AtHeartEngineer/docs-mdbook
1
0
Fork 0
mirror of https://github.com/AtHeartEngineer/docs-mdbook.git synced 2026-01-10 09:37:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

Protocol refactor (#34)

Browse Source 
Rewrite of protocol section:

* update mpc-tls top level
* update handshake
* update encryption and decryption
* rename signing section, move it, and update it

Co-authored-by: sinu.eth <65924192+sinui0@users.noreply.github.com>
Co-authored-by: Hendrik Eeckhaut <hendrik@eeckhaut.org>
This commit is contained in:
sinu.eth
2023-09-14 08:18:08 -07:00
committed by GitHub
parent a48aea6712
commit 2f83978e87
18 changed files with 2292 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
diagrams/key_exchange.drawio
View File

@@ -1 +1,141 @@
<mxfile host="app.diagrams.net" modified="2022-07-12T05:02:59.309Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" etag="9Thzvw0-MVdKURfvbQUH" version="20.0.4" type="device"><diagram id="kcIGn_kX_1L25iIxUXLg" name="Page-1">7Ztbk6I4FIB/jY9NAQHER7V1pmpmtpyxtnZnX7bSEDHbSJwQu3V//SaQyCXeuhsvvY0vwiHkcs6Xk5MDdMBwsf5E4XL+jYQo7thmuO6A+45tW65n8j8h2eQS37dzQURxKAsVgin+F0mhvC9a4RCllYKMkJjhZVUYkCRBAavIIKXkuVpsRuJqq0sYIU0wDWCsS//AIZvLUbhmIf+McDRXLVumvLKAqrAUpHMYkueSCIw6YEgJYfnRYj1EsVCe0kt+33jP1W3HKErYKTeM/ur/Ci3/23eKP7PRl4ffwff+nevk1TzBeCVHLHvLNkoF6SNigRiL2QGDJcEJQ3T0xFsVqrW4bDsycRLCdI5CWXrOFrEqxCh5REMSE8olIZrBVcz7PYjhA4onJMUMk4RfCZCon194QpRhboivtQIPhDGyKBXoxzgSFxhZcilZsRgnvCHFg+gHlEW2lfMuL8XwFutIcGuQ2QwHyEhRsKKYbYxHtPl7iegCpylvlQ90MMNxrHrfsUF3POg73IYDDh6DvEEqx0mWMOA18DNXtDzjl6dSlztMJkViKGhdEkkTfkJkgRjd8CLyqqfIk/PJtaUFnws6bTcXzUtgukDOCTkfom3N28Z+cH3BJOJd3bYGzGprAJhaaz1Tb00xr1qDMVd7Ahni5knCtMwpPyiNsxBl9L6EZI1bFPKZLE8JZXMSkQTGo0I6oKI3W1iLMl+JQCkz5z+IsY10S3DFSBXqvQZNyYoG6EB3ZTnRx4NmpyiGDD9VvdEBI07E/CwM6DhVA3a9mmUYpBFi8q7mraL4LtzLD/RrhVIxCzV7xTH36sIuz3PM0JRPJHHlmU/QqtZhusyn9gyvhfWqDqiBSebUsLdNHXt/B/a+ud8+Fc2+VI3ONeBOORusL9ZQLkhIgt4EvOtdhnjbvC7xtkb8FNGnm8bd8m4Md+99+XJwGbI9/7pkA43s3whvcnPDZHvOjZFt9zQl6upLQuV1gxjyADSoaq1K+l4tHcWxpAN3hw6U7O3+2FAB6aYWlKha8hmmgbsrmjG6R+o69yQwP5oB6yHkq61X91+XNp21f2n2sq3ogziKxNFk9RBzq9nmF6S7t3Y//JL9cANeHFi6C7F0R/4ht72ghfp9Qu06zRP9ptAEeB9tZfO6PcP3qzPd7hm298roBJxU3bn3n7oZVZjeOoS3OgTxG4+bcgCOhsuO7cllfUD3o/kAsaXwQGM+QOx2rOPVnXuT4rc+4F34ANvVl4yr+wA9RVHK2ZtbYHSWWoRORGg8FhA1tDm6QYQcfVOigyGViBfZE/iytXfb5qhJMxgGMHiMsiWopO9Z9uNFssb6Kuto7kpByv7czxkTrxj0hSbscRAmjoH5NmCG+eJGjYC3aI9DyCD/E/JU/JNEHboi2ZBduFvGq/TOsn1jmURl3kXrldlRhbwjzCh+NXyOPYh5ATkm0MhRa1eJHAB0csDZyPH1eOP8qX+0xuxPcbtIM+SnP0uX7tey6uxkcyyyOfq8wHFODIEaztxt3x04Eobw8A5uSsUyt53ub8dVYWOtnQKEvMZGYxynd11Suv8nUuqp2bOR4l+DlBPecaqCceSxVSVkeYUL5/JebzhsbCOpEtvqlaAdmaTta2nz6stq53LjrqbyqYiORI7Vngw19fORskMRn1z0dqyDWnBWDx4WOAzjfc8iq2bfvzQ3YqUq+q59Wk4ZnM1Gjef7uHLoRnhHyzAtdf4z85aO6ytB4SOzs035bIIo5qPL8qwH9Z77oyY854VSjTUH69af3Z+cZKy//3eip27MmTaeIdpSc2captltuTkUwr2aG+DU3I9vGqDbK34XpUhpp0TR5NtUZaHM6RyKpaJNJZySShiPzYaWKKfrVaMz78p5BFd/fbTF5OqYeJZ7Y5job6aVMpZaxpviJ8hQp015vzxfWfu4oQmf49lGFSfX7inJ1YDS85d7n5+0NL36AUrzNHnAuTmW9K1wi0mTX1idIfBpP6qqfbSxOwBrKb5s4GX5XePWQq9T0gEXSMsXGYc3f6gkB3A0U3DrHzQdrUj7ymFPLuG4M+GnxXfMefHia3Aw+g8=</diagram></mxfile>
<mxfile host="Electron" modified="2023-09-14T13:15:23.621Z" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/21.6.8 Chrome/114.0.5735.289 Electron/25.5.0 Safari/537.36" version="21.6.8" etag="U83G3o7G2LZjyDhE_P2v" type="device">
<diagram id="kcIGn_kX_1L25iIxUXLg" name="Page-1">
<mxGraphModel dx="2060" dy="1200" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="EZAqd18MQriHtEKbU3QA-54" value="" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#7FBA42;opacity=50;fontStyle=1;expand=0;" parent="1" vertex="1">
<mxGeometry x="650" y="488" width="25" height="53" as="geometry">
<mxRectangle x="300" y="330" width="90" height="20" as="alternateBounds" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-5" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="EZAqd18MQriHtEKbU3QA-1" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="440" y="720" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-1" value="Prover" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;shadow=1;" parent="1" vertex="1">
<mxGeometry x="400" y="200" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-4" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;startArrow=none;" parent="1" source="EZAqd18MQriHtEKbU3QA-56" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="200" y="720" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-2" value="Server" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;shadow=1;" parent="1" vertex="1">
<mxGeometry x="160" y="200" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-6" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="EZAqd18MQriHtEKbU3QA-3" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="680" y="720" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-3" value="Verifier&lt;br&gt;(Notary)" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;shadow=1;" parent="1" vertex="1">
<mxGeometry x="640" y="200" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-29" value="" style="endArrow=classic;html=1;rounded=0;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="200.25" y="440" as="sourcePoint" />
<mxPoint x="440.75" y="440" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-30" value="" style="endArrow=classic;html=1;rounded=0;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="440" y="440" as="sourcePoint" />
<mxPoint x="680" y="440" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-12" value="Server&lt;br&gt;Public Key" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#7FBA42;container=1;" parent="1" vertex="1">
<mxGeometry x="310.25" y="410" width="25" height="53" as="geometry">
<mxRectangle x="300" y="330" width="90" height="20" as="alternateBounds" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-32" value="Server&lt;br&gt;Public Key" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#7FBA42;container=1;" parent="1" vertex="1">
<mxGeometry x="545" y="410" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-36" value="" style="endArrow=classic;html=1;rounded=0;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="679.88" y="329.26" as="sourcePoint" />
<mxPoint x="439.88" y="329.26" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-26" value="Verifier&lt;br&gt;Public Key" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#3333FF;" parent="1" vertex="1">
<mxGeometry x="544.88" y="300" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-37" value="" style="endArrow=classic;html=1;rounded=0;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="440.63" y="329.26" as="sourcePoint" />
<mxPoint x="200.13" y="329.26" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-38" value="Verifier&lt;br&gt;Public Key" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#3333FF;" parent="1" vertex="1">
<mxGeometry x="259.88" y="300" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-39" value="Prover Public &lt;br&gt;Key" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#FF3333;" parent="1" vertex="1">
<mxGeometry x="359.88" y="300" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-48" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.3;exitY=1.02;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="EZAqd18MQriHtEKbU3QA-44" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="440" y="610" as="targetPoint" />
<Array as="points">
<mxPoint x="538" y="610" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-49" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.75;exitY=1;exitDx=0;exitDy=0;" parent="1" source="EZAqd18MQriHtEKbU3QA-44" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="680" y="610" as="targetPoint" />
<Array as="points">
<mxPoint x="583" y="610" />
<mxPoint x="680" y="610" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-44" value="Secure 2PC" style="rounded=0;whiteSpace=wrap;html=1;shadow=1;sketch=0;strokeColor=#000000;fillColor=#99CCFF;" parent="1" vertex="1">
<mxGeometry x="507.5" y="530" width="100" height="40" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-47" value="" style="endArrow=classic;html=1;rounded=0;entryX=-0.007;entryY=0.458;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" target="EZAqd18MQriHtEKbU3QA-44" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="440" y="548" as="sourcePoint" />
<mxPoint x="347" y="580.3799999999999" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-50" value="PMS Key Share" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#fdff01;fillStyle=solid;gradientColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="476" y="614" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-51" value="PMS Key Share" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#FFFF00;gradientColor=#FFFFFF;gradientDirection=north;" parent="1" vertex="1">
<mxGeometry x="615" y="614" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-53" value="Prover&lt;br&gt;Private Key" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#FF3333;opacity=50;" parent="1" vertex="1">
<mxGeometry x="462.5" y="493.5" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-52" value="Verifier&lt;br&gt;Private Key" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#3333FF;opacity=50;" parent="1" vertex="1">
<mxGeometry x="634" y="493.5" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-55" value="" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#7FBA42;opacity=50;" parent="1" vertex="1">
<mxGeometry x="476" y="488" width="25" height="53" as="geometry">
<mxRectangle x="476" y="524" width="90" height="20" as="alternateBounds" />
</mxGeometry>
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-56" value="PMS Key" style="sketch=0;pointerEvents=1;shadow=1;dashed=0;html=1;strokeColor=default;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.security.key_permissions;fillColor=#FFFF00;" parent="1" vertex="1">
<mxGeometry x="187.5" y="614" width="25" height="53" as="geometry" />
</mxCell>
<mxCell id="EZAqd18MQriHtEKbU3QA-57" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;endArrow=none;" parent="1" source="EZAqd18MQriHtEKbU3QA-2" target="EZAqd18MQriHtEKbU3QA-56" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="200" y="760" as="targetPoint" />
<mxPoint x="200" y="280" as="sourcePoint" />
</mxGeometry>
</mxCell>
<mxCell id="2" value="" style="endArrow=classic;html=1;rounded=0;entryX=1.01;entryY=0.458;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" target="EZAqd18MQriHtEKbU3QA-44" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="680" y="548" as="sourcePoint" />
<mxPoint x="608.5" y="548.32" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="3" value="&lt;font style=&quot;font-size: 50px;&quot;&gt;+&lt;/font&gt;" style="text;strokeColor=none;align=center;fillColor=none;html=1;verticalAlign=middle;whiteSpace=wrap;rounded=0;fillStyle=solid;fontSize=50;" parent="1" vertex="1">
<mxGeometry x="302.88" y="299" width="39.75" height="50" as="geometry" />
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>

60
diagrams/mpc-decryption.drawio Normal file
View File

@@ -0,0 +1,60 @@
<mxfile host="65bd71144e" pages="2">
<diagram name="Page-1" id="mOAZV9J1HD8CvUNmk5yk">
<mxGraphModel dx="829" dy="548" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="4681" pageHeight="3300" math="0" shadow="0">
<root>
<mxCell id="0"/>
<mxCell id="1" parent="0"/>
<mxCell id="imKlexnwQG8ijFvp7Sfa-1" style="html=1;fontSize=12;rounded=0;entryX=0.013;entryY=0.284;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="174.83000000000004" y="160.12" as="sourcePoint"/>
<mxPoint x="247.9999999999999" y="160" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-2" value="Key share" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;labelBackgroundColor=none;" parent="imKlexnwQG8ijFvp7Sfa-1" vertex="1" connectable="0">
<mxGeometry relative="1" as="geometry">
<mxPoint y="-11" as="offset"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-12" style="rounded=0;html=1;exitX=0.5;exitY=1;exitDx=0;exitDy=0;fontSize=12;" parent="1" source="2" target="imKlexnwQG8ijFvp7Sfa-13" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="293" y="250" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-14" style="html=1;fontSize=12;rounded=0;entryX=0.013;entryY=0.718;entryDx=0;entryDy=0;entryPerimeter=0;endArrow=none;endFill=0;startArrow=classic;startFill=1;" parent="1" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="175" y="200" as="sourcePoint"/>
<mxPoint x="248.16999999999985" y="200.25999999999993" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-15" value="&lt;font style=&quot;font-size: 11px;&quot;&gt;Plaintext&lt;/font&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;labelBackgroundColor=none;" parent="imKlexnwQG8ijFvp7Sfa-14" vertex="1" connectable="0">
<mxGeometry relative="1" as="geometry">
<mxPoint y="-10" as="offset"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-4" value="Prover" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;shadow=1;fontStyle=1" parent="1" vertex="1">
<mxGeometry x="100" y="140" width="80" height="80" as="geometry"/>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-13" value="&lt;font style=&quot;font-size: 12px;&quot;&gt;Decrypt&lt;/font&gt;" style="rounded=1;whiteSpace=wrap;html=1;fontSize=10;shadow=1;" parent="1" vertex="1">
<mxGeometry x="248" y="145" width="90" height="70" as="geometry"/>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-18" style="html=1;fontSize=12;rounded=0;entryX=0.013;entryY=0.284;entryDx=0;entryDy=0;entryPerimeter=0;startArrow=classic;startFill=1;endArrow=none;endFill=0;" parent="1" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="338" y="179.98" as="sourcePoint"/>
<mxPoint x="411.1699999999996" y="179.85999999999999" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-19" value="&lt;style=&quot;font-size: 11px;&quot;=&quot;&quot;&gt;Key share&lt;/style=&quot;font-size:&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;labelBackgroundColor=none;" parent="imKlexnwQG8ijFvp7Sfa-18" vertex="1" connectable="0">
<mxGeometry relative="1" as="geometry">
<mxPoint y="-11" as="offset"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-7" value="Verifier" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;shadow=1;fontStyle=1" parent="1" vertex="1">
<mxGeometry x="405" y="140" width="80" height="80" as="geometry"/>
</mxCell>
<mxCell id="2" value="&lt;span style=&quot;font-family: Helvetica; font-size: 11px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;Ciphertext&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=11;align=center;" parent="1" vertex="1">
<mxGeometry x="263" y="90" width="60" height="20" as="geometry"/>
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>

60
diagrams/mpc-encryption.drawio Normal file
View File

@@ -0,0 +1,60 @@
<mxfile host="65bd71144e" pages="2">
<diagram name="Page-1" id="mOAZV9J1HD8CvUNmk5yk">
<mxGraphModel dx="829" dy="548" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="4681" pageHeight="3300" math="0" shadow="0">
<root>
<mxCell id="0"/>
<mxCell id="1" parent="0"/>
<mxCell id="imKlexnwQG8ijFvp7Sfa-1" style="html=1;fontSize=12;rounded=0;entryX=0.013;entryY=0.284;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="154.83000000000004" y="150.12" as="sourcePoint"/>
<mxPoint x="227.9999999999999" y="150" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-2" value="Key share" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;labelBackgroundColor=none;" parent="imKlexnwQG8ijFvp7Sfa-1" vertex="1" connectable="0">
<mxGeometry relative="1" as="geometry">
<mxPoint y="-11" as="offset"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-12" style="rounded=0;html=1;exitX=0.5;exitY=1;exitDx=0;exitDy=0;fontSize=12;" parent="1" source="imKlexnwQG8ijFvp7Sfa-13" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="273" y="240" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-14" style="html=1;fontSize=12;rounded=0;entryX=0.013;entryY=0.718;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="155" y="190" as="sourcePoint"/>
<mxPoint x="228.16999999999985" y="190.25999999999993" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-15" value="&lt;font style=&quot;font-size: 11px;&quot;&gt;Plaintext&lt;/font&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;labelBackgroundColor=none;" parent="imKlexnwQG8ijFvp7Sfa-14" vertex="1" connectable="0">
<mxGeometry relative="1" as="geometry">
<mxPoint y="-10" as="offset"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-4" value="Prover" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;shadow=1;fontStyle=1" parent="1" vertex="1">
<mxGeometry x="80" y="130" width="80" height="80" as="geometry"/>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-13" value="&lt;font style=&quot;font-size: 12px;&quot;&gt;Encrypt&lt;/font&gt;" style="rounded=1;whiteSpace=wrap;html=1;fontSize=10;shadow=1;" parent="1" vertex="1">
<mxGeometry x="228" y="135" width="90" height="70" as="geometry"/>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-18" style="html=1;fontSize=12;rounded=0;entryX=0.013;entryY=0.284;entryDx=0;entryDy=0;entryPerimeter=0;startArrow=classic;startFill=1;endArrow=none;endFill=0;" parent="1" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="318" y="169.98" as="sourcePoint"/>
<mxPoint x="391.1699999999996" y="169.85999999999999" as="targetPoint"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-19" value="&lt;style=&quot;font-size: 11px;&quot;=&quot;&quot;&gt;Key share&lt;/style=&quot;font-size:&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;labelBackgroundColor=none;" parent="imKlexnwQG8ijFvp7Sfa-18" vertex="1" connectable="0">
<mxGeometry relative="1" as="geometry">
<mxPoint y="-11" as="offset"/>
</mxGeometry>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-7" value="Verifier" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;shadow=1;fontStyle=1" parent="1" vertex="1">
<mxGeometry x="385" y="130" width="80" height="80" as="geometry"/>
</mxCell>
<mxCell id="imKlexnwQG8ijFvp7Sfa-22" value="&lt;span style=&quot;font-family: Helvetica; font-size: 11px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;Ciphertext&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=11;align=center;" parent="1" vertex="1">
<mxGeometry x="243" y="240" width="60" height="20" as="geometry"/>
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>

1953
diagrams/protocol.drawio
View File

File diff suppressed because one or more lines are too long

11
src/SUMMARY.md
View File

@@ -6,13 +6,12 @@
# Protocol
1. [MPC-TLS](./protocol/mpc-tls/README.md)
- [TLS Handshake](./protocol/mpc-tls/handshake.md)
- [MPC-TLS](./protocol/mpc-tls/README.md)
- [Handshake](./protocol/mpc-tls/handshake.md)
- [Encryption and Decryption](./protocol/mpc-tls/encryption.md)
- [Commitment](./protocol/mpc-tls/commitment.md)
- [Signing](./protocol/mpc-tls/signing.md)
2. [Verification](./protocol/verification.md)
3. [Selective Disclosure]()
- [Notarization](./protocol/notarization.md)
- [Verification](./protocol/verification.md)
- [Selective Disclosure]()
# MPC

2
src/diagrams/key_exchange.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 37 KiB

3
src/diagrams/mpc-decryption.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

3
src/diagrams/mpc-encryption.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

2
src/diagrams/protocol.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 76 KiB

After

Width:  |  Height:  |  Size: 76 KiB

10
src/glossary.md
View File

@@ -2,21 +2,23 @@
| Term | Explanation |
| ----- | ----------------------------------------------- |
| AES | Advanced Encryption Standard |
| 2PC | Secure Two-party computation |
| A2M | Addition-to-Multiplication |
| AES | Advanced Encryption Standard |
| DEAP | Dual Execution with Asymmetric Privacy |
| ECDH | Elliptic-Curve Diffie-Hellman |
| ECB | Electronic codebook (encryption mode) |
| ECDH | Elliptic-Curve Diffie-Hellman |
| GC | Garbled Circuit |
| GCM | Galois/Counter Mode |
| GHASH | GCM hash |
| HMAC | Hash-based Message Authentication Code |
| MAC | Message Authentication Code |
| M2a | Multiplication-to-Addition |
| MAC | Message Authentication Code |
| MPC | Secure Multi-party computation |
| OT | oblivious transfer |
| RSA | RivestShamirAdleman (public-key cryptosystem) |
| PMS | Pre master secret (TLS) |
| PRF | Pseudo Random Function |
| PRG | pseudorandom generator |
| PSE | Privacy and Scaling Exploration |
| RSA | RivestShamirAdleman (public-key cryptosystem) |
| TLS | transport layer security |

18
src/mpc/key_exchange.md
View File

@@ -1,18 +1,20 @@
# Key Exchange
In TLS, the first step towards obtaining TLS session keys is to compute a shared secret between the client and the server by running the [ECDH protocol](https://en.wikipedia.org/wiki/Elliptic-curve_DiffieHellman). The resulting shared secret in TLS terms is called the pre-master secret `PMS`.
In TLS, the first step towards obtaining TLS session keys is to compute a shared secret between the client and the server by running the [ECDH protocol](https://en.wikipedia.org/wiki/Elliptic-curve_DiffieHellman). The resulting shared secret in TLS terms is **called the pre-master secret `PMS`**.
With TLSNotary, at the end of the key exchange, the `Server` gets the `PMS` as usual. The `Prover` and the `Verifier`, jointly operating as the TLS client, compute additive shares of the `PMS`. This prevents either party from unilaterally sending or receiving messages with the `Server`. Subsequently, the authenticity and integrity of the messages are guaranteed to both the `Prover` and `Verifier`, while also keeping the plaintext hidden from the `Verifier`.
<img src="../../diagrams/key_exchange.svg" width="800">
Using the notation from Wikipedia, below is the 3-party ECDH protocol between the `Server` the `Requester` and the `Notary`, enabling the `Requester` and the `Notary` to arrive at shares of `PMS`.
The 3-party ECDH protocol between the `Server` the `Prover` and the `Verifier` works as follows:
1. `Server` sends its public key $Q_b$ to `Requester`, and `Requester` forwards it to `Notary`
2. `Requester` picks a random private key share $d_c$ and computes a public key share $Q_c = d_c * G$
3. `Notary` picks a random private key share $d_n$ and computes a public key share $Q_n = d_n * G$
4. `Notary` sends $Q_n$ to `Requester` who computes $Q_a = Q_c + Q_n $ and sends $Q_a$ to `Server`
5. `Requester` computes an EC point $(x_p, y_p) = d_c * Q_b$
6. `Notary` computes an EC point $(x_q, y_q) = d_n * Q_b$
1. `Server` sends its public key $Q_b$ to `Prover`, and `Prover` forwards it to `Verifier`
2. `Prover` picks a random private key share $d_c$ and computes a public key share $Q_c = d_c * G$
3. `Verifier` picks a random private key share $d_n$ and computes a public key share $Q_n = d_n * G$
4. `Verifier` sends $Q_n$ to `Prover` who computes $Q_a = Q_c + Q_n $ and sends $Q_a$ to `Server`
5. `Prover` computes an EC point $(x_p, y_p) = d_c * Q_b$
6. `Verifier` computes an EC point $(x_q, y_q) = d_n * Q_b$
7. Addition of points $(x_p, y_p)$ and $(x_q, y_q)$ results in the coordinate $x_r$, which is `PMS`. (The coordinate $y_r$ is not used in TLS)

20
src/protocol/mpc-tls/README.md
View File

@@ -1,9 +1,21 @@
# MPC-TLS
During the MPC-TLS Phase the `Prover` and the `Notary` work together to generate an authenticated `Transcript` of a TLS session with a `Server`.
During the MPC-TLS phase the `Prover` and the `Verifier` work together to generate an authenticated `Transcript`[^transcript] of a TLS session with a `Server`.
Listed below are some key points regarding this process:
- The identity of the `Server` is not revealed to the `Notary`, but the `Prover` is capable of proving the `Server` identity to a `Verifier` later.
- The `Notary` only ever sees the *encrypted* application data of the TLS session.
- The protocol guarantees that the `Prover` is not solely capable of constructing requests, nor can they forge responses from the `Server`.
- The `Verifier` only ever sees the *encrypted* application data of the TLS session.
- The protocol guarantees that the `Prover` is not solely capable of constructing requests, nor can they forge responses from the `Server`.
- When the `Verifier` is a `Notary` (see section on [Notarization](../notarization.md)), the identity of the `Server` is hidden and can be proven to another application-specific verifier later.
<!-- The MPC-TLS protocol consists of the following steps:
1. **Handshake**
A TLS handshake is the first step in establishing a TLS connection between the `Prover`/`Verifier` and the `Server`. The result of this handshake is a *Pre Master Secret (PMS)*, a symmetrical key that will be used for further encrypted communication. The server has the full key; the `Prover` and the `Verifier` only have their share of this key.
2. **Encryption, Decryption, and MAC Computation**
Next, the `Prover` and `Verifier` use MPC to encrypt, and decrypt, data sent to, and received from, the `Server`. They also compute a *Message Authentication Code (MAC)*
for the data that ensures untampered communication. -->
[^transcript]: A transcript is the application level data that is send to and received from the `Server`

7
src/protocol/mpc-tls/commitment.md
View File

@@ -1,7 +0,0 @@
# Commitment
As part of the TLSNotary protocol, the `User` creates authenticated commitments to the plaintext and the `Notary` signs those commitments without ever seeing the plaintext. This offers a way for the `User` to selectively prove the authenticity of arbitrary portions of the plaintext to the `Verifier`.
A naive approach of creating such authenticated commitments is to extend the `Encryption and Decryption` steps to also compute a commitment (e.g. a blake3 hash) to the plaintext using MPC and have the `Notary` sign that commitment. Unfortunately, such MPC approach is too resource-intensive, prompting us to provide a more lightweight commitment scheme.
The high-level idea is that the `User` creates a commitment to the encodings from the MPC protocol used for `Encryption and Decryption`. Since those encodings are chosen by the `Notary` and are not known to the `User` at the time when she makes a commitment, they can be thought of as "authenticated plaintext".

22
src/protocol/mpc-tls/encryption.md
View File

@@ -1,29 +1,25 @@
# Encryption, Decryption, and MAC Computation
This section explains how the `User` and `Notary` use MPC to encrypt data for the server, decrypt data received from the server, and compute the MAC for the ciphertext using MPC.
This section explains how the `Prover` and `Verifier` use MPC to encrypt data sent to the server, decrypt data received from the server, and compute the MAC for the ciphertext using MPC. It shows how the `Prover` and `Verifier` collaborate to encrypt and decrypt data. The `Verifier` performs these tasks "blindly", without acquiring knowledge of the plaintext.
## Encryption
To encrypt the plaintext, both parties input their TLS key shares as private inputs to the [MPC](/mpc/deap.md) protocol, along with some other public data. Additionally, the `User` inputs her plaintext as a private input.
To encrypt the plaintext, both parties input their TLS key shares as private inputs to the [MPC](/mpc/deap.md) protocol, along with some other public data. Additionally, the `Prover` inputs her plaintext as a private input.
![Encryption](../../diagrams/mpc-encryption.svg)
Both parties see the resulting ciphertext and execute the [2PC MAC](../../mpc/mac.md) protocol to compute the MAC for the ciphertext.
The `User` then dispatches the ciphertext and the MAC to the server.
As explained in the [Commitment section](commitment.md), the `User` creates a commitment to the plaintext (her private input to MPC).
The `Prover` then dispatches the ciphertext and the MAC to the server.
## Decryption
Once the `User` receives the ciphertext and its associated MAC from the server, the parties first authenticate the ciphertext by validating the MAC. They do this by running the [MPC](/mpc/mac.md) protocol to compute the authentic MAC for the ciphertext. They then verify if the authentic MAC matches the MAC received from the server.
Once the `Prover` receives the ciphertext and its associated MAC from the server, the parties first authenticate the ciphertext by validating the MAC. They do this by running the [MPC](/mpc/mac.md) protocol to compute the authentic MAC for the ciphertext. They then verify if the authentic MAC matches the MAC received from the server.
Next, the parties decrypt the ciphertext by providing their key shares as private inputs to the [MPC](/mpc/deap.md) protocol, along with the ciphertext and some other public data.
The resulting plaintext is revealed ONLY to the `User`.
![Decryption](../../diagrams/mpc-decryption.svg)
As discussed in the [Commitment section](/protocol/mpc-tls/commitment.md), the `User` creates a commitment to the plaintext.
The resulting plaintext is revealed ONLY to the `Prover`.
Please note, the actual low-level implementation details of `Decryption` are more nuanced than what we have described here. For more information, please consult [Low-level Decryption details](/mpc/encryption.md).
## Summary
This chapter illustrated how the `Notary` and `User` collaborate to encrypt and decrypt data. The `Notary` performs these tasks "blindly", without acquiring knowledge of the plaintext. In fact, the `Notary` even remains unaware of which `Server` the `User` is communicating with. Additionally, the `User` creates commitments to the plaintext and can use them later to prove the authenticity of the plaintext to a third party `Verifier`.
Please note, the actual low-level implementation details of decryption are more nuanced than what we have described here. For more information, please consult [Low-level Decryption details](/mpc/encryption.md).

15
src/protocol/mpc-tls/handshake.md
View File

@@ -1,12 +1,15 @@
# TLS Handshake
# Handshake
A TLS handshake is the first step in establishing a TLS connection between a `User` and a `Server`. In TLSNotary the `User` is the one who starts the TLS handshake and physically communicates with the `Server`, but all cryptographic TLS operations are performed together with the `Notary` using MPC.
<img src="../../diagrams/key_exchange.svg">
The `User` and `Notary` use a series of MPC protocols to compute the TLS session key in such a way that both only have their share of the key and never learn the full key. Both parties then proceed to complete the TLS handshake using their shares of the key.
A TLS handshake is the first step in establishing a TLS connection between a `Prover` and a `Server`. In TLSNotary the `Prover` is the one who starts the TLS handshake and physically communicates with the `Server`, but all cryptographic TLS operations are performed together with the `Verifier` using MPC.
With the shares of the session key computed and the TLS handshake completed, the parties now proceed to the next MPC protocol where they use their session key shares to jointly generate encrypted requests and decrypt server responses while keeping the plaintext of both the requests and responses private from the `Notary`.
The `Prover` and `Verifier` use a series of MPC protocols to compute the TLS session key in such a way that both only have their share of the key and never learn the full key. Both parties then proceed to complete the TLS handshake using their shares of the key.
See our section on [Key Exchange](../../mpc/key_exchange.md) for more details of how this is done.
> Note: to a third party observer, the `User`'s connection to the server appears like a regular TLS connection and the security guaranteed by TLS remains intact for the `User`.
> Note: to a third party observer, the `Prover`'s connection to the server appears like a regular TLS connection and the security guaranteed by TLS remains intact for the `Prover`.
>
> The only exception is that since the `Notary` is a party to the MPC TLS, the security for the `User` against a malicious `Notary` is guaranteed by the underlying MPC protocols and not by the TLS.
> The only exception is that since the `Verifier` is a party to the MPC TLS, the security for the `Prover` against a malicious `Verifier` is provided by the underlying MPC protocols and not by TLS.
With the shares of the session key computed and the TLS handshake completed, the parties now proceed to the next MPC protocol where they use their session key shares to jointly generate encrypted requests and decrypt server responses while keeping the plaintext of both the requests and responses private from the `Verifier`.

11
src/protocol/mpc-tls/signing.md
View File

@@ -1,11 +0,0 @@
# Signing the Session Header
At the end of the TLSNotary protocol, the `Notary` signs an artifact known as a `Session Header`, thereby attesting to the authenticity of the plaintext from a TLS session. A `Session Header` contains a `User`'s commitment to the plaintext and a `User`'s commitment to TLS-specific data which uniquely identifies the server.
The `User` can later use the signed `Session Header` to prove data provenance to a third-party `Verifier`.
It's important to highlight that throughout the entire TLSNotary protocol, including this signing stage, the `Notary` does not gain knowledge of either the plaintext or the identity of the server with which the `User` communicated.

15
src/protocol/notarization.md Normal file
View File

@@ -0,0 +1,15 @@
# Notarization
As part of the TLSNotary protocol, the `Prover` can create authenticated commitments to the plaintext and have the `Notary` sign them without ever seeing the plaintext. This offers a way for the `Prover` to selectively prove the authenticity of arbitrary portions of the plaintext to a different `Verifier` later.
A naive approach of creating such authenticated commitments is to extend the `Encryption and Decryption` steps to also compute a commitment (e.g. BLAKE3 hash) to the plaintext using MPC and have the `Notary` sign that commitment. Unfortunately, such an approach is too resource-intensive, prompting us to provide a more lightweight commitment scheme.
The high-level idea is that the `Prover` creates a commitment to the encodings from the MPC protocol used for `Encryption and Decryption`. Since those encodings are chosen by the `Notary` and are not known to the `Prover` at the time when she makes a commitment, they can be thought of as *"authenticated plaintext"*.
## Signing the Session Header
The `Notary` signs an artifact known as a `Session Header`, thereby attesting to the authenticity of the plaintext from a TLS session. A `Session Header` contains a `Prover`'s commitment to the plaintext and a `Prover`'s commitment to TLS-specific data which uniquely identifies the server.
The `Prover` can later use the signed `Session Header` to prove data provenance to a third-party `Verifier`.
It's important to highlight that throughout the entire TLSNotary protocol, including this signing stage, the `Notary` does not gain knowledge of either the plaintext or the identity of the server with which the `Prover` communicated.

2
src/protocol/verification.md
View File

@@ -1,7 +1,7 @@
# Verification
To prove data provenance to a third-party `Verifier`, the `Prover` provides the following information:
- [`Session Header`](/protocol/mpc-tls/signing.md) signed by the `Verifier`
- [`Session Header`](/protocol/notarization.md#signing-the-session-header) signed by the `Verifier`
- `opening` to the plaintext commitment
- `TLS-specific data` which uniquely identifies the server
- `identity` of the server