diff --git a/diagrams/data_provenance.drawio b/diagrams/data_provenance.drawio index 57f2480..ba372fe 100644 --- a/diagrams/data_provenance.drawio +++ b/diagrams/data_provenance.drawio @@ -1,25 +1,40 @@ - + - + - - + + - + + + + + + + + + + + + + + + + + + + + + + - - - - - - - + - - + + @@ -27,62 +42,28 @@ - - + + - - + + - - + + - - + + - - + + - - + + - - - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -90,40 +71,115 @@ - - - - - - - + - - + + - + - + - - + + - - + + - - + + - - + + - - + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/diagrams/overview.drawio b/diagrams/overview.drawio index 9af3a0b..3a1d097 100644 --- a/diagrams/overview.drawio +++ b/diagrams/overview.drawio @@ -1,196 +1,201 @@ - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - + - + - - + + - + + + + - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - + - - + + - - + + - + + + + + + + + + + + + + + + + + + + + + + - - + + - + + + + + + + + + + - - + + + + + - - + + - - + + - - + + - - + + - - - - - - - + - + - - + + - + - + + - + - + + - - + + - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - + - - + + + + + - - + + + + + + + + + + + + + + + + + diff --git a/diagrams/overview3.drawio b/diagrams/overview3.drawio index cb4f0aa..5bb99a9 100644 --- a/diagrams/overview3.drawio +++ b/diagrams/overview3.drawio @@ -1,72 +1,86 @@ - + - + - + - + - - + + - + - + - - + + - + - + + + + + + - + - + - + - - + + - - + + - + - + - + + + + + + + + + + diff --git a/src/intro.md b/src/intro.md index a0677c1..62c4920 100644 --- a/src/intro.md +++ b/src/intro.md @@ -1,35 +1,71 @@ # Introduction -TLSNotary is a protocol which allows users to export data from any website in a -credible way. This way they can verify the authenticity of parts of a -TLS-encrypted web session without compromising on privacy. +## Data Provenance without Compromising Privacy, That is Why! -It works by adding a third party, the Notary, to the usual TLS connection -between the User and a web server. The User forwards the encrypted TLS traffic -to the Notary which checks that it has not been tampered with and notarizes the -whole TLS session by signing a transcript of it. +The Internet currently lacks effective, privacy-preserving **Data Provenance**. [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security), also known as the "s" in "https" 🔐 to the general public, ensures that data can be securely communicated between a server and a user. But how can this user credibly share this data with another user or server without compromising security, privacy, and control? -The User can now use this transcript and disclose parts of it to another -party, which we call the Verifier. The Verifier only needs to trust the Notary -in order to accept proofs from many different users. This way, TLSNotary -can be used for a variety of purposes. For example you can use TLSNotary to -prove that +Enter TLSNotary: a protocol enabling users to export data securely from any website. Using Zero Knowledge Proof (ZKP) technology, this data can be selectively shared with others in a cryptographically verifiable manner. -- you have received a money transfer using your online banking account, without - revealing your login credentials or sensitive financial information. -- you have access to an account on a web platform. -- a website showed some specific content on a certain date. +TLSNotary makes data truly portable and allows users to share it with others as they see fit. -Overall, the TLSNotary protocol can be used in any scenario where you need to -prove to a third party facts about the content of a TLS connection. +## How Does the TLSNotary Protocol Work? -Some interesting aspects of TLSNotary are: -- The protocol is transparent to the web server, because it is not aware of the - notarization process. For the server it just looks like normal browsing. -- Data is kept private from the Notary. The Notary only sees the ciphertext and - never has access to the plaintext. -- No modifications to the TLS protocol are needed. You can use it without any - changes to web servers. -- The Notary and the Verifier can be the same entity. That means if you as a - Verifier do not want to trust some Notary server, you can run one yourself. +The TLSNotary protocol consists of 4 steps: +1. The `User` **requests** the data from the `Server` privately and securely. +2. The `Notary` **checks** for data tampering and **signs** the data. +3. The `User` **selectively discloses** the data to the `Verifier`. +4. The `Verifier` **verifies** the data. +![](./png-diagrams/overview3.png) + +### ① Multi-party TLS Request + +TLSNotary works by adding a third party, the `Notary`, to the usual TLS connection between the `User` and a `Server`. This `Notary` is **not "[a man in the middle](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)"**. Instead, the `Notary` participates in a **secure multi-party computation** (MPC) to jointly operate the TLS connection without ever seeing the data in plain text; the `Notary` only sees encrypted data. Given that the `Notary` only sees the temporary key of the `Server`, the `Notary` does not know which `Server` the `User` is communicating with. The TLSNotary protocol is transparent to the `Server`. From the `Server`'s perspective, the User's connection is a standard TLS connection. + + +### ② Notarization + +By participating in the **secure multi-party computation** (MPC) for TLS communication, the `Notary` can validate the authenticity and integrity of the communication with the `Server`. If the `User` has not cheated, the `Notary` **signs** the transcript of the entire TLS session. Since the `Notary` only checks encrypted data, this process is referred to as "blind signing". + +### ③ Selective Disclosure + +The TLSNotary protocol provides a means for the `User` to selectively prove the authenticity of arbitrary sections of the transcript to a `Verifier`. In this context, the `User` is often referred to as the `Prover`. + +Due to the manner in which the `Notary` signs the transcript, the `User` can **redact sections**, thereby removing sensitive data. This capability can be paired with Zero-Knowledge Proofs to prove properties of the redacted data without revealing the data itself. + +### ④ Verification + +A `Verifier` validates the proof received from the `User`. By comparing the signature against the `Notary`'s public key, the `Verifier` ensures that the `User` did not tamper with the data. +The data's origin can be verified by inspecting the `Server` certificate through trusted certificate authorities (CAs). + +### Trust Assumptions + +TLSNotary requires a trust assumption. A `Verifier` of a proof must trust that the `Notary` did not collude with the `User` to forge it. This trust can be minimized by requiring multiple proofs, each signed by a different notary. + +In certain applications, the `Verifier` might also function as the `Notary`, leading to **fully trustless proofs**. + +## What Can TLSNotary Do? + +TLSNotary can be used for various purposes. For example, you can use TLSNotary to prove that: +- you have access to an account on a web platform +- a website showed specific content on a certain date +- you have private information about yourself (address, birth date, health, etc.) +- you have received a money transfer using your online banking account without revealing your login credentials or sensitive financial information +- you received a private message from someone +- you were blocked from using an app +- you earned professional certificates + +While TLSNotary can notarize publicly available data, it does not solve the "[oracle problem](https://ethereum.org/en/developers/docs/oracles/)". For this use case, existing oracle solutions are more suitable. + +## Who is behind TLSNotary? + +TLSNotary is developed by the Privacy and Scaling Exploration (PSE) research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives. + +TLSNotary is not a new project; in fact, it has been around for [more than a decade](https://bitcointalk.org/index.php?topic=173220.0). + +In 2022, TLSNotary was rebuilt from the ground up in [Rust](https://www.rust-lang.org/) incorporating state-of-the-art cryptographic protocols. This renewed version of the TLSNotary protocol offers enhanced security, privacy, and performance. + +Older versions of TLSNotary, including PageSigner, have been archived due to a security vulnerability. diff --git a/src/png-diagrams/data_provenance.png b/src/png-diagrams/data_provenance.png index af7903d..d07a378 100644 Binary files a/src/png-diagrams/data_provenance.png and b/src/png-diagrams/data_provenance.png differ diff --git a/src/png-diagrams/overview.png b/src/png-diagrams/overview.png index 6cec5a8..53da54b 100644 Binary files a/src/png-diagrams/overview.png and b/src/png-diagrams/overview.png differ diff --git a/src/png-diagrams/overview3.png b/src/png-diagrams/overview3.png index 780521b..d2e6f46 100644 Binary files a/src/png-diagrams/overview3.png and b/src/png-diagrams/overview3.png differ