AtHeartEngineer/docs-mdbook
1
0
Fork 0
mirror of https://github.com/AtHeartEngineer/docs-mdbook.git synced 2026-01-09 00:58:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 17e1c1b789

Browse Source
This commit is contained in:
themighty1
2023-09-04 12:18:42 +00:00
parent 6e8297c4f2
commit 2468acf935
26 changed files with 355 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
404.html
View File

@@ -86,7 +86,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
developers/quick_start.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html" class="active">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html" class="active">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

244
glossary.html Normal file
View File

@@ -0,0 +1,244 @@
<!DOCTYPE HTML>
<html lang="en" class="sidebar-visible no-js ayu">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Glossary - tlsn-docs</title>
<!-- Custom HTML head -->
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff" />
<link rel="icon" href="favicon.svg">
<link rel="shortcut icon" href="favicon.png">
<link rel="stylesheet" href="css/variables.css">
<link rel="stylesheet" href="css/general.css">
<link rel="stylesheet" href="css/chrome.css">
<link rel="stylesheet" href="css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="highlight.css">
<link rel="stylesheet" href="tomorrow-night.css">
<link rel="stylesheet" href="ayu-highlight.css">
<!-- Custom theme stylesheets -->
<link rel="stylesheet" href="src/css/katex.css">
<link rel="stylesheet" href="src/css/global.css">
</head>
<body>
<div id="body-container">
<!-- Provide site root to javascript -->
<script>
var path_to_root = "";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "ayu";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add('js');
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script>
var html = document.querySelector('html');
var sidebar = null;
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="glossary.html" class="active">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<!-- Track and set sidebar scroll position -->
<script>
var sidebarScrollbox = document.querySelector('#sidebar .sidebar-scrollbox');
sidebarScrollbox.addEventListener('click', function(e) {
if (e.target.tagName === 'A') {
sessionStorage.setItem('sidebar-scroll', sidebarScrollbox.scrollTop);
}
}, { passive: true });
var sidebarScrollTop = sessionStorage.getItem('sidebar-scroll');
sessionStorage.removeItem('sidebar-scroll');
if (sidebarScrollTop) {
// preserve sidebar scroll position when navigating via links within sidebar
sidebarScrollbox.scrollTop = sidebarScrollTop;
} else {
// scroll sidebar to current active section when navigating via "next/previous chapter" buttons
var activeSection = document.querySelector('#sidebar .active');
if (activeSection) {
activeSection.scrollIntoView({ block: 'center' });
}
}
</script>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</button>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">tlsn-docs</h1>
<div class="right-buttons">
<a href="print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/tlsnotary/docs-mdbook" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/tlsnotary/docs-mdbook/edit/main/src/glossary.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="glossary"><a class="header" href="#glossary">Glossary</a></h1>
<div class="table-wrapper"><table><thead><tr><th>Term</th><th>Explanation</th></tr></thead><tbody>
<tr><td>AES</td><td>Advanced Encryption Standard</td></tr>
<tr><td>A2M</td><td>Addition-to-Multiplication</td></tr>
<tr><td>DEAP</td><td>Dual Execution with Asymmetric Privacy</td></tr>
<tr><td>ECDH</td><td>Elliptic-Curve Diffie-Hellman</td></tr>
<tr><td>ECB</td><td>Electronic codebook (encryption mode)</td></tr>
<tr><td>GC</td><td>Garbled Circuit</td></tr>
<tr><td>GCM</td><td>Galois/Counter Mode</td></tr>
<tr><td>GHASH</td><td>GCM hash</td></tr>
<tr><td>HMAC</td><td>Hash-based Message Authentication Code</td></tr>
<tr><td>MAC</td><td>Message Authentication Code</td></tr>
<tr><td>M2a</td><td>Multiplication-to-Addition</td></tr>
<tr><td>OT</td><td>oblivious transfer</td></tr>
<tr><td>RSA</td><td>RivestShamirAdleman (public-key cryptosystem)</td></tr>
<tr><td>PMS</td><td>Pre master secret (TLS)</td></tr>
<tr><td>PRF</td><td>Pseudo Random Function</td></tr>
<tr><td>PRG</td><td>pseudorandom generator</td></tr>
<tr><td>PSE</td><td>Privacy and Scaling Exploration</td></tr>
<tr><td>TLS</td><td>transport layer security</td></tr>
</tbody></table>
</div>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="mpc/tls_handshake.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="mpc/tls_handshake.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="elasticlunr.min.js"></script>
<script src="mark.min.js"></script>
<script src="searcher.js"></script>
<script src="clipboard.min.js"></script>
<script src="highlight.js"></script>
<script src="book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

12
index.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html" class="active">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html" class="active">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -190,19 +190,19 @@
</ol>
<p><img src="./png-diagrams/overview3.png" alt="" /></p>
<h3 id="①-multi-party-tls-request"><a class="header" href="#①-multi-party-tls-request">① Multi-party TLS Request</a></h3>
<p>TLSNotary works by adding a third party, the <code>Notary</code>, to the usual TLS connection between the <code>User</code> and a <code>Server</code>. This <code>Notary</code> is <strong>not &quot;<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">a man in the middle</a>&quot;</strong>. Instead, the <code>Notary</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly operate the TLS connection without ever seeing the data in plain text; the <code>Notary</code> only sees encrypted data. Given that the <code>Notary</code> only sees the temporary key of the <code>Server</code>, the <code>Notary</code> does not know which <code>Server</code> the <code>User</code> is communicating with. The TLSNotary protocol is transparent to the <code>Server</code>. From the <code>Server</code>'s perspective, the User's connection is a standard TLS connection.</p>
<p>TLSNotary works by adding a third party, the <code>Notary</code>, to the usual TLS connection between the <code>User</code> and a <code>Server</code>. This <code>Notary</code> is <strong>not &quot;<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">a man in the middle</a>&quot;</strong>. Instead, the <code>Notary</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly operate the TLS connection without ever seeing the data in plain text; the <code>Notary</code> only sees encrypted data. Given that the <code>Notary</code> only sees the temporary key of the <code>Server</code>, the <code>Notary</code> does not know which <code>Server</code> the <code>User</code> is communicating with. The TLSNotary protocol is transparent to the <code>Server</code>. From the <code>Server</code>'s perspective, the <code>User</code>'s connection is a standard TLS connection.</p>
<!-- - Transport Layer Security (TLS)
- Encryption: hides data from third parties
- Authentication: ensures that the parties exchanging information are who they claim to be
- Integrity: verifies that data has not been forged or tampered with -->
<h3 id="②-notarization"><a class="header" href="#②-notarization">② Notarization</a></h3>
<p>By participating in the <strong>secure multi-party computation</strong> (MPC) for TLS communication, the <code>Notary</code> can validate the authenticity and integrity of the communication with the <code>Server</code>. If the <code>User</code> has not cheated, the <code>Notary</code> <strong>signs</strong> the transcript of the entire TLS session. Since the <code>Notary</code> only checks encrypted data, this process is referred to as &quot;blind signing&quot;.</p>
<p>By participating in the <strong>secure multi-party computation</strong> (MPC) for TLS communication, the <code>Notary</code> can validate the authenticity and integrity of the <code>User</code>'s communication with the <code>Server</code>. If the <code>User</code> was honest, the <code>Notary</code> <strong>signs</strong> the transcript of the entire TLS session. Since the <code>Notary</code> only validates encrypted data, this process is referred to as &quot;blind signing&quot;.</p>
<h3 id="③-selective-disclosure"><a class="header" href="#③-selective-disclosure">③ Selective Disclosure</a></h3>
<p>The TLSNotary protocol provides a means for the <code>User</code> to selectively prove the authenticity of arbitrary sections of the transcript to a <code>Verifier</code>. In this context, the <code>User</code> is often referred to as the <code>Prover</code>.</p>
<p>Due to the manner in which the <code>Notary</code> signs the transcript, the <code>User</code> can <strong>redact sections</strong>, thereby removing sensitive data. This capability can be paired with Zero-Knowledge Proofs to prove properties of the redacted data without revealing the data itself.</p>
<p>The <code>User</code> can <strong>redact sections</strong> of the transcript, thereby not disclosing sensitive data to the <code>Verifier</code>. This capability can be paired with Zero-Knowledge Proofs to prove properties of the redacted data without revealing the data itself.</p>
<h3 id="④-verification"><a class="header" href="#④-verification">④ Verification</a></h3>
<p>A <code>Verifier</code> validates the proof received from the <code>User</code>. By comparing the signature against the <code>Notary</code>'s public key, the <code>Verifier</code> ensures that the <code>User</code> did not tamper with the data.<br />
The data's origin can be verified by inspecting the <code>Server</code> certificate through trusted certificate authorities (CAs).</p>
The data origin can be verified by inspecting the <code>Server</code> certificate through trusted certificate authorities (CAs).</p>
<h3 id="trust-assumptions"><a class="header" href="#trust-assumptions">Trust Assumptions</a></h3>
<p>TLSNotary requires a trust assumption. A <code>Verifier</code> of a proof must trust that the <code>Notary</code> did not collude with the <code>User</code> to forge it. This trust can be minimized by requiring multiple proofs, each signed by a different notary.</p>
<p>In certain applications, the <code>Verifier</code> might also function as the <code>Notary</code>, leading to <strong>fully trustless proofs</strong>.</p>
@@ -219,7 +219,7 @@ The data's origin can be verified by inspecting the <code>Server</code> certific
</ul>
<p>While TLSNotary can notarize publicly available data, it does not solve the &quot;<a href="https://ethereum.org/en/developers/docs/oracles/">oracle problem</a>&quot;. For this use case, existing oracle solutions are more suitable.</p>
<h2 id="who-is-behind-tlsnotary"><a class="header" href="#who-is-behind-tlsnotary">Who is behind TLSNotary?</a></h2>
<p>TLSNotary is developed by the Privacy and Scaling Exploration (PSE) research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives.</p>
<p>TLSNotary is developed by the <a href="https://pse.dev">Privacy and Scaling Exploration (PSE)</a> research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives.</p>
<p>TLSNotary is not a new project; in fact, it has been around for <a href="https://bitcointalk.org/index.php?topic=173220.0">more than a decade</a>.</p>
<p>In 2022, TLSNotary was rebuilt from the ground up in <a href="https://www.rust-lang.org/">Rust</a> incorporating state-of-the-art cryptographic protocols. This renewed version of the TLSNotary protocol offers enhanced security, privacy, and performance.</p>
<p>Older versions of TLSNotary, including PageSigner, have been archived due to a security vulnerability.</p>

12
intro.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html" class="active">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html" class="active">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -190,19 +190,19 @@
</ol>
<p><img src="./png-diagrams/overview3.png" alt="" /></p>
<h3 id="①-multi-party-tls-request"><a class="header" href="#①-multi-party-tls-request">① Multi-party TLS Request</a></h3>
<p>TLSNotary works by adding a third party, the <code>Notary</code>, to the usual TLS connection between the <code>User</code> and a <code>Server</code>. This <code>Notary</code> is <strong>not &quot;<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">a man in the middle</a>&quot;</strong>. Instead, the <code>Notary</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly operate the TLS connection without ever seeing the data in plain text; the <code>Notary</code> only sees encrypted data. Given that the <code>Notary</code> only sees the temporary key of the <code>Server</code>, the <code>Notary</code> does not know which <code>Server</code> the <code>User</code> is communicating with. The TLSNotary protocol is transparent to the <code>Server</code>. From the <code>Server</code>'s perspective, the User's connection is a standard TLS connection.</p>
<p>TLSNotary works by adding a third party, the <code>Notary</code>, to the usual TLS connection between the <code>User</code> and a <code>Server</code>. This <code>Notary</code> is <strong>not &quot;<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">a man in the middle</a>&quot;</strong>. Instead, the <code>Notary</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly operate the TLS connection without ever seeing the data in plain text; the <code>Notary</code> only sees encrypted data. Given that the <code>Notary</code> only sees the temporary key of the <code>Server</code>, the <code>Notary</code> does not know which <code>Server</code> the <code>User</code> is communicating with. The TLSNotary protocol is transparent to the <code>Server</code>. From the <code>Server</code>'s perspective, the <code>User</code>'s connection is a standard TLS connection.</p>
<!-- - Transport Layer Security (TLS)
- Encryption: hides data from third parties
- Authentication: ensures that the parties exchanging information are who they claim to be
- Integrity: verifies that data has not been forged or tampered with -->
<h3 id="②-notarization"><a class="header" href="#②-notarization">② Notarization</a></h3>
<p>By participating in the <strong>secure multi-party computation</strong> (MPC) for TLS communication, the <code>Notary</code> can validate the authenticity and integrity of the communication with the <code>Server</code>. If the <code>User</code> has not cheated, the <code>Notary</code> <strong>signs</strong> the transcript of the entire TLS session. Since the <code>Notary</code> only checks encrypted data, this process is referred to as &quot;blind signing&quot;.</p>
<p>By participating in the <strong>secure multi-party computation</strong> (MPC) for TLS communication, the <code>Notary</code> can validate the authenticity and integrity of the <code>User</code>'s communication with the <code>Server</code>. If the <code>User</code> was honest, the <code>Notary</code> <strong>signs</strong> the transcript of the entire TLS session. Since the <code>Notary</code> only validates encrypted data, this process is referred to as &quot;blind signing&quot;.</p>
<h3 id="③-selective-disclosure"><a class="header" href="#③-selective-disclosure">③ Selective Disclosure</a></h3>
<p>The TLSNotary protocol provides a means for the <code>User</code> to selectively prove the authenticity of arbitrary sections of the transcript to a <code>Verifier</code>. In this context, the <code>User</code> is often referred to as the <code>Prover</code>.</p>
<p>Due to the manner in which the <code>Notary</code> signs the transcript, the <code>User</code> can <strong>redact sections</strong>, thereby removing sensitive data. This capability can be paired with Zero-Knowledge Proofs to prove properties of the redacted data without revealing the data itself.</p>
<p>The <code>User</code> can <strong>redact sections</strong> of the transcript, thereby not disclosing sensitive data to the <code>Verifier</code>. This capability can be paired with Zero-Knowledge Proofs to prove properties of the redacted data without revealing the data itself.</p>
<h3 id="④-verification"><a class="header" href="#④-verification">④ Verification</a></h3>
<p>A <code>Verifier</code> validates the proof received from the <code>User</code>. By comparing the signature against the <code>Notary</code>'s public key, the <code>Verifier</code> ensures that the <code>User</code> did not tamper with the data.<br />
The data's origin can be verified by inspecting the <code>Server</code> certificate through trusted certificate authorities (CAs).</p>
The data origin can be verified by inspecting the <code>Server</code> certificate through trusted certificate authorities (CAs).</p>
<h3 id="trust-assumptions"><a class="header" href="#trust-assumptions">Trust Assumptions</a></h3>
<p>TLSNotary requires a trust assumption. A <code>Verifier</code> of a proof must trust that the <code>Notary</code> did not collude with the <code>User</code> to forge it. This trust can be minimized by requiring multiple proofs, each signed by a different notary.</p>
<p>In certain applications, the <code>Verifier</code> might also function as the <code>Notary</code>, leading to <strong>fully trustless proofs</strong>.</p>
@@ -219,7 +219,7 @@ The data's origin can be verified by inspecting the <code>Server</code> certific
</ul>
<p>While TLSNotary can notarize publicly available data, it does not solve the &quot;<a href="https://ethereum.org/en/developers/docs/oracles/">oracle problem</a>&quot;. For this use case, existing oracle solutions are more suitable.</p>
<h2 id="who-is-behind-tlsnotary"><a class="header" href="#who-is-behind-tlsnotary">Who is behind TLSNotary?</a></h2>
<p>TLSNotary is developed by the Privacy and Scaling Exploration (PSE) research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives.</p>
<p>TLSNotary is developed by the <a href="https://pse.dev">Privacy and Scaling Exploration (PSE)</a> research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives.</p>
<p>TLSNotary is not a new project; in fact, it has been around for <a href="https://bitcointalk.org/index.php?topic=173220.0">more than a decade</a>.</p>
<p>In 2022, TLSNotary was rebuilt from the ground up in <a href="https://www.rust-lang.org/">Rust</a> incorporating state-of-the-art cryptographic protocols. This renewed version of the TLSNotary protocol offers enhanced security, privacy, and performance.</p>
<p>Older versions of TLSNotary, including PageSigner, have been archived due to a security vulnerability.</p>

16
motivation.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html" class="active">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html" class="active">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -181,22 +181,22 @@
<p>Data provenance will make data truly portable, empowering users to share it with others as they see fit.</p>
<h2 id="non-repudiation-tls-is-not-enough"><a class="header" href="#non-repudiation-tls-is-not-enough">Non-repudiation: TLS is not enough</a></h2>
<p><img src="png-diagrams/data_provenance_none.png" alt="" /></p>
<p>Transport Layer Security (TLS) plays a crucial role in digital security. TLS protects communication against eavesdropping and tampering. It ensures that the data received by the <code>User</code> from the <code>Server</code> indeed originates from the <code>Server</code> and was not changed. The <code>Server</code>'s identity is verified by the <code>User</code> through trusted Certificate Authorities (CAs). Data integrity is maintained by transmitting a cryptographic hash (called Message Authentication Code or MAC in TLS) alongside the data, which safeguards against deliberate alterations.</p>
<p>However, this hash does not provide <strong>non-repudiation</strong>, meaning it cannot serve as evidence for the <strong>authenticity and integrity</strong> of the data to third parties (e.g., a service or an app). Because it is a keyed hash and TLS requires that the key is known to the <code>User</code>, the <code>User</code> could modify the data and compute a corresponding hash after the TLS session is finished.</p>
<p>Transport Layer Security (TLS) plays a crucial role in digital security. TLS protects communication against eavesdropping and tampering. It ensures that the data received by the <code>User</code> indeed originated from the <code>Server</code> and was not changed. The <code>Server</code>'s identity is verified by the <code>User</code> through trusted Certificate Authorities (CAs). Data integrity is maintained by transmitting a cryptographic hash (called Message Authentication Code or MAC in TLS) alongside the data, which safeguards against deliberate alterations.</p>
<p>However, this hash does not provide <strong>non-repudiation</strong>, meaning it cannot serve as evidence for the <strong>authenticity and integrity</strong> of the data to third parties (e.g., a service or an app). Because it is a keyed hash and TLS requires that the key is known to the <code>User</code>, the <code>User</code> could potentially modify the data and compute a corresponding hash after the TLS session is finished.</p>
<p>Achieving non-repudiation requires digital signatures implemented with asymmetric, public-key cryptography.</p>
<p>While the concept seems straightforward, enabling servers to sign data is not a part of the TLS protocol. Even if all data were securely signed, naively forwarding all data could expose too much information, compromising the <code>User</code>'s privacy. <strong>Privacy</strong> is a vital social good that must be protected.</p>
<p>While the concept seems straightforward, enabling servers to sign data is not a part of the TLS protocol. Even if all data were securely signed, naively sharing all data with others could expose too much information, compromising the <code>User</code>'s privacy. <strong>Privacy</strong> is a vital social good that must be protected.</p>
<h2 id="status-quo-delegate-access"><a class="header" href="#status-quo-delegate-access">Status Quo: delegate access</a></h2>
<p><img src="png-diagrams/data_provenance_oauth.png" alt="" /></p>
<p>Currently, when a <code>User</code> wants to share data from a server with another party, OAuth can be used to facilitate this if the application supports it. In this way, the other party receives the data directly from the server, ensuring authentic and unchanged data. However, applications often do not provide fine-grained control over which data to share, leading to the other party gaining access to more information than strictly necessary.</p>
<p>Another drawback of this solution is that the server is aware of the access delegation, enabling it to monitor and censor the other users requests.</p>
<p>Currently, when a <code>User</code> wants to share data from a <code>Server</code> with another party, OAuth can be used to facilitate this if the application supports it. In this way, the other party receives the data directly from the <code>Server</code>, ensuring authentic and unchanged data. However, applications often do not provide fine-grained control over which data to share, leading to the other party gaining access to more information than strictly necessary.</p>
<p>Another drawback of this solution is that the <code>Server</code> is aware of the access delegation, enabling it to monitor and censor the other users requests.</p>
<p>It's worth noting that in many instances, OAuth is not even presented as an option. This is because a lot of servers lack the incentive to provide third-party access to the data.</p>
<h2 id="tlsnotary-data-provenance-and-privacy-with-secure-multi-party-computation"><a class="header" href="#tlsnotary-data-provenance-and-privacy-with-secure-multi-party-computation">TLSNotary: data provenance and privacy with secure multi-party computation</a></h2>
<p><img src="png-diagrams/data_provenance_tlsn.png" alt="" /></p>
<p>TLSNotary operates by introducing a third party, the <code>Notary</code>, into the usual TLS connection between the <code>User</code> and a <code>Server</code>. This <code>Notary</code> is <strong>not an intermediary</strong>. Instead, the <code>Notary</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly manage the TLS connection without ever viewing the data in plain text; the <code>Notary</code> only has access to encrypted data. Furthermore, as the <code>Notary</code> only possesses the ephemeral keys of the <code>Server</code>, it remains unaware of which <code>Server</code> the <code>User</code> is communicating with.</p>
<p>The TLSNotary protocol is <strong>transparent</strong> to the <code>Server</code>. From the <code>Server</code>'s perspective, the TLS connection is indistinguishable from all other connections. As such, <strong>no modifications to the TLS protocol are necessary</strong>.</p>
<p>Due to the TLSNotary protocol's nature, it enables the <code>User</code> to selectively prove the authenticity of arbitrary portions of the data to a Verifier. Through the <code>Notary</code>'s signing of the data, the <code>User</code> can prove the data's authenticity to any third-party <code>Verifier</code>. The provided proof can be easily verified by the <code>Verifier</code>.</p>
<p>The TLSNotary protocol enables the <code>User</code> to selectively prove the authenticity of arbitrary portions of the data to a <code>Verifier</code> as long as the <code>Verifier</code> trusts the <code>Notary</code> who signed the data.</p>
<h2 id="make-your-data-portable-with-tlsnotary"><a class="header" href="#make-your-data-portable-with-tlsnotary">Make your data portable with TLSNotary!</a></h2>
<p>TLSNotary is a solution designed to prove the authenticity of data while preserving user privacy. It unlocks a variety of new use cases. So, if you're looking for a way to make your data portable without sacrificing its authenticity or compromising on privacy, TLSNotary is developed for you!</p>
<p>TLSNotary is a solution designed to prove the authenticity of data while preserving user privacy. It unlocks a variety of new use cases. So, if you're looking for a way to make your data portable without compromising on privacy, TLSNotary is developed for you!</p>
<p>Dive into the protocol and integrate it into your applications. We eagerly await your feedback on <a href="https://discord.com/invite/9XwESXtcN7">Discord</a>.</p>
</main>

2
mpc/commitment_scheme.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html" class="active"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html" class="active"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
mpc/deap.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html" class="active"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html" class="active"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
mpc/ectf.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html" class="active"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html" class="active"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
mpc/encodings.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html" class="active"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html" class="active"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
mpc/encryption.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html" class="active"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html" class="active"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
mpc/ff-arithmetic.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html" class="active"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html" class="active"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
mpc/garbled_circuits.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html" class="active"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html" class="active"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
mpc/key_exchange.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html" class="active"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html" class="active"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
mpc/mac.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html" class="active"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html" class="active"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

8
mpc/tls_handshake.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html" class="active"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html" class="active"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -195,6 +195,9 @@
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../glossary.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
@@ -206,6 +209,9 @@
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../glossary.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>

2
overview.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html" class="active"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html" class="active"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

79
print.html
View File

@@ -86,7 +86,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -188,19 +188,19 @@
</ol>
<p><img src="./png-diagrams/overview3.png" alt="" /></p>
<h3 id="①-multi-party-tls-request"><a class="header" href="#①-multi-party-tls-request">① Multi-party TLS Request</a></h3>
<p>TLSNotary works by adding a third party, the <code>Notary</code>, to the usual TLS connection between the <code>User</code> and a <code>Server</code>. This <code>Notary</code> is <strong>not &quot;<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">a man in the middle</a>&quot;</strong>. Instead, the <code>Notary</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly operate the TLS connection without ever seeing the data in plain text; the <code>Notary</code> only sees encrypted data. Given that the <code>Notary</code> only sees the temporary key of the <code>Server</code>, the <code>Notary</code> does not know which <code>Server</code> the <code>User</code> is communicating with. The TLSNotary protocol is transparent to the <code>Server</code>. From the <code>Server</code>'s perspective, the User's connection is a standard TLS connection.</p>
<p>TLSNotary works by adding a third party, the <code>Notary</code>, to the usual TLS connection between the <code>User</code> and a <code>Server</code>. This <code>Notary</code> is <strong>not &quot;<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">a man in the middle</a>&quot;</strong>. Instead, the <code>Notary</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly operate the TLS connection without ever seeing the data in plain text; the <code>Notary</code> only sees encrypted data. Given that the <code>Notary</code> only sees the temporary key of the <code>Server</code>, the <code>Notary</code> does not know which <code>Server</code> the <code>User</code> is communicating with. The TLSNotary protocol is transparent to the <code>Server</code>. From the <code>Server</code>'s perspective, the <code>User</code>'s connection is a standard TLS connection.</p>
<!-- - Transport Layer Security (TLS)
- Encryption: hides data from third parties
- Authentication: ensures that the parties exchanging information are who they claim to be
- Integrity: verifies that data has not been forged or tampered with -->
<h3 id="②-notarization"><a class="header" href="#②-notarization">② Notarization</a></h3>
<p>By participating in the <strong>secure multi-party computation</strong> (MPC) for TLS communication, the <code>Notary</code> can validate the authenticity and integrity of the communication with the <code>Server</code>. If the <code>User</code> has not cheated, the <code>Notary</code> <strong>signs</strong> the transcript of the entire TLS session. Since the <code>Notary</code> only checks encrypted data, this process is referred to as &quot;blind signing&quot;.</p>
<p>By participating in the <strong>secure multi-party computation</strong> (MPC) for TLS communication, the <code>Notary</code> can validate the authenticity and integrity of the <code>User</code>'s communication with the <code>Server</code>. If the <code>User</code> was honest, the <code>Notary</code> <strong>signs</strong> the transcript of the entire TLS session. Since the <code>Notary</code> only validates encrypted data, this process is referred to as &quot;blind signing&quot;.</p>
<h3 id="③-selective-disclosure"><a class="header" href="#③-selective-disclosure">③ Selective Disclosure</a></h3>
<p>The TLSNotary protocol provides a means for the <code>User</code> to selectively prove the authenticity of arbitrary sections of the transcript to a <code>Verifier</code>. In this context, the <code>User</code> is often referred to as the <code>Prover</code>.</p>
<p>Due to the manner in which the <code>Notary</code> signs the transcript, the <code>User</code> can <strong>redact sections</strong>, thereby removing sensitive data. This capability can be paired with Zero-Knowledge Proofs to prove properties of the redacted data without revealing the data itself.</p>
<p>The <code>User</code> can <strong>redact sections</strong> of the transcript, thereby not disclosing sensitive data to the <code>Verifier</code>. This capability can be paired with Zero-Knowledge Proofs to prove properties of the redacted data without revealing the data itself.</p>
<h3 id="④-verification"><a class="header" href="#④-verification">④ Verification</a></h3>
<p>A <code>Verifier</code> validates the proof received from the <code>User</code>. By comparing the signature against the <code>Notary</code>'s public key, the <code>Verifier</code> ensures that the <code>User</code> did not tamper with the data.<br />
The data's origin can be verified by inspecting the <code>Server</code> certificate through trusted certificate authorities (CAs).</p>
The data origin can be verified by inspecting the <code>Server</code> certificate through trusted certificate authorities (CAs).</p>
<h3 id="trust-assumptions"><a class="header" href="#trust-assumptions">Trust Assumptions</a></h3>
<p>TLSNotary requires a trust assumption. A <code>Verifier</code> of a proof must trust that the <code>Notary</code> did not collude with the <code>User</code> to forge it. This trust can be minimized by requiring multiple proofs, each signed by a different notary.</p>
<p>In certain applications, the <code>Verifier</code> might also function as the <code>Notary</code>, leading to <strong>fully trustless proofs</strong>.</p>
@@ -217,7 +217,7 @@ The data's origin can be verified by inspecting the <code>Server</code> certific
</ul>
<p>While TLSNotary can notarize publicly available data, it does not solve the &quot;<a href="https://ethereum.org/en/developers/docs/oracles/">oracle problem</a>&quot;. For this use case, existing oracle solutions are more suitable.</p>
<h2 id="who-is-behind-tlsnotary"><a class="header" href="#who-is-behind-tlsnotary">Who is behind TLSNotary?</a></h2>
<p>TLSNotary is developed by the Privacy and Scaling Exploration (PSE) research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives.</p>
<p>TLSNotary is developed by the <a href="https://pse.dev">Privacy and Scaling Exploration (PSE)</a> research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives.</p>
<p>TLSNotary is not a new project; in fact, it has been around for <a href="https://bitcointalk.org/index.php?topic=173220.0">more than a decade</a>.</p>
<p>In 2022, TLSNotary was rebuilt from the ground up in <a href="https://www.rust-lang.org/">Rust</a> incorporating state-of-the-art cryptographic protocols. This renewed version of the TLSNotary protocol offers enhanced security, privacy, and performance.</p>
<p>Older versions of TLSNotary, including PageSigner, have been archived due to a security vulnerability.</p>
@@ -228,22 +228,22 @@ The data's origin can be verified by inspecting the <code>Server</code> certific
<p>Data provenance will make data truly portable, empowering users to share it with others as they see fit.</p>
<h2 id="non-repudiation-tls-is-not-enough"><a class="header" href="#non-repudiation-tls-is-not-enough">Non-repudiation: TLS is not enough</a></h2>
<p><img src="png-diagrams/data_provenance_none.png" alt="" /></p>
<p>Transport Layer Security (TLS) plays a crucial role in digital security. TLS protects communication against eavesdropping and tampering. It ensures that the data received by the <code>User</code> from the <code>Server</code> indeed originates from the <code>Server</code> and was not changed. The <code>Server</code>'s identity is verified by the <code>User</code> through trusted Certificate Authorities (CAs). Data integrity is maintained by transmitting a cryptographic hash (called Message Authentication Code or MAC in TLS) alongside the data, which safeguards against deliberate alterations.</p>
<p>However, this hash does not provide <strong>non-repudiation</strong>, meaning it cannot serve as evidence for the <strong>authenticity and integrity</strong> of the data to third parties (e.g., a service or an app). Because it is a keyed hash and TLS requires that the key is known to the <code>User</code>, the <code>User</code> could modify the data and compute a corresponding hash after the TLS session is finished.</p>
<p>Transport Layer Security (TLS) plays a crucial role in digital security. TLS protects communication against eavesdropping and tampering. It ensures that the data received by the <code>User</code> indeed originated from the <code>Server</code> and was not changed. The <code>Server</code>'s identity is verified by the <code>User</code> through trusted Certificate Authorities (CAs). Data integrity is maintained by transmitting a cryptographic hash (called Message Authentication Code or MAC in TLS) alongside the data, which safeguards against deliberate alterations.</p>
<p>However, this hash does not provide <strong>non-repudiation</strong>, meaning it cannot serve as evidence for the <strong>authenticity and integrity</strong> of the data to third parties (e.g., a service or an app). Because it is a keyed hash and TLS requires that the key is known to the <code>User</code>, the <code>User</code> could potentially modify the data and compute a corresponding hash after the TLS session is finished.</p>
<p>Achieving non-repudiation requires digital signatures implemented with asymmetric, public-key cryptography.</p>
<p>While the concept seems straightforward, enabling servers to sign data is not a part of the TLS protocol. Even if all data were securely signed, naively forwarding all data could expose too much information, compromising the <code>User</code>'s privacy. <strong>Privacy</strong> is a vital social good that must be protected.</p>
<p>While the concept seems straightforward, enabling servers to sign data is not a part of the TLS protocol. Even if all data were securely signed, naively sharing all data with others could expose too much information, compromising the <code>User</code>'s privacy. <strong>Privacy</strong> is a vital social good that must be protected.</p>
<h2 id="status-quo-delegate-access"><a class="header" href="#status-quo-delegate-access">Status Quo: delegate access</a></h2>
<p><img src="png-diagrams/data_provenance_oauth.png" alt="" /></p>
<p>Currently, when a <code>User</code> wants to share data from a server with another party, OAuth can be used to facilitate this if the application supports it. In this way, the other party receives the data directly from the server, ensuring authentic and unchanged data. However, applications often do not provide fine-grained control over which data to share, leading to the other party gaining access to more information than strictly necessary.</p>
<p>Another drawback of this solution is that the server is aware of the access delegation, enabling it to monitor and censor the other users requests.</p>
<p>Currently, when a <code>User</code> wants to share data from a <code>Server</code> with another party, OAuth can be used to facilitate this if the application supports it. In this way, the other party receives the data directly from the <code>Server</code>, ensuring authentic and unchanged data. However, applications often do not provide fine-grained control over which data to share, leading to the other party gaining access to more information than strictly necessary.</p>
<p>Another drawback of this solution is that the <code>Server</code> is aware of the access delegation, enabling it to monitor and censor the other users requests.</p>
<p>It's worth noting that in many instances, OAuth is not even presented as an option. This is because a lot of servers lack the incentive to provide third-party access to the data.</p>
<h2 id="tlsnotary-data-provenance-and-privacy-with-secure-multi-party-computation"><a class="header" href="#tlsnotary-data-provenance-and-privacy-with-secure-multi-party-computation">TLSNotary: data provenance and privacy with secure multi-party computation</a></h2>
<p><img src="png-diagrams/data_provenance_tlsn.png" alt="" /></p>
<p>TLSNotary operates by introducing a third party, the <code>Notary</code>, into the usual TLS connection between the <code>User</code> and a <code>Server</code>. This <code>Notary</code> is <strong>not an intermediary</strong>. Instead, the <code>Notary</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly manage the TLS connection without ever viewing the data in plain text; the <code>Notary</code> only has access to encrypted data. Furthermore, as the <code>Notary</code> only possesses the ephemeral keys of the <code>Server</code>, it remains unaware of which <code>Server</code> the <code>User</code> is communicating with.</p>
<p>The TLSNotary protocol is <strong>transparent</strong> to the <code>Server</code>. From the <code>Server</code>'s perspective, the TLS connection is indistinguishable from all other connections. As such, <strong>no modifications to the TLS protocol are necessary</strong>.</p>
<p>Due to the TLSNotary protocol's nature, it enables the <code>User</code> to selectively prove the authenticity of arbitrary portions of the data to a Verifier. Through the <code>Notary</code>'s signing of the data, the <code>User</code> can prove the data's authenticity to any third-party <code>Verifier</code>. The provided proof can be easily verified by the <code>Verifier</code>.</p>
<p>The TLSNotary protocol enables the <code>User</code> to selectively prove the authenticity of arbitrary portions of the data to a <code>Verifier</code> as long as the <code>Verifier</code> trusts the <code>Notary</code> who signed the data.</p>
<h2 id="make-your-data-portable-with-tlsnotary"><a class="header" href="#make-your-data-portable-with-tlsnotary">Make your data portable with TLSNotary!</a></h2>
<p>TLSNotary is a solution designed to prove the authenticity of data while preserving user privacy. It unlocks a variety of new use cases. So, if you're looking for a way to make your data portable without sacrificing its authenticity or compromising on privacy, TLSNotary is developed for you!</p>
<p>TLSNotary is a solution designed to prove the authenticity of data while preserving user privacy. It unlocks a variety of new use cases. So, if you're looking for a way to make your data portable without compromising on privacy, TLSNotary is developed for you!</p>
<p>Dive into the protocol and integrate it into your applications. We eagerly await your feedback on <a href="https://discord.com/invite/9XwESXtcN7">Discord</a>.</p>
<div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<p>This guide will take you through the steps of:</p>
@@ -308,9 +308,9 @@ TLSNotary.</p>
<h2 id="requester"><a class="header" href="#requester">Requester</a></h2>
<p>The <code>Requester</code> is the party which runs the TLS connection with the <code>Server</code>. The <code>Requester</code> constructs application payloads, eg. HTTP requests, and coordinates with the <code>Notary</code> to encrypt them with the TLS session keys prior to sending them. Subsequently, the <code>Requester</code> works with the <code>Notary</code> to decrypt responses from the <code>Server</code>. The plaintext of the application data is only ever revealed to the <code>Requester</code>.</p>
<h2 id="notary"><a class="header" href="#notary">Notary</a></h2>
<p>The <code>Notary</code> is the party of which the authenticity of the <code>Transcript</code> relies on. During the session the <code>Notary</code> withholds its' shares of the TLS keys and participates in a series of secure 2-party computation protocols with the <code>Requester</code> to operate the TLS connection.</p>
<p>The <code>Notary</code> is the party of which the authenticity of the <code>Transcript</code> relies on. During the session the <code>Notary</code> withholds its' shares of the TLS keys and participates in a series of secure MPC protocols with the <code>Requester</code> to operate the TLS connection.</p>
<h2 id="server"><a class="header" href="#server">Server</a></h2>
<p>The <code>Server</code> can be any server which supports TLS. The TLSNotary protocol is entirely transparent to the <code>Server</code>, thus it can not be censored nor does it have to support any additional functionality.</p>
<p>The <code>Server</code> can be any server which supports TLS. The TLSNotary protocol is entirely transparent to the <code>Server</code>, thus it cannot be censored nor does it have to support any additional functionality.</p>
<img src="protocol/notarization/../../png-diagrams/tls12-multiround.png">
<h2 id="transcript"><a class="header" href="#transcript">Transcript</a></h2>
<p>The primary artifact generated from this phase is called the <code>Transcript</code>. It contains session meta-data, handshake data, and commitments to all the requests and responses. Typically the <code>Transcript</code> is signed by the <code>Notary</code>, however that is not necessary in the case where the <code>Notary</code> will also act as the <code>Verifier</code> in the selective disclosure phase.</p>
@@ -320,12 +320,11 @@ TLSNotary.</p>
<img src="protocol/notarization/../../png-diagrams/transcript.png"><div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="tls-handshake"><a class="header" href="#tls-handshake">TLS Handshake</a></h1>
<p>During the TLS handshake, the TLS Client and the TLS Server compute the session keys needed for the encryption and decryption of data.</p>
<p>In TLSNotary protocol <code>User</code> and <code>Notary</code> jointly play the role of the TLS Client. The User is the one who physically communicates with the server but all cryptographic TLS operations are performed in MPC.
The parties use MPC to compute the session keys in such a way that neither party ever learns the full keys but each has their share of the keys.
They then use their shares of the keys to finish the TLS handshake.</p>
<p>In TLSNotary protocol the <code>User</code> and <code>Notary</code> jointly play the role of the TLS Client. The <code>User</code> is the one who physically communicates with the server but all cryptographic TLS operations are performed using MPC.</p>
<p>The parties use MPC to compute the session keys in such a way that each party only has their share of the keys and never learns the full keys. The parties proceed to complete the TLS handshake using their shares of the keys.</p>
<p>To a third party observing the <code>User</code>'s connection to the server, the connection appears like a regular TLS connection. The <code>User</code> maintains all the security guarantees of a standard TLS connection against a third-party bad actor.</p>
<p>However, the <code>User</code>'s TLS connection does not maintain the normal TLS security against the <code>Notary</code>. Instead, the <code>User</code> relies on the security which the underlying MPC protocols provide.</p>
<p>With the shares of the session keys computed, the parties now proceed to the next MPC protocol where they use their session key shares to jointly encrypt requests to and decrypt responses from the server while keeping the plaintext of the request/response private from the Notary.</p>
<p>With the shares of the session keys computed, the parties now proceed to the next MPC protocol where they use their session key shares to jointly encrypt requests to and decrypt responses from the server while keeping the plaintext of the request/response private from the <code>Notary</code>.</p>
<div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="encryption-decryption-and-mac-computation"><a class="header" href="#encryption-decryption-and-mac-computation">Encryption, Decryption, and MAC Computation</a></h1>
<p>This section explains how the <code>User</code> and <code>Notary</code> use MPC to encrypt data for the server, decrypt data received from the server, and compute the MAC for the ciphertext in MPC.</p>
@@ -333,21 +332,21 @@ They then use their shares of the keys to finish the TLS handshake.</p>
<p>To encrypt the plaintext, both parties input their key shares as private inputs to the <a href="protocol/notarization//mpc/deap.html">MPC</a> protocol, along with some other public data. Additionally, the <code>User</code> inputs her plaintext as a private input.</p>
<p>Both parties see the resulting ciphertext and execute the <a href="protocol/notarization/../../mpc/mac.html">2PC MAC</a> protocol to compute the MAC for the ciphertext.</p>
<p>The <code>User</code> then dispatches the ciphertext and the MAC to the server.</p>
<p>As explained in the <a href="protocol/notarization/commitment.html">Commitment section</a>, the <code>User</code> creates a commitment to the plaintext (her private input to DEAP).</p>
<p>As explained in the <a href="protocol/notarization/commitment.html">Commitment section</a>, the <code>User</code> creates a commitment to the plaintext (her private input to MPC).</p>
<h2 id="decryption"><a class="header" href="#decryption">Decryption</a></h2>
<p>Once the <code>User</code> receives the ciphertext and its associated MAC from the server, the parties first authenticate the ciphertext by validating the MAC. They do this by running the [MPC] (/mpc/mac.md) protocol to compute the authentic MAC for the ciphertext. They then verify if the authentic MAC matches the MAC received from the server.</p>
<p>Once the <code>User</code> receives the ciphertext and its associated MAC from the server, the parties first authenticate the ciphertext by validating the MAC. They do this by running the <a href="protocol/notarization//mpc/mac.html">MPC</a> protocol to compute the authentic MAC for the ciphertext. They then verify if the authentic MAC matches the MAC received from the server.</p>
<p>Next, the parties decrypt the ciphertext by providing their key shares as private inputs to the <a href="protocol/notarization//mpc/deap.html">MPC</a> protocol, along with the ciphertext and some other public data.</p>
<p>The resulting plaintext is revealed ONLY to the <code>User</code>.</p>
<p>As discussed in the <a href="protocol/notarization//protocol/notarization/commitment.html">Commitment section</a>, the <code>User</code> establishes a commitment to the plaintext.</p>
<p>As discussed in the <a href="protocol/notarization//protocol/notarization/commitment.html">Commitment section</a>, the <code>User</code> creates a commitment to the plaintext.</p>
<p>Please note, the actual low-level implementation details of <code>Decryption</code> are more nuanced than what we have described here. For more information, please consult <a href="protocol/notarization//mpc/encryption.html">Low-level Decryption details</a>.</p>
<h2 id="summary"><a class="header" href="#summary">Summary</a></h2>
<p>This chapter illustrated how the <code>Notary</code> and <code>User</code> collaborate to encrypt and decrypt data. The <code>Notary</code> performs these tasks &quot;blindly,&quot; without acquiring knowledge of the plaintext. In fact, the <code>Notary</code> even remains unaware of the <code>Server</code> with which the <code>User</code> is communicating. Additionally, the <code>User</code> creates commitments to the plaintext and can use these later to prove the authenticity of the plaintext to a third party <code>Verifier</code>.</p>
<p>This chapter illustrated how the <code>Notary</code> and <code>User</code> collaborate to encrypt and decrypt data. The <code>Notary</code> performs these tasks &quot;blindly&quot;, without acquiring knowledge of the plaintext. In fact, the <code>Notary</code> even remains unaware of which <code>Server</code> the <code>User</code> is communicating with. Additionally, the <code>User</code> creates commitments to the plaintext and can use them later to prove the authenticity of the plaintext to a third party <code>Verifier</code>.</p>
<div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="commitment"><a class="header" href="#commitment">Commitment</a></h1>
<p>The TLSNotary protocol entirely conceals the plaintext transcript from the <code>Notary</code>. Simultaneously, the TLSNotary protocol offers a way to the <code>User</code> to selectively prove the authenticity of arbitrary portions of the plaintext to the <code>Verifier</code>.</p>
<p>A naive approach could extend the <code>Encryption and Decryption</code> steps to also compute a commitment (e.g. a blake3 hash) to the plaintext in MPC, with the <code>Notary</code> signing that commitment. The <code>User</code> could then open the commitment to the <code>Verifier</code>. Unfortunately, this approach would be resource-intensive, prompting us to provide a more lightweight commitment scheme.</p>
<p>The high-level idea is that the <code>User</code> will reuse the encodings from the MPC protocol used for <code>Encryption and Decryption</code> to create commitments<sup class="footnote-reference"><a href="#commitment_scheme">1</a></sup>. Since those encodings are chosen by the <code>Notary</code> and are not known to the <code>User</code> at the time when she makes a commitment, they can be thought of as &quot;authenticated plaintext&quot;.</p>
<p><sup class="footnote-reference"><a href="#commitment_scheme">1</a></sup> For technical details on the commitment scheme, see <a href="protocol/notarization//mpc/commitment_scheme.html">Commitment scheme</a></p>
<p>As part of the TLSNotary protocol, the <code>User</code> creates authenticated commitments to the plaintext and the <code>Notary</code> signs those commitments without ever seeing the plaintext. This offers a way for the <code>User</code> to selectively prove the authenticity of arbitrary portions of the plaintext to the <code>Verifier</code>. </p>
<p>A naive approach of creating such authenticated commitments is to extend the <code>Encryption and Decryption</code> steps to also compute a commitment (e.g. a blake3 hash) to the plaintext using MPC and have the <code>Notary</code> sign that commitment. Unfortunately, such MPC approach is too resource-intensive, prompting us to provide a more lightweight commitment scheme.</p>
<p>The high-level idea is that the <code>User</code> creates a commitment to the encodings from the MPC protocol used for <code>Encryption and Decryption</code>. Since those encodings are chosen by the <code>Notary</code> and are not known to the <code>User</code> at the time when she makes a commitment, they can be thought of as &quot;authenticated plaintext&quot;.</p>
<p>For technical details on the commitment scheme, see <a href="protocol/notarization//mpc/commitment_scheme.html">Commitment scheme</a></p>
<div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="signing-the-session-header"><a class="header" href="#signing-the-session-header">Signing the Session Header</a></h1>
<p>At the end of the TLSNotary protocol, the <code>Notary</code> signs an artifact known as a <code>Session Header</code>, thereby attesting to the authenticity of the plaintext from a TLS session. A <code>Session Header</code> contains a <code>User</code>'s commitment to the plaintext and a <code>User</code>'s commitment to TLS-specific data which uniquely identifies the server.</p>
@@ -355,7 +354,7 @@ They then use their shares of the keys to finish the TLS handshake.</p>
<p>It's important to highlight that throughout the entire TLSNotary protocol, including this signing stage, the <code>Notary</code> does not gain knowledge of either the plaintext or the identity of the server with which the <code>User</code> communicated.</p>
<div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="verification"><a class="header" href="#verification">Verification</a></h1>
<p>A <code>Verifier`` receives the following from the </code>User`:</p>
<p>A <code>Verifier</code> receives the following from the <code>User</code>:</p>
<!-- TODO will explain each -->
<ul>
<li>domain name (e.g. &quot;tlsnotary.org&quot;)</li>
@@ -910,7 +909,29 @@ in such a way that</p>
<li>they encrypt the Client Finished message (and the <code>User</code> sends the CF to the server)</li>
<li>(the <code>User</code> receives the Server Finished message from the server and) they decrypt the SF message and check its authenticity.</li>
</ul>
<div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="glossary"><a class="header" href="#glossary">Glossary</a></h1>
<div class="table-wrapper"><table><thead><tr><th>Term</th><th>Explanation</th></tr></thead><tbody>
<tr><td>AES</td><td>Advanced Encryption Standard</td></tr>
<tr><td>A2M</td><td>Addition-to-Multiplication</td></tr>
<tr><td>DEAP</td><td>Dual Execution with Asymmetric Privacy</td></tr>
<tr><td>ECDH</td><td>Elliptic-Curve Diffie-Hellman</td></tr>
<tr><td>ECB</td><td>Electronic codebook (encryption mode)</td></tr>
<tr><td>GC</td><td>Garbled Circuit</td></tr>
<tr><td>GCM</td><td>Galois/Counter Mode</td></tr>
<tr><td>GHASH</td><td>GCM hash</td></tr>
<tr><td>HMAC</td><td>Hash-based Message Authentication Code</td></tr>
<tr><td>MAC</td><td>Message Authentication Code</td></tr>
<tr><td>M2a</td><td>Multiplication-to-Addition</td></tr>
<tr><td>OT</td><td>oblivious transfer</td></tr>
<tr><td>RSA</td><td>RivestShamirAdleman (public-key cryptosystem)</td></tr>
<tr><td>PMS</td><td>Pre master secret (TLS)</td></tr>
<tr><td>PRF</td><td>Pseudo Random Function</td></tr>
<tr><td>PRG</td><td>pseudorandom generator</td></tr>
<tr><td>PSE</td><td>Privacy and Scaling Exploration</td></tr>
<tr><td>TLS</td><td>transport layer security</td></tr>
</tbody></table>
</div>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">

10
protocol/notarization/commitment.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html" class="active"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html" class="active"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -176,10 +176,10 @@
<main>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="commitment"><a class="header" href="#commitment">Commitment</a></h1>
<p>The TLSNotary protocol entirely conceals the plaintext transcript from the <code>Notary</code>. Simultaneously, the TLSNotary protocol offers a way to the <code>User</code> to selectively prove the authenticity of arbitrary portions of the plaintext to the <code>Verifier</code>.</p>
<p>A naive approach could extend the <code>Encryption and Decryption</code> steps to also compute a commitment (e.g. a blake3 hash) to the plaintext in MPC, with the <code>Notary</code> signing that commitment. The <code>User</code> could then open the commitment to the <code>Verifier</code>. Unfortunately, this approach would be resource-intensive, prompting us to provide a more lightweight commitment scheme.</p>
<p>The high-level idea is that the <code>User</code> will reuse the encodings from the MPC protocol used for <code>Encryption and Decryption</code> to create commitments<sup class="footnote-reference"><a href="#commitment_scheme">1</a></sup>. Since those encodings are chosen by the <code>Notary</code> and are not known to the <code>User</code> at the time when she makes a commitment, they can be thought of as &quot;authenticated plaintext&quot;.</p>
<p><sup class="footnote-reference"><a href="#commitment_scheme">1</a></sup> For technical details on the commitment scheme, see <a href="/mpc/commitment_scheme.html">Commitment scheme</a></p>
<p>As part of the TLSNotary protocol, the <code>User</code> creates authenticated commitments to the plaintext and the <code>Notary</code> signs those commitments without ever seeing the plaintext. This offers a way for the <code>User</code> to selectively prove the authenticity of arbitrary portions of the plaintext to the <code>Verifier</code>. </p>
<p>A naive approach of creating such authenticated commitments is to extend the <code>Encryption and Decryption</code> steps to also compute a commitment (e.g. a blake3 hash) to the plaintext using MPC and have the <code>Notary</code> sign that commitment. Unfortunately, such MPC approach is too resource-intensive, prompting us to provide a more lightweight commitment scheme.</p>
<p>The high-level idea is that the <code>User</code> creates a commitment to the encodings from the MPC protocol used for <code>Encryption and Decryption</code>. Since those encodings are chosen by the <code>Notary</code> and are not known to the <code>User</code> at the time when she makes a commitment, they can be thought of as &quot;authenticated plaintext&quot;.</p>
<p>For technical details on the commitment scheme, see <a href="/mpc/commitment_scheme.html">Commitment scheme</a></p>
</main>

10
protocol/notarization/encryption.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html" class="active"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html" class="active"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -181,15 +181,15 @@
<p>To encrypt the plaintext, both parties input their key shares as private inputs to the <a href="/mpc/deap.html">MPC</a> protocol, along with some other public data. Additionally, the <code>User</code> inputs her plaintext as a private input.</p>
<p>Both parties see the resulting ciphertext and execute the <a href="../../mpc/mac.html">2PC MAC</a> protocol to compute the MAC for the ciphertext.</p>
<p>The <code>User</code> then dispatches the ciphertext and the MAC to the server.</p>
<p>As explained in the <a href="commitment.html">Commitment section</a>, the <code>User</code> creates a commitment to the plaintext (her private input to DEAP).</p>
<p>As explained in the <a href="commitment.html">Commitment section</a>, the <code>User</code> creates a commitment to the plaintext (her private input to MPC).</p>
<h2 id="decryption"><a class="header" href="#decryption">Decryption</a></h2>
<p>Once the <code>User</code> receives the ciphertext and its associated MAC from the server, the parties first authenticate the ciphertext by validating the MAC. They do this by running the [MPC] (/mpc/mac.md) protocol to compute the authentic MAC for the ciphertext. They then verify if the authentic MAC matches the MAC received from the server.</p>
<p>Once the <code>User</code> receives the ciphertext and its associated MAC from the server, the parties first authenticate the ciphertext by validating the MAC. They do this by running the <a href="/mpc/mac.html">MPC</a> protocol to compute the authentic MAC for the ciphertext. They then verify if the authentic MAC matches the MAC received from the server.</p>
<p>Next, the parties decrypt the ciphertext by providing their key shares as private inputs to the <a href="/mpc/deap.html">MPC</a> protocol, along with the ciphertext and some other public data.</p>
<p>The resulting plaintext is revealed ONLY to the <code>User</code>.</p>
<p>As discussed in the <a href="/protocol/notarization/commitment.html">Commitment section</a>, the <code>User</code> establishes a commitment to the plaintext.</p>
<p>As discussed in the <a href="/protocol/notarization/commitment.html">Commitment section</a>, the <code>User</code> creates a commitment to the plaintext.</p>
<p>Please note, the actual low-level implementation details of <code>Decryption</code> are more nuanced than what we have described here. For more information, please consult <a href="/mpc/encryption.html">Low-level Decryption details</a>.</p>
<h2 id="summary"><a class="header" href="#summary">Summary</a></h2>
<p>This chapter illustrated how the <code>Notary</code> and <code>User</code> collaborate to encrypt and decrypt data. The <code>Notary</code> performs these tasks &quot;blindly,&quot; without acquiring knowledge of the plaintext. In fact, the <code>Notary</code> even remains unaware of the <code>Server</code> with which the <code>User</code> is communicating. Additionally, the <code>User</code> creates commitments to the plaintext and can use these later to prove the authenticity of the plaintext to a third party <code>Verifier</code>.</p>
<p>This chapter illustrated how the <code>Notary</code> and <code>User</code> collaborate to encrypt and decrypt data. The <code>Notary</code> performs these tasks &quot;blindly&quot;, without acquiring knowledge of the plaintext. In fact, the <code>Notary</code> even remains unaware of which <code>Server</code> the <code>User</code> is communicating with. Additionally, the <code>User</code> creates commitments to the plaintext and can use them later to prove the authenticity of the plaintext to a third party <code>Verifier</code>.</p>
</main>

9
protocol/notarization/handshake.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html" class="active"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html" class="active"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -177,12 +177,11 @@
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="tls-handshake"><a class="header" href="#tls-handshake">TLS Handshake</a></h1>
<p>During the TLS handshake, the TLS Client and the TLS Server compute the session keys needed for the encryption and decryption of data.</p>
<p>In TLSNotary protocol <code>User</code> and <code>Notary</code> jointly play the role of the TLS Client. The User is the one who physically communicates with the server but all cryptographic TLS operations are performed in MPC.
The parties use MPC to compute the session keys in such a way that neither party ever learns the full keys but each has their share of the keys.
They then use their shares of the keys to finish the TLS handshake.</p>
<p>In TLSNotary protocol the <code>User</code> and <code>Notary</code> jointly play the role of the TLS Client. The <code>User</code> is the one who physically communicates with the server but all cryptographic TLS operations are performed using MPC.</p>
<p>The parties use MPC to compute the session keys in such a way that each party only has their share of the keys and never learns the full keys. The parties proceed to complete the TLS handshake using their shares of the keys.</p>
<p>To a third party observing the <code>User</code>'s connection to the server, the connection appears like a regular TLS connection. The <code>User</code> maintains all the security guarantees of a standard TLS connection against a third-party bad actor.</p>
<p>However, the <code>User</code>'s TLS connection does not maintain the normal TLS security against the <code>Notary</code>. Instead, the <code>User</code> relies on the security which the underlying MPC protocols provide.</p>
<p>With the shares of the session keys computed, the parties now proceed to the next MPC protocol where they use their session key shares to jointly encrypt requests to and decrypt responses from the server while keeping the plaintext of the request/response private from the Notary.</p>
<p>With the shares of the session keys computed, the parties now proceed to the next MPC protocol where they use their session key shares to jointly encrypt requests to and decrypt responses from the server while keeping the plaintext of the request/response private from the <code>Notary</code>.</p>
</main>

6
protocol/notarization/index.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html" class="active"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html" class="active"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -186,9 +186,9 @@
<h2 id="requester"><a class="header" href="#requester">Requester</a></h2>
<p>The <code>Requester</code> is the party which runs the TLS connection with the <code>Server</code>. The <code>Requester</code> constructs application payloads, eg. HTTP requests, and coordinates with the <code>Notary</code> to encrypt them with the TLS session keys prior to sending them. Subsequently, the <code>Requester</code> works with the <code>Notary</code> to decrypt responses from the <code>Server</code>. The plaintext of the application data is only ever revealed to the <code>Requester</code>.</p>
<h2 id="notary"><a class="header" href="#notary">Notary</a></h2>
<p>The <code>Notary</code> is the party of which the authenticity of the <code>Transcript</code> relies on. During the session the <code>Notary</code> withholds its' shares of the TLS keys and participates in a series of secure 2-party computation protocols with the <code>Requester</code> to operate the TLS connection.</p>
<p>The <code>Notary</code> is the party of which the authenticity of the <code>Transcript</code> relies on. During the session the <code>Notary</code> withholds its' shares of the TLS keys and participates in a series of secure MPC protocols with the <code>Requester</code> to operate the TLS connection.</p>
<h2 id="server"><a class="header" href="#server">Server</a></h2>
<p>The <code>Server</code> can be any server which supports TLS. The TLSNotary protocol is entirely transparent to the <code>Server</code>, thus it can not be censored nor does it have to support any additional functionality.</p>
<p>The <code>Server</code> can be any server which supports TLS. The TLSNotary protocol is entirely transparent to the <code>Server</code>, thus it cannot be censored nor does it have to support any additional functionality.</p>
<img src="../../png-diagrams/tls12-multiround.png">
<h2 id="transcript"><a class="header" href="#transcript">Transcript</a></h2>
<p>The primary artifact generated from this phase is called the <code>Transcript</code>. It contains session meta-data, handshake data, and commitments to all the requests and responses. Typically the <code>Transcript</code> is signed by the <code>Notary</code>, however that is not necessary in the case where the <code>Notary</code> will also act as the <code>Verifier</code> in the selective disclosure phase.</p>

2
protocol/notarization/signing.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html" class="active"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/signing.html" class="active"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../../protocol/verification.html"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

4
protocol/verification.html
View File

@@ -85,7 +85,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html" class="active"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><li class="part-title">Developer resources</li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><a href="../motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="../developers/quick_start.html">Quick Start</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="../overview.html"><strong aria-hidden="true">1.</strong> Overview</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../protocol/notarization/handshake.html"><strong aria-hidden="true">2.1.</strong> TLS Handshake</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/encryption.html"><strong aria-hidden="true">2.2.</strong> Encryption and Decryption</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li class="chapter-item expanded "><a href="../protocol/notarization/signing.html"><strong aria-hidden="true">2.4.</strong> Signing</a></li></ol></li><li class="chapter-item expanded "><a href="../protocol/verification.html" class="active"><strong aria-hidden="true">3.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="../mpc/garbled_circuits.html"><strong aria-hidden="true">5.</strong> Garbled Circuits</a></li><li class="chapter-item expanded "><a href="../mpc/deap.html"><strong aria-hidden="true">6.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">7.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><a href="../mpc/mac.html"><strong aria-hidden="true">8.</strong> MAC</a></li><li class="chapter-item expanded "><a href="../mpc/ff-arithmetic.html"><strong aria-hidden="true">9.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="../mpc/encodings.html"><strong aria-hidden="true">10.</strong> Encodings</a></li><li class="chapter-item expanded "><a href="../mpc/key_exchange.html"><strong aria-hidden="true">11.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../mpc/ectf.html"><strong aria-hidden="true">12.</strong> ECtF</a></li><li class="chapter-item expanded "><a href="../mpc/commitment_scheme.html"><strong aria-hidden="true">13.</strong> Commitment scheme</a></li><li class="chapter-item expanded "><a href="../mpc/encryption.html"><strong aria-hidden="true">14.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="../mpc/tls_handshake.html"><strong aria-hidden="true">15.</strong> TLS handhsake</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">16.</strong> Committed Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">17.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded affix "><a href="../glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -176,7 +176,7 @@
<main>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="verification"><a class="header" href="#verification">Verification</a></h1>
<p>A <code>Verifier`` receives the following from the </code>User`:</p>
<p>A <code>Verifier</code> receives the following from the <code>User</code>:</p>
<!-- TODO will explain each -->
<ul>
<li>domain name (e.g. &quot;tlsnotary.org&quot;)</li>

2
searchindex.js
View File

File diff suppressed because one or more lines are too long

2
searchindex.json
View File

File diff suppressed because one or more lines are too long