verificatum / verificatum-vjsc

NEWS! We will soon release a TypeScript transpilation and improvement of this library. Self-contained cryptographic library for use in electronic voting clients. Complete documentation with references to the literature makes it good teaching material.
https://www.verificatum.org
Other
15 stars 3 forks source link
bigint biginteger elgamal elliptic-curve-arithmetic fast modular-arithmetic self-contained teaching-materials zero-knowledge

Verificatum JavaScript Cryptography Library (VJSC)

DO NOT EDIT! This file is generated. See Makefile.

This library provides the cryptographic routines needed by an electronic voting client implemented in Javascript. It is documented in detail and considerable time has been invested in organizing the the code.

Although this library is fast, the goal is not to be as fast as possible, but to be fast enough and as clean and well documented as possible. M4 macros are used for both purposes.

The library is compiled from multiple files using M4 into a single properly formatted and indented file that encapsulates all functionality that should not be readily accessible. Users should not add any variables or functions to the namespaces.

This is not a general purpose library for cryptographic software. Please read the warnings below.

This library consists of a stack of the following modules:

A notable pattern used in the code is using static variables in functions, where a variable is static if it survives function invocations. This is implemented using encapsulation with immediate functions. Static variables are re-sized as needed, but for our application this rarely happens, so effectively we have automatic light-weight memory allocation.

Some classes can be optionally included in the library. See BUILDING.md and Makefile for more information. Testing if a class is included is done using typeof, e.g., the following is a boolean that is true if and only if the class ECqPGroup was included in the build.

typeof verificatum.arithm.ECqPGroup !== "undefined"

The function verificatum.util.ofType is robust as long as the second parameter is either a string literal or a type. To keep things consistent, we only use typedef variable === "undefined" when checking for undefined parameters to functions.

WARNING! Please read the following instructions carefully. Failure to do so may result in a completely insecure installation.

You should NOT use this library unless you have verified the following:

WARNING! Please read the following instructions carefully. Failure to do so may result in a completely insecure installation.

This library does not protect against side channel attacks. Thus, this is not a general purpose cryptographic library, but it is secure in electronic voting clients because of two reasons:

This should be compared with, e.g., a TLS server that handles repeated requests from a potential adversary using a fixed secret key.

Our software handles special curve points correctly and all inputs are verified to belong to the right domain before processing. This turns out to be particularly important for the mix-nets that process the ciphertexts formed using this library.

However, we naturally welcome the inclusion of non-NIST curves that are more resistant against side channel attacks. For more information we recommend, e.g., Daniel J. Bernstein and Tanja Lange. SafeCurves: choosing safe curves for elliptic-curve cryptography, (accessed 1 December 2014).

WARNING! Please read the following instructions carefully. Failure to do so may result in a completely insecure installation.

This library does not on its own protect against attacks against the browser or the operating system. A short and non-exhaustive list of threats includes:

It is impossible to fully protect a client against such attacks. We can only reduce the risk in different ways.

However, electronic voting systems typically provide mechanisms at the cryptographic protocol level to allow the voter or auditors to verify that the right vote is encrypted.

Thus, these risks are "only" relevant for privacy if the rest of the system is implemented properly.