{"id":24988439,"url":"https://github.com/lit-protocol/verifiable-share-encryption","last_synced_at":"2025-07-16T04:43:40.923Z","repository":{"id":181320955,"uuid":"665599592","full_name":"LIT-Protocol/verifiable-share-encryption","owner":"LIT-Protocol","description":null,"archived":false,"fork":false,"pushed_at":"2025-04-09T15:24:18.000Z","size":100,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-19T00:31:14.285Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LIT-Protocol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-07-12T14:59:52.000Z","updated_at":"2025-04-09T15:24:22.000Z","dependencies_parsed_at":"2024-10-19T19:51:39.779Z","dependency_job_id":"2b402b47-d6e3-4870-870b-36f08125cf3e","html_url":"https://github.com/LIT-Protocol/verifiable-share-encryption","commit_stats":null,"previous_names":["lit-protocol/verifiable-share-encryption"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/LIT-Protocol/verifiable-share-encryption","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LIT-Protocol%2Fverifiable-share-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LIT-Protocol%2Fverifiable-share-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LIT-Protocol%2Fverifiable-share-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LIT-Protocol%2Fverifiable-share-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LIT-Protocol","download_url":"https://codeload.github.com/LIT-Protocol/verifiable-share-encryption/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LIT-Protocol%2Fverifiable-share-encryption/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265482307,"owners_count":23774029,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-04T12:04:18.249Z","updated_at":"2025-07-16T04:43:40.879Z","avatar_url":"https://github.com/LIT-Protocol.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Verifiable Share Encryption\n\nVerifiable Encryption was first proposed by Jan Camenisch and Victor Shoup in [2003](https://www.shoup.net/papers/verenc.pdf). \nA rust [crate](https://crates.io/crates/verenc) exists for this implementation. \nAn alternative approach uses El-Gamal encryption with discrete log proofs where the decrypter must solve the D-LOG to find the original value. \nThis works as long as the encrypted value is not too small. \nIf larger, the value can be partitioned into smaller chunks where solving the D-LOG is quick. \nThere is also a [lattice based one](https://eprint.iacr.org/2017/122.pdf) but the performance has not been measured.\n\nThe goal for encryption of PKPs is to prove the ciphertext encrypts the signing key share corresponding to a specific verification key. \nFor example, when an encrypted backup $B$ with encryption key $K$ for Alice whose signing key is $a$ and verification key is $A = a.P$, the proof can be verified calling $verify(A, B, K)$.\nVerify returns true if the backup is the encrypted signing key that corresponds to the verification key.\n\n## Camenisch-Shoup\n\nCamenisch-Shoup (CS) verifiable encryption uses groups of unknown order using which means creating a group that is the product of two prime numbers like RSA or using class groups. \nGroups that are the product of two primes can be broken with PQ computes and are much slower than elliptic curves. \nClass groups are considered PQ safe but are complicated to find and slow in practice.\n\n## El-Gamal\n\nEl-Gamal can work with any groups including elliptic curves. \nThe base encryption works by creating a keypair $k, K = k.P$, and creating a ciphertext by computing\n\n$$r \\xleftarrow{\\$} \\mathbb{Z}_q$$\n \n$$Q \\xleftarrow{\\$} \\mathbb{G}$$\n\n$$C_1 = r.P$$\n\n$$C_2 = a.Q + r.K$$\n\n$$B = \\{C_1, C_2\\}$$\n\nThus, the ciphertext is around 2Kb and an accompanying proof is around 3.1Kb.\n\n## Implementation\n\nThis crate uses El-Gamal encryption with DLOG proofs but encrypt each byte such that the DLOG can be solved easily to restore the key. \nWithout this step it will be impossible to restore the key. \nHowever, this necessitates using bulletproofs to prove each byte is less than $2^8$. \nLuckily, bulletproofs allows proof aggregation to shrink the proof.\n\nMore in-depth details can be found in the [math](docs/math.md)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flit-protocol%2Fverifiable-share-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flit-protocol%2Fverifiable-share-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flit-protocol%2Fverifiable-share-encryption/lists"}