Encryption
Public Key Encryption
The implemented lattice-based public key encryption schemes can be found in the module qfall_crypto::constructions::pk_encryption. All of them implement the trait PKEncryption and thus the functions gen, enc, and dec for the key generation, encryption and decryption according to some public parameters, which are stored in the struct of each implemented scheme.
Although not mandatory, currently all schemes provide functions to generate suitable public parameters via new_from_n(n) for some provided n, a default parameter set, and a static set of public parameters, which is 128-bit secure via secure128(). Nevertheless, you can also check your public parameters for provable security and correctness via check_security and check_correctness.
Please note that these functions are not mandatory to implement. Hence, schemes added in the future might not provide this functionality.
With the provided functionality, it is easy to setup a scheme and encrypt , and decrypt integers:
use qfall_crypto::construction::pk_encryption::{PKEncryption, LPR};
// setup public parameters and generate key-pair
let lpr = LPR::default();
let (pk, sk) = lpr.gen();
// encrypt and decrypt one bit
let cipher = lpr.enc(&pk, 1);
let m = lpr.dec(&sk, &cipher);Unfortunately, we can only encrypt one bit in the provided example. Thus, we implemented a generic trait to enable multi-bit encryption and decryption for schemes like LWE, Dual LWE, and LPR Encryption, which are in the implemented variant just capable of encrypting one bit.
use qfall_crypto::construction::pk_encryption::{GenericMultiBitEncryption, PKEncryption, LPR};
// setup public parameters and generate key-pair
let scheme = LPR::default();
let (pk, sk) = scheme.gen();
// encrypt and decrypt multiple bits
let cipher = scheme.enc_multiple_bits(&pk, 15);
let message = scheme.dec_multiple_bits(&sk, &cipher);The ring-based variant of LPR does not have this issue, can encrypt multiple bits at once, and is more efficient, as it is based on ideal lattices and with that polynomial rings. In this case, multiple bits can be encrypted at once with respect to the choice of n.