• Chaum-Pedersen NIZKP
• Installation
• Usage
  • Methods
    • ChaumPedersen(p)
    • ChaumPedersen(p, g)
    • prove(r, x, n, m, [g])
    • verify(proof, x, n, m, [g])
• Example
• Contributing
• Support
• License

Chaum-Pedersen NIZKP

The non-interactive version of original Chaum-Pedersen zero-knowledge proof.
This project is purposed to be used with public key cryptosystem based on "Discrete Logarithm" such as ElGamal.

Chaum-Pedersen proof is used to prove the equality of exponents of two modular exponentiation with different bases.

The strong Fiat-Shamir heuristic is applied to Chaum-Pedersen protocol to make it non-interactive.

NIZKP stands for 'Non-Interactive Zero-Knowledge Proof'

You should first initialize the module with a Cyclic Group then it's ready.
This module works over Multiplicative Group of integers as underlying Cyclic Group.

NOTE: The Module is developed for educational goals, although we developed it securely but the risk of using it in production environment is on you!

Installation

Either you are using Node.js or a browser, you can use it locally by downloading it from npm:

npm install @software-security-lab/chaum-pedersen

Usage

To include this module in your code simply:

const ChaumPedersen = require('@software-security-lab/chaum-pedersen');

If you are using it in a browser, you may need to use a tool such as browserify to compile your code.

After including the module into your code, you can create your instance using new operator as described in Methods section.

Methods

While introducing the methods, we use specific phrases which are listed below:

• Throws Error: Indicates the methods throw an error, the type or reason of possible errors is explained in the method's explanation.
• Async: Indicates this method is an asynchronous method which means you should wait for it to complete its execution.

ChaumPedersen(p)

• p: ElGamal
• Returns: NIZKP Chaum-Pedersen module
• Throws Error:

If you are using our ElGamal module, you can directly pass your instance and then use it to proof your secret of knowledge.

p parameter is your instance of ElGamal module:

const elgamal = new ElGamal();
await elgamal.initializeRemotely(2048);
elgamal.checkSecurity();
let chaumPedersen = new ChaumPedersen(elgamal);

Throws an error if p is of wrong type.

ChaumPedersen(p, g)

• p: String | big-integer
• g: String | big-integer
• Returns: NIZKP Chaum-Pedersen Proof.
• Throws Error:

If you're not using ElGamal module and even not ElGamal Encryption, you can initialize the Chaum-Pedersen this way.

p parameter is the modulus of underlying Cyclic Group.
g parameter is the generator of underlying Cyclic Group.
Throws an error if one of p or g is not provided or is of wrong type.

Keep in mind the Chaum-Pedersen works over Cyclic Group which can be determined by its generator and order. Since we are using Multiplicative Groups as Cyclic Groups, modulus p specifies the group order implicitly.

prove(r, x, n, m, [g])

• r: String | big-integer
• x: String | big-integer
• n: String | big-integer
• m: String | big-integer
• g: String | big-integer
• Returns: Chaum-Pedersen Proof
• Async
• Throws Error

Produces a Chaum-Pedersen proof for you which you can use to prove your knowledge about secret r.

r is your secret which you wants to prove your knowledge about it without revealing it.
x is the result of first modular exponentiation:
$\qquad$ g r mod p = x
g is base of your first modular exponentiation which is optional. If it's not provided, we consider generator of group as its value. n is base of your second modular exponentiation.
m is the result of second modular exponentiation:
$\qquad$ n r mod p = m

Throws an error if any of parameters is of wrong type.

NOTE: For security sakes, we get rid of r as soon as we computes the Chaum-Pedersen proof. So make sure you keep it safe yourself.

verify(proof, x, n, m, [g])

• proof: Chaum-Pedersen Proof
• x: String | big-integer
• n: String | big-integer
• m: String | big-integer
• g: String | big-integer
• Returns: boolean
• Throws Error

Verifies the knowledge of prover about equality of exponents of both modular exponentiation considering receiving proof.

proof is resulted from calling prove() method.
x is the result of first modular exponentiation:
$\qquad$ g r mod p = x
g is base of your first modular exponentiation which is optional. If it's not provided, we consider generator of group as its value. n is base of your second modular exponentiation.
m is the result of second modular exponentiation:
$\qquad$ n r mod p = m

Returns true if knowledge of prover about r is verified and returns false otherwise.

Throws an error if any of parameters is of wrong type.

Example

One of the most usage of Chaum-Pedersen proof is verifying the validity of blind factor in blinding operations.

Hence we provided an example at ./tests/blindFactorProof.js which shows you how you can use this module to verify blinding operation in ElGamal Cryptosystem.

Contributing

Since this module is developed at Software Security Lab, you can pull requests but merging it depends on Software Security Lab decision.
Also you can open issues first then we can discuss about it.

Support

If you need help you can either open an issue in GitHub page or contact the developers by mailing to golgolniamilad@gmail.com

License

This work is published under ISC license.