CiFEr
Functional encryption library in C
Install / Use
/learn @fentec-project/CiFErREADME
CiFEr - Functional Encryption library 
CiFEr (prounounced as cipher) is a cryptographic library offering different state-of-the-art implementations of functional encryption schemes, specifically FE schemes for linear polynomials (e.g. inner products). It is implemented in C. A Go version named GoFE of the library also exists.
To quickly get familiar with FE, read a short and very high-level introduction on our Introductory Wiki page.
The documentation for CiFEr is available on GitHub Pages.
CiFEr is distributed under the Apache 2 license. It uses GMP, which is distributed under the dual licenses, GNU LGPL v3 and GNU GPL v2.
<!-- toc --> <!-- tocstop -->Before using the library
Please note that the library is a work in progress and has not yet reached a stable release. Code organization and APIs are not stable. You can expect them to change at any point.
The purpose of CiFEr is to support research and proof-of-concept implementations. It should not be used in production.
Building CiFEr
Requirements
The requirements have to be installed manually (via package manager or building the source code).
CiFEr relies on GMP for all big integer arithmetic. We recommend familiarizing yourself with it before using CiFEr.
To be able to build CiFEr as described below, AMCL must be compiled with BN254
curve. This can be done manually, but for convenience, we provide a Bash script
that runs a modified AMCL setup (a Python script) and installs a minimal version
of AMCL in the standard directory /usr/local/lib and header files in
/usr/local/include. These default values can be changed in
external/amcl/setup_amcl.sh. To use the script, run:
cd external/amcl
sudo ./setup_amcl.sh
cd ../..
Alternatively, if you do not like to pollute /usr/local/ with unmanaged
files, you can use a locally compiled AMCL through a submodule:
external/amcl/setup_local_amcl.sh
The above script takes care of compiling AMCL, and places it where cmake can
find it later.
Build and install
To build and install, first download it, then run the following commands in the source code directory:
mkdir build
cd build
cmake ..
make
sudo make install
This builds the shared library (libcifer.so) and installs it.
By default, it places the shared library in /usr/local/lib and the header
files in /usr/local/include (For this, you will need to run the command as
superuser). To set a custom install directory (e.g. an install directory
in the root of the repo) instead of /usr/local, pass it to the cmake
command, e.g.:
cmake .. -DCMAKE_INSTALL_PREFIX=../install
Test
The build commands also create an executable which runs all unit tests. To make sure the library works as expected, run
make test
Note that this command also builds the library and test executable if they have not been built yet.
Try it out with Docker
We provide a simple Docker build for trying out the library without worrying about the installation and the dependencies. You can build a Docker image yourself by running (possibly with sudo)
docker build . -t fentec/cifer
or downloading it from Docker Hub
docker pull fentec/cifer
In the file example/example.c you will find a dummy code using CiFEr library.
Modify it as you wish and then run
docker run -v $PATHTOCIFER/example:/CiFEr/example fentec/cifer
where $PATHTOCIFER is your absolute path to CiFEr library (something like /home/username/CiFEr).
This will link the example folder in your repository with the one in the Docker image.
Then it will compile example.c code and execute it. See the instructions bellow
on how to use schemes implemented in CiFEr or check out any of the tests implemented
in test folder.
Using CiFEr in your project
After you have successfuly built and installed the library, you can use it in your project. Instructions below provide a brief introduction to the most important parts of the library, and guide you through a sequence of steps that will quickly get your FE example up and running.
Including and linking
To use the library, you must #include its headers in your source code and
link it with the -lcifer flag when building your code.
Select the FE scheme
You can choose from the following set of schemes:
Inner product schemes
You will need to include headers from innerprod directory.
We organized implementations in two categories based on their security assumptions:
-
Schemes with selective security under chosen-plaintext attacks (s-IND-CPA security):
- Schemes by Abdalla, Bourse, De Caro, Pointcheval (paper).
The scheme can be instantiated from DDH (
cfe_ddh) and LWE (cfe_lwe). - Experimental Ring-LWE scheme whose security will be argued in a future paper (
cfe_ring_LWE). - Multi-input scheme based on paper by Abdalla, Catalano, Fiore, Gay, Ursu
(paper) and instantiated from
the scheme in the first point (
cfe_ddh_multi).
- Schemes by Abdalla, Bourse, De Caro, Pointcheval (paper).
The scheme can be instantiated from DDH (
-
Schemes with stronger adaptive security under chosen-plaintext attacks (IND-CPA security) or simulation based security (SIM-Security for IPE):
- Scheme based on paper by Agrawal, Libert and Stehlé
(paper). It can be instantiated
from Damgard DDH (
cfe_damgard- similar tocfe_ddh, but uses one more group element to achieve full security, similar to how Damgård's encryption scheme is obtained from ElGamal scheme (paper)), LWE (cfe_lwe_fs) and Paillier (cfe_paillier) primitives. - Multi-input scheme based on paper by Abdalla, Catalano, Fiore, Gay, Ursu
(paper) and instantiated from the
scheme in the first point (
cfe_damgard_multi). - Decentralized scheme based on paper by Chotard, Dufour Sans, Gay, Phan and Pointcheval
(paper). This scheme does not require a trusted
party to generate keys. It is built on pairings (
cfe_dmcfe). - Decentralized scheme based on paper by Abdalla, Benhamouda, Kohlweiss, Waldner
(paper). Similarly as above this scheme
this scheme does not require a trusted party to generate keys and is based on a general
procedure for decentralization of an inner product scheme, in particular the
decentralization of a Damgard DDH scheme (
cfe_damgard_dec_multi). - Function hiding inner product scheme by Kim, Lewi, Mandal, Montgomery, Roy, Wu
(paper). The scheme allows the decryptor to
decrypt the inner product of x and y without reveling (ciphertext) x or (function) y (
cfe_fhipe). - Function hiding multi-input scheme based on paper by Datta, Okamoto, Tomida
(paper). This scheme allows clients to encrypt vectors and derive
functional key that allows a decrytor to decrypt an inner product without revealing the ciphertext or the function (
cfe_fh_multi_ipe).
- Scheme based on paper by Agrawal, Libert and Stehlé
(paper). It can be instantiated
from Damgard DDH (
Quadratic scheme
You will need to include headers from quadratic directory.
It contains an implementation of an efficient FE scheme for quadratic multi-variate polynomials by Sans, Gay and Pointcheval (paper) which is based on bilinear pairings, and offers adaptive security under chosen-plaintext attacks (IND-CPA security).
Attribute based encryption (ABE) schemes
You will need to include headers from abe directory. There are three implemented
schemes:
-
A ciphertext policy (CP) ABE scheme named FAME by Agrawal and Chase (paper) allowing encrypting a message based on a boolean expression defining a policy which attributes are needed for the decryption. The functions needed in this scheme have prefix
cfe_fame. -
A key policy (KP) ABE scheme by Goyal, Pandey, Sahai, and Waters (paper) allowing a distribution of keys following a boolean expression defining a policy which attributes are needed for the decryption. The functions needed in this scheme have prefix
cfe_gpsw. -
A decentralized inner product predicate scheme by Michalevsky, Joye (paper) allowing encryption with policy described as a vector, and a decentralized distribution of keys based on users' vector
