Fix bugs and readme

Author: JobDoesburg

.github/workflows/publish.yml

@@ -60,7 +60,11 @@ jobs:
       - uses: actions/setup-python@v4
         with:
           python-version: '3.x'
-      - run: pip install maturin
+      - name: Create virtual environment and install maturin
+        run: |
+          python -m venv .venv
+          source .venv/bin/activate
+          pip install maturin
       - name: Build wheels
         uses: PyO3/maturin-action@v1
         with:
@@ -87,7 +91,11 @@ jobs:
       - uses: actions/setup-python@v4
         with:
           python-version: '3.x'
-      - run: pip install maturin
+      - name: Create virtual environment and install maturin
+        run: |
+          python -m venv .venv
+          source .venv/bin/activate
+          pip install maturin
       - name: Build sdist
         uses: PyO3/maturin-action@v1
         with:

README.md

@@ -1,8 +1,10 @@
 # `libpep`: Library for polymorphic pseudonymization and encryption
 [![Crates.io](https://img.shields.io/crates/v/libpep.svg)](https://crates.io/crates/libpep)
 [![Downloads](https://img.shields.io/crates/d/libpep.svg)](https://crates.io/crates/libpep)
+[![PyPI](https://img.shields.io/pypi/v/libpep.svg)](https://pypi.org/project/libpep/)
+[![PyPI Downloads](https://img.shields.io/pypi/dm/libpep.svg)](https://pypi.org/project/libpep/)
 [![npm](https://img.shields.io/npm/v/@nolai/libpep-wasm.svg)](https://www.npmjs.com/package/@nolai/libpep-wasm)
-[![Downloads](https://img.shields.io/npm/dm/@nolai/libpep-wasm.svg)](https://www.npmjs.com/package/@nolai/libpep-wasm)
+[![npm Downloads](https://img.shields.io/npm/dm/@nolai/libpep-wasm.svg)](https://www.npmjs.com/package/@nolai/libpep-wasm)
 [![License](https://img.shields.io/crates/l/libpep.svg)](https://crates.io/crates/libpep)
 [![Documentation](https://docs.rs/libpep/badge.svg)](https://docs.rs/libpep)
 [![Dependencies](https://deps.rs/repo/github/NOLAI/libpep/status.svg)](https://deps.rs/repo/github/NOLAI/libpep)
@@ -17,7 +19,7 @@ The library supports three homomorphic operations on ciphertext `in` (= `Enc(b,
    Decryption will both result in message `M`. Specifically, `in = Enc(r, M, Y)` is transformed to `out = Enc(r, M, k*Y)`.
 - `out = reshuffle(in, s)`: modifies a ciphertext `in` (an encrypted form of `M`), so that after decryption of `out` the decrypted message will be equal to `s*M`.
   Specifically, `in = Enc(r, M, Y)` is transformed to `out = Enc(r, n*M, Y)`.
-- `out = rerandomize(in, r)`: scrambles a ciphertext.
+- `o = rerandomize(in, r)`: scrambles a ciphertext.
   Both `in` and `out` can be decrypted by the same secret key `y`, both resulting in the same decrypted message `M`.
   However, the binary form of `in` and `out` differs. Spec: `in = Enc(b, M, Y)` is transformed to `out = Enc(r+b, M, Y)`;
 
@@ -29,7 +31,65 @@ The key idea behind this form of cryptography is that the pseudonymization and r
 This means that during initial encryption, the ultimate receiver(s) do(es) not yet need to be known.
 Data can initially be encrypted for one key, and later rekeyed and potentially reshuffled (in case of identifiers) for another key, leading to asynchronous end-to-end encryption with built-in pseudonymisation.
 
-Apart from a Rust crate, this library also contains a WASM library for usage in the browser or web applications with a similar API, enabled with the `wasm` feature.
+Apart from a Rust crate, this library provides bindings for multiple platforms:
+
+## Language Bindings
+
+### Python
+
+Install from PyPI:
+```bash
+pip install libpep
+```
+
+Use with direct imports from submodules:
+```python
+from libpep.high_level import Pseudonym, DataPoint, make_global_keys
+from libpep.arithmetic import GroupElement, ScalarNonZero
+
+# Generate keys
+keys = make_global_keys()
+
+# Create and work with pseudonyms
+pseudonym = Pseudonym.random()
+print(f"Pseudonym: {pseudonym.as_hex()}")
+
+# Create data points
+data = DataPoint.random()
+print(f"Data point: {data.as_hex()}")
+```
+
+### WebAssembly (WASM)
+
+Install from npm:
+```bash
+npm install @nolai/libpep-wasm
+```
+
+Use in Node.js or browser applications:
+```javascript
+import * as libpep from '@nolai/libpep-wasm';
+
+// Generate keys
+const keys = libpep.make_global_keys();
+
+// Create and work with pseudonyms
+const pseudonym = libpep.Pseudonym.random();
+console.log(`Pseudonym: ${pseudonym.as_hex()}`);
+
+// Create data points
+const data = libpep.DataPoint.random();
+console.log(`Data point: ${data.as_hex()}`);
+```
+
+### API Structure
+
+Both Python and WASM bindings mirror the Rust API structure with the same modules:
+- `arithmetic` - Basic arithmetic operations on scalars and group elements
+- `elgamal` - ElGamal encryption and decryption
+- `primitives` - Core PEP operations (`rekey`, `reshuffle`, `rerandomize`)
+- `high_level` - User-friendly API with `Pseudonym` and `DataPoint` classes
+- `distributed` - Distributed n-PEP operations with multiple servers
 
 ## Applications
 
@@ -70,15 +130,39 @@ We offer APIs at different abstraction levels.
 
 Depending on the use case, you can choose the appropriate level of abstraction.
 
-## Building and running
+## Development
 
-Build using cargo: `cargo build` and test using `cargo test`.
+Build and test the core Rust library:
+```bash
+cargo build
+cargo test
+cargo doc --no-deps
+```
+
+## Building Bindings
+
+### Python
 
-To build the WASM library, use either `npm run build:nodejs` or `npm run build:web` (which will call `wasm-pack build --features wasm` for the preferred target).
+To build Python bindings for testing:
+```bash
+python -m venv .venv
+source .venv/bin/activate
+pip install -e ".[dev]"
+maturin develop --features python
+python -m pytest tests/python/ -v
+```
+
+### WASM
 
-The wasm library can be tested using the Node.js `jest` framework, after compiling the wasm library for Node.js: `npm run test`.
+To build WASM bindings for testing:
+```bash
+npm install
+npm run build  # Builds both Node.js and web targets
+npm test
+```
 
 The following features are available:
+- `python`: enables the Python bindings.
 - `wasm`: enables the WASM library.
 - `elgamal3`: enables longer ElGamal for debugging purposes or backward compatibility, but with being less efficient.
 - `legacy-pep-repo-compatible`: enables the legacy PEP repository compatible mode, which uses a different function to derive scalars from domains, contexts and secrets.

src/lib/python/distributed.rs

@@ -3,7 +3,6 @@ use crate::distributed::systems::*;
 use crate::high_level::contexts::*;
 use crate::high_level::data_types::*;
 use crate::high_level::keys::*;
-use crate::internal::arithmetic::ScalarNonZero;
 use crate::python::arithmetic::*;
 use crate::python::high_level::*;
 use derive_more::{Deref, From, Into};
@@ -191,11 +190,11 @@ pub fn py_make_blinded_global_secret_key(
         .into_iter()
         .map(|x| BlindingFactor(x.0 .0))
         .collect();
-    let result = make_blinded_global_secret_key(
-        &GlobalSecretKey::from(ScalarNonZero::from(global_secret_key.0 .0)),
-        &bs,
-    )
-    .ok_or_else(|| pyo3::exceptions::PyValueError::new_err("Product of blinding factors is 1"))?;
+    let result =
+        make_blinded_global_secret_key(&GlobalSecretKey::from(global_secret_key.0 .0), &bs)
+            .ok_or_else(|| {
+                pyo3::exceptions::PyValueError::new_err("Product of blinding factors is 1")
+            })?;
     Ok(PyBlindedGlobalSecretKey(result))
 }
 

src/lib/python/high_level.rs

@@ -2,8 +2,7 @@ use crate::high_level::contexts::*;
 use crate::high_level::data_types::*;
 use crate::high_level::keys::*;
 use crate::high_level::ops::*;
-use crate::internal::arithmetic::{GroupElement, ScalarNonZero};
-use crate::low_level::elgamal::ElGamal;
+use crate::internal::arithmetic::GroupElement;
 use crate::python::arithmetic::{PyGroupElement, PyScalarNonZero};
 use crate::python::elgamal::PyElGamal;
 use derive_more::{Deref, From, Into};
@@ -52,7 +51,7 @@ impl PyGlobalPublicKey {
     /// Creates a new global public key from a group element.
     #[new]
     fn new(x: PyGroupElement) -> Self {
-        Self(GroupElement::from(x.0).into())
+        Self(x.0.into())
     }
 
     /// Returns the group element associated with this public key.
@@ -123,7 +122,7 @@ impl PyPseudonym {
     /// Create from a [`PyGroupElement`].
     #[new]
     fn new(x: PyGroupElement) -> Self {
-        Self(Pseudonym::from_point(GroupElement::from(x.0)))
+        Self(Pseudonym::from_point(x.0))
     }
 
     /// Convert to a [`PyGroupElement`].
@@ -273,7 +272,7 @@ impl PyDataPoint {
     /// Create from a [`PyGroupElement`].
     #[new]
     fn new(x: PyGroupElement) -> Self {
-        Self(DataPoint::from_point(GroupElement::from(x.0)))
+        Self(DataPoint::from_point(x.0))
     }
 
     /// Convert to a [`PyGroupElement`].
@@ -422,7 +421,7 @@ impl PyEncryptedPseudonym {
     /// Create from an [`PyElGamal`].
     #[new]
     fn new(x: PyElGamal) -> Self {
-        Self(EncryptedPseudonym::from(ElGamal::from(x.0)))
+        Self(EncryptedPseudonym::from(x.0))
     }
 
     /// Encode the encrypted pseudonym as a byte array.
@@ -474,7 +473,7 @@ impl PyEncryptedDataPoint {
     /// Create from an [`PyElGamal`].
     #[new]
     fn new(x: PyElGamal) -> Self {
-        Self(EncryptedDataPoint::from(ElGamal::from(x.0)))
+        Self(EncryptedDataPoint::from(x.0))
     }
 
     /// Encode the encrypted data point as a byte array.
@@ -577,7 +576,7 @@ pub fn py_encrypt_pseudonym(
     let mut rng = rand::thread_rng();
     PyEncryptedPseudonym(encrypt(
         &message.0,
-        &SessionPublicKey::from(GroupElement::from(public_key.0 .0)),
+        &SessionPublicKey::from(public_key.0 .0),
         &mut rng,
     ))
 }
@@ -591,7 +590,7 @@ pub fn py_decrypt_pseudonym(
 ) -> PyPseudonym {
     PyPseudonym(decrypt(
         &encrypted.0,
-        &SessionSecretKey::from(ScalarNonZero::from(secret_key.0 .0)),
+        &SessionSecretKey::from(secret_key.0 .0),
     ))
 }
 
@@ -605,7 +604,7 @@ pub fn py_encrypt_data(
     let mut rng = rand::thread_rng();
     PyEncryptedDataPoint(encrypt(
         &message.0,
-        &SessionPublicKey::from(GroupElement::from(public_key.0 .0)),
+        &SessionPublicKey::from(public_key.0 .0),
         &mut rng,
     ))
 }
@@ -619,7 +618,7 @@ pub fn py_decrypt_data(
 ) -> PyDataPoint {
     PyDataPoint(decrypt(
         &EncryptedDataPoint::from(encrypted.value),
-        &SessionSecretKey::from(ScalarNonZero::from(secret_key.0 .0)),
+        &SessionSecretKey::from(secret_key.0 .0),
     ))
 }
 

src/lib/python/mod.rs

@@ -9,6 +9,11 @@
 //!
 //! This module is only available when the `python` feature is enabled.
 
+// PyO3 code triggers clippy warnings that don't apply to Python bindings:
+// - PyResult<T> type aliases appear as "useless conversions" to clippy
+// - Methods like to_point(&self) appear to have "wrong self convention" but PyO3 objects can't be moved
+#![allow(clippy::useless_conversion, clippy::wrong_self_convention)]
+
 pub mod arithmetic;
 pub mod distributed;
 pub mod elgamal;