Expand description
The twisted ElGamal encryption implementation.
The message space consists of any number that is representable as a scalar (a.k.a. “exponent”) for Curve25519.
A twisted ElGamal ciphertext consists of two components:
- A Pedersen commitment that encodes a message to be encrypted
- A “decryption handle” that binds the Pedersen opening to a specific public key
In contrast to the traditional ElGamal encryption scheme, the twisted ElGamal encodes messages directly as a Pedersen commitment. Therefore, proof systems that are designed specifically for Pedersen commitments can be used on the twisted ElGamal ciphertexts.
As the messages are encrypted as scalar elements (a.k.a. in the “exponent”), one must solve the discrete log to recover the originally encrypted value.
Structs§
- Decryption handle for Pedersen commitment.
- Algorithm handle for the twisted ElGamal encryption scheme
- Ciphertext for the ElGamal encryption scheme.
- A (twisted) ElGamal encryption keypair.
- Public key for the ElGamal encryption scheme.
- Secret key for the ElGamal encryption scheme.