This LHTLP implementation is written purely in Rust, building on top of num-bigint and num-primes crates.
It implements the protocol described in Section 4.1 of Homomorphic Time-Lock Puzzles and Applications, Malavolta and Thyagarajan, 2019.
A LHTLP is a linearly homomorphic time-lock puzzles. Time-lock puzzles are cryptographic primitives that allow to encrypt a secret in a puzzle that can only be recovered after performing a certain amount of operations that are inherently sequential (squaring in RSA groups). The linearly homorphic properties imply that a set of puzzles can be evaluated homomorphically, that is a set of puzzles of can be bundled up together or evaluated with a circuit as a single puzzle. See https://eprint.iacr.org/2019/635.pdf for more details.
Setting up a LHTLP requires 2 parameters:
- lambda: security parameters that sets the number of bits of the randomly generated safe primes
- difficulty: number of iterations to perform, linearly increasing computation time when retrieving the secret with
solve
use lhltp::LHTLP;
const difficulty: u64 = 100000000;
const lambda: u64 = 64;
let lhtlp = LHTLP::setup(lambda, BigUint::from(difficulty));
let secret = 42;
let puzzle = lhtlp.generate(secret);
let solution = lhtlp:solve(puzzle); let first = lhtlp.generate(42);
let second = lhtlp.generate(13);
let bundle = lhtlp.eval(vec![first, second]);
let solution = lhtlp:solve(puzzle);
assert!(BigUint::from(55u32), solution);