jude/Riskless
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prove and verify rounds

Browse Source
This commit is contained in:
jude
2023-04-14 16:04:24 +01:00
parent 0f8ad2a0a8
commit 35dbf321e9
5 changed files with 142 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
whitepaper/Dissertation.pdf
View File

Binary file not shown.

16
whitepaper/Dissertation.tex
View File

@ -566,7 +566,7 @@ Timing results versus RSA are backed experimentally by my implementation. The fo
console.log(performance.measure("duration", "start", "end").duration)
\end{minted}
Performing 250 Paillier encrypts required 48,800ms. On the other hand, performing 250 RSA encrypts required just 60ms.
Performing 250 Paillier encrypts required 47,000ms. On the other hand, performing 250 RSA encrypts required just 40ms.
The speed of decryption is considerably less important in this circumstance, as Paillier ciphertexts are not decrypted during the execution of the program.
@ -580,7 +580,9 @@ Taking this idea further, one may simply cache $r^n$ for a number of randomly ge
\textbf{Alternative Paillier scheme.} \cite{Jurik2003ExtensionsTT} presents an optimised encryption scheme based on the subgroup of elements with Jacobi symbol $+1$. This forms a group as the Jacobi symbol is multiplicative, being a generalisation of the Legendre symbol.
I used this scheme to reduce the time to encrypt to half. Greater optimisations are possible through pre-computation of fixed-base exponentials, but this takes a considerable amount of time, and I found it infeasible within my implementation, since keypairs are only used for a single session.
Using this scheme alone reduced the time to encrypt by a half. Greater optimisations are possible through pre-computation of fixed-base exponentials, but this takes a considerable amount of time, and I found it infeasible within my implementation, since keypairs are only used for a single session.
Furthermore, in practice gains were closer to a reduction by a third, since in the modified scheme additional computation must be performed to attain the $r$ that would work with normal Paillier, in order to perform the zero-knowledge proofs from before.
\textbf{Smaller key size.} The complexity of Paillier encryption increases with key size. Using a smaller key could considerably reduce the time taken \cite{paillier1999public}.
@ -599,12 +601,12 @@ The other proofs do not translate so trivially to this structure however. In fac
All measurements taken on Brave 1.50.114 (Chromium 112.0.5615.49) 64-bit, using a Ryzen 5 3600 CPU.
\begin{center}
\begin{tabular}{|c|c|c|}
\begin{tabular}{|c|c|c|c|}
\hline
Modulus size & Na\"ive encrypt & Jacobi encrypt \\\hline
$n = 1024$ & cell5 & 4ms \\
$n = 2048$ & cell8 & 22ms \\
$n = 4096$ & cell8 & 128ms \\
Modulus size & Na\"ive encrypt & Jacobi encrypt & RSA encrypt \\\hline
$|n| = 1024$ & 6ms & 4ms & <1ms \\
$|n| = 2048$ & 34ms & 22ms & <1ms \\
$|n| = 4096$ & 189ms & 128ms & <1ms \\
\hline
\end{tabular}
\end{center}