Abstract
We introduce BICYCL an open-source C++ library that implements arithmetic in the ideal class groups of imaginary quadratic fields, together with a set of cryptographic primitives based on class groups. It is available at https://gite.lirmm.fr/crypto/bicycl under GNU General Public License version 3 or any later version.BICYCL provides significant speed-ups on the implementation of the arithmetic of class groups. Concerning cryptographic applications, BICYCL is orders of magnitude faster than any previous pilot implementation of the \(\textsf{CL}\) linearly encryption scheme, making it faster than Paillier’s encryption scheme at any security level. Linearly homomorphic encryption is the core of many multi-party computation protocols, sometimes involving a huge number of encryptions and homomorphic evaluations: class group-based protocols become the best solution in terms of bandwidth and computational efficiency to rely upon.
Similar content being viewed by others
Notes
For more details on GMP implementation of Lehmer’s variant, see GMP documentation https://gmplib.org/manual/Lehmer_0027s-Algorithm.
If \(f=(a,b,c)\), then the inverse of the class of f is represented by \((a, -b, c)\).
There does not seem to be an efficient way to exploit the fact that one raises both basis to the same power.
This comparison should be taken with caution: we did not have access to the source code of [27] and could not run the benchmarks on the same machine.
References
D. Abram, I. Damgård, C. Orlandi, P. Scholl, An algebraic framework for silent preprocessing with trustless setup and active security, in CRYPTO 2022 (Springer, 2022)
D.F. Aranha, C.P.L. Gouvêa, T. Markmann, R.S. Wahby, K. Liao, RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic
T. Attema, I. Cascudo, R. Cramer, I.B. Damgård, D. Escudero, Vector commitments over rings and compressed \(\sigma \)-protocols. Cryptology ePrint Archive, Report 2022/181 (2022). https://eprint.iacr.org/2022/181
W. Beullens, T. Kleinjung, F. Vercauteren, CSI-FiSh: Efficient isogeny based signatures through class group computations, in S.D. Galbraith, S. Moriai, editors, ASIACRYPT 2019, Part I, vol. 11921 of LNCS (Springer, Heidelberg, 2019), pp. 227–247
J.-F. Biasse, Improvements in the computation of ideal class groups of imaginary quadratic number fields. Adv. Math. Commun. 4(2):141–154 (2010)
J.-F. Biasse, M.J. Jacobson, A.K. Silvester, Security estimates for quadratic field based cryptosystems, in R. Steinfeld, P. Hawkes, editors, ACISP 10, vol. 6168 of LNCS (Springer, Heidelberg, 2010), pp. 233–247
D. Boneh, B. Bünz, B. Fisch, Batching techniques for accumulators with applications to IOPs and stateless blockchains, in A. Boldyreva, D. Micciancio, editors, CRYPTO 2019, Part I, vol. 11692 of LNCS (Springer, Heidelberg, 2019), pp. 561–586
J. Buchmann, C. Thiel, H. Williams, Short representation of quadratic integers, in W. Bosma, A. van der Poorten, editors, Computational Algebra and Number Theory (Springer Netherlands, Dordrecht, 1995), pp. 159–185
J. Buchmann, U. Vollmer, Binary Quadratic Forms: An Algorithmic Approach. Algorithms and Computation in Mathematics (Springer, Berlin Heidelberg, 2007)
J. Buchmann, H.C. Williams. A key-exchange system based on imaginary quadratic fields. J. Cryptol. 1(2):107–118 (1988)
J. Buchmann, H.C. Williams, A key exchange system based on real quadratic fields, in G. Brassard, editor, CRYPTO’89, vol. 435 of LNCS (Springer, Heidelberg, 1990), pp. 335–343
B. Bünz, B. Fisch, A. Szepieniec, Transparent SNARKs from DARK compilers, in A. Canteaut, Y. Ishai, editors, EUROCRYPT 2020, Part I, vol. 12105 of LNCS (Springer, Heidelberg, 2020), pp. 677–706
J. Camenisch, V. Shoup, Practical verifiable encryption and decryption of discrete logarithms, in D. Boneh, editor, CRYPTO 2003, vol. 2729 of LNCS (Springer, Heidelberg, 2003), pp. 126–144
G. Castagnos, D. Catalano, F. Laguillaumie, F. Savasta, I. Tucker, Two-party ECDSA from hash proof systems and efficient instantiations, in A. Boldyreva, D. Micciancio, editors, CRYPTO 2019, Part III, vol. 11694 of LNCS (Springer, Heidelberg, 2019), pp. 191–221
G. Castagnos, D. Catalano, F. Laguillaumie, F. Savasta, I. Tucker, Bandwidth-efficient threshold EC-DSA, in A. Kiayias, M. Kohlweiss, P. Wallden, V. Zikas, editors, PKC 2020, Part II, vol. 12111 of LNCS (Springer, Heidelberg, 2020), pp. 266–296
G. Castagnos, L. Imbert, F. Laguillaumie, Encryption switching protocols revisited: Switching modulo p, in J. Katz, H. Shacham, editors, CRYPTO 2017, Part I, vol. 10401 of LNCS (Springer, Heidelberg, 2017), pp. 255–287
G. Castagnos, A. Joux, F. Laguillaumie, P.Q. Nguyen, Factoring \(pq^2\) with quadratic forms: Nice cryptanalyses, in M. Matsui, editor, ASIACRYPT 2009, vol. 5912 of LNCS (Springer, Heidelberg, 2009), pp. 469–486
G. Castagnos, F. Laguillaumie, On the security of cryptosystems with quadratic decryption: The nicest cryptanalysis, in A. Joux, editor, EUROCRYPT 2009, vol. 5479 of LNCS (Springer, Heidelberg, 2009), pp. 260–277
G. Castagnos, F. Laguillaumie, Linearly homomorphic encryption from \({\sf DDH}\), in K. Nyberg, editor, CT-RSA 2015, vol. 9048 of LNCS (Springer, Heidelberg, 2015), pp. 487–505
G. Castagnos, F. Laguillaumie, I. Tucker, Practical fully secure unrestricted inner product functional encryption modulo p, in T. Peyrin, S. Galbraith, editors, ASIACRYPT 2018, Part II, vol. 11273 of LNCS (Springer, Heidelberg, 2018), pp. 733–764
G. Castagnos, F. Laguillaumie, I. Tucker, Threshold linearly homomorphic encryption on \({\textbf{Z}}/2^k{\textbf{Z}}\). Cryptology ePrint Archive, Paper 2022/1143, 2022. https://eprint.iacr.org/2022/1143, to appear at ASIACRYPT 2022
P. Chaidos, G. Couteau, Efficient designated-verifier non-interactive zero-knowledge proofs of knowledge, in J. B. Nielsen, V. Rijmen, editors, EUROCRYPT 2018, Part III, vol. 10822 of LNCS (Springer, Heidelberg, 2018), pp. 193–221
CHIA. Chia Verifiable Delay Function Competition (2018). https://medium.com/@chia.net/chia-vdf-competition-guide-5382e1f4bd39
G. Couteau, D. Goudarzi, M. Klooß, M. Reichle, Sharp: Short relaxed range proofs. Cryptology ePrint Archive, Paper 2022/1153 (2022). https://eprint.iacr.org/2022/1153
G. Couteau, M. Klooß, H. Lin, M. Reichle, Efficient range proofs with transparent setup from bounded integer commitments, in A. Canteaut, F.-X. Standaert, editors, EUROCRYPT 2021, Part III, vol. 12698 of LNCS (Springer, Heidelberg, 2021), pp. 247–277
D. Cox, Primes of the Form\(x^2+ny^2\): Fermat, Class Field Theory, and Complex Multiplication. Pure and Applied Mathematics: A Wiley Series of Texts, Monographs and Tracts (Wiley, 2014)
P. Das, M.J. Jacobson Jr., R. Scheidler, Improved efficiency of a linearly homomorphic cryptosystem, in Codes, Cryptology and Information Security (Springer, 2019), pp. 349–368
Y. Deng, S. Ma, X. Zhang, H. Wang, X. Song, X. Xie, Promise \(\Sigma \)-protocol: How to construct efficient threshold ECDSA from encryptions based on class groups, in M. Tibouchi, H. Wang, editors, ASIACRYPT 2021, Part IV, vol. 13093 of LNCS (Springer, Heidelberg, 2021), pp. 557–586
W. Diffie, M.E. Hellman. New directions in cryptography. IEEE Trans. Inf. Theory 22(6):644–654 (1976)
S. Dobson, S. Galbraith, B. Smith. Trustless unknown-order groups. Math. Cryptol. 1(1):1–15 (2021)
T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, in G.R. Blakley, D. Chaum, editors, CRYPTO’84, vol. 196 of LNCS (Springer, Heidelberg, 1984), pp. 10–18
N. Glaeser, M. Maffei, G. Malavolta, P. Moreno-Sanchez, E. Tairi, S.A. Thyagarajan, Foundations of coin mixing services. Cryptology ePrint Archive, Paper 2022/942 (2022). https://eprint.iacr.org/2022/942
GMP. The GNU Multiple Precision Arithmetic Library. https://gmplib.org/
J.L. Hafner, K.S. McCurley. A rigorous subexponential algorithm for computation of class groups. J. Am. Math. Soc. 2(4):837–850 (1989)
D. Hankerson, A.J. Menezes, S. Vanstone, Guide to Elliptic Curve Cryptography (Springer, Berlin, Heidelberg, 2003)
W. Hart, F. Johansson, S. Pancratz, FLINT: Fast Library for Number Theory. Version 2.9.0 (2022). http://flintlib.org
D. Hühnlein, Efficient implementation of cryptosystems based on non-maximal imaginary quadratic orders, in H.M. Heys, C.M. Adams, editors, SAC 1999, vol. 1758 of LNCS (Springer, Heidelberg, 1999), pp. 147–162
D. Hühnlein, M. J. Jacobson Jr., S. Paulus, T. Takagi, A cryptosystem based on non-maximal imaginary quadratic orders with fast decryption, in K. Nyberg, editor, EUROCRYPT’98, vol. 1403 of LNCS (Springer, Heidelberg, 1998), pp. 294–307
D. Hühnlein, M.J. Jacobson Jr., D. Weber, Towards practical non-interactive public key cryptosystems using non-maximal imaginary quadratic orders, in D.R. Stinson, S.E. Tavares, editors, SAC 2000, vol. 2012 of LNCS (Springer, Heidelberg, 2001), pp. 275–287
M.J. Jacobson Jr. Computing discrete logarithms in quadratic orders. J. Cryptol. 13(4):473–492 (2000)
B. King, wNAF*, an efficient left-to-right signed digit recoding algorithm, in S.M. Bellovin, R. Gennaro, A.D. Keromytis, M. Yung, editors, ACNS 08, vol. 5037 of LNCS (Springer, Heidelberg, 2008), pp. 429–445
T. Kleinjung. Quadratic sieving. Math. Comput. 85(300):1861–1873 (2016)
J. Lagarias. Worst-case complexity bounds for algorithms in the theory of integral quadratic forms. J. Algorithms, 1(2):142 – 186 (1980)
R.W. F. Lai, G. Malavolta, Subvector commitments with application to succinct arguments, in A. Boldyreva, D. Micciancio, editors, CRYPTO 2019, Part I, vol. 11692 of LNCS (Springer, Heidelberg, 2019), pp. 530–560
H. Lipmaa, Secure accumulators from Euclidean rings without trusted setup, in F. Bao, P. Samarati, J. Zhou, editors, ACNS 12, vol. 7341 of LNCS (Springer, Heidelberg, 2012), pp. 224–240
K.S. McCurley, Cryptographic key distribution and computation in class groups, in R.A. Molin, editor, Proc. NATO Advanced Study Inst. on Number Theory and Applications, Banff, 1988 (Kluwer, Boston, 1989).
P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in J. Stern, editor, EUROCRYPT’99, vol. 1592 of LNCS (Springer, Heidelberg, 1999), pp. 223–238
PARI Group, Univ. Bordeaux. PARI/GP version 2.15.0 (2022). http://pari.math.u-bordeaux.fr/
M. Sayles. libqform (2014). https://github.com/maxwellsayles/libqform
D. Shanks, On Gauss and composition I, II, in Proc. NATO ASI on Number Theory and Applications (Kluwer Academic Press, 1989), pp. 163–179
J.A. Solinas, Low-weight binary representations for pairs of integers. Research report CORR 2001-41, Center for Applied Cryptographic Research, University of Waterloo, Waterloo, ON, Canada (2001)
E.G. Straus. Addition chains of vectors (problem 5125). Am. Math. Mon. 71(7):806–808 (1964)
S.A.K. Thyagarajan, G. Castagnos, F. Laguillaumie, G. Malavolta, Efficient CCA timed commitments in class groups, in G. Vigna, E. Shi, editors, ACM CCS 2021 (ACM Press, 2021), pp. 2663–2684
I. Tucker, Functional encryption and distributed signatures based on projective hash functions, the benefit of class groups. PhD thesis, Université de Lyon (2020)
B. Wesolowski. Efficient verifiable delay functions. J. Cryptol. 33(4):2113–2147 (2020)
T.H. Yuen, H. Cui, X. Xie, Compact zero-knowledge proofs for threshold ECDSA with trustless setup, in J. Garay, editor, PKC 2021, Part I, vol. 12710 of LNCS (Springer, Heidelberg, 2021), pp. 481–511
Zengo. Class: Rust library for building iqc. https://github.com/ZenGo-X/class
Acknowledgements
We thank the anonymous reviewers for their comments in improving the exposition. This work was partially supported by the French ANR Project ANR-21-CE39-0006 SANGRIA and by the France 2030 ANR Project ANR-22-PECY-003 SecureCompute.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by David Pointcheval and Nigel Smart.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Bouvier, C., Castagnos, G., Imbert, L. et al. I Want to Ride My BICYCL : BICYCL Implements CryptographY in CLass Groups. J Cryptol 36, 17 (2023). https://doi.org/10.1007/s00145-023-09459-1
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00145-023-09459-1