protocol: Add Arith

[majurity.git] / hjugement-protocol / hjugement-protocol.cabal

name: hjugement-heliosc
-- PVP:  +-+------- breaking API changes
--       | | +----- non-breaking API additions
--       | | | +--- code changes with no API change
version: 0.0.0.20190415
category: Politic
synopsis: Helios-C fully distributed threshold cryptosystem for the Majority Judgment.
description:
  <https://eprint.iacr.org/2013/177.pdf Helios-C> (Helios with Credentials)
  is a variant of Helios that is:
  .
  * /fully correct/: the published result are proven to correspond
    to the (sum of) intended votes of the voters,
    while accounting for a malicious bulletin board (BB) (adding fake ballots)
    by requiring a registration authority (RA)
    (responsible for generating and sending voters' credentials).
    Assuming that the BB and the RA are not simultaneously dishonest.
  .
  * /verifiable/: voters are able to check that:
    their ballots did contribute to the outcome (/individual verifiability/),
    and that the tallying authorities did their job properly (/universal verifiability/).
  .
  * /private/: the identities of the voters who cast a vote are not publicly revealed.
  .
  Credentials:
    A voter's credentials is a private key (the signing key)
    that has a public part (the verification key).
    The association between the public part and the corresponding voter’s identity
    does not need to be known, and actually should not be disclosed to satisfy
    e.g. the French requirements regarding voting systems.
    Using credentials prevent the submission of duplicated ballots
    (because they are added as an additional input to the random oracle
    in the /non-interactive zero-knowledge/ (NIZK) proofs for ciphertext well-formedness).
    This allows a testing of duplicates which depends only on the size of the number of voters,
    and thus enables Helios-C to scale for larger elections while attaining correctness.
  .
  Helios-C uses:
  .
  * A 256-bit multiplicative subgroup of a 2048-bit finite prime field,
    for signing with a Schnorr-like NIZK proof,
    and encrypting with an ElGamal-like scheme.
  * A Pedersen's /distributed key generation/ (DKG) protocol
    coupled with ElGamal under the Decision Diffie-Hellman (DDH) assumption,
    to have a fully distributed semantically secure (IND-CPA) encryption.
  * An ad-hoc Fiat-Shamir transform proving the well-formedness of ciphertexts,
    applied to a Disjunctive Chaum-Pedersen NIZK proof
    asserting that two given ciphertexts belonging to different voters
    with public credentials are encryptions of 0 or 1.
extra-doc-files: 
license: GPL-3
license-file: COPYING
stability: experimental
author:      Julien Moutinho <julm+hjugement@autogeree.net>
maintainer:  Julien Moutinho <julm+hjugement@autogeree.net>
bug-reports: Julien Moutinho <julm+hjugement@autogeree.net>
-- homepage:

build-type: Simple
cabal-version: 1.24
tested-with: GHC==8.4.4
extra-source-files:
  stack.yaml
extra-tmp-files:

Source-Repository head
 location: git://git.autogeree.net/hjugement
 type:     git

Library
  exposed-modules:
    Heliosc.Arith
    Heliosc.Crypto
  default-language: Haskell2010
  default-extensions:
    DefaultSignatures
    FlexibleContexts
    FlexibleInstances
    MonoLocalBinds
    NamedFieldPuns
    NoImplicitPrelude
    ScopedTypeVariables
  ghc-options:
    -Wall
    -Wincomplete-uni-patterns
    -Wincomplete-record-updates
    -fno-warn-tabs
    -- -fhide-source-paths
  build-depends:
      base >= 4.6 && < 5
    , bytestring >= 0.10
    , containers >= 0.5
    , cryptonite >= 0.25
    , hashable >= 1.2.6
    , memory >= 0.14
    , random >= 1.1
    , transformers >= 0.5
    , unordered-containers >= 0.2.8