Lib.rs

Cryptography
#finite-fields #rsa #prime #bignum #gmp #security

unknown_order

A crate for working with finite fields where the modulus is of unknown order, typtical for RSA, Paillier, Hyperelliptic curves, etc

by Michael Lodder and 3 contributors

22 releases (10 breaking)

0.11.0 Oct 31, 2024
0.10.1 Jun 12, 2024
0.10.0 May 24, 2024
0.8.0 Feb 13, 2024
0.2.3 Jul 21, 2021

#799 in Cryptography

Download history 37/week @ 2024-07-15 50/week @ 2024-07-22 37/week @ 2024-07-29 21/week @ 2024-08-05 52/week @ 2024-08-12 85/week @ 2024-08-19 71/week @ 2024-08-26 2/week @ 2024-09-02 61/week @ 2024-09-09 45/week @ 2024-09-16 104/week @ 2024-09-23 31/week @ 2024-09-30 28/week @ 2024-10-07 48/week @ 2024-10-14 13/week @ 2024-10-21 118/week @ 2024-10-28

208 downloads per month
Used in 3 crates (2 directly)

Apache-2.0 OR MIT and maybe LGPL-3.0+

120KB
3K SLoC

unknown_order

Crates.io Documentation License-Image minimum rustc 1.50 dependency status

Crate for handling groups of unknown order.

I've seen this commonly across multiple projects where they need a multiprecision library and use one of three libraries: Gnu MP BigNum Library, OpenSSL's BigNum Library and Rust's BigInt Library, depending on the needs and requirements (licensing, performance, platform target, constant time).

The default is to use the pure rust option without any external C bindings and is safe for cryptographic use (crypto-bigint). This version is also friendly to WASM.

To use OpenSSL's BigNum library, you must have libcrypto and libssl in your path. Put the following in your Cargo.toml.

unknown_order = { version = "0.11", default-features = false, features = ["openssl"] }

To use Gnu MP BigNum library, you must have libgmp in your path. Put the following in your Cargo.toml.

unknown_order = { version = "0.11", default-features = false, features = ["gmp"] }

To use the pure rust version num-bigint, put the following in your Cargo.toml.

unknown_order = { version = "0.11", default-features = false, features = ["rust"] }

This library wraps them all into a common API, so they can be used interchangeably.

Groups of unknown order require using a modulus that is the composite of two big prime numbers. This library is designed to facilitate these use cases such as RSA, Paillier, Hyperelliptic Curves, Accumulators, CL signatures.

The modulus is not known at compile time which excludes using certain traits like ff::PrimeField, so unfortunately, the caller needs to remember to use methods prefixed with mod to achieve the desired results.

This library can only have one implementation active at a time. Mixing between implementations isn't necessarily a problem as much as injecting lots of dependencies and mixing licenses which is not a good idea. This also forces the user to understand what tradeoffs they are making when they select a specific implementation. For example, some implementations may not be constant time versus others which is important when used for cryptographic purposes.

When using features=openssl or features=gmp, the constant time implementations are used if available.

Examples

use unknown_order::BigNumber;

fn main() {
    // Create a safe group of unknown order
    let p = BigNumber::safe_prime(1024);
    let q = BigNumber::safe_prime(1024);
    let n = p.clone() * q.clone();
    
    // Simulate RSA algorithm, DO NOT USE totally insecure
    
    // Public key
    let e = BigNumber::from(65537);
    
    // throw away when done
    let totient = (p.clone() - 1) * (q.clone() - 1);
    
    // Secret key
    let d = e.invert(&totient).unwrap();
    
    
}

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

This crate is part of the Hyperledger Labs Agora Project

Dependencies

~1–6.5MB
~138K SLoC