yuchen1024 / Kunlun

A C++ library containing both easy-to-use lower level bigint/ecgroup interfaces and high-level cryptographical schemes/protocols.
75 stars 19 forks source link

Kunlun: A Modern Crypto Library

Overview

I give a C++ wrapper for OpenSSL, making it handy to use, without worrying about the cumbersome memory management and memorizing the complex interfaces. Based on this wrapper, I am going to build an efficient and modular crypto library.

Design Philosophy

Provide a set of neat interfaces for big integer and ec group operations, with the hope that the code is as succinct as paper description. Kunlun supports multithreading via OpenMP. So far, the library is not stable. It will keep evolving.

Issues

If the above two issues get solved, the performance of Kunlun will be better.

To do list (impossible missions for me)

Specifications

Install Depedent Libaraies

On MACOS

test if the function x25519_scalar_mulx is available

  $ cd /usr/local/lib
  $ nm libcrypto.a | grep x25519_scalar_mulx

On Linux

do the same modification as in MACOS, then compile it according to

  $ ./Configure no-shared enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 no-comp --prefix=/usr/local/openssl
  $ make depend
  $ sudo make install

if reporting cannot find "opensslv.h" error, try to install libssl-dev

  $ sudo apt-get install libssl-dev 

Code Structure


Compile and Run

  $ mkdir build && cd build
  $ cmake ..
  $ make
  $ ./test_xxx 

Multi-threads Support

Elliptic curve setting

inline int curve_id = NID_X9_62_prime256v1; // choose other curves by specifying curve-ID  
#define ECPOINT_COMPRESSED                  // comment this line to enable uncompressed representation
#define ENABLE_X25519_ACCELERATION      // (un)comment this line to enable x25519 acceleration method

Note: x22519 is an efficnet DDH-based non-interactive key exchange (NIKE) protocol based on curve25519. The essense of x25519 is exactly cwPRF. Its remarkable efficency is attained by performing "somehow EC exponentiation" with only X-coordinates (perhaps x25519 name after it). However, in x25519 the EC exponetiation is not standard, and EC addition is not well-defined. We stress that curve25519 certainly support standard EC exponentiation and addition, but x25519 method does not. Kunlun provides the option of using x25519 method to improve performance of applications when it is applicable (involving only cwPRF). But, since x25519 method is not full-fledged, ordinary EC curves are always necessary for base Naor-Pinkas OT. Therefore, users must specify one ordinary EC curve when implementing ECC.

Evolution and Updates Log


License

This library is licensed under the MIT License.


Acknowledgement

We deeply thank Weiran Liu for many helpful discussions on the development of this library. Here we strongly recommend the efficient and easy-to-use MPC library for Java developed by his team. I thank my deer senior apprentice Prof. Zhi Guan for professional help.

Tips


How to test the speed of socket communication?

  1. install iperf3 via the following command

    brew install iperf3
  2. open it in two terminals (perhaps on two computers)

    iperf3 -s
    iperf3 -c [IP Address of first Mac]

See more information via https://www.macobserver.com/tmo/answers/how-to-test-speed-home-network-iperf