);var keys2 = sjcl.ecc.elGamal.generateKeys(256);
// user generated secret, combined with global public key to get a shared key.var shared1 = keys1.sec.dh(keys0.pub)var shared2 = keys2.sec.dh(keys0.pub)
var ct1 = sjcl.encrypt(shared1, "4")var ct2 = sjcl.encrypt(shared2, "9")
// combine ct1, ct1 to get a combined ciphertext// var ct12 = ??
// combine keys1.pub, keys2.pub and keys0.sec to decrypt final outcome// var pt12 = sjcl.decrypt(??, ct12)
I am aiming to achieve additive homomorphism for relatively small integer encryption using EC-Elgamal and to effectively recreate the functionality described in this paper. I was wondering if there was any work done in this direction and if anyone could advise me on how to attain such functionality using sjcl.
I am aware that addition on EC-Elgamal is only possible over the points on the curve and that (r)mapping is required which is briefly mentioned in the paper, hence I am looking for advice on both, mapping function and combining ciphertexts.
Adding the snippet for completeness:
// generated, once globally, public key shared with everyone, the private key used for homomorphic decryptionvar keys0 = sjcl.ecc.elGamal.generateKeys(256);// every user generates it's own key for encryptionvar keys1 = sjcl.ecc.elGamal.generateKeys(256);var keys2 = sjcl.ecc.elGamal.generateKeys(256);// user generated secret, combined with global public key to get a shared key.var shared1 = keys1.sec.dh(keys0.pub)var shared2 = keys2.sec.dh(keys0.pub)var ct1 = sjcl.encrypt(shared1, "4")var ct2 = sjcl.encrypt(shared2, "9")// combine ct1, ct1 to get a combined ciphertext// var ct12 = ??// combine keys1.pub, keys2.pub and keys0.sec to decrypt final outcome// var pt12 = sjcl.decrypt(??, ct12)console.log(pt12) // prints 13