herumi
commented
1 year ago What class are you trying to use as G? mcl::G1 is a group of an elliptic curve, so it does not have 1.
Closed XinwenXiang closed 1 year ago
herumi
commented
1 year ago What class are you trying to use as G? mcl::G1 is a group of an elliptic curve, so it does not have 1.
XinwenXiang
commented
1 year ago I may have misrepresented. In ElGamal enc(ek, mes ; rand) , it suppose that mes belong to G as a element to do (ek^rand,g^rand.mes), to meet nizk, I need to set mes as the “identity element” of G , so that g^rand.mes=g^rand
herumi
commented
1 year ago A standard ElGamal encryption assumes that G is a multiplicative group, not an elliptic curve. The identity element of mc::G1 is zero.
XinwenXiang
commented
1 year ago excuse, may i do not understand your answer totally I'm implement the scheme in the group defined by an elliptic curve. I just run: ` let rhok=new mcl.Fr() rhok.setByCSPRNG() let cOne=new mcl.G1()
let cipherWithOne=pke.PKEEncRand(relationPP.g,relationPP.ek,cOne,rhok)
let check=mcl.mul(relationPP.g,rhok)
if(cipherWithOne.v.isEqual(check)) console.log("11111111111111")`and it worked , it seems that new a element in G1 defalut to be the “identity element”
herumi
commented
1 year ago If you want to use an elliptic curve for ElGamal encryption, a message m must be in G, NOT a scalar. the formulation is the following: (additive formula)
keyGen
dk <- Fr.setByCSPRNG()
g <- hashAndMapToG1('1') # this is a generator of G1
pk <- mul(g, dk)
Enc(pk, m)
m in G1
r <- Fr.setByCSPRNG()
c <- (mul(pk, r), add(mul(g, r), m)) # (pk * r, g * r + m)
Dec(dk, c = (u, v))
m <- sub(v, mul(u, inv(dk))) # v - u * (1/dk) = (g * r + m) - (pk * r) * (1/dk) = mDoes the original paper assume an elliptic curve?
XinwenXiang
commented
1 year ago In the original paper does not assume an elliptic curve, and my theoretical base knowledge may be lacking.
When I try to implement an encryption scheme, I follow the rule that "a group can be defined by an elliptic curve" and I just need to verify that the properties of the group defined by the elliptic curve satisfy the scheme description. Is that right?
I do not know how to define a group in another way. and thanks a lot for your patient answer.
herumi
commented
1 year ago When I try to implement an encryption scheme, I follow the rule that "a group can be defined by an elliptic curve" and I just need to verify that the properties of the group defined by the elliptic curve satisfy the scheme description. Is that right?
Yes.
What is the size of the message m? If you can assume |m| <= 2^24 or so, then you can use lifted ElGamal Encryption with an elliptic curve.
cf.
XinwenXiang
commented
1 year ago thanks a lot!!
it really helps me :)
hi, I'm trying to use mcl-wasm to implement a nizk. in this picture, Enc is ElGamal Encryption, I want to encrypt "1" of G.
however, this way is not work , means that i can't get "1"of G. How can i solve it?
thanks a lot