wip

* refactor: remove encoding commitment

* remove unused field

* clippy

Cargo.toml

@@ -13,6 +13,7 @@ members = [
     "crates/server-fixture/server",
     "crates/tls/backend",
     "crates/tls/client",
+    "crates/tls/client-async",
     "crates/tls/core",
     "crates/mpc-tls",
     "crates/tls/server-fixture",
@@ -52,10 +53,12 @@ tlsn-formats = { path = "crates/formats" }
 tlsn-hmac-sha256 = { path = "crates/components/hmac-sha256" }
 tlsn-key-exchange = { path = "crates/components/key-exchange" }
 tlsn-mpc-tls = { path = "crates/mpc-tls" }
+tlsn-mux = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "d9facb6" }
 tlsn-server-fixture = { path = "crates/server-fixture/server" }
 tlsn-server-fixture-certs = { path = "crates/server-fixture/certs" }
 tlsn-tls-backend = { path = "crates/tls/backend" }
 tlsn-tls-client = { path = "crates/tls/client" }
+tlsn-tls-client-async = { path = "crates/tls/client-async" }
 tlsn-tls-core = { path = "crates/tls/core" }
 tlsn-utils = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "6168663" }
 tlsn-harness-core = { path = "crates/harness/core" }
@@ -64,27 +67,25 @@ tlsn-harness-runner = { path = "crates/harness/runner" }
 tlsn-wasm = { path = "crates/wasm" }
 tlsn = { path = "crates/tlsn" }
 
-mpz-circuits = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-circuits-data = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-memory-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-common = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-vm-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-garble = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-garble-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-ole = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-ot = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-share-conversion = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-fields = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-zk = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-hash = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
-mpz-ideal-vm = { git = "https://github.com/privacy-ethereum/mpz", rev = "9c343f8" }
+mpz-circuits = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-circuits-data = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-memory-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-common = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-vm-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-garble = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-garble-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-ole = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-ot = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-share-conversion = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-fields = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-zk = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-hash = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
+mpz-ideal-vm = { git = "https://github.com/privacy-ethereum/mpz", rev = "bc1d4ad" }
 
-futures-plex = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "c210f2f" }
 rangeset = { version = "0.4" }
 serio = { version = "0.2" }
 spansy = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "6f1a934" }
-uid-mux = { version = "0.2" }
 websocket-relay = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "6f1a934" }
 
 aead = { version = "0.4" }

crates/attestation/Cargo.toml

@@ -27,6 +27,7 @@ alloy-primitives = { version = "1.3.1", default-features = false }
 alloy-signer = { version = "1.0", default-features = false }
 alloy-signer-local = { version = "1.0", default-features = false }
 rand06-compat = { workspace = true }
+rangeset = { workspace = true }
 rstest = { workspace = true }
 tlsn-core = { workspace = true, features = ["fixtures"] }
 tlsn-data-fixtures = { workspace = true }

crates/attestation/src/builder.rs

@@ -5,7 +5,7 @@ use rand::{Rng, rng};
 use tlsn_core::{
     connection::{ConnectionInfo, ServerEphemKey},
     hash::HashAlgId,
-    transcript::{TranscriptCommitment, encoding::EncoderSecret},
+    transcript::TranscriptCommitment,
 };
 
 use crate::{
@@ -25,7 +25,6 @@ pub struct Sign {
     connection_info: Option<ConnectionInfo>,
     server_ephemeral_key: Option<ServerEphemKey>,
     cert_commitment: ServerCertCommitment,
-    encoder_secret: Option<EncoderSecret>,
     extensions: Vec<Extension>,
     transcript_commitments: Vec<TranscriptCommitment>,
 }
@@ -87,7 +86,6 @@ impl<'a> AttestationBuilder<'a, Accept> {
                 connection_info: None,
                 server_ephemeral_key: None,
                 cert_commitment,
-                encoder_secret: None,
                 transcript_commitments: Vec::new(),
                 extensions,
             },
@@ -108,12 +106,6 @@ impl AttestationBuilder<'_, Sign> {
         self
     }
 
-    /// Sets the secret for encoding commitments.
-    pub fn encoder_secret(&mut self, secret: EncoderSecret) -> &mut Self {
-        self.state.encoder_secret = Some(secret);
-        self
-    }
-
     /// Adds an extension to the attestation.
     pub fn extension(&mut self, extension: Extension) -> &mut Self {
         self.state.extensions.push(extension);
@@ -137,7 +129,6 @@ impl AttestationBuilder<'_, Sign> {
             connection_info,
             server_ephemeral_key,
             cert_commitment,
-            encoder_secret,
             extensions,
             transcript_commitments,
         } = self.state;
@@ -168,7 +159,6 @@ impl AttestationBuilder<'_, Sign> {
                 AttestationBuilderError::new(ErrorKind::Field, "handshake data was not set")
             })?),
             cert_commitment: field_id.next(cert_commitment),
-            encoder_secret: encoder_secret.map(|secret| field_id.next(secret)),
             extensions: extensions
                 .into_iter()
                 .map(|extension| field_id.next(extension))
@@ -253,8 +243,7 @@ mod test {
     use rstest::{fixture, rstest};
     use tlsn_core::{
         connection::{CertBinding, CertBindingV1_2},
-        fixtures::{ConnectionFixture, encoding_provider},
-        hash::Blake3,
+        fixtures::ConnectionFixture,
         transcript::Transcript,
     };
     use tlsn_data_fixtures::http::{request::GET_WITH_HEADER, response::OK_JSON};
@@ -285,13 +274,7 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection,
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } = request_fixture(transcript, connection, Vec::new());
 
         let attestation_config = AttestationConfig::builder()
             .supported_signature_algs([SignatureAlgId::SECP256R1])
@@ -310,13 +293,7 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection,
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } = request_fixture(transcript, connection, Vec::new());
 
         let attestation_config = AttestationConfig::builder()
             .supported_signature_algs([SignatureAlgId::SECP256K1])
@@ -336,13 +313,7 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection,
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } = request_fixture(transcript, connection, Vec::new());
 
         let attestation_builder = Attestation::builder(attestation_config)
             .accept_request(request)
@@ -363,13 +334,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let mut attestation_builder = Attestation::builder(attestation_config)
             .accept_request(request)
@@ -393,13 +359,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let mut attestation_builder = Attestation::builder(attestation_config)
             .accept_request(request)
@@ -432,9 +393,7 @@ mod test {
 
         let RequestFixture { request, .. } = request_fixture(
             transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
             connection.clone(),
-            Blake3::default(),
             vec![Extension {
                 id: b"foo".to_vec(),
                 value: b"bar".to_vec(),
@@ -461,9 +420,7 @@ mod test {
 
         let RequestFixture { request, .. } = request_fixture(
             transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
             connection.clone(),
-            Blake3::default(),
             vec![Extension {
                 id: b"foo".to_vec(),
                 value: b"bar".to_vec(),

crates/attestation/src/fixtures.rs

@@ -2,11 +2,7 @@
 use tlsn_core::{
     connection::{CertBinding, CertBindingV1_2},
     fixtures::ConnectionFixture,
-    hash::HashAlgorithm,
-    transcript::{
-        Transcript, TranscriptCommitConfigBuilder, TranscriptCommitment,
-        encoding::{EncodingProvider, EncodingTree},
-    },
+    transcript::{Transcript, TranscriptCommitConfigBuilder, TranscriptCommitment},
 };
 
 use crate::{
@@ -21,16 +17,13 @@ use crate::{
 /// A Request fixture used for testing.
 #[allow(missing_docs)]
 pub struct RequestFixture {
-    pub encoding_tree: EncodingTree,
     pub request: Request,
 }
 
 /// Returns a request fixture for testing.
 pub fn request_fixture(
     transcript: Transcript,
-    encodings_provider: impl EncodingProvider,
     connection: ConnectionFixture,
-    encoding_hasher: impl HashAlgorithm,
     extensions: Vec<Extension>,
 ) -> RequestFixture {
     let provider = CryptoProvider::default();
@@ -50,16 +43,10 @@ pub fn request_fixture(
         .unwrap();
     let transcripts_commitment_config = transcript_commitment_builder.build().unwrap();
 
-    // Prover constructs encoding tree.
-    let encoding_tree = EncodingTree::new(
-        &encoding_hasher,
-        transcripts_commitment_config.iter_encoding(),
-        &encodings_provider,
-    )
-    .unwrap();
-
     let mut builder = RequestConfig::builder();
 
+    builder.transcript_commit(transcripts_commitment_config);
+
     for extension in extensions {
         builder.extension(extension);
     }
@@ -74,10 +61,7 @@ pub fn request_fixture(
 
     let (request, _) = request_builder.build(&provider).unwrap();
 
-    RequestFixture {
-        encoding_tree,
-        request,
-    }
+    RequestFixture { request }
 }
 
 /// Returns an attestation fixture for testing.

crates/attestation/src/lib.rs

@@ -79,8 +79,6 @@
 //!
 //! // Specify all the transcript commitments we want to make.
 //! builder
-//!     // Use BLAKE3 for encoding commitments.
-//!     .encoding_hash_alg(HashAlgId::BLAKE3)
 //!     // Commit to all sent data.
 //!     .commit_sent(&(0..sent_len))?
 //!     // Commit to the first 10 bytes of sent data.
@@ -129,7 +127,7 @@
 //!
 //! ```no_run
 //! # use tlsn_attestation::{Attestation, CryptoProvider, Secrets, presentation::Presentation};
-//! # use tlsn_core::transcript::{TranscriptCommitmentKind, Direction};
+//! # use tlsn_core::transcript::Direction;
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! # let attestation: Attestation = unimplemented!();
 //! # let secrets: Secrets = unimplemented!();
@@ -140,8 +138,6 @@
 //! let mut builder = secrets.transcript_proof_builder();
 //!
 //! builder
-//!     // Use transcript encoding commitments.
-//!     .commitment_kinds(&[TranscriptCommitmentKind::Encoding])
 //!     // Disclose the first 10 bytes of the sent data.
 //!     .reveal(&(0..10), Direction::Sent)?
 //!     // Disclose all of the received data.
@@ -219,7 +215,7 @@ use tlsn_core::{
     connection::{ConnectionInfo, ServerEphemKey},
     hash::{Hash, HashAlgorithm, TypedHash},
     merkle::MerkleTree,
-    transcript::{TranscriptCommitment, encoding::EncoderSecret},
+    transcript::TranscriptCommitment,
 };
 
 use crate::{
@@ -301,8 +297,6 @@ pub enum FieldKind {
     ServerEphemKey = 0x02,
     /// Server identity commitment.
     ServerIdentityCommitment = 0x03,
-    /// Encoding commitment.
-    EncodingCommitment = 0x04,
     /// Plaintext hash commitment.
     PlaintextHash = 0x05,
 }
@@ -327,7 +321,6 @@ pub struct Body {
     connection_info: Field<ConnectionInfo>,
     server_ephemeral_key: Field<ServerEphemKey>,
     cert_commitment: Field<ServerCertCommitment>,
-    encoder_secret: Option<Field<EncoderSecret>>,
     extensions: Vec<Field<Extension>>,
     transcript_commitments: Vec<Field<TranscriptCommitment>>,
 }
@@ -373,7 +366,6 @@ impl Body {
             connection_info: conn_info,
             server_ephemeral_key,
             cert_commitment,
-            encoder_secret,
             extensions,
             transcript_commitments,
         } = self;
@@ -391,13 +383,6 @@ impl Body {
             ),
         ];
 
-        if let Some(encoder_secret) = encoder_secret {
-            fields.push((
-                encoder_secret.id,
-                hasher.hash_separated(&encoder_secret.data),
-            ));
-        }
-
         for field in extensions.iter() {
             fields.push((field.id, hasher.hash_separated(&field.data)));
         }

crates/attestation/src/presentation.rs

@@ -91,11 +91,6 @@ impl Presentation {
                 transcript.verify_with_provider(
                     &provider.hash,
                     &attestation.body.connection_info().transcript_length,
-                    attestation
-                        .body
-                        .encoder_secret
-                        .as_ref()
-                        .map(|field| &field.data),
                     attestation.body.transcript_commitments(),
                 )
             })

crates/attestation/src/request.rs

@@ -144,9 +144,7 @@ impl std::fmt::Display for ErrorKind {
 #[cfg(test)]
 mod test {
     use tlsn_core::{
-        connection::TranscriptLength,
-        fixtures::{ConnectionFixture, encoding_provider},
-        hash::{Blake3, HashAlgId},
+        connection::TranscriptLength, fixtures::ConnectionFixture, hash::HashAlgId,
         transcript::Transcript,
     };
     use tlsn_data_fixtures::http::{request::GET_WITH_HEADER, response::OK_JSON};
@@ -164,13 +162,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let attestation =
             attestation_fixture(request.clone(), connection, SignatureAlgId::SECP256K1, &[]);
@@ -185,13 +178,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { mut request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { mut request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let attestation =
             attestation_fixture(request.clone(), connection, SignatureAlgId::SECP256K1, &[]);
@@ -209,13 +197,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { mut request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { mut request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let attestation =
             attestation_fixture(request.clone(), connection, SignatureAlgId::SECP256K1, &[]);
@@ -233,13 +216,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { mut request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { mut request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let attestation =
             attestation_fixture(request.clone(), connection, SignatureAlgId::SECP256K1, &[]);
@@ -265,13 +243,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let mut attestation =
             attestation_fixture(request.clone(), connection, SignatureAlgId::SECP256K1, &[]);
@@ -289,13 +262,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let attestation =
             attestation_fixture(request.clone(), connection, SignatureAlgId::SECP256K1, &[]);

crates/attestation/src/serialize.rs

@@ -49,6 +49,4 @@ impl_domain_separator!(tlsn_core::connection::ConnectionInfo);
 impl_domain_separator!(tlsn_core::connection::CertBinding);
 impl_domain_separator!(tlsn_core::transcript::TranscriptCommitment);
 impl_domain_separator!(tlsn_core::transcript::TranscriptSecret);
-impl_domain_separator!(tlsn_core::transcript::encoding::EncoderSecret);
-impl_domain_separator!(tlsn_core::transcript::encoding::EncodingCommitment);
 impl_domain_separator!(tlsn_core::transcript::hash::PlaintextHash);

crates/attestation/tests/api.rs

@@ -1,3 +1,5 @@
+use rand::{Rng, SeedableRng, rngs::StdRng};
+use rangeset::set::RangeSet;
 use tlsn_attestation::{
     Attestation, AttestationConfig, CryptoProvider,
     presentation::PresentationOutput,
@@ -6,12 +8,11 @@ use tlsn_attestation::{
 };
 use tlsn_core::{
     connection::{CertBinding, CertBindingV1_2},
-    fixtures::{self, ConnectionFixture, encoder_secret},
-    hash::Blake3,
+    fixtures::ConnectionFixture,
+    hash::{Blake3, Blinder, HashAlgId},
     transcript::{
-        Direction, Transcript, TranscriptCommitConfigBuilder, TranscriptCommitment,
-        TranscriptSecret,
-        encoding::{EncodingCommitment, EncodingTree},
+        Direction, Transcript, TranscriptCommitment, TranscriptSecret,
+        hash::{PlaintextHash, PlaintextHashSecret, hash_plaintext},
     },
 };
 use tlsn_data_fixtures::http::{request::GET_WITH_HEADER, response::OK_JSON};
@@ -19,6 +20,7 @@ use tlsn_data_fixtures::http::{request::GET_WITH_HEADER, response::OK_JSON};
 /// Tests that the attestation protocol and verification work end-to-end
 #[test]
 fn test_api() {
+    let mut rng = StdRng::seed_from_u64(0);
     let mut provider = CryptoProvider::default();
 
     // Configure signer for Notary
@@ -26,8 +28,6 @@ fn test_api() {
 
     let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
     let (sent_len, recv_len) = transcript.len();
-    // Plaintext encodings which the Prover obtained from GC evaluation
-    let encodings_provider = fixtures::encoding_provider(GET_WITH_HEADER, OK_JSON);
 
     // At the end of the TLS connection the Prover holds the:
     let ConnectionFixture {
@@ -44,26 +44,38 @@ fn test_api() {
         unreachable!()
     };
 
-    // Prover specifies the ranges it wants to commit to.
-    let mut transcript_commitment_builder = TranscriptCommitConfigBuilder::new(&transcript);
-    transcript_commitment_builder
-        .commit_sent(&(0..sent_len))
-        .unwrap()
-        .commit_recv(&(0..recv_len))
-        .unwrap();
+    // Create hash commitments
+    let hasher = Blake3::default();
+    let sent_blinder: Blinder = rng.random();
+    let recv_blinder: Blinder = rng.random();
 
-    let transcripts_commitment_config = transcript_commitment_builder.build().unwrap();
+    let sent_idx = RangeSet::from(0..sent_len);
+    let recv_idx = RangeSet::from(0..recv_len);
 
-    // Prover constructs encoding tree.
-    let encoding_tree = EncodingTree::new(
-        &Blake3::default(),
-        transcripts_commitment_config.iter_encoding(),
-        &encodings_provider,
-    )
-    .unwrap();
+    let sent_hash_commitment = PlaintextHash {
+        direction: Direction::Sent,
+        idx: sent_idx.clone(),
+        hash: hash_plaintext(&hasher, transcript.sent(), &sent_blinder),
+    };
 
-    let encoding_commitment = EncodingCommitment {
-        root: encoding_tree.root(),
+    let recv_hash_commitment = PlaintextHash {
+        direction: Direction::Received,
+        idx: recv_idx.clone(),
+        hash: hash_plaintext(&hasher, transcript.received(), &recv_blinder),
+    };
+
+    let sent_hash_secret = PlaintextHashSecret {
+        direction: Direction::Sent,
+        idx: sent_idx,
+        alg: HashAlgId::BLAKE3,
+        blinder: sent_blinder,
+    };
+
+    let recv_hash_secret = PlaintextHashSecret {
+        direction: Direction::Received,
+        idx: recv_idx,
+        alg: HashAlgId::BLAKE3,
+        blinder: recv_blinder,
     };
 
     let request_config = RequestConfig::default();
@@ -74,8 +86,14 @@ fn test_api() {
         .handshake_data(server_cert_data)
         .transcript(transcript)
         .transcript_commitments(
-            vec![TranscriptSecret::Encoding(encoding_tree)],
-            vec![TranscriptCommitment::Encoding(encoding_commitment.clone())],
+            vec![
+                TranscriptSecret::Hash(sent_hash_secret),
+                TranscriptSecret::Hash(recv_hash_secret),
+            ],
+            vec![
+                TranscriptCommitment::Hash(sent_hash_commitment.clone()),
+                TranscriptCommitment::Hash(recv_hash_commitment.clone()),
+            ],
         );
 
     let (request, secrets) = request_builder.build(&provider).unwrap();
@@ -95,8 +113,10 @@ fn test_api() {
         .connection_info(connection_info.clone())
         // Server key Notary received during handshake
         .server_ephemeral_key(server_ephemeral_key)
-        .encoder_secret(encoder_secret())
-        .transcript_commitments(vec![TranscriptCommitment::Encoding(encoding_commitment)]);
+        .transcript_commitments(vec![
+            TranscriptCommitment::Hash(sent_hash_commitment),
+            TranscriptCommitment::Hash(recv_hash_commitment),
+        ]);
 
     let attestation = attestation_builder.build(&provider).unwrap();
 

crates/core/src/fixtures.rs

@@ -1,10 +1,7 @@
 //! Fixtures for testing
 
-mod provider;
 pub mod transcript;
 
-pub use provider::FixtureEncodingProvider;
-
 use hex::FromHex;
 
 use crate::{
@@ -13,10 +10,6 @@ use crate::{
         ServerEphemKey, ServerName, ServerSignature, SignatureAlgorithm, TlsVersion,
         TranscriptLength,
     },
-    transcript::{
-        encoding::{EncoderSecret, EncodingProvider},
-        Transcript,
-    },
     webpki::CertificateDer,
 };
 
@@ -129,27 +122,3 @@ impl ConnectionFixture {
         server_ephemeral_key
     }
 }
-
-/// Returns an encoding provider fixture.
-pub fn encoding_provider(tx: &[u8], rx: &[u8]) -> impl EncodingProvider {
-    let secret = encoder_secret();
-    FixtureEncodingProvider::new(&secret, Transcript::new(tx, rx))
-}
-
-/// Seed fixture.
-const SEED: [u8; 32] = [0; 32];
-
-/// Delta fixture.
-const DELTA: [u8; 16] = [1; 16];
-
-/// Returns an encoder secret fixture.
-pub fn encoder_secret() -> EncoderSecret {
-    EncoderSecret::new(SEED, DELTA)
-}
-
-/// Returns a tampered encoder secret fixture.
-pub fn encoder_secret_tampered_seed() -> EncoderSecret {
-    let mut seed = SEED;
-    seed[0] += 1;
-    EncoderSecret::new(seed, DELTA)
-}

crates/core/src/fixtures/provider.rs

@@ -1,41 +0,0 @@
-use std::ops::Range;
-
-use crate::transcript::{
-    encoding::{new_encoder, Encoder, EncoderSecret, EncodingProvider, EncodingProviderError},
-    Direction, Transcript,
-};
-
-/// A encoding provider fixture.
-pub struct FixtureEncodingProvider {
-    encoder: Box<dyn Encoder>,
-    transcript: Transcript,
-}
-
-impl FixtureEncodingProvider {
-    /// Creates a new encoding provider fixture.
-    pub(crate) fn new(secret: &EncoderSecret, transcript: Transcript) -> Self {
-        Self {
-            encoder: Box::new(new_encoder(secret)),
-            transcript,
-        }
-    }
-}
-
-impl EncodingProvider for FixtureEncodingProvider {
-    fn provide_encoding(
-        &self,
-        direction: Direction,
-        range: Range<usize>,
-        dest: &mut Vec<u8>,
-    ) -> Result<(), EncodingProviderError> {
-        let transcript = match direction {
-            Direction::Sent => &self.transcript.sent(),
-            Direction::Received => &self.transcript.received(),
-        };
-
-        let data = transcript.get(range.clone()).ok_or(EncodingProviderError)?;
-        self.encoder.encode_data(direction, range, data, dest);
-
-        Ok(())
-    }
-}

crates/core/src/lib.rs

@@ -19,9 +19,7 @@ use serde::{Deserialize, Serialize};
 
 use crate::{
     connection::ServerName,
-    transcript::{
-        encoding::EncoderSecret, PartialTranscript, TranscriptCommitment, TranscriptSecret,
-    },
+    transcript::{PartialTranscript, TranscriptCommitment, TranscriptSecret},
 };
 
 /// Prover output.
@@ -42,8 +40,6 @@ pub struct VerifierOutput {
     pub server_name: Option<ServerName>,
     /// Transcript data.
     pub transcript: Option<PartialTranscript>,
-    /// Encoding commitment secret.
-    pub encoder_secret: Option<EncoderSecret>,
     /// Transcript commitments.
     pub transcript_commitments: Vec<TranscriptCommitment>,
 }

crates/core/src/merkle.rs

@@ -63,11 +63,6 @@ impl MerkleProof {
 
         Ok(())
     }
-
-    /// Returns the leaf count of the Merkle tree associated with the proof.
-    pub(crate) fn leaf_count(&self) -> usize {
-        self.leaf_count
-    }
 }
 
 #[derive(Clone)]

crates/core/src/transcript.rs

@@ -19,7 +19,6 @@
 //! withheld.
 
 mod commit;
-pub mod encoding;
 pub mod hash;
 mod proof;
 mod tls;

crates/core/src/transcript/commit.rs

@@ -8,27 +8,15 @@ use serde::{Deserialize, Serialize};
 use crate::{
     hash::HashAlgId,
     transcript::{
-        encoding::{EncodingCommitment, EncodingTree},
         hash::{PlaintextHash, PlaintextHashSecret},
         Direction, RangeSet, Transcript,
     },
 };
 
-/// The maximum allowed total bytelength of committed data for a single
-/// commitment kind. Used to prevent DoS during verification. (May cause the
-/// verifier to hash up to a max of 1GB * 128 = 128GB of data for certain kinds
-/// of encoding commitments.)
-///
-/// This value must not exceed bcs's MAX_SEQUENCE_LENGTH limit (which is (1 <<
-/// 31) - 1 by default)
-pub(crate) const MAX_TOTAL_COMMITTED_DATA: usize = 1_000_000_000;
-
 /// Kind of transcript commitment.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
 #[non_exhaustive]
 pub enum TranscriptCommitmentKind {
-    /// A commitment to encodings of the transcript.
-    Encoding,
     /// A hash commitment to plaintext in the transcript.
     Hash {
         /// The hash algorithm used.
@@ -39,7 +27,6 @@ pub enum TranscriptCommitmentKind {
 impl fmt::Display for TranscriptCommitmentKind {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
-            Self::Encoding => f.write_str("encoding"),
             Self::Hash { alg } => write!(f, "hash ({alg})"),
         }
     }
@@ -49,8 +36,6 @@ impl fmt::Display for TranscriptCommitmentKind {
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[non_exhaustive]
 pub enum TranscriptCommitment {
-    /// Encoding commitment.
-    Encoding(EncodingCommitment),
     /// Plaintext hash commitment.
     Hash(PlaintextHash),
 }
@@ -59,8 +44,6 @@ pub enum TranscriptCommitment {
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[non_exhaustive]
 pub enum TranscriptSecret {
-    /// Encoding tree.
-    Encoding(EncodingTree),
     /// Plaintext hash secret.
     Hash(PlaintextHashSecret),
 }
@@ -68,9 +51,6 @@ pub enum TranscriptSecret {
 /// Configuration for transcript commitments.
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct TranscriptCommitConfig {
-    encoding_hash_alg: HashAlgId,
-    has_encoding: bool,
-    has_hash: bool,
     commits: Vec<((Direction, RangeSet<usize>), TranscriptCommitmentKind)>,
 }
 
@@ -80,53 +60,23 @@ impl TranscriptCommitConfig {
         TranscriptCommitConfigBuilder::new(transcript)
     }
 
-    /// Returns the hash algorithm to use for encoding commitments.
-    pub fn encoding_hash_alg(&self) -> &HashAlgId {
-        &self.encoding_hash_alg
-    }
-
-    /// Returns `true` if the configuration has any encoding commitments.
-    pub fn has_encoding(&self) -> bool {
-        self.has_encoding
-    }
-
     /// Returns `true` if the configuration has any hash commitments.
     pub fn has_hash(&self) -> bool {
-        self.has_hash
-    }
-
-    /// Returns an iterator over the encoding commitment indices.
-    pub fn iter_encoding(&self) -> impl Iterator<Item = &(Direction, RangeSet<usize>)> {
-        self.commits.iter().filter_map(|(idx, kind)| match kind {
-            TranscriptCommitmentKind::Encoding => Some(idx),
-            _ => None,
-        })
+        self.commits
+            .iter()
+            .any(|(_, kind)| matches!(kind, TranscriptCommitmentKind::Hash { .. }))
     }
 
     /// Returns an iterator over the hash commitment indices.
     pub fn iter_hash(&self) -> impl Iterator<Item = (&(Direction, RangeSet<usize>), &HashAlgId)> {
-        self.commits.iter().filter_map(|(idx, kind)| match kind {
-            TranscriptCommitmentKind::Hash { alg } => Some((idx, alg)),
-            _ => None,
+        self.commits.iter().map(|(idx, kind)| match kind {
+            TranscriptCommitmentKind::Hash { alg } => (idx, alg),
         })
     }
 
     /// Returns a request for the transcript commitments.
     pub fn to_request(&self) -> TranscriptCommitRequest {
         TranscriptCommitRequest {
-            encoding: self.has_encoding.then(|| {
-                let mut sent = RangeSet::default();
-                let mut recv = RangeSet::default();
-
-                for (dir, idx) in self.iter_encoding() {
-                    match dir {
-                        Direction::Sent => sent.union_mut(idx),
-                        Direction::Received => recv.union_mut(idx),
-                    }
-                }
-
-                (sent, recv)
-            }),
             hash: self
                 .iter_hash()
                 .map(|((dir, idx), alg)| (*dir, idx.clone(), *alg))
@@ -136,15 +86,9 @@ impl TranscriptCommitConfig {
 }
 
 /// A builder for [`TranscriptCommitConfig`].
-///
-/// The default hash algorithm is [`HashAlgId::BLAKE3`] and the default kind
-/// is [`TranscriptCommitmentKind::Encoding`].
 #[derive(Debug)]
 pub struct TranscriptCommitConfigBuilder<'a> {
     transcript: &'a Transcript,
-    encoding_hash_alg: HashAlgId,
-    has_encoding: bool,
-    has_hash: bool,
     default_kind: TranscriptCommitmentKind,
     commits: HashSet<((Direction, RangeSet<usize>), TranscriptCommitmentKind)>,
 }
@@ -154,20 +98,13 @@ impl<'a> TranscriptCommitConfigBuilder<'a> {
     pub fn new(transcript: &'a Transcript) -> Self {
         Self {
             transcript,
-            encoding_hash_alg: HashAlgId::BLAKE3,
-            has_encoding: false,
-            has_hash: false,
-            default_kind: TranscriptCommitmentKind::Encoding,
+            default_kind: TranscriptCommitmentKind::Hash {
+                alg: HashAlgId::BLAKE3,
+            },
             commits: HashSet::default(),
         }
     }
 
-    /// Sets the hash algorithm to use for encoding commitments.
-    pub fn encoding_hash_alg(&mut self, alg: HashAlgId) -> &mut Self {
-        self.encoding_hash_alg = alg;
-        self
-    }
-
     /// Sets the default kind of commitment to use.
     pub fn default_kind(&mut self, default_kind: TranscriptCommitmentKind) -> &mut Self {
         self.default_kind = default_kind;
@@ -201,11 +138,6 @@ impl<'a> TranscriptCommitConfigBuilder<'a> {
             ));
         }
 
-        match kind {
-            TranscriptCommitmentKind::Encoding => self.has_encoding = true,
-            TranscriptCommitmentKind::Hash { .. } => self.has_hash = true,
-        }
-
         self.commits.insert(((direction, idx), kind));
 
         Ok(self)
@@ -252,9 +184,6 @@ impl<'a> TranscriptCommitConfigBuilder<'a> {
     /// Builds the configuration.
     pub fn build(self) -> Result<TranscriptCommitConfig, TranscriptCommitConfigBuilderError> {
         Ok(TranscriptCommitConfig {
-            encoding_hash_alg: self.encoding_hash_alg,
-            has_encoding: self.has_encoding,
-            has_hash: self.has_hash,
             commits: Vec::from_iter(self.commits),
         })
     }
@@ -301,16 +230,10 @@ impl fmt::Display for TranscriptCommitConfigBuilderError {
 /// Request to compute transcript commitments.
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct TranscriptCommitRequest {
-    encoding: Option<(RangeSet<usize>, RangeSet<usize>)>,
     hash: Vec<(Direction, RangeSet<usize>, HashAlgId)>,
 }
 
 impl TranscriptCommitRequest {
-    /// Returns `true` if an encoding commitment is requested.
-    pub fn has_encoding(&self) -> bool {
-        self.encoding.is_some()
-    }
-
     /// Returns `true` if a hash commitment is requested.
     pub fn has_hash(&self) -> bool {
         !self.hash.is_empty()
@@ -320,11 +243,6 @@ impl TranscriptCommitRequest {
     pub fn iter_hash(&self) -> impl Iterator<Item = &(Direction, RangeSet<usize>, HashAlgId)> {
         self.hash.iter()
     }
-
-    /// Returns the ranges of the encoding commitments.
-    pub fn encoding(&self) -> Option<&(RangeSet<usize>, RangeSet<usize>)> {
-        self.encoding.as_ref()
-    }
 }
 
 #[cfg(test)]

crates/core/src/transcript/encoding.rs

@@ -1,22 +0,0 @@
-//! Transcript encoding commitments and proofs.
-
-mod encoder;
-mod proof;
-mod provider;
-mod tree;
-
-pub use encoder::{new_encoder, Encoder, EncoderSecret};
-pub use proof::{EncodingProof, EncodingProofError};
-pub use provider::{EncodingProvider, EncodingProviderError};
-pub use tree::{EncodingTree, EncodingTreeError};
-
-use serde::{Deserialize, Serialize};
-
-use crate::hash::TypedHash;
-
-/// Transcript encoding commitment.
-#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
-pub struct EncodingCommitment {
-    /// Merkle root of the encoding commitments.
-    pub root: TypedHash,
-}

crates/core/src/transcript/encoding/encoder.rs

@@ -1,137 +0,0 @@
-use std::ops::Range;
-
-use crate::transcript::Direction;
-use itybity::ToBits;
-use rand::{RngCore, SeedableRng};
-use rand_chacha::ChaCha12Rng;
-use serde::{Deserialize, Serialize};
-
-/// The size of the encoding for 1 bit, in bytes.
-const BIT_ENCODING_SIZE: usize = 16;
-/// The size of the encoding for 1 byte, in bytes.
-const BYTE_ENCODING_SIZE: usize = 128;
-
-/// Secret used by an encoder to generate encodings.
-#[derive(Clone, PartialEq, Eq, Serialize, Deserialize)]
-pub struct EncoderSecret {
-    seed: [u8; 32],
-    delta: [u8; BIT_ENCODING_SIZE],
-}
-
-opaque_debug::implement!(EncoderSecret);
-
-impl EncoderSecret {
-    /// Creates a new secret.
-    ///
-    /// # Arguments
-    ///
-    /// * `seed` - The seed for the PRG.
-    /// * `delta` - Delta for deriving the one-encodings.
-    pub fn new(seed: [u8; 32], delta: [u8; 16]) -> Self {
-        Self { seed, delta }
-    }
-
-    /// Returns the seed.
-    pub fn seed(&self) -> &[u8; 32] {
-        &self.seed
-    }
-
-    /// Returns the delta.
-    pub fn delta(&self) -> &[u8; 16] {
-        &self.delta
-    }
-}
-
-/// Creates a new encoder.
-pub fn new_encoder(secret: &EncoderSecret) -> impl Encoder {
-    ChaChaEncoder::new(secret)
-}
-
-pub(crate) struct ChaChaEncoder {
-    seed: [u8; 32],
-    delta: [u8; 16],
-}
-
-impl ChaChaEncoder {
-    pub(crate) fn new(secret: &EncoderSecret) -> Self {
-        let seed = *secret.seed();
-        let delta = *secret.delta();
-
-        Self { seed, delta }
-    }
-
-    pub(crate) fn new_prg(&self, stream_id: u64) -> ChaCha12Rng {
-        let mut prg = ChaCha12Rng::from_seed(self.seed);
-        prg.set_stream(stream_id);
-        prg.set_word_pos(0);
-        prg
-    }
-}
-
-/// A transcript encoder.
-///
-/// This is an internal implementation detail that should not be exposed to the
-/// public API.
-pub trait Encoder {
-    /// Writes the zero encoding for the given range of the transcript into the
-    /// destination buffer.
-    fn encode_range(&self, direction: Direction, range: Range<usize>, dest: &mut Vec<u8>);
-
-    /// Writes the encoding for the given data into the destination buffer.
-    fn encode_data(
-        &self,
-        direction: Direction,
-        range: Range<usize>,
-        data: &[u8],
-        dest: &mut Vec<u8>,
-    );
-}
-
-impl Encoder for ChaChaEncoder {
-    fn encode_range(&self, direction: Direction, range: Range<usize>, dest: &mut Vec<u8>) {
-        // ChaCha encoder works with 32-bit words. Each encoded bit is 128 bits long.
-        const WORDS_PER_BYTE: u128 = 8 * 128 / 32;
-
-        let stream_id: u64 = match direction {
-            Direction::Sent => 0,
-            Direction::Received => 1,
-        };
-
-        let mut prg = self.new_prg(stream_id);
-        let len = range.len() * BYTE_ENCODING_SIZE;
-        let pos = dest.len();
-
-        // Write 0s to the destination buffer.
-        dest.resize(pos + len, 0);
-
-        // Fill the destination buffer with the PRG.
-        prg.set_word_pos(range.start as u128 * WORDS_PER_BYTE);
-        prg.fill_bytes(&mut dest[pos..pos + len]);
-    }
-
-    fn encode_data(
-        &self,
-        direction: Direction,
-        range: Range<usize>,
-        data: &[u8],
-        dest: &mut Vec<u8>,
-    ) {
-        const ZERO: [u8; 16] = [0; BIT_ENCODING_SIZE];
-
-        let pos = dest.len();
-
-        // Write the zero encoding for the given range.
-        self.encode_range(direction, range, dest);
-        let dest = &mut dest[pos..];
-
-        for (pos, bit) in data.iter_lsb0().enumerate() {
-            // Add the delta to the encoding whenever the encoded bit is 1,
-            // otherwise add a zero.
-            let summand = if bit { &self.delta } else { &ZERO };
-            dest[pos * BIT_ENCODING_SIZE..(pos + 1) * BIT_ENCODING_SIZE]
-                .iter_mut()
-                .zip(summand)
-                .for_each(|(a, b)| *a ^= *b);
-        }
-    }
-}

crates/core/src/transcript/encoding/proof.rs

@@ -1,361 +0,0 @@
-use std::{collections::HashMap, fmt};
-
-use rangeset::set::RangeSet;
-use serde::{Deserialize, Serialize};
-
-use crate::{
-    hash::{Blinder, HashProvider, HashProviderError},
-    merkle::{MerkleError, MerkleProof},
-    transcript::{
-        commit::MAX_TOTAL_COMMITTED_DATA,
-        encoding::{new_encoder, Encoder, EncoderSecret, EncodingCommitment},
-        Direction,
-    },
-};
-
-/// An opening of a leaf in the encoding tree.
-#[derive(Clone, Serialize, Deserialize)]
-pub(super) struct Opening {
-    pub(super) direction: Direction,
-    pub(super) idx: RangeSet<usize>,
-    pub(super) blinder: Blinder,
-}
-
-opaque_debug::implement!(Opening);
-
-/// An encoding commitment proof.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[serde(try_from = "validation::EncodingProofUnchecked")]
-pub struct EncodingProof {
-    /// The proof of inclusion of the commitment(s) in the Merkle tree of
-    /// commitments.
-    pub(super) inclusion_proof: MerkleProof,
-    pub(super) openings: HashMap<usize, Opening>,
-}
-
-impl EncodingProof {
-    /// Verifies the proof against the commitment.
-    ///
-    /// Returns the authenticated indices of the sent and received data,
-    /// respectively.
-    ///
-    /// # Arguments
-    ///
-    /// * `provider` - Hash provider.
-    /// * `commitment` - Encoding commitment to verify against.
-    /// * `sent` - Sent data to authenticate.
-    /// * `recv` - Received data to authenticate.
-    pub fn verify_with_provider(
-        &self,
-        provider: &HashProvider,
-        secret: &EncoderSecret,
-        commitment: &EncodingCommitment,
-        sent: &[u8],
-        recv: &[u8],
-    ) -> Result<(RangeSet<usize>, RangeSet<usize>), EncodingProofError> {
-        let hasher = provider.get(&commitment.root.alg)?;
-
-        let encoder = new_encoder(secret);
-        let Self {
-            inclusion_proof,
-            openings,
-        } = self;
-
-        let mut leaves = Vec::with_capacity(openings.len());
-        let mut expected_leaf = Vec::default();
-        let mut total_opened = 0u128;
-        let mut auth_sent = RangeSet::default();
-        let mut auth_recv = RangeSet::default();
-        for (
-            id,
-            Opening {
-                direction,
-                idx,
-                blinder,
-            },
-        ) in openings
-        {
-            // Make sure the amount of data being proved is bounded.
-            total_opened += idx.len() as u128;
-            if total_opened > MAX_TOTAL_COMMITTED_DATA as u128 {
-                return Err(EncodingProofError::new(
-                    ErrorKind::Proof,
-                    "exceeded maximum allowed data",
-                ))?;
-            }
-
-            let (data, auth) = match direction {
-                Direction::Sent => (sent, &mut auth_sent),
-                Direction::Received => (recv, &mut auth_recv),
-            };
-
-            // Make sure the ranges are within the bounds of the transcript.
-            if idx.end().unwrap_or(0) > data.len() {
-                return Err(EncodingProofError::new(
-                    ErrorKind::Proof,
-                    format!(
-                        "index out of bounds of the transcript ({}): {} > {}",
-                        direction,
-                        idx.end().unwrap_or(0),
-                        data.len()
-                    ),
-                ));
-            }
-
-            expected_leaf.clear();
-            for range in idx.iter() {
-                encoder.encode_data(*direction, range.clone(), &data[range], &mut expected_leaf);
-            }
-            expected_leaf.extend_from_slice(blinder.as_bytes());
-
-            // Compute the expected hash of the commitment to make sure it is
-            // present in the merkle tree.
-            leaves.push((*id, hasher.hash(&expected_leaf)));
-
-            auth.union_mut(idx);
-        }
-
-        // Verify that the expected hashes are present in the merkle tree.
-        //
-        // This proves the Prover committed to the purported data prior to the encoder
-        // seed being revealed. Ergo, if the encodings are authentic then the purported
-        // data is authentic.
-        inclusion_proof.verify(hasher, &commitment.root, leaves)?;
-
-        Ok((auth_sent, auth_recv))
-    }
-}
-
-/// Error for [`EncodingProof`].
-#[derive(Debug, thiserror::Error)]
-pub struct EncodingProofError {
-    kind: ErrorKind,
-    source: Option<Box<dyn std::error::Error + Send + Sync>>,
-}
-
-impl EncodingProofError {
-    fn new<E>(kind: ErrorKind, source: E) -> Self
-    where
-        E: Into<Box<dyn std::error::Error + Send + Sync>>,
-    {
-        Self {
-            kind,
-            source: Some(source.into()),
-        }
-    }
-}
-
-#[derive(Debug)]
-enum ErrorKind {
-    Provider,
-    Proof,
-}
-
-impl fmt::Display for EncodingProofError {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.write_str("encoding proof error: ")?;
-
-        match self.kind {
-            ErrorKind::Provider => f.write_str("provider error")?,
-            ErrorKind::Proof => f.write_str("proof error")?,
-        }
-
-        if let Some(source) = &self.source {
-            write!(f, " caused by: {source}")?;
-        }
-
-        Ok(())
-    }
-}
-
-impl From<HashProviderError> for EncodingProofError {
-    fn from(error: HashProviderError) -> Self {
-        Self::new(ErrorKind::Provider, error)
-    }
-}
-
-impl From<MerkleError> for EncodingProofError {
-    fn from(error: MerkleError) -> Self {
-        Self::new(ErrorKind::Proof, error)
-    }
-}
-
-/// Invalid encoding proof error.
-#[derive(Debug, thiserror::Error)]
-#[error("invalid encoding proof: {0}")]
-pub struct InvalidEncodingProof(&'static str);
-
-mod validation {
-    use super::*;
-
-    /// The maximum allowed height of the Merkle tree of encoding commitments.
-    ///
-    /// The statistical security parameter (SSP) of the encoding commitment
-    /// protocol is calculated as "the number of uniformly random bits in a
-    /// single bit's encoding minus `MAX_HEIGHT`".
-    ///
-    /// For example, a bit encoding used in garbled circuits typically has 127
-    /// uniformly random bits, hence when using it in the encoding
-    /// commitment protocol, the SSP is 127 - 30 = 97 bits.
-    ///
-    /// Leaving this validation here as a fail-safe in case we ever start
-    /// using shorter encodings.
-    const MAX_HEIGHT: usize = 30;
-
-    #[derive(Debug, Deserialize)]
-    pub(super) struct EncodingProofUnchecked {
-        inclusion_proof: MerkleProof,
-        openings: HashMap<usize, Opening>,
-    }
-
-    impl TryFrom<EncodingProofUnchecked> for EncodingProof {
-        type Error = InvalidEncodingProof;
-
-        fn try_from(unchecked: EncodingProofUnchecked) -> Result<Self, Self::Error> {
-            if unchecked.inclusion_proof.leaf_count() > 1 << MAX_HEIGHT {
-                return Err(InvalidEncodingProof(
-                    "the height of the tree exceeds the maximum allowed",
-                ));
-            }
-
-            Ok(Self {
-                inclusion_proof: unchecked.inclusion_proof,
-                openings: unchecked.openings,
-            })
-        }
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use tlsn_data_fixtures::http::{request::POST_JSON, response::OK_JSON};
-
-    use crate::{
-        fixtures::{encoder_secret, encoder_secret_tampered_seed, encoding_provider},
-        hash::Blake3,
-        transcript::{encoding::EncodingTree, Transcript},
-    };
-
-    use super::*;
-
-    struct EncodingFixture {
-        transcript: Transcript,
-        proof: EncodingProof,
-        commitment: EncodingCommitment,
-    }
-
-    fn new_encoding_fixture() -> EncodingFixture {
-        let transcript = Transcript::new(POST_JSON, OK_JSON);
-
-        let idx_0 = (Direction::Sent, RangeSet::from(0..POST_JSON.len()));
-        let idx_1 = (Direction::Received, RangeSet::from(0..OK_JSON.len()));
-
-        let provider = encoding_provider(transcript.sent(), transcript.received());
-        let tree = EncodingTree::new(&Blake3::default(), [&idx_0, &idx_1], &provider).unwrap();
-
-        let proof = tree.proof([&idx_0, &idx_1].into_iter()).unwrap();
-
-        let commitment = EncodingCommitment { root: tree.root() };
-
-        EncodingFixture {
-            transcript,
-            proof,
-            commitment,
-        }
-    }
-
-    #[test]
-    fn test_verify_encoding_proof_tampered_seed() {
-        let EncodingFixture {
-            transcript,
-            proof,
-            commitment,
-        } = new_encoding_fixture();
-
-        let err = proof
-            .verify_with_provider(
-                &HashProvider::default(),
-                &encoder_secret_tampered_seed(),
-                &commitment,
-                transcript.sent(),
-                transcript.received(),
-            )
-            .unwrap_err();
-
-        assert!(matches!(err.kind, ErrorKind::Proof));
-    }
-
-    #[test]
-    fn test_verify_encoding_proof_out_of_range() {
-        let EncodingFixture {
-            transcript,
-            proof,
-            commitment,
-        } = new_encoding_fixture();
-
-        let sent = &transcript.sent()[transcript.sent().len() - 1..];
-        let recv = &transcript.received()[transcript.received().len() - 2..];
-
-        let err = proof
-            .verify_with_provider(
-                &HashProvider::default(),
-                &encoder_secret(),
-                &commitment,
-                sent,
-                recv,
-            )
-            .unwrap_err();
-
-        assert!(matches!(err.kind, ErrorKind::Proof));
-    }
-
-    #[test]
-    fn test_verify_encoding_proof_tampered_idx() {
-        let EncodingFixture {
-            transcript,
-            mut proof,
-            commitment,
-        } = new_encoding_fixture();
-
-        let Opening { idx, .. } = proof.openings.values_mut().next().unwrap();
-
-        *idx = RangeSet::from([0..3, 13..15]);
-
-        let err = proof
-            .verify_with_provider(
-                &HashProvider::default(),
-                &encoder_secret(),
-                &commitment,
-                transcript.sent(),
-                transcript.received(),
-            )
-            .unwrap_err();
-
-        assert!(matches!(err.kind, ErrorKind::Proof));
-    }
-
-    #[test]
-    fn test_verify_encoding_proof_tampered_encoding_blinder() {
-        let EncodingFixture {
-            transcript,
-            mut proof,
-            commitment,
-        } = new_encoding_fixture();
-
-        let Opening { blinder, .. } = proof.openings.values_mut().next().unwrap();
-
-        *blinder = rand::random();
-
-        let err = proof
-            .verify_with_provider(
-                &HashProvider::default(),
-                &encoder_secret(),
-                &commitment,
-                transcript.sent(),
-                transcript.received(),
-            )
-            .unwrap_err();
-
-        assert!(matches!(err.kind, ErrorKind::Proof));
-    }
-}

crates/core/src/transcript/encoding/provider.rs

@@ -1,19 +0,0 @@
-use std::ops::Range;
-
-use crate::transcript::Direction;
-
-/// A provider of plaintext encodings.
-pub trait EncodingProvider {
-    /// Writes the encoding of the given range into the destination buffer.
-    fn provide_encoding(
-        &self,
-        direction: Direction,
-        range: Range<usize>,
-        dest: &mut Vec<u8>,
-    ) -> Result<(), EncodingProviderError>;
-}
-
-/// Error for [`EncodingProvider`].
-#[derive(Debug, thiserror::Error)]
-#[error("failed to provide encoding")]
-pub struct EncodingProviderError;

crates/core/src/transcript/encoding/tree.rs

@@ -1,327 +0,0 @@
-use std::collections::HashMap;
-
-use bimap::BiMap;
-use rangeset::set::RangeSet;
-use serde::{Deserialize, Serialize};
-
-use crate::{
-    hash::{Blinder, HashAlgId, HashAlgorithm, TypedHash},
-    merkle::MerkleTree,
-    transcript::{
-        encoding::{
-            proof::{EncodingProof, Opening},
-            EncodingProvider,
-        },
-        Direction,
-    },
-};
-
-/// Encoding tree builder error.
-#[derive(Debug, thiserror::Error)]
-pub enum EncodingTreeError {
-    /// Index is out of bounds of the transcript.
-    #[error("index is out of bounds of the transcript")]
-    OutOfBounds {
-        /// The index.
-        index: RangeSet<usize>,
-        /// The transcript length.
-        transcript_length: usize,
-    },
-    /// Encoding provider is missing an encoding for an index.
-    #[error("encoding provider is missing an encoding for an index")]
-    MissingEncoding {
-        /// The index which is missing.
-        index: RangeSet<usize>,
-    },
-    /// Index is missing from the tree.
-    #[error("index is missing from the tree")]
-    MissingLeaf {
-        /// The index which is missing.
-        index: RangeSet<usize>,
-    },
-}
-
-/// A merkle tree of transcript encodings.
-#[derive(Clone, Serialize, Deserialize)]
-pub struct EncodingTree {
-    /// Merkle tree of the commitments.
-    tree: MerkleTree,
-    /// Nonces used to blind the hashes.
-    blinders: Vec<Blinder>,
-    /// Mapping between the index of a leaf and the transcript index it
-    /// corresponds to.
-    idxs: BiMap<usize, (Direction, RangeSet<usize>)>,
-    /// Union of all transcript indices in the sent direction.
-    sent_idx: RangeSet<usize>,
-    /// Union of all transcript indices in the received direction.
-    received_idx: RangeSet<usize>,
-}
-
-opaque_debug::implement!(EncodingTree);
-
-impl EncodingTree {
-    /// Creates a new encoding tree.
-    ///
-    /// # Arguments
-    ///
-    /// * `hasher` - The hash algorithm to use.
-    /// * `idxs` - The subsequence indices to commit to.
-    /// * `provider` - The encoding provider.
-    pub fn new<'idx>(
-        hasher: &dyn HashAlgorithm,
-        idxs: impl IntoIterator<Item = &'idx (Direction, RangeSet<usize>)>,
-        provider: &dyn EncodingProvider,
-    ) -> Result<Self, EncodingTreeError> {
-        let mut this = Self {
-            tree: MerkleTree::new(hasher.id()),
-            blinders: Vec::new(),
-            idxs: BiMap::new(),
-            sent_idx: RangeSet::default(),
-            received_idx: RangeSet::default(),
-        };
-
-        let mut leaves = Vec::new();
-        let mut encoding = Vec::new();
-        for dir_idx in idxs {
-            let direction = dir_idx.0;
-            let idx = &dir_idx.1;
-
-            // Ignore empty indices.
-            if idx.is_empty() {
-                continue;
-            }
-
-            if this.idxs.contains_right(dir_idx) {
-                // The subsequence is already in the tree.
-                continue;
-            }
-
-            let blinder: Blinder = rand::random();
-
-            encoding.clear();
-            for range in idx.iter() {
-                provider
-                    .provide_encoding(direction, range, &mut encoding)
-                    .map_err(|_| EncodingTreeError::MissingEncoding { index: idx.clone() })?;
-            }
-            encoding.extend_from_slice(blinder.as_bytes());
-
-            let leaf = hasher.hash(&encoding);
-
-            leaves.push(leaf);
-            this.blinders.push(blinder);
-            this.idxs.insert(this.idxs.len(), dir_idx.clone());
-            match direction {
-                Direction::Sent => this.sent_idx.union_mut(idx),
-                Direction::Received => this.received_idx.union_mut(idx),
-            }
-        }
-
-        this.tree.insert(hasher, leaves);
-
-        Ok(this)
-    }
-
-    /// Returns the root of the tree.
-    pub fn root(&self) -> TypedHash {
-        self.tree.root()
-    }
-
-    /// Returns the hash algorithm of the tree.
-    pub fn algorithm(&self) -> HashAlgId {
-        self.tree.algorithm()
-    }
-
-    /// Generates a proof for the given indices.
-    ///
-    /// # Arguments
-    ///
-    /// * `idxs` - The transcript indices to prove.
-    pub fn proof<'idx>(
-        &self,
-        idxs: impl Iterator<Item = &'idx (Direction, RangeSet<usize>)>,
-    ) -> Result<EncodingProof, EncodingTreeError> {
-        let mut openings = HashMap::new();
-        for dir_idx in idxs {
-            let direction = dir_idx.0;
-            let idx = &dir_idx.1;
-
-            let leaf_idx = *self
-                .idxs
-                .get_by_right(dir_idx)
-                .ok_or_else(|| EncodingTreeError::MissingLeaf { index: idx.clone() })?;
-            let blinder = self.blinders[leaf_idx].clone();
-
-            openings.insert(
-                leaf_idx,
-                Opening {
-                    direction,
-                    idx: idx.clone(),
-                    blinder,
-                },
-            );
-        }
-
-        let mut indices = openings.keys().copied().collect::<Vec<_>>();
-        indices.sort();
-
-        Ok(EncodingProof {
-            inclusion_proof: self.tree.proof(&indices),
-            openings,
-        })
-    }
-
-    /// Returns whether the tree contains the given transcript index.
-    pub fn contains(&self, idx: &(Direction, RangeSet<usize>)) -> bool {
-        self.idxs.contains_right(idx)
-    }
-
-    pub(crate) fn idx(&self, direction: Direction) -> &RangeSet<usize> {
-        match direction {
-            Direction::Sent => &self.sent_idx,
-            Direction::Received => &self.received_idx,
-        }
-    }
-
-    /// Returns the committed transcript indices.
-    pub(crate) fn transcript_indices(&self) -> impl Iterator<Item = &(Direction, RangeSet<usize>)> {
-        self.idxs.right_values()
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::{
-        fixtures::{encoder_secret, encoding_provider},
-        hash::{Blake3, HashProvider},
-        transcript::{encoding::EncodingCommitment, Transcript},
-    };
-    use tlsn_data_fixtures::http::{request::POST_JSON, response::OK_JSON};
-
-    fn new_tree<'seq>(
-        transcript: &Transcript,
-        idxs: impl Iterator<Item = &'seq (Direction, RangeSet<usize>)>,
-    ) -> Result<EncodingTree, EncodingTreeError> {
-        let provider = encoding_provider(transcript.sent(), transcript.received());
-
-        EncodingTree::new(&Blake3::default(), idxs, &provider)
-    }
-
-    #[test]
-    fn test_encoding_tree() {
-        let transcript = Transcript::new(POST_JSON, OK_JSON);
-
-        let idx_0 = (Direction::Sent, RangeSet::from(0..POST_JSON.len()));
-        let idx_1 = (Direction::Received, RangeSet::from(0..OK_JSON.len()));
-
-        let tree = new_tree(&transcript, [&idx_0, &idx_1].into_iter()).unwrap();
-
-        assert!(tree.contains(&idx_0));
-        assert!(tree.contains(&idx_1));
-
-        let proof = tree.proof([&idx_0, &idx_1].into_iter()).unwrap();
-
-        let commitment = EncodingCommitment { root: tree.root() };
-
-        let (auth_sent, auth_recv) = proof
-            .verify_with_provider(
-                &HashProvider::default(),
-                &encoder_secret(),
-                &commitment,
-                transcript.sent(),
-                transcript.received(),
-            )
-            .unwrap();
-
-        assert_eq!(auth_sent, idx_0.1);
-        assert_eq!(auth_recv, idx_1.1);
-    }
-
-    #[test]
-    fn test_encoding_tree_multiple_ranges() {
-        let transcript = Transcript::new(POST_JSON, OK_JSON);
-
-        let idx_0 = (Direction::Sent, RangeSet::from(0..1));
-        let idx_1 = (Direction::Sent, RangeSet::from(1..POST_JSON.len()));
-        let idx_2 = (Direction::Received, RangeSet::from(0..1));
-        let idx_3 = (Direction::Received, RangeSet::from(1..OK_JSON.len()));
-
-        let tree = new_tree(&transcript, [&idx_0, &idx_1, &idx_2, &idx_3].into_iter()).unwrap();
-
-        assert!(tree.contains(&idx_0));
-        assert!(tree.contains(&idx_1));
-        assert!(tree.contains(&idx_2));
-        assert!(tree.contains(&idx_3));
-
-        let proof = tree
-            .proof([&idx_0, &idx_1, &idx_2, &idx_3].into_iter())
-            .unwrap();
-
-        let commitment = EncodingCommitment { root: tree.root() };
-
-        let (auth_sent, auth_recv) = proof
-            .verify_with_provider(
-                &HashProvider::default(),
-                &encoder_secret(),
-                &commitment,
-                transcript.sent(),
-                transcript.received(),
-            )
-            .unwrap();
-
-        let mut expected_auth_sent = RangeSet::default();
-        expected_auth_sent.union_mut(&idx_0.1);
-        expected_auth_sent.union_mut(&idx_1.1);
-
-        let mut expected_auth_recv = RangeSet::default();
-        expected_auth_recv.union_mut(&idx_2.1);
-        expected_auth_recv.union_mut(&idx_3.1);
-
-        assert_eq!(auth_sent, expected_auth_sent);
-        assert_eq!(auth_recv, expected_auth_recv);
-    }
-
-    #[test]
-    fn test_encoding_tree_proof_missing_leaf() {
-        let transcript = Transcript::new(POST_JSON, OK_JSON);
-
-        let idx_0 = (Direction::Sent, RangeSet::from(0..POST_JSON.len()));
-        let idx_1 = (Direction::Received, RangeSet::from(0..4));
-        let idx_2 = (Direction::Received, RangeSet::from(4..OK_JSON.len()));
-
-        let tree = new_tree(&transcript, [&idx_0, &idx_1].into_iter()).unwrap();
-
-        let result = tree
-            .proof([&idx_0, &idx_1, &idx_2].into_iter())
-            .unwrap_err();
-        assert!(matches!(result, EncodingTreeError::MissingLeaf { .. }));
-    }
-
-    #[test]
-    fn test_encoding_tree_out_of_bounds() {
-        let transcript = Transcript::new(POST_JSON, OK_JSON);
-
-        let idx_0 = (Direction::Sent, RangeSet::from(0..POST_JSON.len() + 1));
-        let idx_1 = (Direction::Received, RangeSet::from(0..OK_JSON.len() + 1));
-
-        let result = new_tree(&transcript, [&idx_0].into_iter()).unwrap_err();
-        assert!(matches!(result, EncodingTreeError::MissingEncoding { .. }));
-
-        let result = new_tree(&transcript, [&idx_1].into_iter()).unwrap_err();
-        assert!(matches!(result, EncodingTreeError::MissingEncoding { .. }));
-    }
-
-    #[test]
-    fn test_encoding_tree_missing_encoding() {
-        let provider = encoding_provider(&[], &[]);
-
-        let result = EncodingTree::new(
-            &Blake3::default(),
-            [(Direction::Sent, RangeSet::from(0..8))].iter(),
-            &provider,
-        )
-        .unwrap_err();
-        assert!(matches!(result, EncodingTreeError::MissingEncoding { .. }));
-    }
-}

crates/core/src/transcript/proof.rs

@@ -14,7 +14,6 @@ use crate::{
     hash::{HashAlgId, HashProvider},
     transcript::{
         commit::{TranscriptCommitment, TranscriptCommitmentKind},
-        encoding::{EncoderSecret, EncodingProof, EncodingProofError, EncodingTree},
         hash::{hash_plaintext, PlaintextHash, PlaintextHashSecret},
         Direction, PartialTranscript, RangeSet, Transcript, TranscriptSecret,
     },
@@ -32,14 +31,12 @@ const DEFAULT_COMMITMENT_KINDS: &[TranscriptCommitmentKind] = &[
     TranscriptCommitmentKind::Hash {
         alg: HashAlgId::KECCAK256,
     },
-    TranscriptCommitmentKind::Encoding,
 ];
 
 /// Proof of the contents of a transcript.
 #[derive(Clone, Serialize, Deserialize)]
 pub struct TranscriptProof {
     transcript: PartialTranscript,
-    encoding_proof: Option<EncodingProof>,
     hash_secrets: Vec<PlaintextHashSecret>,
 }
 
@@ -53,27 +50,18 @@ impl TranscriptProof {
     /// # Arguments
     ///
     /// * `provider` - The hash provider to use for verification.
-    /// * `attestation_body` - The attestation body to verify against.
+    /// * `length` - The transcript length.
+    /// * `commitments` - The commitments to verify against.
     pub fn verify_with_provider<'a>(
         self,
         provider: &HashProvider,
         length: &TranscriptLength,
-        encoder_secret: Option<&EncoderSecret>,
         commitments: impl IntoIterator<Item = &'a TranscriptCommitment>,
     ) -> Result<PartialTranscript, TranscriptProofError> {
-        let mut encoding_commitment = None;
         let mut hash_commitments = HashSet::new();
         // Index commitments.
         for commitment in commitments {
             match commitment {
-                TranscriptCommitment::Encoding(commitment) => {
-                    if encoding_commitment.replace(commitment).is_some() {
-                        return Err(TranscriptProofError::new(
-                            ErrorKind::Encoding,
-                            "multiple encoding commitments are present.",
-                        ));
-                    }
-                }
                 TranscriptCommitment::Hash(plaintext_hash) => {
                     hash_commitments.insert(plaintext_hash);
                 }
@@ -92,34 +80,6 @@ impl TranscriptProof {
         let mut total_auth_sent = RangeSet::default();
         let mut total_auth_recv = RangeSet::default();
 
-        // Verify encoding proof.
-        if let Some(proof) = self.encoding_proof {
-            let secret = encoder_secret.ok_or_else(|| {
-                TranscriptProofError::new(
-                    ErrorKind::Encoding,
-                    "contains an encoding proof but missing encoder secret",
-                )
-            })?;
-
-            let commitment = encoding_commitment.ok_or_else(|| {
-                TranscriptProofError::new(
-                    ErrorKind::Encoding,
-                    "contains an encoding proof but missing encoding commitment",
-                )
-            })?;
-
-            let (auth_sent, auth_recv) = proof.verify_with_provider(
-                provider,
-                secret,
-                commitment,
-                self.transcript.sent_unsafe(),
-                self.transcript.received_unsafe(),
-            )?;
-
-            total_auth_sent.union_mut(&auth_sent);
-            total_auth_recv.union_mut(&auth_recv);
-        }
-
         let mut buffer = Vec::new();
         for PlaintextHashSecret {
             direction,
@@ -203,7 +163,6 @@ impl TranscriptProofError {
 
 #[derive(Debug)]
 enum ErrorKind {
-    Encoding,
     Hash,
     Proof,
 }
@@ -213,7 +172,6 @@ impl fmt::Display for TranscriptProofError {
         f.write_str("transcript proof error: ")?;
 
         match self.kind {
-            ErrorKind::Encoding => f.write_str("encoding error")?,
             ErrorKind::Hash => f.write_str("hash error")?,
             ErrorKind::Proof => f.write_str("proof error")?,
         }
@@ -226,12 +184,6 @@ impl fmt::Display for TranscriptProofError {
     }
 }
 
-impl From<EncodingProofError> for TranscriptProofError {
-    fn from(e: EncodingProofError) -> Self {
-        TranscriptProofError::new(ErrorKind::Encoding, e)
-    }
-}
-
 /// Union of ranges to reveal.
 #[derive(Clone, Debug, PartialEq)]
 struct QueryIdx {
@@ -276,7 +228,6 @@ pub struct TranscriptProofBuilder<'a> {
     /// Commitment kinds in order of preference for building transcript proofs.
     commitment_kinds: Vec<TranscriptCommitmentKind>,
     transcript: &'a Transcript,
-    encoding_tree: Option<&'a EncodingTree>,
     hash_secrets: Vec<&'a PlaintextHashSecret>,
     committed_sent: RangeSet<usize>,
     committed_recv: RangeSet<usize>,
@@ -292,15 +243,9 @@ impl<'a> TranscriptProofBuilder<'a> {
         let mut committed_sent = RangeSet::default();
         let mut committed_recv = RangeSet::default();
 
-        let mut encoding_tree = None;
         let mut hash_secrets = Vec::new();
         for secret in secrets {
             match secret {
-                TranscriptSecret::Encoding(tree) => {
-                    committed_sent.union_mut(tree.idx(Direction::Sent));
-                    committed_recv.union_mut(tree.idx(Direction::Received));
-                    encoding_tree = Some(tree);
-                }
                 TranscriptSecret::Hash(hash) => {
                     match hash.direction {
                         Direction::Sent => committed_sent.union_mut(&hash.idx),
@@ -314,7 +259,6 @@ impl<'a> TranscriptProofBuilder<'a> {
         Self {
             commitment_kinds: DEFAULT_COMMITMENT_KINDS.to_vec(),
             transcript,
-            encoding_tree,
             hash_secrets,
             committed_sent,
             committed_recv,
@@ -412,7 +356,6 @@ impl<'a> TranscriptProofBuilder<'a> {
             transcript: self
                 .transcript
                 .to_partial(self.query_idx.sent.clone(), self.query_idx.recv.clone()),
-            encoding_proof: None,
             hash_secrets: Vec::new(),
         };
         let mut uncovered_query_idx = self.query_idx.clone();
@@ -424,46 +367,6 @@ impl<'a> TranscriptProofBuilder<'a> {
             // self.commitment_kinds.
             if let Some(kind) = commitment_kinds_iter.next() {
                 match kind {
-                    TranscriptCommitmentKind::Encoding => {
-                        let Some(encoding_tree) = self.encoding_tree else {
-                            // Proceeds to the next preferred commitment kind if encoding tree is
-                            // not available.
-                            continue;
-                        };
-
-                        let (sent_dir_idxs, sent_uncovered) = uncovered_query_idx.sent.cover_by(
-                            encoding_tree
-                                .transcript_indices()
-                                .filter(|(dir, _)| *dir == Direction::Sent),
-                            |(_, idx)| idx,
-                        );
-                        // Uncovered ranges will be checked with ranges of the next
-                        // preferred commitment kind.
-                        uncovered_query_idx.sent = sent_uncovered;
-
-                        let (recv_dir_idxs, recv_uncovered) = uncovered_query_idx.recv.cover_by(
-                            encoding_tree
-                                .transcript_indices()
-                                .filter(|(dir, _)| *dir == Direction::Received),
-                            |(_, idx)| idx,
-                        );
-                        uncovered_query_idx.recv = recv_uncovered;
-
-                        let dir_idxs = sent_dir_idxs
-                            .into_iter()
-                            .chain(recv_dir_idxs)
-                            .collect::<Vec<_>>();
-
-                        // Skip proof generation if there are no committed ranges that can cover the
-                        // query ranges.
-                        if !dir_idxs.is_empty() {
-                            transcript_proof.encoding_proof = Some(
-                                encoding_tree
-                                    .proof(dir_idxs.into_iter())
-                                    .expect("subsequences were checked to be in tree"),
-                            );
-                        }
-                    }
                     TranscriptCommitmentKind::Hash { alg } => {
                         let (sent_hashes, sent_uncovered) = uncovered_query_idx.sent.cover_by(
                             self.hash_secrets.iter().filter(|hash| {
@@ -590,46 +493,10 @@ mod tests {
     use rstest::rstest;
     use tlsn_data_fixtures::http::{request::GET_WITH_HEADER, response::OK_JSON};
 
-    use crate::{
-        fixtures::{encoder_secret, encoding_provider},
-        hash::{Blake3, Blinder, HashAlgId},
-        transcript::TranscriptCommitConfigBuilder,
-    };
+    use crate::hash::{Blinder, HashAlgId};
 
     use super::*;
 
-    #[rstest]
-    fn test_verify_missing_encoding_commitment_root() {
-        let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
-        let idxs = vec![(Direction::Received, RangeSet::from(0..transcript.len().1))];
-        let encoding_tree = EncodingTree::new(
-            &Blake3::default(),
-            &idxs,
-            &encoding_provider(transcript.sent(), transcript.received()),
-        )
-        .unwrap();
-
-        let secrets = vec![TranscriptSecret::Encoding(encoding_tree)];
-        let mut builder = TranscriptProofBuilder::new(&transcript, &secrets);
-
-        builder.reveal_recv(&(0..transcript.len().1)).unwrap();
-
-        let transcript_proof = builder.build().unwrap();
-
-        let provider = HashProvider::default();
-        let err = transcript_proof
-            .verify_with_provider(
-                &provider,
-                &transcript.length(),
-                Some(&encoder_secret()),
-                &[],
-            )
-            .err()
-            .unwrap();
-
-        assert!(matches!(err.kind, ErrorKind::Encoding));
-    }
-
     #[rstest]
     fn test_reveal_range_out_of_bounds() {
         let transcript = Transcript::new(
@@ -649,7 +516,7 @@ mod tests {
     }
 
     #[rstest]
-    fn test_reveal_missing_encoding_tree() {
+    fn test_reveal_missing_commitment() {
         let transcript = Transcript::new(
             [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11],
             [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11],
@@ -698,7 +565,6 @@ mod tests {
             .verify_with_provider(
                 &provider,
                 &transcript.length(),
-                None,
                 &[TranscriptCommitment::Hash(commitment)],
             )
             .unwrap();
@@ -748,7 +614,6 @@ mod tests {
             .verify_with_provider(
                 &provider,
                 &transcript.length(),
-                None,
                 &[TranscriptCommitment::Hash(commitment)],
             )
             .unwrap_err();
@@ -764,24 +629,19 @@ mod tests {
             TranscriptCommitmentKind::Hash {
                 alg: HashAlgId::SHA256,
             },
-            TranscriptCommitmentKind::Encoding,
             TranscriptCommitmentKind::Hash {
                 alg: HashAlgId::SHA256,
             },
             TranscriptCommitmentKind::Hash {
                 alg: HashAlgId::SHA256,
             },
-            TranscriptCommitmentKind::Encoding,
         ]);
 
         assert_eq!(
             builder.commitment_kinds,
-            vec![
-                TranscriptCommitmentKind::Hash {
-                    alg: HashAlgId::SHA256
-                },
-                TranscriptCommitmentKind::Encoding
-            ]
+            vec![TranscriptCommitmentKind::Hash {
+                alg: HashAlgId::SHA256
+            },]
         );
     }
 
@@ -791,7 +651,7 @@ mod tests {
         RangeSet::from([0..10, 12..30]),
         true,
     )]
-    #[case::reveal_all_rangesets_with_superset_ranges(
+    #[case::reveal_all_rangesets_with_single_superset_range(
         vec![RangeSet::from([0..1]), RangeSet::from([1..2, 8..9]), RangeSet::from([2..4, 6..8]), RangeSet::from([2..3, 6..7]), RangeSet::from([9..12])],
         RangeSet::from([0..4, 6..9]),
         true,
@@ -822,29 +682,30 @@ mod tests {
         false,
     )]
     #[allow(clippy::single_range_in_vec_init)]
-    fn test_reveal_mutliple_rangesets_with_one_rangeset(
+    fn test_reveal_multiple_rangesets_with_one_rangeset(
         #[case] commit_recv_rangesets: Vec<RangeSet<usize>>,
         #[case] reveal_recv_rangeset: RangeSet<usize>,
         #[case] success: bool,
     ) {
+        use rand::{Rng, SeedableRng};
+
+        let mut rng = rand::rngs::StdRng::seed_from_u64(0);
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
 
-        // Encoding commitment kind
-        let mut transcript_commitment_builder = TranscriptCommitConfigBuilder::new(&transcript);
+        // Create hash commitments for each rangeset
+        let mut secrets = Vec::new();
         for rangeset in commit_recv_rangesets.iter() {
-            transcript_commitment_builder.commit_recv(rangeset).unwrap();
+            let blinder: crate::hash::Blinder = rng.random();
+
+            let secret = PlaintextHashSecret {
+                direction: Direction::Received,
+                idx: rangeset.clone(),
+                alg: HashAlgId::BLAKE3,
+                blinder,
+            };
+            secrets.push(TranscriptSecret::Hash(secret));
         }
 
-        let transcripts_commitment_config = transcript_commitment_builder.build().unwrap();
-
-        let encoding_tree = EncodingTree::new(
-            &Blake3::default(),
-            transcripts_commitment_config.iter_encoding(),
-            &encoding_provider(GET_WITH_HEADER, OK_JSON),
-        )
-        .unwrap();
-
-        let secrets = vec![TranscriptSecret::Encoding(encoding_tree)];
         let mut builder = TranscriptProofBuilder::new(&transcript, &secrets);
 
         if success {
@@ -897,27 +758,34 @@ mod tests {
         #[case] uncovered_sent_rangeset: RangeSet<usize>,
         #[case] uncovered_recv_rangeset: RangeSet<usize>,
     ) {
+        use rand::{Rng, SeedableRng};
+
+        let mut rng = rand::rngs::StdRng::seed_from_u64(0);
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
 
-        // Encoding commitment kind
-        let mut transcript_commitment_builder = TranscriptCommitConfigBuilder::new(&transcript);
+        // Create hash commitments for each rangeset
+        let mut secrets = Vec::new();
         for rangeset in commit_sent_rangesets.iter() {
-            transcript_commitment_builder.commit_sent(rangeset).unwrap();
+            let blinder: crate::hash::Blinder = rng.random();
+            let secret = PlaintextHashSecret {
+                direction: Direction::Sent,
+                idx: rangeset.clone(),
+                alg: HashAlgId::BLAKE3,
+                blinder,
+            };
+            secrets.push(TranscriptSecret::Hash(secret));
         }
         for rangeset in commit_recv_rangesets.iter() {
-            transcript_commitment_builder.commit_recv(rangeset).unwrap();
+            let blinder: crate::hash::Blinder = rng.random();
+            let secret = PlaintextHashSecret {
+                direction: Direction::Received,
+                idx: rangeset.clone(),
+                alg: HashAlgId::BLAKE3,
+                blinder,
+            };
+            secrets.push(TranscriptSecret::Hash(secret));
         }
 
-        let transcripts_commitment_config = transcript_commitment_builder.build().unwrap();
-
-        let encoding_tree = EncodingTree::new(
-            &Blake3::default(),
-            transcripts_commitment_config.iter_encoding(),
-            &encoding_provider(GET_WITH_HEADER, OK_JSON),
-        )
-        .unwrap();
-
-        let secrets = vec![TranscriptSecret::Encoding(encoding_tree)];
         let mut builder = TranscriptProofBuilder::new(&transcript, &secrets);
         builder.reveal_sent(&reveal_sent_rangeset).unwrap();
         builder.reveal_recv(&reveal_recv_rangeset).unwrap();

crates/examples/attestation/prove.rs

@@ -87,15 +87,13 @@ async fn main() -> Result<()> {
 }
 
 async fn prover<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
-    verifier_socket: S,
+    socket: S,
     req_tx: Sender<AttestationRequest>,
     resp_rx: Receiver<Attestation>,
     uri: &str,
     extra_headers: Vec<(&str, &str)>,
     example_type: &ExampleType,
 ) -> Result<()> {
-    let mut verifier_socket = verifier_socket.compat();
-
     let server_host: String = env::var("SERVER_HOST").unwrap_or("127.0.0.1".into());
     let server_port: u16 = env::var("SERVER_PORT")
         .map(|port| port.parse().expect("port should be valid integer"))
@@ -117,36 +115,37 @@ async fn prover<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
                         .build()?,
                 )
                 .build()?,
-            &mut verifier_socket,
+            socket.compat(),
         )
         .await?;
 
     // Open a TCP connection to the server.
-    let client_socket = tokio::net::TcpStream::connect((server_host, server_port))
-        .await?
-        .compat();
+    let client_socket = tokio::net::TcpStream::connect((server_host, server_port)).await?;
 
     // Bind the prover to the server connection.
-    let (tls_connection, prover) = prover.setup(
-        TlsClientConfig::builder()
-            .server_name(ServerName::Dns(SERVER_DOMAIN.try_into()?))
-            // Create a root certificate store with the server-fixture's self-signed
-            // certificate. This is only required for offline testing with the
-            // server-fixture.
-            .root_store(RootCertStore {
-                roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
-            })
-            // (Optional) Set up TLS client authentication if required by the server.
-            .client_auth((
-                vec![CertificateDer(CLIENT_CERT_DER.to_vec())],
-                PrivateKeyDer(CLIENT_KEY_DER.to_vec()),
-            ))
-            .build()?,
-    )?;
+    let (tls_connection, prover_fut) = prover
+        .connect(
+            TlsClientConfig::builder()
+                .server_name(ServerName::Dns(SERVER_DOMAIN.try_into()?))
+                // Create a root certificate store with the server-fixture's self-signed
+                // certificate. This is only required for offline testing with the
+                // server-fixture.
+                .root_store(RootCertStore {
+                    roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
+                })
+                // (Optional) Set up TLS client authentication if required by the server.
+                .client_auth((
+                    vec![CertificateDer(CLIENT_CERT_DER.to_vec())],
+                    PrivateKeyDer(CLIENT_KEY_DER.to_vec()),
+                ))
+                .build()?,
+            client_socket.compat(),
+        )
+        .await?;
     let tls_connection = TokioIo::new(tls_connection.compat());
 
     // Spawn the prover task to be run concurrently in the background.
-    let prover_task = tokio::spawn(prover.run(client_socket, verifier_socket));
+    let prover_task = tokio::spawn(prover_fut);
 
     // Attach the hyper HTTP client to the connection.
     let (mut request_sender, connection) =
@@ -181,7 +180,7 @@ async fn prover<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
     assert!(response.status() == StatusCode::OK);
 
     // The prover task should be done now, so we can await it.
-    let (prover, _, verifier_socket) = prover_task.await??;
+    let prover = prover_task.await??;
 
     // Parse the HTTP transcript.
     let transcript = HttpTranscript::parse(prover.transcript())?;
@@ -223,8 +222,7 @@ async fn prover<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
 
     let request_config = builder.build()?;
 
-    let (attestation, secrets) =
-        notarize(prover, &request_config, verifier_socket, req_tx, resp_rx).await?;
+    let (attestation, secrets) = notarize(prover, &request_config, req_tx, resp_rx).await?;
 
     // Write the attestation to disk.
     let attestation_path = tlsn_examples::get_file_path(example_type, "attestation");
@@ -244,10 +242,9 @@ async fn prover<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
     Ok(())
 }
 
-async fn notarize<S: futures::AsyncRead + futures::AsyncWrite + Send + Unpin>(
+async fn notarize(
     mut prover: Prover<Committed>,
     config: &RequestConfig,
-    mut verifier_socket: S,
     request_tx: Sender<AttestationRequest>,
     attestation_rx: Receiver<Attestation>,
 ) -> Result<(Attestation, Secrets)> {
@@ -263,13 +260,11 @@ async fn notarize<S: futures::AsyncRead + futures::AsyncWrite + Send + Unpin>(
         transcript_commitments,
         transcript_secrets,
         ..
-    } = prover
-        .prove(&disclosure_config, &mut verifier_socket)
-        .await?;
+    } = prover.prove(&disclosure_config).await?;
 
     let transcript = prover.transcript().clone();
     let tls_transcript = prover.tls_transcript().clone();
-    prover.close(&mut verifier_socket).await?;
+    prover.close().await?;
 
     // Build an attestation request.
     let mut builder = AttestationRequest::builder(config);
@@ -312,12 +307,10 @@ async fn notarize<S: futures::AsyncRead + futures::AsyncWrite + Send + Unpin>(
 }
 
 async fn notary<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
-    prover_socket: S,
+    socket: S,
     request_rx: Receiver<AttestationRequest>,
     attestation_tx: Sender<Attestation>,
 ) -> Result<()> {
-    let mut prover_socket = prover_socket.compat();
-
     // Create a root certificate store with the server-fixture's self-signed
     // certificate. This is only required for offline testing with the
     // server-fixture.
@@ -329,29 +322,24 @@ async fn notary<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
         .unwrap();
 
     let verifier = Verifier::new(verifier_config)
-        .commit(&mut prover_socket)
+        .commit(socket.compat())
         .await?
-        .accept(&mut prover_socket)
+        .accept()
         .await?
-        .run(&mut prover_socket)
+        .run()
         .await?;
 
     let (
         VerifierOutput {
             transcript_commitments,
-            encoder_secret,
             ..
         },
         verifier,
-    ) = verifier
-        .verify(&mut prover_socket)
-        .await?
-        .accept(&mut prover_socket)
-        .await?;
+    ) = verifier.verify().await?.accept().await?;
 
     let tls_transcript = verifier.tls_transcript().clone();
 
-    verifier.close(&mut prover_socket).await?;
+    verifier.close().await?;
 
     let sent_len = tls_transcript
         .sent()
@@ -404,10 +392,6 @@ async fn notary<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
         .server_ephemeral_key(tls_transcript.server_ephemeral_key().clone())
         .transcript_commitments(transcript_commitments);
 
-    if let Some(encoder_secret) = encoder_secret {
-        builder.encoder_secret(encoder_secret);
-    }
-
     let attestation = builder.build(&provider)?;
 
     // Send attestation to prover.

crates/examples/interactive/interactive.rs

@@ -73,8 +73,6 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
     server_addr: &SocketAddr,
     uri: &str,
 ) -> Result<()> {
-    let mut verifier_socket = verifier_socket.compat();
-
     let uri = uri.parse::<Uri>().unwrap();
     assert_eq!(uri.scheme().unwrap().as_str(), "https");
     let server_domain = uri.authority().unwrap().host();
@@ -95,30 +93,32 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
                         .build()?,
                 )
                 .build()?,
-            &mut verifier_socket,
+            verifier_socket.compat(),
         )
         .await?;
 
     // Open a TCP connection to the server.
-    let client_socket = tokio::net::TcpStream::connect(server_addr).await?.compat();
+    let client_socket = tokio::net::TcpStream::connect(server_addr).await?;
 
     // Bind the prover to the server connection.
-    let (tls_connection, prover) = prover.setup(
-        TlsClientConfig::builder()
-            .server_name(ServerName::Dns(SERVER_DOMAIN.try_into()?))
-            // Create a root certificate store with the server-fixture's self-signed
-            // certificate. This is only required for offline testing with the
-            // server-fixture.
-            .root_store(RootCertStore {
-                roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
-            })
-            .build()?,
-    )?;
-
+    let (tls_connection, prover_fut) = prover
+        .connect(
+            TlsClientConfig::builder()
+                .server_name(ServerName::Dns(SERVER_DOMAIN.try_into()?))
+                // Create a root certificate store with the server-fixture's self-signed
+                // certificate. This is only required for offline testing with the
+                // server-fixture.
+                .root_store(RootCertStore {
+                    roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
+                })
+                .build()?,
+            client_socket.compat(),
+        )
+        .await?;
     let tls_connection = TokioIo::new(tls_connection.compat());
 
     // Spawn the Prover to run in the background.
-    let prover_task = tokio::spawn(prover.run(client_socket, verifier_socket));
+    let prover_task = tokio::spawn(prover_fut);
 
     // MPC-TLS Handshake.
     let (mut request_sender, connection) =
@@ -140,7 +140,7 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
     assert!(response.status() == StatusCode::OK);
 
     // Create proof for the Verifier.
-    let (mut prover, _, mut verifier_socket) = prover_task.await??;
+    let mut prover = prover_task.await??;
 
     let mut builder = ProveConfig::builder(prover.transcript());
 
@@ -173,8 +173,8 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
 
     let config = builder.build()?;
 
-    prover.prove(&config, &mut verifier_socket).await?;
-    prover.close(&mut verifier_socket).await?;
+    prover.prove(&config).await?;
+    prover.close().await?;
 
     Ok(())
 }
@@ -183,8 +183,6 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
 async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
     socket: T,
 ) -> Result<PartialTranscript> {
-    let mut socket = socket.compat();
-
     // Create a root certificate store with the server-fixture's self-signed
     // certificate. This is only required for offline testing with the
     // server-fixture.
@@ -196,7 +194,7 @@ async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
     let verifier = Verifier::new(verifier_config);
 
     // Validate the proposed configuration and then run the TLS commitment protocol.
-    let verifier = verifier.commit(&mut socket).await?;
+    let verifier = verifier.commit(socket.compat()).await?;
 
     // This is the opportunity to ensure the prover does not attempt to overload the
     // verifier.
@@ -214,21 +212,21 @@ async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
     };
 
     if reject.is_some() {
-        verifier.reject(&mut socket, reject).await?;
+        verifier.reject(reject).await?;
         return Err(anyhow::anyhow!("protocol configuration rejected"));
     }
 
     // Runs the TLS commitment protocol to completion.
-    let verifier = verifier.accept(&mut socket).await?.run(&mut socket).await?;
+    let verifier = verifier.accept().await?.run().await?;
 
     // Validate the proving request and then verify.
-    let verifier = verifier.verify(&mut socket).await?;
+    let verifier = verifier.verify().await?;
 
     if !verifier.request().server_identity() {
         let verifier = verifier
-            .reject(&mut socket, Some("expecting to verify the server name"))
+            .reject(Some("expecting to verify the server name"))
             .await?;
-        verifier.close(&mut socket).await?;
+        verifier.close().await?;
         return Err(anyhow::anyhow!("prover did not reveal the server name"));
     }
 
@@ -239,9 +237,9 @@ async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
             ..
         },
         verifier,
-    ) = verifier.accept(&mut socket).await?;
+    ) = verifier.accept().await?;
 
-    verifier.close(&mut socket).await?;
+    verifier.close().await?;
 
     let server_name = server_name.expect("prover should have revealed server name");
     let transcript = transcript.expect("prover should have revealed transcript data");

crates/examples/interactive_zk/interactive_zk.rs

@@ -31,10 +31,11 @@ async fn main() -> Result<()> {
 
     // Connect prover and verifier.
     let (prover_socket, verifier_socket) = tokio::io::duplex(1 << 23);
+    let (prover_extra_socket, verifier_extra_socket) = tokio::io::duplex(1 << 23);
 
     let (_, transcript) = tokio::try_join!(
-        prover(prover_socket, &server_addr, &uri),
-        verifier(verifier_socket)
+        prover(prover_socket, prover_extra_socket, &server_addr, &uri),
+        verifier(verifier_socket, verifier_extra_socket)
     )?;
 
     println!("---");

crates/examples/interactive_zk/prover.rs

@@ -46,15 +46,15 @@ use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
 use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
 use tracing::instrument;
 
-#[instrument(skip(verifier_socket))]
+#[instrument(skip(verifier_socket, verifier_extra_socket))]
 pub async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
     verifier_socket: T,
+    mut verifier_extra_socket: T,
     server_addr: &SocketAddr,
     uri: &str,
 ) -> Result<()> {
-    let mut verifier_socket = verifier_socket.compat();
-
     let uri = uri.parse::<Uri>()?;
+
     if uri.scheme().map(|s| s.as_str()) != Some("https") {
         return Err(anyhow::anyhow!("URI must use HTTPS scheme"));
     }
@@ -80,29 +80,32 @@ pub async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
                         .build()?,
                 )
                 .build()?,
-            &mut verifier_socket,
+            verifier_socket.compat(),
         )
         .await?;
 
     // Open a TCP connection to the server.
-    let client_socket = tokio::net::TcpStream::connect(server_addr).await?.compat();
+    let client_socket = tokio::net::TcpStream::connect(server_addr).await?;
 
     // Bind the prover to the server connection.
-    let (tls_connection, prover) = prover.setup(
-        TlsClientConfig::builder()
-            .server_name(ServerName::Dns(SERVER_DOMAIN.try_into()?))
-            // Create a root certificate store with the server-fixture's self-signed
-            // certificate. This is only required for offline testing with the
-            // server-fixture.
-            .root_store(RootCertStore {
-                roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
-            })
-            .build()?,
-    )?;
+    let (tls_connection, prover_fut) = prover
+        .connect(
+            TlsClientConfig::builder()
+                .server_name(ServerName::Dns(SERVER_DOMAIN.try_into()?))
+                // Create a root certificate store with the server-fixture's self-signed
+                // certificate. This is only required for offline testing with the
+                // server-fixture.
+                .root_store(RootCertStore {
+                    roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
+                })
+                .build()?,
+            client_socket.compat(),
+        )
+        .await?;
     let tls_connection = TokioIo::new(tls_connection.compat());
 
     // Spawn the Prover to run in the background.
-    let prover_task = tokio::spawn(prover.run(client_socket, verifier_socket));
+    let prover_task = tokio::spawn(prover_fut);
 
     // MPC-TLS Handshake.
     let (mut request_sender, connection) =
@@ -130,7 +133,7 @@ pub async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
     }
 
     // Create proof for the Verifier.
-    let (mut prover, _, mut verifier_socket) = prover_task.await??;
+    let mut prover = prover_task.await??;
 
     let transcript = prover.transcript().clone();
     let mut prove_config_builder = ProveConfig::builder(&transcript);
@@ -164,8 +167,8 @@ pub async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
     let prove_config = prove_config_builder.build()?;
 
     // MPC-TLS prove
-    let prover_output = prover.prove(&prove_config, &mut verifier_socket).await?;
-    prover.close(&mut verifier_socket).await?;
+    let prover_output = prover.prove(&prove_config).await?;
+    prover.close().await?;
 
     // Prove birthdate is more than 18 years ago.
     let received_commitments = received_commitments(&prover_output.transcript_commitments);
@@ -181,10 +184,8 @@ pub async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
 
     // Sent zk proof bundle to verifier
     let serialized_proof = bincode::serialize(&proof_bundle)?;
-
-    let mut verifier_socket = verifier_socket.into_inner();
-    verifier_socket.write_all(&serialized_proof).await?;
-    verifier_socket.shutdown().await?;
+    verifier_extra_socket.write_all(&serialized_proof).await?;
+    verifier_extra_socket.shutdown().await?;
 
     Ok(())
 }

crates/examples/interactive_zk/verifier.rs

@@ -20,12 +20,11 @@ use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite};
 use tokio_util::compat::TokioAsyncReadCompatExt;
 use tracing::instrument;
 
-#[instrument(skip(prover_socket))]
+#[instrument(skip(socket, extra_socket))]
 pub async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
-    prover_socket: T,
+    socket: T,
+    mut extra_socket: T,
 ) -> Result<PartialTranscript> {
-    let mut prover_socket = prover_socket.compat();
-
     let verifier = Verifier::new(
         VerifierConfig::builder()
             // Create a root certificate store with the server-fixture's self-signed
@@ -38,7 +37,7 @@ pub async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
     );
 
     // Validate the proposed configuration and then run the TLS commitment protocol.
-    let verifier = verifier.commit(&mut prover_socket).await?;
+    let verifier = verifier.commit(socket.compat()).await?;
 
     // This is the opportunity to ensure the prover does not attempt to overload the
     // verifier.
@@ -56,29 +55,24 @@ pub async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
     };
 
     if reject.is_some() {
-        verifier.reject(&mut prover_socket, reject).await?;
+        verifier.reject(reject).await?;
         return Err(anyhow::anyhow!("protocol configuration rejected"));
     }
 
     // Runs the TLS commitment protocol to completion.
-    let verifier = verifier
-        .accept(&mut prover_socket)
-        .await?
-        .run(&mut prover_socket)
-        .await?;
+    let verifier = verifier.accept().await?.run().await?;
 
     // Validate the proving request and then verify.
-    let verifier = verifier.verify(&mut prover_socket).await?;
+    let verifier = verifier.verify().await?;
     let request = verifier.request();
 
     if !request.server_identity() || request.reveal().is_none() {
         let verifier = verifier
-            .reject(
-                &mut prover_socket,
-                Some("expecting to verify the server name and transcript data"),
-            )
+            .reject(Some(
+                "expecting to verify the server name and transcript data",
+            ))
             .await?;
-        verifier.close(&mut prover_socket).await?;
+        verifier.close().await?;
         return Err(anyhow::anyhow!(
             "prover did not reveal the server name and transcript data"
         ));
@@ -92,9 +86,10 @@ pub async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
             ..
         },
         verifier,
-    ) = verifier.accept(&mut prover_socket).await?;
+    ) = verifier.accept().await?;
+
+    verifier.close().await?;
 
-    verifier.close(&mut prover_socket).await?;
     let server_name = server_name.expect("server name should be present");
     let transcript = transcript.expect("transcript should be present");
 
@@ -131,9 +126,7 @@ pub async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
 
     // Receive ZKProof information from prover
     let mut buf = Vec::new();
-
-    let mut prover_socket = prover_socket.into_inner();
-    prover_socket.read_to_end(&mut buf).await?;
+    extra_socket.read_to_end(&mut buf).await?;
 
     if buf.is_empty() {
         return Err(anyhow::anyhow!("No ZK proof data received from prover"));

crates/harness/executor/src/bench/prover.rs

@@ -23,8 +23,7 @@ use crate::{
 };
 
 pub async fn bench_prover(provider: &IoProvider, config: &Bench) -> Result<ProverMetrics> {
-    let mut verifier_io = Meter::new(provider.provide_proto_io().await?);
-    let mut server_io = provider.provide_server_io().await?;
+    let verifier_io = Meter::new(provider.provide_proto_io().await?);
 
     let sent = verifier_io.sent();
     let recv = verifier_io.recv();
@@ -50,7 +49,7 @@ pub async fn bench_prover(provider: &IoProvider, config: &Bench) -> Result<Prove
                         .build()
                 }?)
                 .build()?,
-            &mut verifier_io,
+            verifier_io,
         )
         .await?;
 
@@ -59,18 +58,19 @@ pub async fn bench_prover(provider: &IoProvider, config: &Bench) -> Result<Prove
     let uploaded_preprocess = sent.load(Ordering::Relaxed);
     let downloaded_preprocess = recv.load(Ordering::Relaxed);
 
-    let (mut conn, prover) = prover.setup(
-        TlsClientConfig::builder()
-            .server_name(ServerName::Dns(SERVER_DOMAIN.try_into()?))
-            .root_store(RootCertStore {
-                roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
-            })
-            .build()?,
-    )?;
+    let (mut conn, prover_fut) = prover
+        .connect(
+            TlsClientConfig::builder()
+                .server_name(ServerName::Dns(SERVER_DOMAIN.try_into()?))
+                .root_store(RootCertStore {
+                    roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
+                })
+                .build()?,
+            provider.provide_server_io().await?,
+        )
+        .await?;
 
-    let mut prover = prover.connect(&mut server_io, &mut verifier_io);
-
-    futures::try_join!(
+    let (_, mut prover) = futures::try_join!(
         async {
             let request = format!(
                 "GET /bytes?size={} HTTP/1.1\r\nConnection: close\r\nData: {}\r\n\r\n",
@@ -87,9 +87,8 @@ pub async fn bench_prover(provider: &IoProvider, config: &Bench) -> Result<Prove
 
             Ok(())
         },
-        (&mut prover).map_err(anyhow::Error::from)
+        prover_fut.map_err(anyhow::Error::from)
     )?;
-    let mut prover = prover.finish()?;
 
     let time_online = time_start_online.elapsed().as_millis();
     let uploaded_online = sent.load(Ordering::Relaxed) - uploaded_preprocess;
@@ -119,8 +118,8 @@ pub async fn bench_prover(provider: &IoProvider, config: &Bench) -> Result<Prove
 
     let prove_config = builder.build()?;
 
-    prover.prove(&prove_config, &mut verifier_io).await?;
-    prover.close(&mut verifier_io).await?;
+    prover.prove(&prove_config).await?;
+    prover.close().await?;
 
     let time_total = time_start.elapsed().as_millis();
 

crates/harness/executor/src/bench/verifier.rs

@@ -11,8 +11,6 @@ use tlsn_server_fixture_certs::CA_CERT_DER;
 use crate::IoProvider;
 
 pub async fn bench_verifier(provider: &IoProvider, _config: &Bench) -> Result<()> {
-    let mut prover_io = provider.provide_proto_io().await?;
-
     let verifier = Verifier::new(
         VerifierConfig::builder()
             .root_store(RootCertStore {
@@ -24,16 +22,12 @@ pub async fn bench_verifier(provider: &IoProvider, _config: &Bench) -> Result<()
     let verifier = verifier
         .commit(provider.provide_proto_io().await?)
         .await?
-        .accept(&mut prover_io)
+        .accept()
         .await?
-        .run(&mut prover_io)
+        .run()
         .await?;
-    let (_, verifier) = verifier
-        .verify(&mut prover_io)
-        .await?
-        .accept(&mut prover_io)
-        .await?;
-    verifier.close(&mut prover_io).await?;
+    let (_, verifier) = verifier.verify().await?.accept().await?;
+    verifier.close().await?;
 
     Ok(())
 }

crates/harness/executor/test_plugins/basic.rs

@@ -28,8 +28,6 @@ const MAX_RECV_DATA: usize = 1 << 11;
 crate::test!("basic", prover, verifier);
 
 async fn prover(provider: &IoProvider) {
-    let mut verifier_io = provider.provide_proto_io().await.unwrap();
-
     let prover = Prover::new(ProverConfig::builder().build().unwrap())
         .commit(
             TlsCommitConfig::builder()
@@ -43,15 +41,13 @@ async fn prover(provider: &IoProvider) {
                 )
                 .build()
                 .unwrap(),
-            &mut verifier_io,
+            provider.provide_proto_io().await.unwrap(),
         )
         .await
         .unwrap();
 
-    let server_io = provider.provide_server_io().await.unwrap();
-
-    let (tls_connection, prover) = prover
-        .setup(
+    let (tls_connection, prover_fut) = prover
+        .connect(
             TlsClientConfig::builder()
                 .server_name(ServerName::Dns(SERVER_DOMAIN.try_into().unwrap()))
                 .root_store(RootCertStore {
@@ -59,10 +55,12 @@ async fn prover(provider: &IoProvider) {
                 })
                 .build()
                 .unwrap(),
+            provider.provide_server_io().await.unwrap(),
         )
+        .await
         .unwrap();
 
-    let prover_task = spawn(prover.run(server_io, verifier_io));
+    let prover_task = spawn(prover_fut);
 
     let (mut request_sender, connection) =
         hyper::client::conn::http1::handshake(FuturesIo::new(tls_connection))
@@ -89,7 +87,7 @@ async fn prover(provider: &IoProvider) {
 
     let _ = response.into_body().collect().await.unwrap().to_bytes();
 
-    let (mut prover, _, mut verifier_io) = prover_task.await.unwrap().unwrap();
+    let mut prover = prover_task.await.unwrap().unwrap();
 
     let (sent_len, recv_len) = prover.transcript().len();
 
@@ -116,13 +114,11 @@ async fn prover(provider: &IoProvider) {
 
     let config = builder.build().unwrap();
 
-    prover.prove(&config, &mut verifier_io).await.unwrap();
-    prover.close(&mut verifier_io).await.unwrap();
+    prover.prove(&config).await.unwrap();
+    prover.close().await.unwrap();
 }
 
 async fn verifier(provider: &IoProvider) {
-    let mut prover_io = provider.provide_proto_io().await.unwrap();
-
     let config = VerifierConfig::builder()
         .root_store(RootCertStore {
             roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
@@ -131,13 +127,13 @@ async fn verifier(provider: &IoProvider) {
         .unwrap();
 
     let verifier = Verifier::new(config)
-        .commit(&mut prover_io)
+        .commit(provider.provide_proto_io().await.unwrap())
         .await
         .unwrap()
-        .accept(&mut prover_io)
+        .accept()
         .await
         .unwrap()
-        .run(&mut prover_io)
+        .run()
         .await
         .unwrap();
 
@@ -148,15 +144,9 @@ async fn verifier(provider: &IoProvider) {
             ..
         },
         verifier,
-    ) = verifier
-        .verify(&mut prover_io)
-        .await
-        .unwrap()
-        .accept(&mut prover_io)
-        .await
-        .unwrap();
+    ) = verifier.verify().await.unwrap().accept().await.unwrap();
 
-    verifier.close(&mut prover_io).await.unwrap();
+    verifier.close().await.unwrap();
 
     let ServerName::Dns(server_name) = server_name.unwrap();
 

crates/mpc-tls/Cargo.toml

@@ -60,15 +60,17 @@ mpz-common = { workspace = true, features = ["test-utils"] }
 mpz-ot = { workspace = true, features = ["ideal"] }
 mpz-ideal-vm = { workspace = true }
 
+tlsn-mux = { workspace = true }
+
 cipher-crate = { package = "cipher", version = "0.4" }
 generic-array = { workspace = true }
 rand_chacha = { workspace = true }
 rstest = { workspace = true }
 tls-server-fixture = { workspace = true }
 tlsn-tls-client = { workspace = true }
+tlsn-tls-client-async = { workspace = true }
 tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] }
 tokio-util = { workspace = true, features = ["compat"] }
 tracing-subscriber = { workspace = true }
-uid-mux = { workspace = true, features = ["serio", "test-utils"] }
 rustls-pki-types = { workspace = true }
 rustls-webpki = { workspace = true }

crates/mpc-tls/src/leader.rs

@@ -378,29 +378,15 @@ impl MpcTlsLeader {
         Ok(())
     }
 
-    /// Enables or disables the decryption of any incoming messages.
-    ///
-    /// # Arguments
-    ///
-    /// * `enable` - Whether to enable or disable decryption.
+    /// Defers decryption of any incoming messages.
     #[instrument(level = "debug", skip_all, err)]
-    pub fn enable_decryption(&mut self, enable: bool) -> Result<(), MpcTlsError> {
-        self.is_decrypting = enable;
-
-        if enable {
-            self.notifier.set();
-        } else {
-            self.notifier.clear();
-        }
+    pub async fn defer_decryption(&mut self) -> Result<(), MpcTlsError> {
+        self.is_decrypting = false;
+        self.notifier.clear();
 
         Ok(())
     }
 
-    /// Returns if incoming messages are decrypted.
-    pub fn is_decrypting(&self) -> bool {
-        self.is_decrypting
-    }
-
     /// Stops the actor.
     pub fn stop(&mut self, ctx: &mut LudiContext<Self>) {
         ctx.stop();

crates/mpc-tls/src/leader/actor.rs

@@ -32,14 +32,10 @@ impl MpcTlsLeaderCtrl {
         Self { address }
     }
 
-    /// Enables or disables the decryption of any incoming messages.
-    ///
-    /// # Arguments
-    ///
-    /// * `enable` - Whether to enable or disable decryption.
-    pub async fn enable_decryption(&self, enable: bool) -> Result<(), MpcTlsError> {
+    /// Defers decryption of any incoming messages.
+    pub async fn defer_decryption(&self) -> Result<(), MpcTlsError> {
         self.address
-            .send(EnableDecryption { enable })
+            .send(DeferDecryption)
             .await
             .map_err(MpcTlsError::actor)?
     }
@@ -985,7 +981,7 @@ impl Handler<BackendMsgServerClosed> for MpcTlsLeader {
     }
 }
 
-impl Dispatch<MpcTlsLeader> for EnableDecryption {
+impl Dispatch<MpcTlsLeader> for DeferDecryption {
     fn dispatch<R: FnOnce(Self::Return) + Send>(
         self,
         actor: &mut MpcTlsLeader,
@@ -996,13 +992,13 @@ impl Dispatch<MpcTlsLeader> for EnableDecryption {
     }
 }
 
-impl Handler<EnableDecryption> for MpcTlsLeader {
+impl Handler<DeferDecryption> for MpcTlsLeader {
     async fn handle(
         &mut self,
-        msg: EnableDecryption,
+        _msg: DeferDecryption,
         _ctx: &mut LudiCtx<Self>,
-    ) -> <EnableDecryption as Message>::Return {
-        self.enable_decryption(msg.enable)
+    ) -> <DeferDecryption as Message>::Return {
+        self.defer_decryption().await
     }
 }
 
@@ -1052,7 +1048,7 @@ pub enum MpcTlsLeaderMsg {
     BackendMsgGetNotify(BackendMsgGetNotify),
     BackendMsgIsEmpty(BackendMsgIsEmpty),
     BackendMsgServerClosed(BackendMsgServerClosed),
-    DeferDecryption(EnableDecryption),
+    DeferDecryption(DeferDecryption),
     Stop(Stop),
 }
 
@@ -1087,7 +1083,7 @@ pub enum MpcTlsLeaderMsgReturn {
     BackendMsgGetNotify(<BackendMsgGetNotify as Message>::Return),
     BackendMsgIsEmpty(<BackendMsgIsEmpty as Message>::Return),
     BackendMsgServerClosed(<BackendMsgServerClosed as Message>::Return),
-    DeferDecryption(<EnableDecryption as Message>::Return),
+    DeferDecryption(<DeferDecryption as Message>::Return),
     Stop(<Stop as Message>::Return),
 }
 
@@ -1736,25 +1732,23 @@ impl Wrap<BackendMsgServerClosed> for MpcTlsLeaderMsg {
     }
 }
 
-/// Message to enable or disable the decryption of messages.
+/// Message to start deferring the decryption.
 #[allow(missing_docs)]
 #[derive(Debug)]
-pub struct EnableDecryption {
-    pub enable: bool,
-}
+pub struct DeferDecryption;
 
-impl Message for EnableDecryption {
+impl Message for DeferDecryption {
     type Return = Result<(), MpcTlsError>;
 }
 
-impl From<EnableDecryption> for MpcTlsLeaderMsg {
-    fn from(value: EnableDecryption) -> Self {
+impl From<DeferDecryption> for MpcTlsLeaderMsg {
+    fn from(value: DeferDecryption) -> Self {
         MpcTlsLeaderMsg::DeferDecryption(value)
     }
 }
 
-impl Wrap<EnableDecryption> for MpcTlsLeaderMsg {
-    fn unwrap_return(ret: Self::Return) -> Result<<EnableDecryption as Message>::Return, Error> {
+impl Wrap<DeferDecryption> for MpcTlsLeaderMsg {
+    fn unwrap_return(ret: Self::Return) -> Result<<DeferDecryption as Message>::Return, Error> {
         match ret {
             Self::Return::DeferDecryption(value) => Ok(value),
             _ => Err(Error::Wrapper),

crates/mpc-tls/tests/test.rs

@@ -0,0 +1,160 @@
+use std::sync::Arc;
+
+use futures::{AsyncReadExt, AsyncWriteExt};
+use mpc_tls::{Config, MpcTlsFollower, MpcTlsLeader};
+use mpz_common::context::test_mt_context;
+use mpz_core::Block;
+use mpz_ideal_vm::IdealVm;
+use mpz_memory_core::correlated::Delta;
+use mpz_ot::{
+    ideal::rcot::ideal_rcot,
+    rcot::shared::{SharedRCOTReceiver, SharedRCOTSender},
+};
+use rand::{rngs::StdRng, SeedableRng};
+use rustls_pki_types::CertificateDer;
+use tls_client::RootCertStore;
+use tls_client_async::bind_client;
+use tls_server_fixture::{bind_test_server_hyper, CA_CERT_DER, SERVER_DOMAIN};
+use tokio::sync::Mutex;
+use tokio_util::compat::TokioAsyncReadCompatExt;
+use webpki::anchor_from_trusted_cert;
+
+const CA_CERT: CertificateDer = CertificateDer::from_slice(CA_CERT_DER);
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn mpc_tls_test() {
+    tracing_subscriber::fmt::init();
+
+    let config = Config::builder()
+        .defer_decryption(false)
+        .max_sent(1 << 13)
+        .max_recv_online(1 << 13)
+        .max_recv(1 << 13)
+        .build()
+        .unwrap();
+
+    let (leader, follower) = build_pair(config);
+
+    tokio::try_join!(
+        tokio::spawn(leader_task(leader)),
+        tokio::spawn(follower_task(follower))
+    )
+    .unwrap();
+}
+
+async fn leader_task(mut leader: MpcTlsLeader) {
+    leader.alloc().unwrap();
+
+    leader.preprocess().await.unwrap();
+
+    let (leader_ctrl, leader_fut) = leader.run();
+    tokio::spawn(async { leader_fut.await.unwrap() });
+
+    let config = tls_client::ClientConfig::builder()
+        .with_safe_defaults()
+        .with_root_certificates(RootCertStore {
+            roots: vec![anchor_from_trusted_cert(&CA_CERT).unwrap().to_owned()],
+        })
+        .with_no_client_auth();
+
+    let server_name = SERVER_DOMAIN.try_into().unwrap();
+
+    let client = tls_client::ClientConnection::new(
+        Arc::new(config),
+        Box::new(leader_ctrl.clone()),
+        server_name,
+    )
+    .unwrap();
+
+    let (client_socket, server_socket) = tokio::io::duplex(1 << 16);
+    tokio::spawn(bind_test_server_hyper(server_socket.compat()));
+
+    let (mut conn, conn_fut) = bind_client(client_socket.compat(), client);
+    let handle = tokio::spawn(async { conn_fut.await.unwrap() });
+
+    let msg = concat!(
+        "POST /echo HTTP/1.1\r\n",
+        "Host: test-server.io\r\n",
+        "Connection: keep-alive\r\n",
+        "Accept-Encoding: identity\r\n",
+        "Content-Length: 5\r\n",
+        "\r\n",
+        "hello",
+        "\r\n"
+    );
+
+    conn.write_all(msg.as_bytes()).await.unwrap();
+
+    let mut buf = vec![0u8; 48];
+    conn.read_exact(&mut buf).await.unwrap();
+
+    leader_ctrl.defer_decryption().await.unwrap();
+
+    let msg = concat!(
+        "POST /echo HTTP/1.1\r\n",
+        "Host: test-server.io\r\n",
+        "Connection: close\r\n",
+        "Accept-Encoding: identity\r\n",
+        "Content-Length: 5\r\n",
+        "\r\n",
+        "hello",
+        "\r\n"
+    );
+
+    conn.write_all(msg.as_bytes()).await.unwrap();
+    conn.close().await.unwrap();
+
+    let mut buf = vec![0u8; 1024];
+    conn.read_to_end(&mut buf).await.unwrap();
+
+    leader_ctrl.stop().await.unwrap();
+
+    handle.await.unwrap();
+}
+
+async fn follower_task(mut follower: MpcTlsFollower) {
+    follower.alloc().unwrap();
+    follower.preprocess().await.unwrap();
+    follower.run().await.unwrap();
+}
+
+fn build_pair(config: Config) -> (MpcTlsLeader, MpcTlsFollower) {
+    let mut rng = StdRng::seed_from_u64(0);
+
+    let (mut mt_a, mut mt_b) = test_mt_context(8);
+
+    let ctx_a = futures::executor::block_on(mt_a.new_context()).unwrap();
+    let ctx_b = futures::executor::block_on(mt_b.new_context()).unwrap();
+
+    let delta_a = Delta::new(Block::random(&mut rng));
+    let delta_b = Delta::new(Block::random(&mut rng));
+
+    let (rcot_send_a, rcot_recv_b) = ideal_rcot(Block::random(&mut rng), delta_a.into_inner());
+    let (rcot_send_b, rcot_recv_a) = ideal_rcot(Block::random(&mut rng), delta_b.into_inner());
+
+    let rcot_send_a = SharedRCOTSender::new(rcot_send_a);
+    let rcot_send_b = SharedRCOTSender::new(rcot_send_b);
+    let rcot_recv_a = SharedRCOTReceiver::new(rcot_recv_a);
+    let rcot_recv_b = SharedRCOTReceiver::new(rcot_recv_b);
+
+    let mpc_a = Arc::new(Mutex::new(IdealVm::new()));
+    let mpc_b = Arc::new(Mutex::new(IdealVm::new()));
+
+    let leader = MpcTlsLeader::new(
+        config.clone(),
+        ctx_a,
+        mpc_a,
+        (rcot_send_a.clone(), rcot_send_a.clone(), rcot_send_a),
+        rcot_recv_a,
+    );
+
+    let follower = MpcTlsFollower::new(
+        config,
+        ctx_b,
+        mpc_b,
+        rcot_send_b,
+        (rcot_recv_b.clone(), rcot_recv_b.clone(), rcot_recv_b),
+    );
+
+    (leader, follower)
+}

crates/tls/client-async/Cargo.toml

@@ -0,0 +1,39 @@
+[package]
+name = "tlsn-tls-client-async"
+authors = ["TLSNotary Team"]
+description = "An async TLS client for TLSNotary"
+keywords = ["tls", "mpc", "2pc", "client", "async"]
+categories = ["cryptography"]
+license = "MIT OR Apache-2.0"
+version = "0.1.0-alpha.14-pre"
+edition = "2021"
+
+[lints]
+workspace = true
+
+[lib]
+name = "tls_client_async"
+
+[features]
+default = ["tracing"]
+tracing = ["dep:tracing"]
+
+[dependencies]
+tlsn-tls-client = { workspace = true }
+
+bytes = { workspace = true }
+futures = { workspace = true }
+thiserror = { workspace = true }
+tokio-util = { workspace = true, features = ["io", "compat"] }
+tracing = { workspace = true, optional = true }
+
+[dev-dependencies]
+tls-server-fixture = { workspace = true }
+
+http-body-util = { workspace = true }
+hyper = { workspace = true, features = ["client", "http1"] }
+hyper-util = { workspace = true, features = ["full"] }
+rstest = { workspace = true }
+tokio = { workspace = true, features = ["rt", "rt-multi-thread", "macros"] }
+rustls-webpki = { workspace = true }
+rustls-pki-types = { workspace = true }

crates/tls/client-async/src/conn.rs

@@ -0,0 +1,89 @@
+use bytes::Bytes;
+use futures::{
+    channel::mpsc::{Receiver, SendError, Sender},
+    sink::SinkMapErr,
+    AsyncRead, AsyncWrite, SinkExt,
+};
+use std::{
+    io::{Error as IoError, ErrorKind as IoErrorKind},
+    pin::Pin,
+    task::{Context, Poll},
+};
+use tokio_util::{
+    compat::{Compat, TokioAsyncReadCompatExt, TokioAsyncWriteCompatExt},
+    io::{CopyToBytes, SinkWriter, StreamReader},
+};
+
+type CompatSinkWriter =
+    Compat<SinkWriter<CopyToBytes<SinkMapErr<Sender<Bytes>, fn(SendError) -> IoError>>>>;
+
+/// A TLS connection to a server.
+///
+/// This type implements `AsyncRead` and `AsyncWrite` and can be used to
+/// communicate with a server using TLS.
+///
+/// # Note
+///
+/// This connection is closed on a best-effort basis if this is dropped. To
+/// ensure a clean close, you should call
+/// [`AsyncWriteExt::close`](futures::io::AsyncWriteExt::close) to close the
+/// connection.
+#[derive(Debug)]
+pub struct TlsConnection {
+    /// The data to be transmitted to the server is sent to this sink.
+    tx_sender: CompatSinkWriter,
+    /// The data to be received from the server is received from this stream.
+    rx_receiver: Compat<StreamReader<Receiver<Result<Bytes, IoError>>, Bytes>>,
+}
+
+impl TlsConnection {
+    /// Creates a new TLS connection.
+    pub(crate) fn new(
+        tx_sender: Sender<Bytes>,
+        rx_receiver: Receiver<Result<Bytes, IoError>>,
+    ) -> Self {
+        fn convert_error(err: SendError) -> IoError {
+            if err.is_disconnected() {
+                IoErrorKind::BrokenPipe.into()
+            } else {
+                IoErrorKind::WouldBlock.into()
+            }
+        }
+
+        Self {
+            tx_sender: SinkWriter::new(CopyToBytes::new(
+                tx_sender.sink_map_err(convert_error as fn(SendError) -> IoError),
+            ))
+            .compat_write(),
+            rx_receiver: StreamReader::new(rx_receiver).compat(),
+        }
+    }
+}
+
+impl AsyncRead for TlsConnection {
+    fn poll_read(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut [u8],
+    ) -> Poll<Result<usize, IoError>> {
+        Pin::new(&mut self.rx_receiver).poll_read(cx, buf)
+    }
+}
+
+impl AsyncWrite for TlsConnection {
+    fn poll_write(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &[u8],
+    ) -> Poll<Result<usize, IoError>> {
+        Pin::new(&mut self.tx_sender).poll_write(cx, buf)
+    }
+
+    fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Result<(), IoError>> {
+        Pin::new(&mut self.tx_sender).poll_flush(cx)
+    }
+
+    fn poll_close(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Result<(), IoError>> {
+        Pin::new(&mut self.tx_sender).poll_close(cx)
+    }
+}

crates/tls/client-async/src/lib.rs

@@ -0,0 +1,269 @@
+//! Provides a TLS client which exposes an async socket.
+//!
+//! This library provides the [bind_client] function which attaches a TLS client
+//! to a socket connection and then exposes a [TlsConnection] object, which
+//! provides an async socket API for reading and writing cleartext. The TLS
+//! client will then automatically encrypt and decrypt traffic and forward that
+//! to the provided socket.
+
+#![deny(missing_docs, unreachable_pub, unused_must_use)]
+#![deny(clippy::all)]
+#![forbid(unsafe_code)]
+
+mod conn;
+
+use bytes::{Buf, Bytes};
+use futures::{
+    channel::mpsc, future::Fuse, select_biased, stream::Next, AsyncRead, AsyncReadExt, AsyncWrite,
+    AsyncWriteExt, Future, FutureExt, SinkExt, StreamExt,
+};
+
+use std::{
+    pin::Pin,
+    task::{Context, Poll},
+};
+
+#[cfg(feature = "tracing")]
+use tracing::{debug, debug_span, trace, warn, Instrument};
+
+use tls_client::ClientConnection;
+
+pub use conn::TlsConnection;
+
+const RX_TLS_BUF_SIZE: usize = 1 << 13; // 8 KiB
+const RX_BUF_SIZE: usize = 1 << 13; // 8 KiB
+
+/// An error that can occur during a TLS connection.
+#[allow(missing_docs)]
+#[derive(Debug, thiserror::Error)]
+pub enum ConnectionError {
+    #[error(transparent)]
+    TlsError(#[from] tls_client::Error),
+    #[error(transparent)]
+    IOError(#[from] std::io::Error),
+}
+
+/// Closed connection data.
+#[derive(Debug)]
+pub struct ClosedConnection {
+    /// The connection for the client
+    pub client: ClientConnection,
+    /// Sent plaintext bytes
+    pub sent: Vec<u8>,
+    /// Received plaintext bytes
+    pub recv: Vec<u8>,
+}
+
+/// A future which runs the TLS connection to completion.
+///
+/// This future must be polled in order for the connection to make progress.
+#[must_use = "futures do nothing unless polled"]
+pub struct ConnectionFuture {
+    fut: Pin<Box<dyn Future<Output = Result<ClosedConnection, ConnectionError>> + Send>>,
+}
+
+impl Future for ConnectionFuture {
+    type Output = Result<ClosedConnection, ConnectionError>;
+
+    fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
+        self.fut.poll_unpin(cx)
+    }
+}
+
+/// Binds a client connection to the provided socket.
+///
+/// Returns a connection handle and a future which runs the connection to
+/// completion.
+///
+/// # Errors
+///
+/// Any connection errors that occur will be returned from the future, not
+/// [`TlsConnection`].
+pub fn bind_client<T: AsyncRead + AsyncWrite + Send + Unpin + 'static>(
+    socket: T,
+    mut client: ClientConnection,
+) -> (TlsConnection, ConnectionFuture) {
+    let (tx_sender, mut tx_receiver) = mpsc::channel(1 << 14);
+    let (mut rx_sender, rx_receiver) = mpsc::channel(1 << 14);
+
+    let conn = TlsConnection::new(tx_sender, rx_receiver);
+
+    let fut = async move {
+        client.start().await?;
+        let mut notify = client.get_notify().await?;
+
+        let (mut server_rx, mut server_tx) = socket.split();
+
+        let mut rx_tls_buf = [0u8; RX_TLS_BUF_SIZE];
+        let mut rx_buf = [0u8; RX_BUF_SIZE];
+
+        let mut handshake_done = false;
+        let mut client_closed = false;
+        let mut server_closed = false;
+
+        let mut sent = Vec::with_capacity(1024);
+        let mut recv = Vec::with_capacity(1024);
+
+        let mut rx_tls_fut = server_rx.read(&mut rx_tls_buf).fuse();
+        // We don't start writing application data until the handshake is complete.
+        let mut tx_recv_fut: Fuse<Next<'_, mpsc::Receiver<Bytes>>> = Fuse::terminated();
+
+        // Runs both the tx and rx halves of the connection to completion.
+        // This loop does not terminate until the *SERVER* closes the connection and
+        // we've processed all received data. If an error occurs, the `TlsConnection`
+        // channels will be closed and the error will be returned from this future.
+        'conn: loop {
+            // Write all pending TLS data to the server.
+            if client.wants_write() && !client_closed {
+                #[cfg(feature = "tracing")]
+                trace!("client wants to write");
+                while client.wants_write() {
+                    let _sent = client.write_tls_async(&mut server_tx).await?;
+                    #[cfg(feature = "tracing")]
+                    trace!("sent {} tls bytes to server", _sent);
+                }
+                server_tx.flush().await?;
+            }
+
+            // Forward received plaintext to `TlsConnection`.
+            while !client.plaintext_is_empty() {
+                let read = client.read_plaintext(&mut rx_buf)?;
+                recv.extend(&rx_buf[..read]);
+                // Ignore if the receiver has hung up.
+                _ = rx_sender
+                    .send(Ok(Bytes::copy_from_slice(&rx_buf[..read])))
+                    .await;
+                #[cfg(feature = "tracing")]
+                trace!("forwarded {} plaintext bytes to conn", read);
+            }
+
+            if !client.is_handshaking() && !handshake_done {
+                #[cfg(feature = "tracing")]
+                debug!("handshake complete");
+                handshake_done = true;
+                // Start reading application data that needs to be transmitted from the
+                // `TlsConnection`.
+                tx_recv_fut = tx_receiver.next().fuse();
+            }
+
+            if server_closed && client.plaintext_is_empty() && client.is_empty().await? {
+                break 'conn;
+            }
+
+            select_biased! {
+                // Reads TLS data from the server and writes it into the client.
+                received = &mut rx_tls_fut => {
+                    let received = received?;
+                    #[cfg(feature = "tracing")]
+                    trace!("received {} tls bytes from server", received);
+
+                    // Loop until we've processed all the data we received in this read.
+                    // Note that we must make one iteration even if `received == 0`.
+                    let mut processed = 0;
+                    let mut reader = rx_tls_buf[..received].reader();
+                    loop {
+                        processed += client.read_tls(&mut reader)?;
+                        client.process_new_packets().await?;
+
+                        debug_assert!(processed <= received);
+                        if processed >= received {
+                            break;
+                        }
+                    }
+
+                    #[cfg(feature = "tracing")]
+                    trace!("processed {} tls bytes from server", processed);
+
+                    // By convention if `AsyncRead::read` returns 0, it means EOF, i.e. the peer
+                    // has closed the socket.
+                    if received == 0 {
+                        #[cfg(feature = "tracing")]
+                        debug!("server closed connection");
+                        server_closed = true;
+                        client.server_closed().await?;
+                        // Do not read from the socket again.
+                        rx_tls_fut = Fuse::terminated();
+                    } else {
+                        // Reset the read future so next iteration we can read again.
+                        rx_tls_fut = server_rx.read(&mut rx_tls_buf).fuse();
+                    }
+                }
+                // If we receive None from `TlsConnection`, it has closed, so we
+                // send a close_notify to the server.
+                data = &mut tx_recv_fut => {
+                    if let Some(data) = data {
+                        #[cfg(feature = "tracing")]
+                        trace!("writing {} plaintext bytes to client", data.len());
+
+                        sent.extend(&data);
+                        client
+                            .write_all_plaintext(&data)
+                            .await?;
+
+                        tx_recv_fut = tx_receiver.next().fuse();
+                    } else {
+                        if !server_closed {
+                            if let Err(e) = send_close_notify(&mut client, &mut server_tx).await {
+                                #[cfg(feature = "tracing")]
+                                warn!("failed to send close_notify to server: {}", e);
+                            }
+                        }
+
+                        client_closed = true;
+
+                        tx_recv_fut = Fuse::terminated();
+                    }
+                }
+                // Waits for a notification from the backend that it is ready to decrypt data.
+                _ = &mut notify => {
+                    #[cfg(feature = "tracing")]
+                    trace!("backend is ready to decrypt");
+
+                    client.process_new_packets().await?;
+                }
+            }
+        }
+
+        #[cfg(feature = "tracing")]
+        debug!("client shutdown");
+
+        _ = server_tx.close().await;
+        tx_receiver.close();
+        rx_sender.close_channel();
+
+        #[cfg(feature = "tracing")]
+        trace!(
+            "server close notify: {}, sent: {}, recv: {}",
+            client.received_close_notify(),
+            sent.len(),
+            recv.len()
+        );
+
+        Ok(ClosedConnection { client, sent, recv })
+    };
+
+    #[cfg(feature = "tracing")]
+    let fut = fut.instrument(debug_span!("tls_connection"));
+
+    let fut = ConnectionFuture { fut: Box::pin(fut) };
+
+    (conn, fut)
+}
+
+async fn send_close_notify(
+    client: &mut ClientConnection,
+    server_tx: &mut (impl AsyncWrite + Unpin),
+) -> Result<(), ConnectionError> {
+    #[cfg(feature = "tracing")]
+    trace!("sending close_notify to server");
+    client.send_close_notify().await?;
+    client.process_new_packets().await?;
+
+    // Flush all remaining plaintext
+    while client.wants_write() {
+        client.write_tls_async(server_tx).await?;
+    }
+    server_tx.flush().await?;
+
+    Ok(())
+}

crates/tls/client-async/tests/test.rs

@@ -0,0 +1,438 @@
+use std::{str, sync::Arc};
+
+use core::future::Future;
+use futures::{AsyncReadExt, AsyncWriteExt};
+use http_body_util::{BodyExt as _, Full};
+use hyper::{body::Bytes, Request, StatusCode};
+use hyper_util::rt::TokioIo;
+use rstest::{fixture, rstest};
+use rustls_pki_types::CertificateDer;
+use tls_client::{ClientConfig, ClientConnection, RustCryptoBackend, ServerName};
+use tls_client_async::{bind_client, ClosedConnection, ConnectionError, TlsConnection};
+use tls_server_fixture::{
+    bind_test_server, bind_test_server_hyper, APP_RECORD_LENGTH, CA_CERT_DER, CLOSE_DELAY,
+    SERVER_DOMAIN,
+};
+use tokio::task::JoinHandle;
+use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
+use webpki::anchor_from_trusted_cert;
+
+const CA_CERT: CertificateDer = CertificateDer::from_slice(CA_CERT_DER);
+
+// An established client TLS connection
+struct TlsFixture {
+    client_tls_conn: TlsConnection,
+    // a handle that must be `.await`ed to get the result of a TLS connection
+    closed_tls_task: JoinHandle<Result<ClosedConnection, ConnectionError>>,
+}
+
+// Sets up a TLS connection between client and server and sends a hello message
+#[fixture]
+async fn set_up_tls() -> TlsFixture {
+    let (client_socket, server_socket) = tokio::io::duplex(1 << 16);
+
+    let _server_task = tokio::spawn(bind_test_server(server_socket.compat()));
+
+    let mut root_store = tls_client::RootCertStore::empty();
+    root_store
+        .roots
+        .push(anchor_from_trusted_cert(&CA_CERT).unwrap().to_owned());
+    let config = ClientConfig::builder()
+        .with_safe_defaults()
+        .with_root_certificates(root_store)
+        .with_no_client_auth();
+    let client = ClientConnection::new(
+        Arc::new(config),
+        Box::new(RustCryptoBackend::new()),
+        ServerName::try_from(SERVER_DOMAIN).unwrap(),
+    )
+    .unwrap();
+
+    let (mut client_tls_conn, tls_fut) = bind_client(client_socket.compat(), client);
+
+    let closed_tls_task = tokio::spawn(tls_fut);
+
+    client_tls_conn
+        .write_all(&pad("expecting you to send back hello".to_string()))
+        .await
+        .unwrap();
+
+    // give the server some time to respond
+    std::thread::sleep(std::time::Duration::from_millis(10));
+
+    let mut plaintext = vec![0u8; 320];
+    let n = client_tls_conn.read(&mut plaintext).await.unwrap();
+    let s = str::from_utf8(&plaintext[0..n]).unwrap();
+
+    assert_eq!(s, "hello");
+
+    TlsFixture {
+        client_tls_conn,
+        closed_tls_task,
+    }
+}
+
+// Expect the async tls client wrapped in `hyper::client` to make a successful
+// request and receive the expected response
+#[tokio::test]
+async fn test_hyper_ok() {
+    let (client_socket, server_socket) = tokio::io::duplex(1 << 16);
+
+    let server_task = tokio::spawn(bind_test_server_hyper(server_socket.compat()));
+
+    let mut root_store = tls_client::RootCertStore::empty();
+    root_store
+        .roots
+        .push(anchor_from_trusted_cert(&CA_CERT).unwrap().to_owned());
+    let config = ClientConfig::builder()
+        .with_safe_defaults()
+        .with_root_certificates(root_store)
+        .with_no_client_auth();
+    let client = ClientConnection::new(
+        Arc::new(config),
+        Box::new(RustCryptoBackend::new()),
+        ServerName::try_from(SERVER_DOMAIN).unwrap(),
+    )
+    .unwrap();
+
+    let (conn, tls_fut) = bind_client(client_socket.compat(), client);
+
+    let closed_tls_task = tokio::spawn(tls_fut);
+
+    let (mut request_sender, connection) =
+        hyper::client::conn::http1::handshake(TokioIo::new(conn.compat()))
+            .await
+            .unwrap();
+
+    tokio::spawn(connection);
+
+    let request = Request::builder()
+        .uri(format!("https://{SERVER_DOMAIN}/echo"))
+        .header("Host", SERVER_DOMAIN)
+        .header("Connection", "close")
+        .method("POST")
+        .body(Full::<Bytes>::new("hello".into()))
+        .unwrap();
+
+    let response = request_sender.send_request(request).await.unwrap();
+
+    assert!(response.status() == StatusCode::OK);
+
+    // Process the response body
+    response.into_body().collect().await.unwrap().to_bytes();
+
+    let _ = server_task.await.unwrap();
+
+    let closed_conn = closed_tls_task.await.unwrap().unwrap();
+
+    assert!(closed_conn.client.received_close_notify());
+}
+
+// Expect a clean TLS connection closure when server responds to the client's
+// close_notify but doesn't close the socket
+#[rstest]
+#[tokio::test]
+async fn test_ok_server_no_socket_close(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    // instruct the server to send close_notify back to us after 10 ms
+    client_tls_conn
+        .write_all(&pad("send_close_notify".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // closing `client_tls_conn` will cause close_notify to be sent by the client;
+    client_tls_conn.close().await.unwrap();
+
+    let closed_conn = closed_tls_task.await.unwrap().unwrap();
+
+    assert!(closed_conn.client.received_close_notify());
+}
+
+// Expect a clean TLS connection closure when server responds to the client's
+// close_notify AND also closes the socket
+#[rstest]
+#[tokio::test]
+async fn test_ok_server_socket_close(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    // instruct the server to send close_notify back to us AND close the socket
+    // after 10 ms
+    client_tls_conn
+        .write_all(&pad("send_close_notify_and_close_socket".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // closing `client_tls_conn` will cause close_notify to be sent by the client;
+    client_tls_conn.close().await.unwrap();
+
+    let closed_conn = closed_tls_task.await.unwrap().unwrap();
+
+    assert!(closed_conn.client.received_close_notify());
+}
+
+// Expect a clean TLS connection closure when server sends close_notify first
+// but doesn't close the socket
+#[rstest]
+#[tokio::test]
+async fn test_ok_server_close_notify(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    // instruct the server to send close_notify back to us after 10 ms
+    client_tls_conn
+        .write_all(&pad("send_close_notify".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // give enough time for server's close_notify to arrive
+    tokio::time::sleep(std::time::Duration::from_millis(20)).await;
+
+    client_tls_conn.close().await.unwrap();
+
+    let closed_conn = closed_tls_task.await.unwrap().unwrap();
+
+    assert!(closed_conn.client.received_close_notify());
+}
+
+// Expect a clean TLS connection closure when server sends close_notify first
+// AND also closes the socket
+#[rstest]
+#[tokio::test]
+async fn test_ok_server_close_notify_and_socket_close(
+    set_up_tls: impl Future<Output = TlsFixture>,
+) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    // instruct the server to send close_notify back to us after 10 ms
+    client_tls_conn
+        .write_all(&pad("send_close_notify_and_close_socket".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // give enough time for server's close_notify to arrive
+    tokio::time::sleep(std::time::Duration::from_millis(20)).await;
+
+    client_tls_conn.close().await.unwrap();
+
+    let closed_conn = closed_tls_task.await.unwrap().unwrap();
+
+    assert!(closed_conn.client.received_close_notify());
+}
+
+// Expect to be able to read the data after server closes the socket abruptly
+#[rstest]
+#[tokio::test]
+async fn test_ok_read_after_close(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        ..
+    } = set_up_tls.await;
+
+    // instruct the server to send us a hello message
+    client_tls_conn
+        .write_all(&pad("send a hello message".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // instruct the server to close the socket
+    client_tls_conn
+        .write_all(&pad("close_socket".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // give enough time to close the socket
+    tokio::time::sleep(std::time::Duration::from_millis(10)).await;
+
+    // try to read some more data
+    let mut buf = vec![0u8; 10];
+    let n = client_tls_conn.read(&mut buf).await.unwrap();
+
+    assert_eq!(std::str::from_utf8(&buf[0..n]).unwrap(), "hello");
+}
+
+// Expect there to be no error when server DOES NOT send close_notify but just
+// closes the socket
+#[rstest]
+#[tokio::test]
+async fn test_ok_server_no_close_notify(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    // instruct the server to close the socket
+    client_tls_conn
+        .write_all(&pad("close_socket".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // give enough time to close the socket
+    tokio::time::sleep(std::time::Duration::from_millis(10)).await;
+
+    client_tls_conn.close().await.unwrap();
+
+    let closed_conn = closed_tls_task.await.unwrap().unwrap();
+
+    assert!(!closed_conn.client.received_close_notify());
+}
+
+// Expect to register a delay when the server delays closing the socket
+#[rstest]
+#[tokio::test]
+async fn test_ok_delay_close(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    client_tls_conn
+        .write_all(&pad("must_delay_when_closing".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // closing `client_tls_conn` will cause close_notify to be sent by the client
+    client_tls_conn.close().await.unwrap();
+
+    use std::time::Instant;
+    let now = Instant::now();
+    // this will resolve when the server stops delaying closing the socket
+    let closed_conn = closed_tls_task.await.unwrap().unwrap();
+    let elapsed = now.elapsed();
+
+    // the elapsed time must be roughly equal to the server's delay
+    // (give or take timing variations)
+    assert!(elapsed.as_millis() as u64 > CLOSE_DELAY - 50);
+
+    assert!(!closed_conn.client.received_close_notify());
+}
+
+// Expect client to error when server sends a corrupted message
+#[rstest]
+#[tokio::test]
+async fn test_err_corrupted(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    // instruct the server to send a corrupted message
+    client_tls_conn
+        .write_all(&pad("send_corrupted_message".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    tokio::time::sleep(std::time::Duration::from_millis(10)).await;
+    client_tls_conn.close().await.unwrap();
+
+    assert_eq!(
+        closed_tls_task.await.unwrap().err().unwrap().to_string(),
+        "received corrupt message"
+    );
+}
+
+// Expect client to error when server sends a TLS record with a bad MAC
+#[rstest]
+#[tokio::test]
+async fn test_err_bad_mac(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    // instruct the server to send us a TLS record with a bad MAC
+    client_tls_conn
+        .write_all(&pad("send_record_with_bad_mac".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    tokio::time::sleep(std::time::Duration::from_millis(10)).await;
+    client_tls_conn.close().await.unwrap();
+
+    assert_eq!(
+        closed_tls_task.await.unwrap().err().unwrap().to_string(),
+        "backend error: Decryption error: \"aead::Error\""
+    );
+}
+
+// Expect client to error when server sends a fatal alert
+#[rstest]
+#[tokio::test]
+async fn test_err_alert(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        closed_tls_task,
+    } = set_up_tls.await;
+
+    // instruct the server to send us a TLS record with a bad MAC
+    client_tls_conn
+        .write_all(&pad("send_alert".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    tokio::time::sleep(std::time::Duration::from_millis(10)).await;
+    client_tls_conn.close().await.unwrap();
+
+    assert_eq!(
+        closed_tls_task.await.unwrap().err().unwrap().to_string(),
+        "received fatal alert: BadRecordMac"
+    );
+}
+
+// Expect an error when trying to write data to a connection which server closed
+// abruptly
+#[rstest]
+#[tokio::test]
+async fn test_err_write_after_close(set_up_tls: impl Future<Output = TlsFixture>) {
+    let TlsFixture {
+        mut client_tls_conn,
+        ..
+    } = set_up_tls.await;
+
+    // instruct the server to close the socket
+    client_tls_conn
+        .write_all(&pad("close_socket".to_string()))
+        .await
+        .unwrap();
+    client_tls_conn.flush().await.unwrap();
+
+    // give enough time to close the socket
+    tokio::time::sleep(std::time::Duration::from_millis(10)).await;
+
+    // try to send some more data
+    let res = client_tls_conn
+        .write_all(&pad("more data".to_string()))
+        .await;
+
+    assert_eq!(res.err().unwrap().kind(), std::io::ErrorKind::BrokenPipe);
+}
+
+// Converts a string into a slice zero-padded to APP_RECORD_LENGTH
+fn pad(s: String) -> Vec<u8> {
+    assert!(s.len() <= APP_RECORD_LENGTH);
+    let mut buf = vec![0u8; APP_RECORD_LENGTH];
+    buf[..s.len()].copy_from_slice(s.as_bytes());
+    buf
+}

crates/tls/client/src/conn.rs

@@ -457,9 +457,6 @@ impl ConnectionCommon {
             return Err(Error::CorruptMessage);
         }
 
-        // Process outgoing plaintext buffer and encrypt messages.
-        self.flush_plaintext().await?;
-
         // Process new messages.
         while let Some(msg) = self.message_deframer.frames.pop_front() {
             // If we're not decrypting yet, we process it immediately. Otherwise it will be
@@ -511,22 +508,25 @@ impl ConnectionCommon {
         Ok(state)
     }
 
-    /// Writes plaintext `buf` into an internal buffer. May not fully process the
-    /// whole buffer and returns the processed length.
-    pub fn write_plaintext(&mut self, buf: &[u8]) -> Result<usize, Error> {
-        if buf.is_empty() {
-            // Don't send empty fragments.
-            return Ok(0);
+    /// Write buffer into connection.
+    pub async fn write_plaintext(&mut self, buf: &[u8]) -> Result<usize, Error> {
+        if let Ok(st) = &mut self.state {
+            st.perhaps_write_key_update(&mut self.common_state).await;
         }
-
-        let len = self.sendable_plaintext.append_limited_copy(buf);
-        Ok(len)
+        self.common_state.send_some_plaintext(buf).await
     }
 
-    /// Writes the entire plaintext `buf` into an internal buffer.
-    pub fn write_all_plaintext(&mut self, buf: &[u8]) -> Result<(), Error> {
-        self.sendable_plaintext.append(buf.to_vec());
-        Ok(())
+    /// Write entire buffer into connection.
+    pub async fn write_all_plaintext(&mut self, buf: &[u8]) -> Result<usize, Error> {
+        let mut pos = 0;
+        while pos < buf.len() {
+            pos += self.write_plaintext(&buf[pos..]).await?;
+        }
+        self.backend.flush().await?;
+        while let Some(msg) = self.backend.next_outgoing().await? {
+            self.queue_tls_message(msg);
+        }
+        Ok(pos)
     }
 
     /// Read TLS content from `rd`.  This method does internal
@@ -690,11 +690,6 @@ impl CommonState {
         self.received_plaintext.is_empty()
     }
 
-    /// Returns true if the buffer for sendable plaintext is full.
-    pub fn sendable_plaintext_is_full(&self) -> bool {
-        self.sendable_plaintext.is_full()
-    }
-
     /// Returns true if the connection is currently performing the TLS
     /// handshake.
     ///
@@ -787,6 +782,15 @@ impl CommonState {
         }
     }
 
+    /// Send plaintext application data, fragmenting and
+    /// encrypting it as it goes out.
+    ///
+    /// If internal buffers are too small, this function will not accept
+    /// all the data.
+    pub(crate) async fn send_some_plaintext(&mut self, data: &[u8]) -> Result<usize, Error> {
+        self.send_plain(data, Limit::Yes).await
+    }
+
     // Changing the keys must not span any fragmented handshake
     // messages.  Otherwise the defragmented messages will have
     // been protected with two different record layer protections,
@@ -927,6 +931,32 @@ impl CommonState {
         self.sendable_tls.write_to_async(wr).await
     }
 
+    /// Encrypt and send some plaintext `data`.  `limit` controls
+    /// whether the per-connection buffer limits apply.
+    ///
+    /// Returns the number of bytes written from `data`: this might
+    /// be less than `data.len()` if buffer limits were exceeded.
+    async fn send_plain(&mut self, data: &[u8], limit: Limit) -> Result<usize, Error> {
+        if !self.may_send_application_data {
+            // If we haven't completed handshaking, buffer
+            // plaintext to send once we do.
+            let len = match limit {
+                Limit::Yes => self.sendable_plaintext.append_limited_copy(data),
+                Limit::No => self.sendable_plaintext.append(data.to_vec()),
+            };
+            return Ok(len);
+        }
+
+        debug_assert!(self.record_layer.is_encrypting());
+
+        if data.is_empty() {
+            // Don't send empty fragments.
+            return Ok(0);
+        }
+
+        self.send_appdata_encrypt(data, limit).await
+    }
+
     pub(crate) async fn start_outgoing_traffic(&mut self) -> Result<(), Error> {
         self.may_send_application_data = true;
         self.flush_plaintext().await
@@ -982,14 +1012,15 @@ impl CommonState {
         self.sendable_tls.set_limit(limit);
     }
 
-    /// Send and encrypt any buffered plaintext. Does nothing during handshake.
-    pub async fn flush_plaintext(&mut self) -> Result<(), Error> {
+    /// Send any buffered plaintext.  Plaintext is buffered if
+    /// written during handshake.
+    async fn flush_plaintext(&mut self) -> Result<(), Error> {
         if !self.may_send_application_data {
             return Ok(());
         }
 
         while let Some(buf) = self.sendable_plaintext.pop() {
-            self.send_appdata_encrypt(&buf, Limit::No).await?;
+            self.send_plain(&buf, Limit::No).await?;
         }
 
         Ok(())

crates/tls/client/src/vecbuf.rs

@@ -35,15 +35,6 @@ impl ChunkVecBuffer {
         self.chunks.is_empty()
     }
 
-    /// If the buffer has reached limit.
-    pub(crate) fn is_full(&self) -> bool {
-        if let Some(limit) = self.limit {
-            self.len() >= limit
-        } else {
-            false
-        }
-    }
-
     /// How many bytes we're storing
     pub(crate) fn len(&self) -> usize {
         let mut len = 0;

crates/tls/client/tests/api.rs

@@ -247,8 +247,7 @@ async fn servered_client_data_sent() {
         let (mut client, mut server) =
             make_pair_for_arc_configs(&Arc::new(client_config), &server_config).await;
 
-        assert_eq!(5, client.write_plaintext(b"hello").unwrap());
-        client.flush_plaintext().await.unwrap();
+        assert_eq!(5, client.write_plaintext(b"hello").await.unwrap());
 
         do_handshake(&mut client, &mut server).await;
         send(&mut client, &mut server);
@@ -287,7 +286,7 @@ async fn servered_both_data_sent() {
             make_pair_for_arc_configs(&Arc::new(client_config), &server_config).await;
 
         assert_eq!(12, server.writer().write(b"from-server!").unwrap());
-        assert_eq!(12, client.write_plaintext(b"from-client!").unwrap());
+        assert_eq!(12, client.write_plaintext(b"from-client!").await.unwrap());
 
         do_handshake(&mut client, &mut server).await;
 
@@ -433,7 +432,7 @@ async fn server_close_notify() {
 
         // check that alerts don't overtake appdata
         assert_eq!(12, server.writer().write(b"from-server!").unwrap());
-        assert_eq!(12, client.write_plaintext(b"from-client!").unwrap());
+        assert_eq!(12, client.write_plaintext(b"from-client!").await.unwrap());
         server.send_close_notify();
 
         receive(&mut server, &mut client);
@@ -461,8 +460,7 @@ async fn client_close_notify() {
 
         // check that alerts don't overtake appdata
         assert_eq!(12, server.writer().write(b"from-server!").unwrap());
-        assert_eq!(12, client.write_plaintext(b"from-client!").unwrap());
-        client.flush_plaintext().await.unwrap();
+        assert_eq!(12, client.write_plaintext(b"from-client!").await.unwrap());
         client.send_close_notify().await.unwrap();
 
         send(&mut client, &mut server);
@@ -489,7 +487,7 @@ async fn server_closes_uncleanly() {
 
         // check that unclean EOF reporting does not overtake appdata
         assert_eq!(12, server.writer().write(b"from-server!").unwrap());
-        assert_eq!(12, client.write_plaintext(b"from-client!").unwrap());
+        assert_eq!(12, client.write_plaintext(b"from-client!").await.unwrap());
 
         receive(&mut server, &mut client);
         transfer_eof(&mut client);
@@ -520,7 +518,7 @@ async fn client_closes_uncleanly() {
 
         // check that unclean EOF reporting does not overtake appdata
         assert_eq!(12, server.writer().write(b"from-server!").unwrap());
-        assert_eq!(12, client.write_plaintext(b"from-client!").unwrap());
+        assert_eq!(12, client.write_plaintext(b"from-client!").await.unwrap());
         client.process_new_packets().await.unwrap();
 
         send(&mut client, &mut server);
@@ -902,9 +900,20 @@ async fn client_respects_buffer_limit_pre_handshake() {
 
     client.set_buffer_limit(Some(32));
 
-    assert_eq!(client.write_plaintext(b"01234567890123456789").unwrap(), 20);
-    assert_eq!(client.write_plaintext(b"01234567890123456789").unwrap(), 12);
-    client.flush_plaintext().await.unwrap();
+    assert_eq!(
+        client
+            .write_plaintext(b"01234567890123456789")
+            .await
+            .unwrap(),
+        20
+    );
+    assert_eq!(
+        client
+            .write_plaintext(b"01234567890123456789")
+            .await
+            .unwrap(),
+        12
+    );
 
     do_handshake(&mut client, &mut server).await;
     send(&mut client, &mut server);
@@ -944,9 +953,20 @@ async fn client_respects_buffer_limit_post_handshake() {
     do_handshake(&mut client, &mut server).await;
     client.set_buffer_limit(Some(48));
 
-    assert_eq!(client.write_plaintext(b"01234567890123456789").unwrap(), 20);
-    assert_eq!(client.write_plaintext(b"01234567890123456789").unwrap(), 6);
-    client.flush_plaintext().await.unwrap();
+    assert_eq!(
+        client
+            .write_plaintext(b"01234567890123456789")
+            .await
+            .unwrap(),
+        20
+    );
+    assert_eq!(
+        client
+            .write_plaintext(b"01234567890123456789")
+            .await
+            .unwrap(),
+        6
+    );
 
     send(&mut client, &mut server);
     server.process_new_packets().unwrap();
@@ -1191,8 +1211,14 @@ async fn client_complete_io_for_write() {
 
         do_handshake(&mut client, &mut server).await;
 
-        client.write_plaintext(b"01234567890123456789").unwrap();
-        client.write_plaintext(b"01234567890123456789").unwrap();
+        client
+            .write_plaintext(b"01234567890123456789")
+            .await
+            .unwrap();
+        client
+            .write_plaintext(b"01234567890123456789")
+            .await
+            .unwrap();
         {
             let mut pipe = ServerSession::new(&mut server);
             let (rdlen, wrlen) = client
@@ -1324,8 +1350,7 @@ async fn server_stream_read() {
     for kt in ALL_KEY_TYPES.iter() {
         let (mut client, mut server) = make_pair(*kt).await;
 
-        client.write_all_plaintext(b"world").unwrap();
-        client.process_new_packets().await.unwrap();
+        client.write_all_plaintext(b"world").await.unwrap();
 
         {
             let mut pipe = ClientSession::new(&mut client);
@@ -1341,8 +1366,7 @@ async fn server_streamowned_read() {
     for kt in ALL_KEY_TYPES.iter() {
         let (mut client, server) = make_pair(*kt).await;
 
-        client.write_all_plaintext(b"world").unwrap();
-        client.process_new_packets().await.unwrap();
+        client.write_all_plaintext(b"world").await.unwrap();
 
         {
             let pipe = ClientSession::new(&mut client);
@@ -1361,9 +1385,7 @@ async fn server_streamowned_read() {
 //         errkind: io::ErrorKind::ConnectionAborted,
 //         after: 0,
 //     };
-//     client.write_all_plaintext(b"hello").unwrap();
-//     client.process_new_packets().await.unwrap();
-//
+//     client.write_all_plaintext(b"hello").await.unwrap();
 //     let mut client_stream = Stream::new(&mut client, &mut pipe);
 //     let rc = client_stream.write(b"world");
 //     assert!(rc.is_err());
@@ -1380,9 +1402,7 @@ async fn server_streamowned_read() {
 //         errkind: io::ErrorKind::ConnectionAborted,
 //         after: 1,
 //     };
-//     client.write_all_plaintext(b"hello").unwrap();
-//     client.process_new_packets().await.unwrap();
-//
+//     client.write_all_plaintext(b"hello").await.unwrap();
 //     let mut client_stream = Stream::new(&mut client, &mut pipe);
 //     let rc = client_stream.write(b"world");
 //     assert_eq!(format!("{:?}", rc), "Ok(5)");
@@ -1880,9 +1900,14 @@ async fn servered_write_for_client_appdata() {
     let (mut client, mut server) = make_pair(KeyType::Rsa).await;
     do_handshake(&mut client, &mut server).await;
 
-    client.write_all_plaintext(b"01234567890123456789").unwrap();
-    client.write_all_plaintext(b"01234567890123456789").unwrap();
-    client.process_new_packets().await.unwrap();
+    client
+        .write_all_plaintext(b"01234567890123456789")
+        .await
+        .unwrap();
+    client
+        .write_all_plaintext(b"01234567890123456789")
+        .await
+        .unwrap();
     {
         let mut pipe = ServerSession::new(&mut server);
         let wrlen = client.write_tls(&mut pipe).unwrap();
@@ -1994,10 +2019,11 @@ async fn servered_write_for_server_handshake_no_half_rtt_by_default() {
 async fn servered_write_for_client_handshake() {
     let (mut client, mut server) = make_pair(KeyType::Rsa).await;
 
-    client.write_all_plaintext(b"01234567890123456789").unwrap();
-    client.write_all_plaintext(b"0123456789").unwrap();
-    client.process_new_packets().await.unwrap();
-
+    client
+        .write_all_plaintext(b"01234567890123456789")
+        .await
+        .unwrap();
+    client.write_all_plaintext(b"0123456789").await.unwrap();
     {
         let mut pipe = ServerSession::new(&mut server);
         let wrlen = client.write_tls(&mut pipe).unwrap();

crates/tlsn/Cargo.toml

@@ -20,14 +20,14 @@ web = ["dep:web-spawn"]
 tlsn-attestation = { workspace = true }
 tlsn-core = { workspace = true }
 tlsn-deap = { workspace = true }
+tlsn-mux = { workspace = true }
 tlsn-tls-client = { workspace = true }
+tlsn-tls-client-async = { workspace = true }
 tlsn-tls-core = { workspace = true }
 tlsn-mpc-tls = { workspace = true }
 tlsn-cipher = { workspace = true }
 
-futures-plex = { workspace = true }
 serio = { workspace = true, features = ["compat"] }
-uid-mux = { workspace = true, features = ["serio"] }
 web-spawn = { workspace = true, optional = true }
 
 mpz-circuits = { workspace = true, features = ["aes"] }
@@ -57,7 +57,6 @@ serde = { workspace = true, features = ["derive"] }
 ghash = { workspace = true }
 semver = { workspace = true, features = ["serde"] }
 once_cell = { workspace = true }
-pin-project-lite = { workspace = true }
 rangeset = { workspace = true }
 webpki-roots = { workspace = true }
 

crates/tlsn/src/context.rs

@@ -0,0 +1,21 @@
+//! Execution context.
+
+use mpz_common::context::Multithread;
+
+use crate::mux::MuxControl;
+
+/// Maximum concurrency for multi-threaded context.
+pub(crate) const MAX_CONCURRENCY: usize = 8;
+
+/// Builds a multi-threaded context with the given muxer.
+pub(crate) fn build_mt_context(mux: MuxControl) -> Multithread {
+    let builder = Multithread::builder().mux(mux).concurrency(MAX_CONCURRENCY);
+
+    #[cfg(all(feature = "web", target_arch = "wasm32"))]
+    let builder = builder.spawn_handler(|f| {
+        let _ = web_spawn::spawn(f);
+        Ok(())
+    });
+
+    builder.build().unwrap()
+}

crates/tlsn/src/lib.rs

@@ -4,6 +4,7 @@
 #![deny(clippy::all)]
 #![forbid(unsafe_code)]
 
+pub(crate) mod context;
 pub(crate) mod ghash;
 pub(crate) mod map;
 pub(crate) mod mpz;
@@ -12,7 +13,6 @@ pub(crate) mod mux;
 pub mod prover;
 pub(crate) mod tag;
 pub(crate) mod transcript_internal;
-pub(crate) mod utils;
 pub mod verifier;
 
 pub use tlsn_attestation as attestation;
@@ -27,8 +27,6 @@ pub(crate) static VERSION: LazyLock<Version> = LazyLock::new(|| {
     Version::parse(env!("CARGO_PKG_VERSION")).expect("cargo pkg version should be a valid semver")
 });
 
-const BUF_CAP: usize = 16 * 1024;
-
 /// The party's role in the TLSN protocol.
 ///
 /// A Notary is classified as a Verifier.

crates/tlsn/src/map.rs

@@ -21,20 +21,6 @@ impl<T> RangeMap<T>
 where
     T: Item,
 {
-    pub(crate) fn new(map: Vec<(usize, T)>) -> Self {
-        let mut pos = 0;
-        for (idx, item) in &map {
-            assert!(
-                *idx >= pos,
-                "items must be sorted by index and non-overlapping"
-            );
-
-            pos = *idx + item.length();
-        }
-
-        Self { map }
-    }
-
     /// Returns `true` if the map is empty.
     pub(crate) fn is_empty(&self) -> bool {
         self.map.is_empty()
@@ -47,11 +33,6 @@ where
             .map(|(idx, item)| *idx..*idx + item.length())
     }
 
-    /// Returns the length of the map.
-    pub(crate) fn len(&self) -> usize {
-        self.map.iter().map(|(_, item)| item.length()).sum()
-    }
-
     pub(crate) fn iter(&self) -> impl Iterator<Item = (Range<usize>, &T)> {
         self.map
             .iter()

crates/tlsn/src/mpz.rs

@@ -6,11 +6,6 @@ use mpz_core::Block;
 #[cfg(not(tlsn_insecure))]
 use mpz_garble::protocol::semihonest::{Evaluator, Garbler};
 use mpz_garble_core::Delta;
-use mpz_memory_core::{
-    Vector,
-    binary::U8,
-    correlated::{Key, Mac},
-};
 #[cfg(not(tlsn_insecure))]
 use mpz_ot::cot::{DerandCOTReceiver, DerandCOTSender};
 use mpz_ot::{
@@ -24,8 +19,6 @@ use tlsn_core::config::tls_commit::mpc::{MpcTlsConfig, NetworkSetting};
 use tlsn_deap::Deap;
 use tokio::sync::Mutex;
 
-use crate::transcript_internal::commit::encoding::{KeyStore, MacStore};
-
 #[cfg(not(tlsn_insecure))]
 pub(crate) type ProverMpc =
     Garbler<DerandCOTSender<SharedRCOTSender<kos::Sender<co::Receiver>, Block>>>;
@@ -193,41 +186,3 @@ pub(crate) fn translate_keys<Mpc, Zk>(keys: &mut SessionKeys, vm: &Deap<Mpc, Zk>
         .translate(keys.server_write_mac_key)
         .expect("VM memory should be consistent");
 }
-
-impl<T> KeyStore for Verifier<T> {
-    fn delta(&self) -> &Delta {
-        self.delta()
-    }
-
-    fn get_keys(&self, data: Vector<U8>) -> Option<&[Key]> {
-        self.get_keys(data).ok()
-    }
-}
-
-impl<T> MacStore for Prover<T> {
-    fn get_macs(&self, data: Vector<U8>) -> Option<&[Mac]> {
-        self.get_macs(data).ok()
-    }
-}
-
-#[cfg(tlsn_insecure)]
-mod insecure {
-    use super::*;
-    use mpz_ideal_vm::IdealVm;
-
-    impl KeyStore for IdealVm {
-        fn delta(&self) -> &Delta {
-            unimplemented!("encodings not supported in insecure mode")
-        }
-
-        fn get_keys(&self, _data: Vector<U8>) -> Option<&[Key]> {
-            unimplemented!("encodings not supported in insecure mode")
-        }
-    }
-
-    impl MacStore for IdealVm {
-        fn get_macs(&self, _data: Vector<U8>) -> Option<&[Mac]> {
-            unimplemented!("encodings not supported in insecure mode")
-        }
-    }
-}

crates/tlsn/src/mux.rs

@@ -1,45 +1,93 @@
 //! Multiplexer used in the TLSNotary protocol.
 
-use std::future::IntoFuture;
-
 use futures::{
     AsyncRead, AsyncWrite, Future,
     future::{FusedFuture, FutureExt},
 };
+use mpz_common::{ThreadId, io::Io, mux::Mux};
+use tlsn_mux::{Connection, Handle};
 use tracing::error;
-use uid_mux::yamux;
 
-use crate::Role;
-
-/// Multiplexer supporting unique deterministic stream IDs.
-pub(crate) type Mux<Io> = yamux::Yamux<Io>;
 /// Multiplexer controller providing streams.
-pub(crate) type MuxControl = yamux::YamuxCtrl;
+pub(crate) struct MuxControl {
+    handle: Handle,
+}
+
+impl Mux for MuxControl {
+    fn open(&self, id: ThreadId) -> Result<Io, std::io::Error> {
+        let stream = self
+            .handle
+            .new_stream(id.as_ref())
+            .map_err(std::io::Error::other)?;
+        let io = Io::from_io(stream);
+
+        Ok(io)
+    }
+}
+
+impl From<MuxControl> for Box<dyn Mux + Send> {
+    fn from(val: MuxControl) -> Self {
+        Box::new(val)
+    }
+}
 
 /// Multiplexer future which must be polled for the muxer to make progress.
-pub(crate) struct MuxFuture(
-    Box<dyn FusedFuture<Output = Result<(), yamux::ConnectionError>> + Send + Unpin>,
-);
+#[derive(Debug)]
+pub(crate) struct MuxFuture<T> {
+    conn: Connection<T>,
+}
 
-impl MuxFuture {
-    /// Returns true if the muxer is complete.
-    pub(crate) fn is_complete(&self) -> bool {
-        self.0.is_terminated()
+impl<T: AsyncRead + AsyncWrite + Unpin> MuxFuture<T> {
+    pub(crate) fn new(socket: T) -> Self {
+        let mut mux_config = tlsn_mux::Config::default();
+
+        mux_config.set_max_num_streams(36);
+        mux_config.set_keep_alive(true);
+        mux_config.set_close_sync(true);
+
+        let conn = tlsn_mux::Connection::new(socket, mux_config);
+
+        Self { conn }
     }
 
+    pub(crate) fn handle(&self) -> Result<MuxControl, std::io::Error> {
+        let handle = self.conn.handle().map_err(std::io::Error::other)?;
+
+        Ok(MuxControl { handle })
+    }
+
+    pub(crate) fn close(&mut self) {
+        self.conn.close();
+    }
+
+    pub(crate) fn into_io(self) -> Result<T, std::io::Error> {
+        self.conn
+            .try_into_io()
+            .map_err(|_| std::io::Error::other("unable to return IO, connection is not closed"))
+    }
+}
+
+impl<T: AsyncRead + AsyncWrite + Unpin> FusedFuture for MuxFuture<T> {
+    fn is_terminated(&self) -> bool {
+        self.conn.is_complete()
+    }
+}
+
+impl<T: AsyncRead + AsyncWrite + Unpin> MuxFuture<T> {
     /// Awaits a future, polling the muxer future concurrently.
     pub(crate) async fn poll_with<F, R>(&mut self, fut: F) -> R
     where
         F: Future<Output = R>,
     {
         let mut fut = Box::pin(fut.fuse());
+        let mut mux = self;
         // Poll the future concurrently with the muxer future.
         // If the muxer returns an error, continue polling the future
         // until it completes.
         loop {
             futures::select! {
                 res = fut => return res,
-                res = &mut self.0 => if let Err(e) = res {
+                res = mux => if let Err(e) = res {
                     error!("mux error: {:?}", e);
                 },
             }
@@ -47,44 +95,13 @@ impl MuxFuture {
     }
 }
 
-impl Future for MuxFuture {
-    type Output = Result<(), yamux::ConnectionError>;
+impl<T: AsyncRead + AsyncWrite + Unpin> Future for MuxFuture<T> {
+    type Output = Result<(), tlsn_mux::ConnectionError>;
 
     fn poll(
         mut self: std::pin::Pin<&mut Self>,
         cx: &mut std::task::Context<'_>,
     ) -> std::task::Poll<Self::Output> {
-        self.0.as_mut().poll_unpin(cx)
+        self.conn.poll(cx)
     }
 }
-
-/// Attaches a multiplexer to the provided socket.
-///
-/// Returns the multiplexer and a controller for creating streams with a codec
-/// attached.
-///
-/// # Arguments
-///
-/// * `socket` - The socket to attach the multiplexer to.
-/// * `role` - The role of the party using the multiplexer.
-pub(crate) fn attach_mux<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
-    socket: T,
-    role: Role,
-) -> (MuxFuture, MuxControl) {
-    let mut mux_config = yamux::Config::default();
-    mux_config.set_max_num_streams(36);
-
-    let mux_role = match role {
-        Role::Prover => yamux::Mode::Client,
-        Role::Verifier => yamux::Mode::Server,
-    };
-
-    let mux = Mux::new(socket, mux_config, mux_role);
-    let ctrl = mux.control();
-
-    if let Role::Prover = role {
-        ctrl.alloc(32);
-    }
-
-    (MuxFuture(Box::new(mux.into_future().fuse())), ctrl)
-}

crates/tlsn/src/prover.rs

@@ -1,38 +1,30 @@
 //! Prover.
 
-mod client;
-mod conn;
-mod control;
 mod error;
+mod future;
 mod prove;
 pub mod state;
 
-pub use conn::TlsConnection;
-pub use control::ProverControl;
 pub use error::ProverError;
+pub use future::ProverFuture;
 pub use tlsn_core::ProverOutput;
 
 use crate::{
-    BUF_CAP, Role,
+    context::build_mt_context,
     mpz::{ProverDeps, build_prover_deps, translate_keys},
     msg::{ProveRequestMsg, Response, TlsCommitRequestMsg},
-    mux::attach_mux,
-    prover::{
-        client::{MpcTlsClient, TlsOutput},
-        state::ConnectedProj,
-    },
-    utils::{CopyIo, await_with_copy_io, build_mt_context},
+    mux::MuxFuture,
+    tag::verify_tags,
 };
 
-use futures::{AsyncRead, AsyncReadExt, AsyncWrite, FutureExt, TryFutureExt, ready};
+use futures::{AsyncRead, AsyncWrite, TryFutureExt};
+use mpc_tls::LeaderCtrl;
+use mpz_vm_core::prelude::*;
 use rustls_pki_types::CertificateDer;
 use serio::{SinkExt, stream::IoStreamExt};
-use std::{
-    pin::Pin,
-    sync::Arc,
-    task::{Context, Poll},
-};
+use std::sync::Arc;
 use tls_client::{ClientConnection, ServerName as TlsServerName};
+use tls_client_async::{TlsConnection, bind_client};
 use tlsn_core::{
     config::{
         prove::ProveConfig,
@@ -43,9 +35,10 @@ use tlsn_core::{
     connection::{HandshakeData, ServerName},
     transcript::{TlsTranscript, Transcript},
 };
-use tracing::{Span, debug, info_span, instrument};
 use webpki::anchor_from_trusted_cert;
 
+use tracing::{Instrument, Span, debug, info, info_span, instrument};
+
 /// A prover instance.
 #[derive(Debug)]
 pub struct Prover<T: state::ProverState = state::Initialized> {
@@ -77,28 +70,17 @@ impl Prover<state::Initialized> {
     /// # Arguments
     ///
     /// * `config` - The TLS commitment configuration.
-    /// * `verifier_io` - The IO to the TLS verifier.
-    pub async fn commit<S: AsyncWrite + AsyncRead + Send + Unpin>(
-        self,
-        config: TlsCommitConfig,
-        verifier_io: S,
-    ) -> Result<Prover<state::CommitAccepted>, ProverError> {
-        let (duplex_a, mut duplex_b) = futures_plex::duplex(BUF_CAP);
-        let fut = Box::pin(self.commit_inner(config, duplex_a).fuse());
-        let mut prover = await_with_copy_io(fut, verifier_io, &mut duplex_b).await?;
-
-        prover.state.verifier_io = Some(duplex_b);
-        Ok(prover)
-    }
-
+    /// * `socket` - The socket to the TLS verifier.
     #[instrument(parent = &self.span, level = "debug", skip_all, err)]
-    async fn commit_inner<S: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
+    pub async fn commit<S: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
         self,
         config: TlsCommitConfig,
-        verifier_io: S,
-    ) -> Result<Prover<state::CommitAccepted>, ProverError> {
-        let (mut mux_fut, mux_ctrl) = attach_mux(verifier_io, Role::Prover);
-        let mut mt = build_mt_context(mux_ctrl.clone());
+        socket: S,
+    ) -> Result<Prover<state::CommitAccepted<S>>, ProverError> {
+        let mut mux_fut = MuxFuture::new(socket);
+        let mux_ctrl = mux_fut.handle()?;
+
+        let mut mt = build_mt_context(mux_ctrl);
         let mut ctx = mux_fut.poll_with(mt.new_context()).await?;
 
         // Sends protocol configuration to verifier for compatibility check.
@@ -141,8 +123,6 @@ impl Prover<state::Initialized> {
             config: self.config,
             span: self.span,
             state: state::CommitAccepted {
-                verifier_io: None,
-                mux_ctrl,
                 mux_fut,
                 mpc_tls,
                 keys,
@@ -152,30 +132,34 @@ impl Prover<state::Initialized> {
     }
 }
 
-impl Prover<state::CommitAccepted> {
-    /// Sets up the prover with the client configuration.
+impl<Io> Prover<state::CommitAccepted<Io>>
+where
+    Io: AsyncRead + AsyncWrite + Send + Unpin + 'static,
+{
+    /// Connects to the server using the provided socket.
     ///
-    /// Returns a set up prover, and a [`TlsConnection`] which can be used to
-    /// read and write bytes from/to the server.
+    /// Returns a handle to the TLS connection, a future which returns the
+    /// prover once the connection is closed and the TLS transcript is
+    /// committed.
     ///
     /// # Arguments
     ///
     /// * `config` - The TLS client configuration.
+    /// * `socket` - The socket to the server.
     #[instrument(parent = &self.span, level = "debug", skip_all, err)]
-    pub fn setup(
+    pub async fn connect<S: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
         self,
         config: TlsClientConfig,
-    ) -> Result<(TlsConnection, Prover<state::Setup>), ProverError> {
+        socket: S,
+    ) -> Result<(TlsConnection, ProverFuture<Io>), ProverError> {
         let state::CommitAccepted {
-            verifier_io,
-            mux_ctrl,
-            mux_fut,
+            mut mux_fut,
             mpc_tls,
             keys,
             vm,
+            ..
         } = self.state;
 
-        let decrypt = mpc_tls.is_decrypting();
         let (mpc_ctrl, mpc_fut) = mpc_tls.run();
 
         let ServerName::Dns(server_name) = config.server_name();
@@ -220,300 +204,101 @@ impl Prover<state::CommitAccepted> {
         )
         .map_err(ProverError::config)?;
 
-        let span = self.span.clone();
+        let (conn, conn_fut) = bind_client(socket, client);
 
-        let mpc_tls = MpcTlsClient::new(
-            Box::new(mpc_fut.map_err(ProverError::from)),
-            keys,
-            vm,
-            span,
-            mpc_ctrl,
-            client,
-            decrypt,
-        );
+        let fut = Box::pin({
+            let span = self.span.clone();
+            let mpc_ctrl = mpc_ctrl.clone();
+            async move {
+                let conn_fut = async {
+                    mux_fut
+                        .poll_with(conn_fut.map_err(ProverError::from))
+                        .await?;
 
-        let (duplex_a, duplex_b) = futures_plex::duplex(BUF_CAP);
-        let prover = Prover {
-            config: self.config,
-            span: self.span,
-            state: state::Setup {
-                mux_ctrl,
-                mux_fut,
-                server_name: config.server_name().clone(),
-                tls_client: Box::new(mpc_tls),
-                client_io: duplex_a,
-                verifier_io,
-            },
-        };
+                    mpc_ctrl.stop().await?;
 
-        let conn = TlsConnection::new(duplex_b);
-        Ok((conn, prover))
-    }
-}
+                    Ok::<_, ProverError>(())
+                };
 
-impl Prover<state::Setup> {
-    /// Returns a handle to control the prover.
-    pub fn handle(&self) -> ProverControl {
-        let handle = self.state.tls_client.handle();
-        ProverControl { handle }
-    }
+                info!("starting MPC-TLS");
 
-    /// Attaches IO to the prover.
-    ///
-    /// # Arguments
-    ///
-    /// * `server_io` - The IO to the server.
-    /// * `verifier_io` - The IO to the TLS verifier.
-    pub fn connect<S, T>(self, server_io: S, verifier_io: T) -> Prover<state::Connected<S, T>>
-    where
-        S: AsyncRead + AsyncWrite + Send + Unpin,
-        T: AsyncRead + AsyncWrite + Send + Unpin,
-    {
-        let (client_to_server, server_to_client) = futures_plex::duplex(BUF_CAP);
+                let (_, (mut ctx, tls_transcript)) = futures::try_join!(
+                    conn_fut,
+                    mpc_fut.in_current_span().map_err(ProverError::from)
+                )?;
 
-        Prover {
-            config: self.config,
-            span: self.span,
-            state: state::Connected {
-                verifier_io: self.state.verifier_io,
-                mux_ctrl: self.state.mux_ctrl,
-                mux_fut: self.state.mux_fut,
-                server_name: self.state.server_name,
-                tls_client: self.state.tls_client,
-                client_io: self.state.client_io,
-                output: None,
-                server_socket: server_io,
-                verifier_socket: verifier_io,
-                tls_client_to_server_buf: client_to_server,
-                server_to_tls_client_buf: server_to_client,
-                client_closed: false,
-                server_closed: false,
-            },
-        }
-    }
+                info!("finished MPC-TLS");
 
-    /// This is a convenience method which attaches IO, runs the prover and
-    /// returns a committed prover together with the IO.
-    ///
-    /// # Arguments
-    ///
-    /// * `server_io` - The IO to the server.
-    /// * `verifier_io` - The IO to the TLS verifier.
-    pub async fn run<S, T>(
-        self,
-        mut server_io: S,
-        mut verifier_io: T,
-    ) -> Result<(Prover<state::Committed>, S, T), ProverError>
-    where
-        S: AsyncRead + AsyncWrite + Send + Unpin + 'static,
-        T: AsyncRead + AsyncWrite + Send + Unpin + 'static,
-    {
-        let mut prover = self.connect(&mut server_io, &mut verifier_io);
-        (&mut prover).await?;
+                {
+                    let mut vm = vm.try_lock().expect("VM should not be locked");
 
-        let prover = prover.finish()?;
-        Ok((prover, server_io, verifier_io))
-    }
-}
+                    debug!("finalizing mpc");
 
-impl<S, T> Future for Prover<state::Connected<S, T>>
-where
-    S: AsyncRead + AsyncWrite + Send + Unpin,
-    T: AsyncRead + AsyncWrite + Send + Unpin,
-{
-    type Output = Result<(), ProverError>;
+                    // Finalize DEAP.
+                    mux_fut
+                        .poll_with(vm.finalize(&mut ctx))
+                        .await
+                        .map_err(ProverError::mpc)?;
 
-    fn poll(mut self: std::pin::Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
-        let mut state = Pin::new(&mut self.state).project();
-
-        loop {
-            let mut progress = false;
-
-            if state.output.is_none()
-                && let Poll::Ready(output) = state.tls_client.poll(cx)?
-            {
-                *state.output = Some(output);
-            }
-
-            progress |= Self::io_client_conn(&mut state, cx)?;
-            progress |= Self::io_client_server(&mut state, cx)?;
-            progress |= Self::io_client_verifier(&mut state, cx)?;
-
-            _ = state.mux_fut.poll_unpin(cx)?;
-
-            if *state.server_closed && state.output.is_some() {
-                ready!(state.client_io.poll_close(cx))?;
-                ready!(state.server_socket.poll_close(cx))?;
-
-                return Poll::Ready(Ok(()));
-            } else if !progress {
-                return Poll::Pending;
-            }
-        }
-    }
-}
-
-impl<S, T> Prover<state::Connected<S, T>>
-where
-    S: AsyncRead + AsyncWrite + Send + Unpin,
-    T: AsyncRead + AsyncWrite + Send + Unpin,
-{
-    fn io_client_conn(
-        state: &mut ConnectedProj<S, T>,
-        cx: &mut Context,
-    ) -> Result<bool, ProverError> {
-        let mut progress = false;
-
-        // tls_conn -> tls_client
-        if state.tls_client.wants_write()
-            && let Poll::Ready(mut simplex) = state.client_io.as_mut().poll_lock_read(cx)
-            && let Poll::Ready(buf) = simplex.poll_get(cx)?
-        {
-            if !buf.is_empty() {
-                let write = state.tls_client.write(buf)?;
-                if write > 0 {
-                    progress = true;
-                    simplex.advance(write);
+                    debug!("mpc finalized");
                 }
-            } else if !*state.client_closed && !*state.server_closed {
-                progress = true;
-                *state.client_closed = true;
-                state.tls_client.client_close()?;
+
+                // Pull out ZK VM.
+                let (_, mut vm) = Arc::into_inner(vm)
+                    .expect("vm should have only 1 reference")
+                    .into_inner()
+                    .into_inner();
+
+                // Prove tag verification of received records.
+                // The prover drops the proof output.
+                let _ = verify_tags(
+                    &mut vm,
+                    (keys.server_write_key, keys.server_write_iv),
+                    keys.server_write_mac_key,
+                    *tls_transcript.version(),
+                    tls_transcript.recv().to_vec(),
+                )
+                .map_err(ProverError::zk)?;
+
+                mux_fut
+                    .poll_with(vm.execute_all(&mut ctx).map_err(ProverError::zk))
+                    .await?;
+
+                let transcript = tls_transcript
+                    .to_transcript()
+                    .expect("transcript is complete");
+
+                Ok(Prover {
+                    config: self.config,
+                    span: self.span,
+                    state: state::Committed {
+                        mux_fut,
+                        ctx,
+                        vm,
+                        server_name: config.server_name().clone(),
+                        keys,
+                        tls_transcript,
+                        transcript,
+                    },
+                })
             }
-        }
+            .instrument(span)
+        });
 
-        // tls_client -> tls_conn
-        if state.tls_client.wants_read()
-            && let Poll::Ready(mut simplex) = state.client_io.as_mut().poll_lock_write(cx)
-            && let Poll::Ready(buf) = simplex.poll_mut(cx)?
-            && let read = state.tls_client.read(buf)?
-            && read > 0
-        {
-            progress = true;
-            simplex.advance_mut(read);
-        }
-        Ok(progress)
-    }
-
-    fn io_client_server(
-        state: &mut ConnectedProj<S, T>,
-        cx: &mut Context,
-    ) -> Result<bool, ProverError> {
-        let mut progress = false;
-
-        // server_socket -> buf
-        if let Poll::Ready(write) = state
-            .server_to_tls_client_buf
-            .poll_write_from(cx, state.server_socket.as_mut())?
-        {
-            if write > 0 {
-                progress = true;
-            } else if !*state.server_closed {
-                progress = true;
-                *state.server_closed = true;
-                state.tls_client.server_close()?;
-            }
-        }
-
-        // buf -> tls_client
-        if state.tls_client.wants_read_tls()
-            && let Poll::Ready(mut simplex) =
-                state.tls_client_to_server_buf.as_mut().poll_lock_read(cx)
-            && let Poll::Ready(buf) = simplex.poll_get(cx)?
-            && let read = state.tls_client.read_tls(buf)?
-            && read > 0
-        {
-            progress = true;
-            simplex.advance(read);
-        }
-
-        // tls_client -> buf
-        if state.tls_client.wants_write_tls()
-            && let Poll::Ready(mut simplex) =
-                state.tls_client_to_server_buf.as_mut().poll_lock_write(cx)
-            && let Poll::Ready(buf) = simplex.poll_mut(cx)?
-            && let write = state.tls_client.write_tls(buf)?
-            && write > 0
-        {
-            progress = true;
-            simplex.advance_mut(write);
-        }
-
-        // buf -> server_socket
-        if let Poll::Ready(read) = state
-            .server_to_tls_client_buf
-            .poll_read_to(cx, state.server_socket.as_mut())?
-            && read > 0
-        {
-            progress = true;
-        }
-
-        Ok(progress)
-    }
-
-    fn io_client_verifier(
-        state: &mut ConnectedProj<S, T>,
-        cx: &mut Context,
-    ) -> Result<bool, ProverError> {
-        let mut progress = false;
-
-        let verifier_io = Pin::new(
-            (*state.verifier_io)
-                .as_mut()
-                .expect("verifier io should be available"),
-        );
-
-        // mux -> verifier_socket
-        if let Poll::Ready(read) = verifier_io.poll_read_to(cx, state.verifier_socket.as_mut())?
-            && read > 0
-        {
-            progress = true;
-        }
-
-        // verifier_socket -> mux
-        if let Poll::Ready(write) =
-            verifier_io.poll_write_from(cx, state.verifier_socket.as_mut())?
-            && write > 0
-        {
-            progress = true;
-        }
-
-        Ok(progress)
-    }
-
-    /// Returns a committed prover after the TLS session has completed.
-    pub fn finish(self) -> Result<Prover<state::Committed>, ProverError> {
-        let TlsOutput {
-            ctx,
-            vm,
-            keys,
-            tls_transcript,
-            transcript,
-        } = self.state.output.ok_or(ProverError::state(
-            "prover has not yet closed the connection",
-        ))?;
-
-        let prover = Prover {
-            config: self.config,
-            span: self.span,
-            state: state::Committed {
-                verifier_io: self.state.verifier_io,
-                mux_ctrl: self.state.mux_ctrl,
-                mux_fut: self.state.mux_fut,
-                ctx,
-                vm,
-                server_name: self.state.server_name,
-                keys,
-                tls_transcript,
-                transcript,
+        Ok((
+            conn,
+            ProverFuture {
+                fut,
+                ctrl: ProverControl { mpc_ctrl },
             },
-        };
-
-        Ok(prover)
+        ))
     }
 }
 
-impl Prover<state::Committed> {
+impl<Io> Prover<state::Committed<Io>>
+where
+    Io: AsyncRead + AsyncWrite + Send + Unpin + 'static,
+{
     /// Returns the TLS transcript.
     pub fn tls_transcript(&self) -> &TlsTranscript {
         &self.state.tls_transcript
@@ -529,30 +314,8 @@ impl Prover<state::Committed> {
     /// # Arguments
     ///
     /// * `config` - The disclosure configuration.
-    /// * `verifier_io` - The IO to the TLS verifier.
-    pub async fn prove<S>(
-        &mut self,
-        config: &ProveConfig,
-        verifier_io: S,
-    ) -> Result<ProverOutput, ProverError>
-    where
-        S: AsyncRead + AsyncWrite + Send + Unpin,
-    {
-        let mut duplex = self
-            .state
-            .verifier_io
-            .take()
-            .expect("duplex should be available");
-
-        let fut = Box::pin(self.prove_inner(config).fuse());
-        let output = await_with_copy_io(fut, verifier_io, &mut duplex).await?;
-
-        self.state.verifier_io = Some(duplex);
-        Ok(output)
-    }
-
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    async fn prove_inner(&mut self, config: &ProveConfig) -> Result<ProverOutput, ProverError> {
+    pub async fn prove(&mut self, config: &ProveConfig) -> Result<ProverOutput, ProverError> {
         let state::Committed {
             mux_fut,
             ctx,
@@ -605,31 +368,38 @@ impl Prover<state::Committed> {
     }
 
     /// Closes the connection with the verifier.
-    ///
-    /// # Arguments
-    ///
-    /// * `verifier_io` - The IO to the TLS verifier.
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    pub async fn close<S>(mut self, mut verifier_io: S) -> Result<(), ProverError>
-    where
-        S: AsyncRead + AsyncWrite + Send + Unpin,
-    {
-        let state::Committed {
-            mux_ctrl, mux_fut, ..
-        } = self.state;
+    pub async fn close(mut self) -> Result<Io, ProverError> {
+        let mux_fut = &mut self.state.mux_fut;
+        mux_fut.close();
+        mux_fut.await?;
 
-        let mut duplex = self
-            .state
-            .verifier_io
-            .take()
-            .expect("duplex should be available");
-
-        mux_ctrl.close();
-        let copy = CopyIo::new(&mut verifier_io, &mut duplex).map_err(ProverError::from);
-        futures::try_join!(mux_fut.map_err(ProverError::from), copy)?;
-
-        // Wait for the verifier to finish closing.
-        verifier_io.read_exact(&mut [0_u8; 5]).await?;
-        Ok(())
+        self.state.mux_fut.into_io().map_err(ProverError::from)
+    }
+}
+
+/// A controller for the prover.
+#[derive(Clone)]
+pub struct ProverControl {
+    mpc_ctrl: LeaderCtrl,
+}
+
+impl ProverControl {
+    /// Defers decryption of data from the server until the server has closed
+    /// the connection.
+    ///
+    /// This is a performance optimization which will significantly reduce the
+    /// amount of upload bandwidth used by the prover.
+    ///
+    /// # Notes
+    ///
+    /// * The prover may need to close the connection to the server in order for
+    ///   it to close the connection on its end. If neither the prover or server
+    ///   close the connection this will cause a deadlock.
+    pub async fn defer_decryption(&self) -> Result<(), ProverError> {
+        self.mpc_ctrl
+            .defer_decryption()
+            .await
+            .map_err(ProverError::from)
     }
 }

crates/tlsn/src/prover/client.rs

@@ -1,93 +0,0 @@
-//! Provides a TLS client.
-
-use crate::{mpz::ProverZk, prover::control::ControlError};
-use mpc_tls::SessionKeys;
-use std::{
-    sync::mpsc::{Sender, SyncSender, sync_channel},
-    task::{Context, Poll},
-};
-use tlsn_core::transcript::{TlsTranscript, Transcript};
-
-mod mpc;
-
-pub(crate) use mpc::MpcTlsClient;
-
-/// TLS client for MPC and proxy-based TLS implementations.
-pub(crate) trait TlsClient {
-    type Error: std::error::Error + Send + Sync + Unpin + 'static;
-
-    /// Returns `true` if the client wants to read TLS data from the server.
-    fn wants_read_tls(&self) -> bool;
-
-    /// Returns `true` if the client wants to write TLS data to the server.
-    fn wants_write_tls(&self) -> bool;
-
-    /// Reads TLS data from the server.
-    fn read_tls(&mut self, buf: &[u8]) -> Result<usize, Self::Error>;
-
-    /// Writes TLS data for the server into the provided buffer.
-    fn write_tls(&mut self, buf: &mut [u8]) -> Result<usize, Self::Error>;
-
-    /// Returns `true` if the client wants to read plaintext data.
-    fn wants_read(&self) -> bool;
-
-    /// Returns `true` if the client wants to write plaintext data.
-    fn wants_write(&self) -> bool;
-
-    /// Reads plaintext data from the server into the provided buffer.
-    fn read(&mut self, buf: &mut [u8]) -> Result<usize, Self::Error>;
-
-    /// Writes plaintext data to be sent to the server.
-    fn write(&mut self, buf: &[u8]) -> Result<usize, Self::Error>;
-
-    /// Client closes the connection.
-    fn client_close(&mut self) -> Result<(), Self::Error>;
-
-    /// Server closes the connection.
-    fn server_close(&mut self) -> Result<(), Self::Error>;
-
-    /// Returns a handle to control the client.
-    fn handle(&self) -> ClientHandle;
-
-    /// Polls the client to make progress.
-    fn poll(&mut self, cx: &mut Context) -> Poll<Result<TlsOutput, Self::Error>>;
-}
-
-#[derive(Clone, Debug)]
-pub(crate) struct ClientHandle {
-    sender: Sender<Command>,
-}
-
-#[derive(Clone, Debug)]
-pub(crate) enum Command {
-    IsDecrypting(SyncSender<bool>),
-    SetDecrypt(bool),
-    ClientClose,
-    ServerClose,
-}
-
-impl ClientHandle {
-    pub(crate) fn enable_decryption(&self, enable: bool) -> Result<(), ControlError> {
-        self.sender
-            .send(Command::SetDecrypt(enable))
-            .map_err(|_| ControlError)
-    }
-
-    pub(crate) fn is_decrypting(&self) -> bool {
-        let (sender, receiver) = sync_channel(1);
-        let Ok(_) = self.sender.send(Command::IsDecrypting(sender)) else {
-            return false;
-        };
-
-        receiver.recv().unwrap_or(false)
-    }
-}
-
-/// Output of a TLS session.
-pub(crate) struct TlsOutput {
-    pub(crate) ctx: mpz_common::Context,
-    pub(crate) vm: ProverZk,
-    pub(crate) keys: SessionKeys,
-    pub(crate) tls_transcript: TlsTranscript,
-    pub(crate) transcript: Transcript,
-}

crates/tlsn/src/prover/client/mpc.rs

@@ -1,503 +0,0 @@
-//! Implementation of an MPC-TLS client.
-
-use crate::{
-    mpz::{ProverMpc, ProverZk},
-    prover::{
-        ProverError,
-        client::{ClientHandle, Command, TlsClient, TlsOutput},
-    },
-    tag::verify_tags,
-};
-use futures::{Future, FutureExt};
-use mpc_tls::{LeaderCtrl, SessionKeys};
-use mpz_common::Context;
-use mpz_vm_core::Execute;
-use std::{
-    pin::Pin,
-    sync::{
-        Arc,
-        mpsc::{Receiver, Sender, channel},
-    },
-    task::Poll,
-};
-use tls_client::ClientConnection;
-use tlsn_core::transcript::TlsTranscript;
-use tlsn_deap::Deap;
-use tokio::sync::Mutex;
-use tracing::{Span, debug, instrument, trace, warn};
-
-pub(crate) type MpcFuture =
-    Box<dyn Future<Output = Result<(Context, TlsTranscript), ProverError>> + Send>;
-
-type FinalizeFuture =
-    Box<dyn Future<Output = Result<(InnerState, Context, TlsTranscript), ProverError>> + Send>;
-
-pub(crate) struct MpcTlsClient {
-    sender: Sender<Command>,
-    state: State,
-    decrypt: bool,
-}
-
-enum State {
-    Start {
-        mpc: Pin<MpcFuture>,
-        inner: Box<InnerState>,
-        receiver: Receiver<Command>,
-    },
-    Active {
-        mpc: Pin<MpcFuture>,
-        inner: Box<InnerState>,
-        receiver: Receiver<Command>,
-    },
-    Busy {
-        mpc: Pin<MpcFuture>,
-        fut: Pin<Box<dyn Future<Output = Result<Box<InnerState>, ProverError>> + Send>>,
-        receiver: Receiver<Command>,
-    },
-    MpcStop {
-        mpc: Pin<MpcFuture>,
-        inner: Box<InnerState>,
-    },
-    CloseBusy {
-        mpc: Pin<MpcFuture>,
-        fut: Pin<Box<dyn Future<Output = Result<Box<InnerState>, ProverError>> + Send>>,
-    },
-    Finishing {
-        ctx: Context,
-        transcript: Box<TlsTranscript>,
-        fut: Pin<Box<dyn Future<Output = Result<Box<InnerState>, ProverError>> + Send>>,
-    },
-    Finalizing {
-        fut: Pin<FinalizeFuture>,
-    },
-    Finished,
-    Error,
-}
-
-impl MpcTlsClient {
-    pub(crate) fn new(
-        mpc: MpcFuture,
-        keys: SessionKeys,
-        vm: Arc<Mutex<Deap<ProverMpc, ProverZk>>>,
-        span: Span,
-        mpc_ctrl: LeaderCtrl,
-        tls: ClientConnection,
-        decrypt: bool,
-    ) -> Self {
-        let inner = InnerState {
-            span,
-            tls,
-            vm,
-            keys,
-            mpc_ctrl,
-            client_closed: false,
-            mpc_stopped: false,
-        };
-        let (sender, receiver) = channel();
-
-        Self {
-            sender,
-            decrypt,
-            state: State::Start {
-                receiver,
-                mpc: Box::into_pin(mpc),
-                inner: Box::new(inner),
-            },
-        }
-    }
-
-    fn inner_client_mut(&mut self) -> Option<&mut ClientConnection> {
-        if let State::Active { inner, .. } | State::MpcStop { inner, .. } = &mut self.state {
-            Some(&mut inner.tls)
-        } else {
-            None
-        }
-    }
-
-    fn inner_client(&self) -> Option<&ClientConnection> {
-        if let State::Active { inner, .. } | State::MpcStop { inner, .. } = &self.state {
-            Some(&inner.tls)
-        } else {
-            None
-        }
-    }
-}
-
-impl TlsClient for MpcTlsClient {
-    type Error = ProverError;
-
-    fn wants_read_tls(&self) -> bool {
-        if let Some(client) = self.inner_client() {
-            client.wants_read()
-        } else {
-            false
-        }
-    }
-
-    fn wants_write_tls(&self) -> bool {
-        if let Some(client) = self.inner_client() {
-            client.wants_write()
-        } else {
-            false
-        }
-    }
-
-    fn read_tls(&mut self, mut buf: &[u8]) -> Result<usize, Self::Error> {
-        if let Some(client) = self.inner_client_mut()
-            && client.wants_read()
-        {
-            client.read_tls(&mut buf).map_err(ProverError::from)
-        } else {
-            Ok(0)
-        }
-    }
-
-    fn write_tls(&mut self, mut buf: &mut [u8]) -> Result<usize, Self::Error> {
-        if let Some(client) = self.inner_client_mut()
-            && client.wants_write()
-        {
-            client.write_tls(&mut buf).map_err(ProverError::from)
-        } else {
-            Ok(0)
-        }
-    }
-
-    fn wants_read(&self) -> bool {
-        if let Some(client) = self.inner_client() {
-            !client.plaintext_is_empty()
-        } else {
-            false
-        }
-    }
-
-    fn wants_write(&self) -> bool {
-        if let Some(client) = self.inner_client() {
-            !client.sendable_plaintext_is_full()
-        } else {
-            false
-        }
-    }
-
-    fn read(&mut self, buf: &mut [u8]) -> Result<usize, Self::Error> {
-        if let Some(client) = self.inner_client_mut()
-            && !client.plaintext_is_empty()
-        {
-            client.read_plaintext(buf).map_err(ProverError::from)
-        } else {
-            Ok(0)
-        }
-    }
-
-    fn write(&mut self, buf: &[u8]) -> Result<usize, Self::Error> {
-        if let Some(client) = self.inner_client_mut()
-            && !client.sendable_plaintext_is_full()
-        {
-            client.write_plaintext(buf).map_err(ProverError::from)
-        } else {
-            Ok(0)
-        }
-    }
-
-    fn client_close(&mut self) -> Result<(), Self::Error> {
-        self.sender
-            .send(Command::ClientClose)
-            .map_err(|_| ProverError::state("unable to close connection clientside"))
-    }
-
-    fn server_close(&mut self) -> Result<(), Self::Error> {
-        self.sender
-            .send(Command::ServerClose)
-            .map_err(|_| ProverError::state("unable to close connection serverside"))
-    }
-
-    fn handle(&self) -> ClientHandle {
-        ClientHandle {
-            sender: self.sender.clone(),
-        }
-    }
-
-    fn poll(&mut self, cx: &mut std::task::Context) -> Poll<Result<TlsOutput, Self::Error>> {
-        match std::mem::replace(&mut self.state, State::Error) {
-            State::Start {
-                mpc,
-                inner,
-                receiver,
-            } => {
-                trace!("inner client is starting");
-                self.state = State::Busy {
-                    mpc,
-                    fut: Box::pin(inner.start()),
-                    receiver,
-                };
-                self.poll(cx)
-            }
-            State::Active {
-                mpc,
-                inner,
-                receiver,
-            } => {
-                trace!("inner client is active");
-
-                if !inner.tls.is_handshaking()
-                    && let Ok(cmd) = receiver.try_recv()
-                {
-                    match cmd {
-                        Command::ClientClose => {
-                            self.state = State::Busy {
-                                mpc,
-                                fut: Box::pin(inner.client_close()),
-                                receiver,
-                            };
-                        }
-                        Command::ServerClose => {
-                            std::mem::drop(receiver);
-                            self.state = State::CloseBusy {
-                                mpc,
-                                fut: Box::pin(inner.server_close()),
-                            };
-                        }
-                        Command::SetDecrypt(enable) => {
-                            self.decrypt = enable;
-                            self.state = State::Busy {
-                                mpc,
-                                fut: Box::pin(inner.set_decrypt(enable)),
-                                receiver,
-                            };
-                        }
-                        Command::IsDecrypting(sender) => {
-                            _ = sender.send(self.decrypt);
-                            self.state = State::Busy {
-                                mpc,
-                                fut: Box::pin(inner.run()),
-                                receiver,
-                            };
-                        }
-                    }
-                } else {
-                    self.state = State::Busy {
-                        mpc,
-                        fut: Box::pin(inner.run()),
-                        receiver,
-                    };
-                }
-                self.poll(cx)
-            }
-            State::Busy {
-                mut mpc,
-                mut fut,
-                receiver,
-            } => {
-                trace!("inner client is busy");
-
-                let mpc_poll = mpc.as_mut().poll(cx)?;
-
-                assert!(
-                    matches!(mpc_poll, Poll::Pending),
-                    "mpc future should not be finished here"
-                );
-
-                match fut.as_mut().poll(cx)? {
-                    Poll::Ready(inner) => {
-                        self.state = State::Active {
-                            mpc,
-                            inner,
-                            receiver,
-                        };
-                    }
-                    Poll::Pending => self.state = State::Busy { mpc, fut, receiver },
-                }
-                Poll::Pending
-            }
-            State::MpcStop { mpc, inner } => {
-                trace!("inner client is stopping mpc");
-                self.state = State::CloseBusy {
-                    mpc,
-                    fut: Box::pin(inner.stop()),
-                };
-                self.poll(cx)
-            }
-            State::CloseBusy { mut mpc, mut fut } => {
-                trace!("inner client is busy closing");
-                match (fut.poll_unpin(cx)?, mpc.poll_unpin(cx)?) {
-                    (Poll::Ready(inner), Poll::Ready((ctx, transcript))) => {
-                        self.state = State::Finalizing {
-                            fut: Box::pin(inner.finalize(ctx, transcript)),
-                        };
-                        self.poll(cx)
-                    }
-                    (Poll::Ready(inner), Poll::Pending) => {
-                        self.state = State::MpcStop { mpc, inner };
-                        Poll::Pending
-                    }
-                    (Poll::Pending, Poll::Ready((ctx, transcript))) => {
-                        self.state = State::Finishing {
-                            ctx,
-                            transcript: Box::new(transcript),
-                            fut,
-                        };
-                        Poll::Pending
-                    }
-                    (Poll::Pending, Poll::Pending) => {
-                        self.state = State::CloseBusy { mpc, fut };
-                        Poll::Pending
-                    }
-                }
-            }
-            State::Finishing {
-                ctx,
-                transcript,
-                mut fut,
-            } => {
-                trace!("inner client is finishing");
-                if let Poll::Ready(inner) = fut.poll_unpin(cx)? {
-                    self.state = State::Finalizing {
-                        fut: Box::pin(inner.finalize(ctx, *transcript)),
-                    };
-                    self.poll(cx)
-                } else {
-                    self.state = State::Finishing {
-                        ctx,
-                        transcript,
-                        fut,
-                    };
-                    Poll::Pending
-                }
-            }
-            State::Finalizing { mut fut } => match fut.poll_unpin(cx) {
-                Poll::Ready(output) => {
-                    let (inner, ctx, tls_transcript) = output?;
-                    let InnerState { vm, keys, .. } = inner;
-
-                    let transcript = tls_transcript
-                        .to_transcript()
-                        .expect("transcript is complete");
-
-                    let (_, vm) = Arc::into_inner(vm)
-                        .expect("vm should have only 1 reference")
-                        .into_inner()
-                        .into_inner();
-
-                    let output = TlsOutput {
-                        ctx,
-                        vm,
-                        keys,
-                        tls_transcript,
-                        transcript,
-                    };
-
-                    self.state = State::Finished;
-                    Poll::Ready(Ok(output))
-                }
-                Poll::Pending => {
-                    self.state = State::Finalizing { fut };
-                    Poll::Pending
-                }
-            },
-            State::Finished => Poll::Ready(Err(ProverError::state(
-                "mpc tls client polled again in finished state",
-            ))),
-            State::Error => {
-                Poll::Ready(Err(ProverError::state("mpc tls client is in error state")))
-            }
-        }
-    }
-}
-
-struct InnerState {
-    span: Span,
-    tls: ClientConnection,
-    vm: Arc<Mutex<Deap<ProverMpc, ProverZk>>>,
-    keys: SessionKeys,
-    mpc_ctrl: LeaderCtrl,
-    client_closed: bool,
-    mpc_stopped: bool,
-}
-
-impl InnerState {
-    #[instrument(parent = &self.span, level = "debug", skip_all, err)]
-    async fn start(mut self: Box<Self>) -> Result<Box<Self>, ProverError> {
-        self.tls.start().await?;
-        Ok(self)
-    }
-
-    #[instrument(parent = &self.span, level = "trace", skip_all, err)]
-    async fn run(mut self: Box<Self>) -> Result<Box<Self>, ProverError> {
-        self.tls.process_new_packets().await?;
-        Ok(self)
-    }
-
-    #[instrument(parent = &self.span, level = "debug", skip_all, err)]
-    async fn set_decrypt(self: Box<Self>, enable: bool) -> Result<Box<Self>, ProverError> {
-        self.mpc_ctrl.enable_decryption(enable).await?;
-        self.run().await
-    }
-
-    #[instrument(parent = &self.span, level = "debug", skip_all, err)]
-    async fn client_close(mut self: Box<Self>) -> Result<Box<Self>, ProverError> {
-        if !self.client_closed {
-            debug!("sending close notify");
-            if let Err(e) = self.tls.send_close_notify().await {
-                warn!("failed to send close_notify to server: {}", e);
-            }
-            self.client_closed = true;
-        }
-        self.run().await
-    }
-
-    #[instrument(parent = &self.span, level = "debug", skip_all, err)]
-    async fn server_close(mut self: Box<Self>) -> Result<Box<Self>, ProverError> {
-        self.tls.process_new_packets().await?;
-        self.tls.server_closed().await?;
-        debug!("closed connection serverside");
-
-        Ok(self)
-    }
-
-    #[instrument(parent = &self.span, level = "debug", skip_all, err)]
-    async fn stop(mut self: Box<Self>) -> Result<Box<Self>, ProverError> {
-        self.tls.process_new_packets().await?;
-        if !self.mpc_stopped && self.tls.plaintext_is_empty() && self.tls.is_empty().await? {
-            self.mpc_ctrl.stop().await?;
-            self.mpc_stopped = true;
-            debug!("stopped mpc");
-        }
-
-        Ok(self)
-    }
-
-    #[instrument(parent = &self.span, level = "debug", skip_all, err)]
-    async fn finalize(
-        self,
-        mut ctx: Context,
-        transcript: TlsTranscript,
-    ) -> Result<(Self, Context, TlsTranscript), ProverError> {
-        {
-            let mut vm = self.vm.try_lock().expect("VM should not be locked");
-
-            // Finalize DEAP.
-            vm.finalize(&mut ctx).await.map_err(ProverError::mpc)?;
-
-            debug!("mpc finalized");
-
-            // Pull out ZK VM.
-            let mut zk = vm.zk();
-
-            // Prove tag verification of received records.
-            // The prover drops the proof output.
-            let _ = verify_tags(
-                &mut *zk,
-                (self.keys.server_write_key, self.keys.server_write_iv),
-                self.keys.server_write_mac_key,
-                *transcript.version(),
-                transcript.recv().to_vec(),
-            )
-            .map_err(ProverError::zk)?;
-            debug!("verified tags from server");
-
-            zk.execute_all(&mut ctx).await.map_err(ProverError::zk)?
-        }
-
-        debug!("MPC-TLS done");
-        Ok((self, ctx, transcript))
-    }
-}

crates/tlsn/src/prover/conn.rs

@@ -1,66 +0,0 @@
-use futures::{AsyncRead, AsyncWrite, AsyncWriteExt};
-use futures_plex::DuplexStream;
-use std::{
-    pin::Pin,
-    task::{Context, Poll},
-};
-
-/// A TLS connection to a server.
-///
-/// This type implements [`AsyncRead`] and [`AsyncWrite`] and can be used to
-/// communicate with a server using TLS.
-///
-/// # Note
-///
-/// This connection is closed on a best-effort basis if this is dropped. To
-/// ensure a clean close, you should call
-/// [`AsyncWriteExt::close`](futures::io::AsyncWriteExt::close) to close the
-/// connection.
-pub struct TlsConnection {
-    duplex: DuplexStream,
-}
-
-impl TlsConnection {
-    pub(crate) fn new(duplex: DuplexStream) -> Self {
-        Self { duplex }
-    }
-}
-
-impl Drop for TlsConnection {
-    fn drop(&mut self) {
-        if let Err(err) = futures::executor::block_on(self.duplex.close()) {
-            tracing::error!("error closing connection: {}", err);
-        }
-    }
-}
-
-impl AsyncRead for TlsConnection {
-    fn poll_read(
-        mut self: Pin<&mut Self>,
-        cx: &mut Context<'_>,
-        buf: &mut [u8],
-    ) -> Poll<std::io::Result<usize>> {
-        let duplex = Pin::new(&mut self.duplex);
-        duplex.poll_read(cx, buf)
-    }
-}
-
-impl AsyncWrite for TlsConnection {
-    fn poll_write(
-        mut self: Pin<&mut Self>,
-        cx: &mut Context<'_>,
-        buf: &[u8],
-    ) -> Poll<std::io::Result<usize>> {
-        let duplex = Pin::new(&mut self.duplex);
-        duplex.poll_write(cx, buf)
-    }
-
-    fn poll_flush(self: Pin<&mut Self>, _cx: &mut Context<'_>) -> Poll<std::io::Result<()>> {
-        Poll::Ready(Ok(()))
-    }
-
-    fn poll_close(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<std::io::Result<()>> {
-        let duplex = Pin::new(&mut self.duplex);
-        duplex.poll_close(cx)
-    }
-}

crates/tlsn/src/prover/control.rs

@@ -1,29 +0,0 @@
-use crate::prover::client::ClientHandle;
-
-/// A controller for the prover.
-///
-/// Can be used to control the decryption of server traffic.
-#[derive(Clone, Debug)]
-pub struct ProverControl {
-    pub(crate) handle: ClientHandle,
-}
-
-impl ProverControl {
-    /// Returns whether the prover is decrypting the server traffic.
-    pub fn is_decrypting(&self) -> bool {
-        self.handle.is_decrypting()
-    }
-
-    /// Enables or disables the decryption of server traffic.
-    ///
-    /// # Arguments
-    ///
-    /// * `enable` - If decryption should be enabled or disabled.
-    pub fn enable_decryption(&self, enable: bool) -> Result<(), ControlError> {
-        self.handle.enable_decryption(enable)
-    }
-}
-
-#[derive(Debug, thiserror::Error)]
-#[error("Unable to send control command to prover.")]
-pub struct ControlError;

crates/tlsn/src/prover/error.rs

@@ -2,8 +2,6 @@ use std::{error::Error, fmt};
 
 use mpc_tls::MpcTlsError;
 
-use crate::transcript_internal::commit::encoding::EncodingError;
-
 /// Error for [`Prover`](crate::prover::Prover).
 #[derive(Debug, thiserror::Error)]
 pub struct ProverError {
@@ -49,13 +47,6 @@ impl ProverError {
     {
         Self::new(ErrorKind::Commit, source)
     }
-
-    pub(crate) fn state<E>(source: E) -> Self
-    where
-        E: Into<Box<dyn Error + Send + Sync + 'static>>,
-    {
-        Self::new(ErrorKind::State, source)
-    }
 }
 
 #[derive(Debug)]
@@ -65,7 +56,6 @@ enum ErrorKind {
     Zk,
     Config,
     Commit,
-    State,
 }
 
 impl fmt::Display for ProverError {
@@ -78,7 +68,6 @@ impl fmt::Display for ProverError {
             ErrorKind::Zk => f.write_str("zk error")?,
             ErrorKind::Config => f.write_str("config error")?,
             ErrorKind::Commit => f.write_str("commit error")?,
-            ErrorKind::State => f.write_str("state error")?,
         }
 
         if let Some(source) = &self.source {
@@ -95,14 +84,14 @@ impl From<std::io::Error> for ProverError {
     }
 }
 
-impl From<tls_client::Error> for ProverError {
-    fn from(e: tls_client::Error) -> Self {
+impl From<tls_client_async::ConnectionError> for ProverError {
+    fn from(e: tls_client_async::ConnectionError) -> Self {
         Self::new(ErrorKind::Io, e)
     }
 }
 
-impl From<uid_mux::yamux::ConnectionError> for ProverError {
-    fn from(e: uid_mux::yamux::ConnectionError) -> Self {
+impl From<tlsn_mux::ConnectionError> for ProverError {
+    fn from(e: tlsn_mux::ConnectionError) -> Self {
         Self::new(ErrorKind::Io, e)
     }
 }
@@ -118,9 +107,3 @@ impl From<MpcTlsError> for ProverError {
         Self::new(ErrorKind::Mpc, e)
     }
 }
-
-impl From<EncodingError> for ProverError {
-    fn from(e: EncodingError) -> Self {
-        Self::new(ErrorKind::Commit, e)
-    }
-}

crates/tlsn/src/prover/future.rs

@@ -0,0 +1,34 @@
+//! This module collects futures which are used by the [Prover].
+
+use super::{Prover, ProverControl, ProverError, state};
+use futures::Future;
+use std::pin::Pin;
+
+/// Prover future which must be polled for the TLS connection to make progress.
+pub struct ProverFuture<Io> {
+    #[allow(clippy::type_complexity)]
+    pub(crate) fut: Pin<
+        Box<
+            dyn Future<Output = Result<Prover<state::Committed<Io>>, ProverError>> + Send + 'static,
+        >,
+    >,
+    pub(crate) ctrl: ProverControl,
+}
+
+impl<Io> ProverFuture<Io> {
+    /// Returns a controller for the prover for advanced functionality.
+    pub fn control(&self) -> ProverControl {
+        self.ctrl.clone()
+    }
+}
+
+impl<Io> Future for ProverFuture<Io> {
+    type Output = Result<Prover<state::Committed<Io>>, ProverError>;
+
+    fn poll(
+        mut self: Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+    ) -> std::task::Poll<Self::Output> {
+        self.fut.as_mut().poll(cx)
+    }
+}

crates/tlsn/src/prover/prove.rs

@@ -13,17 +13,10 @@ use tlsn_core::{
 
 use crate::{
     prover::ProverError,
-    transcript_internal::{
-        TranscriptRefs,
-        auth::prove_plaintext,
-        commit::{
-            encoding::{self, MacStore},
-            hash::prove_hash,
-        },
-    },
+    transcript_internal::{TranscriptRefs, auth::prove_plaintext, commit::hash::prove_hash},
 };
 
-pub(crate) async fn prove<T: Vm<Binary> + MacStore + Send + Sync>(
+pub(crate) async fn prove<T: Vm<Binary> + Send + Sync>(
     ctx: &mut Context,
     vm: &mut T,
     keys: &SessionKeys,
@@ -45,13 +38,6 @@ pub(crate) async fn prove<T: Vm<Binary> + MacStore + Send + Sync>(
                 Direction::Sent => commit_sent.union_mut(idx),
                 Direction::Received => commit_recv.union_mut(idx),
             });
-
-        commit_config
-            .iter_encoding()
-            .for_each(|(direction, idx)| match direction {
-                Direction::Sent => commit_sent.union_mut(idx),
-                Direction::Received => commit_recv.union_mut(idx),
-            });
     }
 
     let transcript_refs = TranscriptRefs {
@@ -102,45 +88,6 @@ pub(crate) async fn prove<T: Vm<Binary> + MacStore + Send + Sync>(
 
     vm.execute_all(ctx).await.map_err(ProverError::zk)?;
 
-    if let Some(commit_config) = config.transcript_commit()
-        && commit_config.has_encoding()
-    {
-        let mut sent_ranges = RangeSet::default();
-        let mut recv_ranges = RangeSet::default();
-        for (dir, idx) in commit_config.iter_encoding() {
-            match dir {
-                Direction::Sent => sent_ranges.union_mut(idx),
-                Direction::Received => recv_ranges.union_mut(idx),
-            }
-        }
-
-        let sent_map = transcript_refs
-            .sent
-            .index(&sent_ranges)
-            .expect("indices are valid");
-        let recv_map = transcript_refs
-            .recv
-            .index(&recv_ranges)
-            .expect("indices are valid");
-
-        let (commitment, tree) = encoding::receive(
-            ctx,
-            vm,
-            *commit_config.encoding_hash_alg(),
-            &sent_map,
-            &recv_map,
-            commit_config.iter_encoding(),
-        )
-        .await?;
-
-        output
-            .transcript_commitments
-            .push(TranscriptCommitment::Encoding(commitment));
-        output
-            .transcript_secrets
-            .push(TranscriptSecret::Encoding(tree));
-    }
-
     if let Some((hash_fut, hash_secrets)) = hash_commitments {
         let hash_commitments = hash_fut.try_recv().map_err(ProverError::commit)?;
         for (commitment, secret) in hash_commitments.into_iter().zip(hash_secrets) {

crates/tlsn/src/prover/state.rs

@@ -2,7 +2,6 @@
 
 use std::sync::Arc;
 
-use futures_plex::DuplexStream;
 use mpc_tls::{MpcTlsLeader, SessionKeys};
 use mpz_common::Context;
 use tlsn_core::{
@@ -14,11 +13,7 @@ use tokio::sync::Mutex;
 
 use crate::{
     mpz::{ProverMpc, ProverZk},
-    mux::{MuxControl, MuxFuture},
-    prover::{
-        ProverError,
-        client::{TlsClient, TlsOutput},
-    },
+    mux::MuxFuture,
 };
 
 /// Entry state
@@ -28,62 +23,18 @@ opaque_debug::implement!(Initialized);
 
 /// State after the verifier has accepted the proposed TLS commitment protocol
 /// configuration and preprocessing has completed.
-pub struct CommitAccepted {
-    pub(crate) verifier_io: Option<DuplexStream>,
-    pub(crate) mux_ctrl: MuxControl,
-    pub(crate) mux_fut: MuxFuture,
+pub struct CommitAccepted<Io> {
+    pub(crate) mux_fut: MuxFuture<Io>,
     pub(crate) mpc_tls: MpcTlsLeader,
     pub(crate) keys: SessionKeys,
     pub(crate) vm: Arc<Mutex<Deap<ProverMpc, ProverZk>>>,
 }
 
-opaque_debug::implement!(CommitAccepted);
-
-/// State when the TLS client has been setup.
-pub struct Setup {
-    pub(crate) verifier_io: Option<DuplexStream>,
-    pub(crate) mux_ctrl: MuxControl,
-    pub(crate) mux_fut: MuxFuture,
-    pub(crate) server_name: ServerName,
-    pub(crate) tls_client: Box<dyn TlsClient<Error = ProverError> + Send>,
-    pub(crate) client_io: DuplexStream,
-}
-
-opaque_debug::implement!(Setup);
-
-pin_project_lite::pin_project! {
-    /// State during the MPC-TLS connection.
-    #[project = ConnectedProj]
-    pub struct Connected<S, T> {
-        #[pin]
-        pub(crate) verifier_io: Option<DuplexStream>,
-        pub(crate) mux_ctrl: MuxControl,
-        pub(crate) mux_fut: MuxFuture,
-        pub(crate) server_name: ServerName,
-        pub(crate) tls_client: Box<dyn TlsClient<Error = ProverError> + Send>,
-        #[pin]
-        pub(crate) client_io: DuplexStream,
-        pub(crate) output: Option<TlsOutput>,
-        #[pin]
-        pub(crate) server_socket: S,
-        #[pin]
-        pub(crate) verifier_socket: T,
-        #[pin]
-        pub(crate) tls_client_to_server_buf: DuplexStream,
-        #[pin]
-        pub(crate) server_to_tls_client_buf: DuplexStream,
-        pub(crate) client_closed: bool,
-        pub(crate) server_closed: bool
-    }
-}
-
-opaque_debug::implement!(Connected<S, T>);
+opaque_debug::implement!(CommitAccepted<Io>);
 
 /// State after the TLS transcript has been committed.
-pub struct Committed {
-    pub(crate) verifier_io: Option<DuplexStream>,
-    pub(crate) mux_ctrl: MuxControl,
-    pub(crate) mux_fut: MuxFuture,
+pub struct Committed<Io> {
+    pub(crate) mux_fut: MuxFuture<Io>,
     pub(crate) ctx: Context,
     pub(crate) vm: ProverZk,
     pub(crate) server_name: ServerName,
@@ -92,22 +43,18 @@ pub struct Committed {
     pub(crate) transcript: Transcript,
 }
 
-opaque_debug::implement!(Committed);
+opaque_debug::implement!(Committed<Io>);
 
 #[allow(missing_docs)]
 pub trait ProverState: sealed::Sealed {}
 
 impl ProverState for Initialized {}
-impl ProverState for CommitAccepted {}
-impl ProverState for Setup {}
-impl<S, T> ProverState for Connected<S, T> {}
-impl ProverState for Committed {}
+impl<Io> ProverState for CommitAccepted<Io> {}
+impl<Io> ProverState for Committed<Io> {}
 
 mod sealed {
     pub trait Sealed {}
     impl Sealed for super::Initialized {}
-    impl Sealed for super::CommitAccepted {}
-    impl Sealed for super::Setup {}
-    impl<S, T> Sealed for super::Connected<S, T> {}
-    impl Sealed for super::Committed {}
+    impl<Io> Sealed for super::CommitAccepted<Io> {}
+    impl<Io> Sealed for super::Committed<Io> {}
 }

crates/tlsn/src/transcript_internal/commit.rs

@@ -1,4 +1,3 @@
 //! Plaintext commitment and proof of encryption.
 
-pub(crate) mod encoding;
 pub(crate) mod hash;

crates/tlsn/src/transcript_internal/commit/encoding.rs

@@ -1,267 +0,0 @@
-//! Encoding commitment protocol.
-
-use std::ops::Range;
-
-use mpz_common::Context;
-use mpz_memory_core::{
-    Vector,
-    binary::U8,
-    correlated::{Delta, Key, Mac},
-};
-use rand::Rng;
-use rangeset::set::RangeSet;
-use serde::{Deserialize, Serialize};
-use serio::{SinkExt, stream::IoStreamExt};
-use tlsn_core::{
-    hash::{Blake3, HashAlgId, HashAlgorithm, Keccak256, Sha256},
-    transcript::{
-        Direction,
-        encoding::{
-            Encoder, EncoderSecret, EncodingCommitment, EncodingProvider, EncodingProviderError,
-            EncodingTree, EncodingTreeError, new_encoder,
-        },
-    },
-};
-
-use crate::{
-    map::{Item, RangeMap},
-    transcript_internal::ReferenceMap,
-};
-
-/// Bytes of encoding, per byte.
-const ENCODING_SIZE: usize = 128;
-
-#[derive(Debug, Serialize, Deserialize)]
-struct Encodings {
-    sent: Vec<u8>,
-    recv: Vec<u8>,
-}
-
-/// Transfers encodings for the provided plaintext ranges.
-pub(crate) async fn transfer<K: KeyStore>(
-    ctx: &mut Context,
-    store: &K,
-    sent: &ReferenceMap,
-    recv: &ReferenceMap,
-) -> Result<(EncoderSecret, EncodingCommitment), EncodingError> {
-    let secret = EncoderSecret::new(rand::rng().random(), store.delta().as_block().to_bytes());
-    let encoder = new_encoder(&secret);
-
-    // Collects the encodings for the provided plaintext ranges.
-    fn collect_encodings(
-        encoder: &impl Encoder,
-        store: &impl KeyStore,
-        direction: Direction,
-        map: &ReferenceMap,
-    ) -> Vec<u8> {
-        let mut encodings = Vec::with_capacity(map.len() * ENCODING_SIZE);
-        for (range, chunk) in map.iter() {
-            let start = encodings.len();
-            encoder.encode_range(direction, range, &mut encodings);
-            let keys = store
-                .get_keys(*chunk)
-                .expect("keys are present for provided plaintext ranges");
-            encodings[start..]
-                .iter_mut()
-                .zip(keys.iter().flat_map(|key| key.as_block().as_bytes()))
-                .for_each(|(encoding, key)| {
-                    *encoding ^= *key;
-                });
-        }
-        encodings
-    }
-
-    let encodings = Encodings {
-        sent: collect_encodings(&encoder, store, Direction::Sent, sent),
-        recv: collect_encodings(&encoder, store, Direction::Received, recv),
-    };
-
-    let frame_limit = ctx
-        .io()
-        .limit()
-        .saturating_add(encodings.sent.len() + encodings.recv.len());
-    ctx.io_mut().with_limit(frame_limit).send(encodings).await?;
-
-    let root = ctx.io_mut().expect_next().await?;
-
-    Ok((secret, EncodingCommitment { root }))
-}
-
-/// Receives and commits to the encodings for the provided plaintext ranges.
-pub(crate) async fn receive<M: MacStore>(
-    ctx: &mut Context,
-    store: &M,
-    hash_alg: HashAlgId,
-    sent: &ReferenceMap,
-    recv: &ReferenceMap,
-    idxs: impl IntoIterator<Item = &(Direction, RangeSet<usize>)>,
-) -> Result<(EncodingCommitment, EncodingTree), EncodingError> {
-    let hasher: &(dyn HashAlgorithm + Send + Sync) = match hash_alg {
-        HashAlgId::SHA256 => &Sha256::default(),
-        HashAlgId::KECCAK256 => &Keccak256::default(),
-        HashAlgId::BLAKE3 => &Blake3::default(),
-        alg => {
-            return Err(ErrorRepr::UnsupportedHashAlgorithm(alg).into());
-        }
-    };
-
-    let (sent_len, recv_len) = (sent.len(), recv.len());
-    let frame_limit = ctx
-        .io()
-        .limit()
-        .saturating_add(ENCODING_SIZE * (sent_len + recv_len));
-    let encodings: Encodings = ctx.io_mut().with_limit(frame_limit).expect_next().await?;
-
-    if encodings.sent.len() != sent_len * ENCODING_SIZE {
-        return Err(ErrorRepr::IncorrectMacCount {
-            direction: Direction::Sent,
-            expected: sent_len,
-            got: encodings.sent.len() / ENCODING_SIZE,
-        }
-        .into());
-    }
-
-    if encodings.recv.len() != recv_len * ENCODING_SIZE {
-        return Err(ErrorRepr::IncorrectMacCount {
-            direction: Direction::Received,
-            expected: recv_len,
-            got: encodings.recv.len() / ENCODING_SIZE,
-        }
-        .into());
-    }
-
-    // Collects a map of plaintext ranges to their encodings.
-    fn collect_map(
-        store: &impl MacStore,
-        mut encodings: Vec<u8>,
-        map: &ReferenceMap,
-    ) -> RangeMap<EncodingSlice> {
-        let mut encoding_map = Vec::new();
-        let mut pos = 0;
-        for (range, chunk) in map.iter() {
-            let macs = store
-                .get_macs(*chunk)
-                .expect("MACs are present for provided plaintext ranges");
-            let encoding = &mut encodings[pos..pos + range.len() * ENCODING_SIZE];
-            encoding
-                .iter_mut()
-                .zip(macs.iter().flat_map(|mac| mac.as_bytes()))
-                .for_each(|(encoding, mac)| {
-                    *encoding ^= *mac;
-                });
-
-            encoding_map.push((range.start, EncodingSlice::from(&(*encoding))));
-            pos += range.len() * ENCODING_SIZE;
-        }
-        RangeMap::new(encoding_map)
-    }
-
-    let provider = Provider {
-        sent: collect_map(store, encodings.sent, sent),
-        recv: collect_map(store, encodings.recv, recv),
-    };
-
-    let tree = EncodingTree::new(hasher, idxs, &provider)?;
-    let root = tree.root();
-
-    ctx.io_mut().send(root.clone()).await?;
-
-    let commitment = EncodingCommitment { root };
-
-    Ok((commitment, tree))
-}
-
-pub(crate) trait KeyStore {
-    fn delta(&self) -> &Delta;
-
-    fn get_keys(&self, data: Vector<U8>) -> Option<&[Key]>;
-}
-
-pub(crate) trait MacStore {
-    fn get_macs(&self, data: Vector<U8>) -> Option<&[Mac]>;
-}
-
-#[derive(Debug)]
-struct Provider {
-    sent: RangeMap<EncodingSlice>,
-    recv: RangeMap<EncodingSlice>,
-}
-
-impl EncodingProvider for Provider {
-    fn provide_encoding(
-        &self,
-        direction: Direction,
-        range: Range<usize>,
-        dest: &mut Vec<u8>,
-    ) -> Result<(), EncodingProviderError> {
-        let encodings = match direction {
-            Direction::Sent => &self.sent,
-            Direction::Received => &self.recv,
-        };
-
-        let encoding = encodings.get(range).ok_or(EncodingProviderError)?;
-
-        dest.extend_from_slice(encoding);
-
-        Ok(())
-    }
-}
-
-#[derive(Debug)]
-struct EncodingSlice(Vec<u8>);
-
-impl From<&[u8]> for EncodingSlice {
-    fn from(value: &[u8]) -> Self {
-        Self(value.to_vec())
-    }
-}
-
-impl Item for EncodingSlice {
-    type Slice<'a>
-        = &'a [u8]
-    where
-        Self: 'a;
-
-    fn length(&self) -> usize {
-        self.0.len() / ENCODING_SIZE
-    }
-
-    fn slice<'a>(&'a self, range: Range<usize>) -> Option<Self::Slice<'a>> {
-        self.0
-            .get(range.start * ENCODING_SIZE..range.end * ENCODING_SIZE)
-    }
-}
-
-/// Encoding protocol error.
-#[derive(Debug, thiserror::Error)]
-#[error(transparent)]
-pub struct EncodingError(#[from] ErrorRepr);
-
-#[derive(Debug, thiserror::Error)]
-#[error("encoding protocol error: {0}")]
-enum ErrorRepr {
-    #[error("I/O error: {0}")]
-    Io(std::io::Error),
-    #[error("incorrect MAC count for {direction}: expected {expected}, got {got}")]
-    IncorrectMacCount {
-        direction: Direction,
-        expected: usize,
-        got: usize,
-    },
-    #[error("encoding tree error: {0}")]
-    EncodingTree(EncodingTreeError),
-    #[error("unsupported hash algorithm: {0}")]
-    UnsupportedHashAlgorithm(HashAlgId),
-}
-
-impl From<std::io::Error> for EncodingError {
-    fn from(value: std::io::Error) -> Self {
-        Self(ErrorRepr::Io(value))
-    }
-}
-
-impl From<EncodingTreeError> for EncodingError {
-    fn from(value: EncodingTreeError) -> Self {
-        Self(ErrorRepr::EncodingTree(value))
-    }
-}

crates/tlsn/src/utils.rs

@@ -1,143 +0,0 @@
-//! Execution context.
-
-use std::{
-    io::ErrorKind,
-    pin::Pin,
-    task::{Context, Poll},
-};
-
-use futures::{AsyncRead, AsyncWrite, future::FusedFuture};
-use futures_plex::DuplexStream;
-use mpz_common::context::Multithread;
-
-use crate::mux::MuxControl;
-
-/// Maximum concurrency for multi-threaded context.
-pub(crate) const MAX_CONCURRENCY: usize = 8;
-
-/// Builds a multi-threaded context with the given muxer.
-pub(crate) fn build_mt_context(mux: MuxControl) -> Multithread {
-    let builder = Multithread::builder().mux(mux).concurrency(MAX_CONCURRENCY);
-
-    #[cfg(all(feature = "web", target_arch = "wasm32"))]
-    let builder = builder.spawn_handler(|f| {
-        let _ = web_spawn::spawn(f);
-        Ok(())
-    });
-
-    builder.build().unwrap()
-}
-
-/// Polls the future while copying bytes between two duplex streams.
-///
-/// Returns as soon as the future is ready, without closing IO.
-pub(crate) async fn await_with_copy_io<'a, S, T>(
-    mut fut: Pin<Box<dyn FusedFuture<Output = T> + Send + 'a>>,
-    io: S,
-    duplex: &mut DuplexStream,
-) -> T
-where
-    S: AsyncRead + AsyncWrite + Send + Unpin,
-{
-    let mut copy = CopyIo::new(io, duplex);
-
-    loop {
-        futures::select! {
-            _ = copy => (),
-            output = fut => break output
-        }
-    }
-}
-
-pin_project_lite::pin_project! {
-    #[derive(Debug)]
-    pub(crate) struct CopyIo<'a, S> {
-        #[pin]
-        io: S,
-        #[pin]
-        duplex: &'a mut DuplexStream,
-        io_done: bool,
-        duplex_done: bool,
-    }
-}
-
-impl<'a, S> CopyIo<'a, S> {
-    pub(crate) fn new(io: S, duplex: &'a mut DuplexStream) -> Self {
-        Self {
-            io,
-            duplex,
-            io_done: false,
-            duplex_done: false,
-        }
-    }
-}
-
-impl<'a, S> Future for CopyIo<'a, S>
-where
-    S: AsyncRead + AsyncWrite + Send + Unpin,
-{
-    type Output = std::io::Result<()>;
-
-    fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
-        let mut this = self.project();
-
-        loop {
-            let mut is_pending = true;
-
-            if !*this.duplex_done {
-                match this.duplex.poll_read_to(cx, this.io.as_mut()) {
-                    Poll::Ready(Ok(read)) if read > 0 => is_pending = false,
-                    Poll::Ready(Ok(_)) => {
-                        is_pending = false;
-                        *this.duplex_done = true;
-                    }
-                    Poll::Ready(Err(err))
-                        if err.kind() == ErrorKind::BrokenPipe
-                            || err.kind() == ErrorKind::ConnectionReset
-                            || err.kind() == ErrorKind::NotConnected =>
-                    {
-                        is_pending = false;
-                        *this.duplex_done = true;
-                    }
-                    Poll::Ready(Err(err)) => return Poll::Ready(Err(err)),
-                    Poll::Pending => (),
-                }
-            }
-
-            if !*this.io_done {
-                match this.duplex.poll_write_from(cx, this.io.as_mut()) {
-                    Poll::Ready(Ok(write)) if write > 0 => is_pending = false,
-                    Poll::Ready(Ok(_)) => {
-                        is_pending = false;
-                        *this.io_done = true;
-                    }
-                    Poll::Ready(Err(err))
-                        if err.kind() == ErrorKind::BrokenPipe
-                            || err.kind() == ErrorKind::ConnectionReset
-                            || err.kind() == ErrorKind::NotConnected =>
-                    {
-                        is_pending = false;
-                        *this.io_done = true
-                    }
-                    Poll::Ready(Err(err)) => return Poll::Ready(Err(err)),
-                    Poll::Pending => (),
-                }
-            }
-
-            if *this.io_done || *this.duplex_done {
-                return Poll::Ready(Ok(()));
-            } else if is_pending {
-                return Poll::Pending;
-            }
-        }
-    }
-}
-
-impl<'a, S> FusedFuture for CopyIo<'a, S>
-where
-    S: AsyncRead + AsyncWrite + Send + Unpin,
-{
-    fn is_terminated(&self) -> bool {
-        self.duplex_done || self.io_done
-    }
-}

crates/tlsn/src/verifier.rs

@@ -10,14 +10,13 @@ pub use error::VerifierError;
 pub use tlsn_core::{VerifierOutput, webpki::ServerCertVerifier};
 
 use crate::{
-    BUF_CAP, Role,
+    context::build_mt_context,
     mpz::{VerifierDeps, build_verifier_deps, translate_keys},
     msg::{ProveRequestMsg, Response, TlsCommitRequestMsg},
-    mux::attach_mux,
+    mux::MuxFuture,
     tag::verify_tags,
-    utils::{CopyIo, await_with_copy_io, build_mt_context},
 };
-use futures::{AsyncRead, AsyncWrite, AsyncWriteExt, FutureExt, TryFutureExt};
+use futures::{AsyncRead, AsyncWrite, TryFutureExt};
 use mpz_vm_core::prelude::*;
 use serio::{SinkExt, stream::IoStreamExt};
 use tlsn_core::{
@@ -66,113 +65,65 @@ impl Verifier<state::Initialized> {
     ///
     /// # Arguments
     ///
-    /// * `prover_io` - The IO to the prover.
+    /// * `socket` - The socket to the prover.
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    pub async fn commit<S: AsyncWrite + AsyncRead + Send + Unpin>(
+    pub async fn commit<S: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
         self,
-        mut prover_io: S,
-    ) -> Result<Verifier<state::CommitStart>, VerifierError> {
-        let (duplex_a, mut duplex_b) = futures_plex::duplex(BUF_CAP);
+        socket: S,
+    ) -> Result<Verifier<state::CommitStart<S>>, VerifierError> {
+        let mut mux_fut = MuxFuture::new(socket);
+        let mux_ctrl = mux_fut.handle()?;
 
-        let (mut mux_fut, mux_ctrl) = attach_mux(duplex_a, Role::Verifier);
-        let mut mt = build_mt_context(mux_ctrl.clone());
+        let mut mt = build_mt_context(mux_ctrl);
+        let mut ctx = mux_fut.poll_with(mt.new_context()).await?;
 
-        let fut = Box::pin(
-            async {
-                let mut ctx = mux_fut.poll_with(mt.new_context()).await?;
-
-                // Receives protocol configuration from prover to perform compatibility check.
-                let TlsCommitRequestMsg { request, version } =
-                    mux_fut.poll_with(ctx.io_mut().expect_next()).await?;
-
-                Ok::<_, VerifierError>((request, version, ctx))
-            }
-            .fuse(),
-        );
-
-        let (request, version, mut ctx) =
-            await_with_copy_io(fut, &mut prover_io, &mut duplex_b).await?;
+        // Receives protocol configuration from prover to perform compatibility check.
+        let TlsCommitRequestMsg { request, version } =
+            mux_fut.poll_with(ctx.io_mut().expect_next()).await?;
 
         if version != *crate::VERSION {
             let msg = format!(
                 "prover version does not match with verifier: {version} != {}",
                 *crate::VERSION
             );
+            mux_fut
+                .poll_with(ctx.io_mut().send(Response::err(Some(msg.clone()))))
+                .await?;
 
-            let fut = Box::pin(
-                async {
-                    mux_fut
-                        .poll_with(ctx.io_mut().send(Response::err(Some(msg.clone()))))
-                        .await?;
+            mux_fut.close();
+            mux_fut.await?;
 
-                    // Wait for the prover to correctly close the connection.
-                    if !mux_fut.is_complete() {
-                        mux_ctrl.close();
-                        mux_fut.await?;
-                    }
-
-                    Err(VerifierError::config(msg))
-                }
-                .fuse(),
-            );
-            let copy = CopyIo::new(prover_io, &mut duplex_b).map_err(VerifierError::from);
-            let (config_err, _) = futures::try_join!(fut, copy)?;
-
-            return Err(config_err);
+            return Err(VerifierError::config(msg));
         }
 
-        let verifier = Verifier {
+        Ok(Verifier {
             config: self.config,
             span: self.span,
             state: state::CommitStart {
-                prover_io: Some(duplex_b),
-                mux_ctrl,
                 mux_fut,
                 ctx,
                 request,
             },
-        };
-        Ok(verifier)
+        })
     }
 }
 
-impl Verifier<state::CommitStart> {
+impl<Io> Verifier<state::CommitStart<Io>>
+where
+    Io: AsyncRead + AsyncWrite + Send + Unpin + 'static,
+{
     /// Returns the TLS commitment request.
     pub fn request(&self) -> &TlsCommitRequest {
         &self.state.request
     }
 
     /// Accepts the proposed protocol configuration.
-    ///
-    /// # Arguments
-    ///
-    /// * `prover_io` - The IO to the prover.
-    pub async fn accept<S: AsyncWrite + AsyncRead + Send + Unpin>(
-        mut self,
-        prover_io: S,
-    ) -> Result<Verifier<state::CommitAccepted>, VerifierError> {
-        let mut duplex = self
-            .state
-            .prover_io
-            .take()
-            .expect("duplex should be available");
-
-        let fut = Box::pin(self.accept_inner().fuse());
-        let mut verifier = await_with_copy_io(fut, prover_io, &mut duplex).await?;
-
-        verifier.state.prover_io = Some(duplex);
-        Ok(verifier)
-    }
-
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    async fn accept_inner(self) -> Result<Verifier<state::CommitAccepted>, VerifierError> {
+    pub async fn accept(self) -> Result<Verifier<state::CommitAccepted<Io>>, VerifierError> {
         let state::CommitStart {
-            prover_io,
-            mux_ctrl,
             mut mux_fut,
             mut ctx,
             request,
-            ..
         } = self.state;
 
         mux_fut.poll_with(ctx.io_mut().send(Response::ok())).await?;
@@ -199,8 +150,6 @@ impl Verifier<state::CommitStart> {
             config: self.config,
             span: self.span,
             state: state::CommitAccepted {
-                prover_io,
-                mux_ctrl,
                 mux_fut,
                 mpc_tls,
                 keys,
@@ -210,33 +159,9 @@ impl Verifier<state::CommitStart> {
     }
 
     /// Rejects the proposed protocol configuration.
-    ///
-    /// # Arguments
-    ///
-    /// * `prover_io` - The IO to the prover.
-    /// * `msg` - The optional rejection message.
-    pub async fn reject<S: AsyncWrite + AsyncRead + Send + Unpin>(
-        mut self,
-        prover_io: S,
-        msg: Option<&str>,
-    ) -> Result<(), VerifierError> {
-        let mut duplex = self
-            .state
-            .prover_io
-            .take()
-            .expect("duplex should be available");
-
-        let fut = self.reject_inner(msg);
-        let copy = CopyIo::new(prover_io, &mut duplex).map_err(VerifierError::from);
-
-        futures::try_join!(fut, copy)?;
-        Ok(())
-    }
-
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    async fn reject_inner(self, msg: Option<&str>) -> Result<(), VerifierError> {
+    pub async fn reject(self, msg: Option<&str>) -> Result<(), VerifierError> {
         let state::CommitStart {
-            mux_ctrl,
             mut mux_fut,
             mut ctx,
             ..
@@ -246,44 +171,21 @@ impl Verifier<state::CommitStart> {
             .poll_with(ctx.io_mut().send(Response::err(msg)))
             .await?;
 
-        // Wait for the prover to correctly close the connection.
-        if !mux_fut.is_complete() {
-            mux_ctrl.close();
-            mux_fut.await?;
-        }
+        mux_fut.close();
+        mux_fut.await?;
 
         Ok(())
     }
 }
 
-impl Verifier<state::CommitAccepted> {
+impl<Io> Verifier<state::CommitAccepted<Io>>
+where
+    Io: AsyncRead + AsyncWrite + Send + Unpin + 'static,
+{
     /// Runs the verifier until the TLS connection is closed.
-    ///
-    /// # Arguments
-    ///
-    /// * `prover_io` - The IO to the prover.
-    pub async fn run<S: AsyncWrite + AsyncRead + Send + Unpin>(
-        mut self,
-        prover_io: S,
-    ) -> Result<Verifier<state::Committed>, VerifierError> {
-        let mut duplex = self
-            .state
-            .prover_io
-            .take()
-            .expect("duplex should be available");
-
-        let fut = Box::pin(self.run_inner().fuse());
-        let mut verifier = await_with_copy_io(fut, prover_io, &mut duplex).await?;
-
-        verifier.state.prover_io = Some(duplex);
-        Ok(verifier)
-    }
-
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    async fn run_inner(self) -> Result<Verifier<state::Committed>, VerifierError> {
+    pub async fn run(self) -> Result<Verifier<state::Committed<Io>>, VerifierError> {
         let state::CommitAccepted {
-            prover_io,
-            mux_ctrl,
             mut mux_fut,
             mpc_tls,
             vm,
@@ -326,7 +228,6 @@ impl Verifier<state::CommitAccepted> {
         )
         .map_err(VerifierError::zk)?;
 
-        debug!("verifying tags");
         mux_fut
             .poll_with(vm.execute_all(&mut ctx).map_err(VerifierError::zk))
             .await?;
@@ -336,13 +237,10 @@ impl Verifier<state::CommitAccepted> {
         // authenticated from the verifier's perspective.
         tag_proof.verify().map_err(VerifierError::zk)?;
 
-        debug!("MPC-TLS done");
         Ok(Verifier {
             config: self.config,
             span: self.span,
             state: state::Committed {
-                prover_io,
-                mux_ctrl,
                 mux_fut,
                 ctx,
                 vm,
@@ -353,39 +251,19 @@ impl Verifier<state::CommitAccepted> {
     }
 }
 
-impl Verifier<state::Committed> {
+impl<Io> Verifier<state::Committed<Io>>
+where
+    Io: AsyncRead + AsyncWrite + Send + Unpin + 'static,
+{
     /// Returns the TLS transcript.
     pub fn tls_transcript(&self) -> &TlsTranscript {
         &self.state.tls_transcript
     }
 
     /// Begins verification of statements from the prover.
-    ///
-    /// # Arguments
-    ///
-    /// * `prover_io` - The IO to the prover.
-    pub async fn verify<S: AsyncWrite + AsyncRead + Send + Unpin>(
-        mut self,
-        prover_io: S,
-    ) -> Result<Verifier<state::Verify>, VerifierError> {
-        let mut duplex = self
-            .state
-            .prover_io
-            .take()
-            .expect("duplex should be available");
-
-        let fut = Box::pin(self.verify_inner().fuse());
-        let mut verifier = await_with_copy_io(fut, prover_io, &mut duplex).await?;
-
-        verifier.state.prover_io = Some(duplex);
-        Ok(verifier)
-    }
-
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    async fn verify_inner(self) -> Result<Verifier<state::Verify>, VerifierError> {
+    pub async fn verify(self) -> Result<Verifier<state::Verify<Io>>, VerifierError> {
         let state::Committed {
-            prover_io,
-            mux_ctrl,
             mut mux_fut,
             mut ctx,
             vm,
@@ -405,8 +283,6 @@ impl Verifier<state::Committed> {
             config: self.config,
             span: self.span,
             state: state::Verify {
-                prover_io,
-                mux_ctrl,
                 mux_fut,
                 ctx,
                 vm,
@@ -420,74 +296,30 @@ impl Verifier<state::Committed> {
     }
 
     /// Closes the connection with the prover.
-    ///
-    /// # Arguments
-    ///
-    /// * `prover_io` - The IO to the prover.
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    pub async fn close<S: AsyncWrite + AsyncRead + Send + Unpin>(
-        mut self,
-        mut prover_io: S,
-    ) -> Result<(), VerifierError> {
-        let state::Committed { mux_fut, .. } = self.state;
+    pub async fn close(mut self) -> Result<Io, VerifierError> {
+        let mux_fut = &mut self.state.mux_fut;
+        mux_fut.close();
+        mux_fut.await?;
 
-        let mut duplex = self
-            .state
-            .prover_io
-            .take()
-            .expect("duplex should be available");
-
-        duplex.close().await?;
-
-        let fut: Box<dyn Future<Output = Result<(), VerifierError>> + Send + Unpin> =
-            if mux_fut.is_complete() {
-                Box::new(futures::future::ready(Ok::<_, VerifierError>(())))
-            } else {
-                Box::new(mux_fut.map_err(VerifierError::from))
-            };
-
-        let copy = CopyIo::new(&mut prover_io, &mut duplex).map_err(VerifierError::from);
-        futures::try_join!(fut, copy)?;
-
-        prover_io.write_all(b"close").await?;
-        Ok(())
+        self.state.mux_fut.into_io().map_err(VerifierError::from)
     }
 }
 
-impl Verifier<state::Verify> {
+impl<Io> Verifier<state::Verify<Io>>
+where
+    Io: AsyncRead + AsyncWrite + Send + Unpin + 'static,
+{
     /// Returns the proving request.
     pub fn request(&self) -> &ProveRequest {
         &self.state.request
     }
 
     /// Accepts the proving request.
-    ///
-    /// # Arguments
-    ///
-    /// * `prover_io` - The IO to the prover.
-    pub async fn accept<S: AsyncWrite + AsyncRead + Send + Unpin>(
-        mut self,
-        prover_io: S,
-    ) -> Result<(VerifierOutput, Verifier<state::Committed>), VerifierError> {
-        let mut duplex = self
-            .state
-            .prover_io
-            .take()
-            .expect("duplex should be available");
-
-        let fut = Box::pin(self.accept_inner().fuse());
-        let (output, mut verifier) = await_with_copy_io(fut, prover_io, &mut duplex).await?;
-
-        verifier.state.prover_io = Some(duplex);
-        Ok((output, verifier))
-    }
-
-    async fn accept_inner(
+    pub async fn accept(
         self,
-    ) -> Result<(VerifierOutput, Verifier<state::Committed>), VerifierError> {
+    ) -> Result<(VerifierOutput, Verifier<state::Committed<Io>>), VerifierError> {
         let state::Verify {
-            prover_io,
-            mux_ctrl,
             mut mux_fut,
             mut ctx,
             mut vm,
@@ -522,8 +354,6 @@ impl Verifier<state::Verify> {
                 config: self.config,
                 span: self.span,
                 state: state::Committed {
-                    prover_io,
-                    mux_ctrl,
                     mux_fut,
                     ctx,
                     vm,
@@ -535,36 +365,11 @@ impl Verifier<state::Verify> {
     }
 
     /// Rejects the proving request.
-    ///
-    /// # Arguments
-    ///
-    /// * `prover_io` - The IO to the prover.
-    /// * `msg` - The optional rejection message.
-    pub async fn reject<S: AsyncWrite + AsyncRead + Send + Unpin>(
-        mut self,
-        prover_io: S,
-        msg: Option<&str>,
-    ) -> Result<Verifier<state::Committed>, VerifierError> {
-        let mut duplex = self
-            .state
-            .prover_io
-            .take()
-            .expect("duplex should be available");
-
-        let fut = Box::pin(self.reject_inner(msg).fuse());
-        let mut verifier = await_with_copy_io(fut, prover_io, &mut duplex).await?;
-
-        verifier.state.prover_io = Some(duplex);
-        Ok(verifier)
-    }
-
-    async fn reject_inner(
+    pub async fn reject(
         self,
         msg: Option<&str>,
-    ) -> Result<Verifier<state::Committed>, VerifierError> {
+    ) -> Result<Verifier<state::Committed<Io>>, VerifierError> {
         let state::Verify {
-            prover_io,
-            mux_ctrl,
             mut mux_fut,
             mut ctx,
             vm,
@@ -581,8 +386,6 @@ impl Verifier<state::Verify> {
             config: self.config,
             span: self.span,
             state: state::Committed {
-                prover_io,
-                mux_ctrl,
                 mux_fut,
                 ctx,
                 vm,

crates/tlsn/src/verifier/error.rs

@@ -2,8 +2,6 @@ use std::{error::Error, fmt};
 
 use mpc_tls::MpcTlsError;
 
-use crate::transcript_internal::commit::encoding::EncodingError;
-
 /// Error for [`Verifier`](crate::verifier::Verifier).
 #[derive(Debug, thiserror::Error)]
 pub struct VerifierError {
@@ -57,7 +55,6 @@ enum ErrorKind {
     Config,
     Mpc,
     Zk,
-    Commit,
     Verify,
 }
 
@@ -70,7 +67,6 @@ impl fmt::Display for VerifierError {
             ErrorKind::Config => f.write_str("config error")?,
             ErrorKind::Mpc => f.write_str("mpc error")?,
             ErrorKind::Zk => f.write_str("zk error")?,
-            ErrorKind::Commit => f.write_str("commit error")?,
             ErrorKind::Verify => f.write_str("verification error")?,
         }
 
@@ -88,8 +84,8 @@ impl From<std::io::Error> for VerifierError {
     }
 }
 
-impl From<uid_mux::yamux::ConnectionError> for VerifierError {
-    fn from(e: uid_mux::yamux::ConnectionError) -> Self {
+impl From<tlsn_mux::ConnectionError> for VerifierError {
+    fn from(e: tlsn_mux::ConnectionError) -> Self {
         Self::new(ErrorKind::Io, e)
     }
 }
@@ -105,9 +101,3 @@ impl From<MpcTlsError> for VerifierError {
         Self::new(ErrorKind::Mpc, e)
     }
 }
-
-impl From<EncodingError> for VerifierError {
-    fn from(e: EncodingError) -> Self {
-        Self::new(ErrorKind::Commit, e)
-    }
-}

crates/tlsn/src/verifier/state.rs

@@ -2,8 +2,7 @@
 
 use std::sync::Arc;
 
-use crate::mux::{MuxControl, MuxFuture};
-use futures_plex::DuplexStream;
+use crate::mux::MuxFuture;
 use mpc_tls::{MpcTlsFollower, SessionKeys};
 use mpz_common::Context;
 use tlsn_core::{
@@ -25,47 +24,39 @@ pub struct Initialized;
 opaque_debug::implement!(Initialized);
 
 /// State after receiving protocol configuration from the prover.
-pub struct CommitStart {
-    pub(crate) prover_io: Option<DuplexStream>,
-    pub(crate) mux_ctrl: MuxControl,
-    pub(crate) mux_fut: MuxFuture,
+pub struct CommitStart<Io> {
+    pub(crate) mux_fut: MuxFuture<Io>,
     pub(crate) ctx: Context,
     pub(crate) request: TlsCommitRequest,
 }
 
-opaque_debug::implement!(CommitStart);
+opaque_debug::implement!(CommitStart<Io>);
 
 /// State after accepting the proposed TLS commitment protocol configuration and
 /// performing preprocessing.
-pub struct CommitAccepted {
-    pub(crate) prover_io: Option<DuplexStream>,
-    pub(crate) mux_ctrl: MuxControl,
-    pub(crate) mux_fut: MuxFuture,
+pub struct CommitAccepted<Io> {
+    pub(crate) mux_fut: MuxFuture<Io>,
     pub(crate) mpc_tls: MpcTlsFollower,
     pub(crate) keys: SessionKeys,
     pub(crate) vm: Arc<Mutex<Deap<VerifierMpc, VerifierZk>>>,
 }
 
-opaque_debug::implement!(CommitAccepted);
+opaque_debug::implement!(CommitAccepted<Io>);
 
 /// State after the TLS transcript has been committed.
-pub struct Committed {
-    pub(crate) prover_io: Option<DuplexStream>,
-    pub(crate) mux_ctrl: MuxControl,
-    pub(crate) mux_fut: MuxFuture,
+pub struct Committed<Io> {
+    pub(crate) mux_fut: MuxFuture<Io>,
     pub(crate) ctx: Context,
     pub(crate) vm: VerifierZk,
     pub(crate) keys: SessionKeys,
     pub(crate) tls_transcript: TlsTranscript,
 }
 
-opaque_debug::implement!(Committed);
+opaque_debug::implement!(Committed<Io>);
 
 /// State after receiving a proving request.
-pub struct Verify {
-    pub(crate) prover_io: Option<DuplexStream>,
-    pub(crate) mux_ctrl: MuxControl,
-    pub(crate) mux_fut: MuxFuture,
+pub struct Verify<Io> {
+    pub(crate) mux_fut: MuxFuture<Io>,
     pub(crate) ctx: Context,
     pub(crate) vm: VerifierZk,
     pub(crate) keys: SessionKeys,
@@ -75,19 +66,19 @@ pub struct Verify {
     pub(crate) transcript: Option<PartialTranscript>,
 }
 
-opaque_debug::implement!(Verify);
+opaque_debug::implement!(Verify<Io>);
 
 impl VerifierState for Initialized {}
-impl VerifierState for CommitStart {}
-impl VerifierState for CommitAccepted {}
-impl VerifierState for Committed {}
-impl VerifierState for Verify {}
+impl<Io> VerifierState for CommitStart<Io> {}
+impl<Io> VerifierState for CommitAccepted<Io> {}
+impl<Io> VerifierState for Committed<Io> {}
+impl<Io> VerifierState for Verify<Io> {}
 
 mod sealed {
     pub trait Sealed {}
     impl Sealed for super::Initialized {}
-    impl Sealed for super::CommitStart {}
-    impl Sealed for super::CommitAccepted {}
-    impl Sealed for super::Committed {}
-    impl Sealed for super::Verify {}
+    impl<Io> Sealed for super::CommitStart<Io> {}
+    impl<Io> Sealed for super::CommitAccepted<Io> {}
+    impl<Io> Sealed for super::Committed<Io> {}
+    impl<Io> Sealed for super::Verify<Io> {}
 }

crates/tlsn/src/verifier/verify.rs

@@ -14,19 +14,12 @@ use tlsn_core::{
 };
 
 use crate::{
-    transcript_internal::{
-        TranscriptRefs,
-        auth::verify_plaintext,
-        commit::{
-            encoding::{self, KeyStore},
-            hash::verify_hash,
-        },
-    },
+    transcript_internal::{TranscriptRefs, auth::verify_plaintext, commit::hash::verify_hash},
     verifier::VerifierError,
 };
 
 #[allow(clippy::too_many_arguments)]
-pub(crate) async fn verify<T: Vm<Binary> + KeyStore + Send + Sync>(
+pub(crate) async fn verify<T: Vm<Binary> + Send + Sync>(
     ctx: &mut Context,
     vm: &mut T,
     keys: &SessionKeys,
@@ -94,11 +87,6 @@ pub(crate) async fn verify<T: Vm<Binary> + KeyStore + Send + Sync>(
                 Direction::Sent => commit_sent.union_mut(idx),
                 Direction::Received => commit_recv.union_mut(idx),
             });
-
-        if let Some((sent, recv)) = commit_config.encoding() {
-            commit_sent.union_mut(sent);
-            commit_recv.union_mut(recv);
-        }
     }
 
     let (sent_refs, sent_proof) = verify_plaintext(
@@ -151,24 +139,6 @@ pub(crate) async fn verify<T: Vm<Binary> + KeyStore + Send + Sync>(
     sent_proof.verify().map_err(VerifierError::verify)?;
     recv_proof.verify().map_err(VerifierError::verify)?;
 
-    let mut encoder_secret = None;
-    if let Some(commit_config) = request.transcript_commit()
-        && let Some((sent, recv)) = commit_config.encoding()
-    {
-        let sent_map = transcript_refs
-            .sent
-            .index(sent)
-            .expect("ranges were authenticated");
-        let recv_map = transcript_refs
-            .recv
-            .index(recv)
-            .expect("ranges were authenticated");
-
-        let (secret, commitment) = encoding::transfer(ctx, vm, &sent_map, &recv_map).await?;
-        encoder_secret = Some(secret);
-        transcript_commitments.push(TranscriptCommitment::Encoding(commitment));
-    }
-
     if let Some(hash_commitments) = hash_commitments {
         for commitment in hash_commitments.try_recv().map_err(VerifierError::verify)? {
             transcript_commitments.push(TranscriptCommitment::Hash(commitment));
@@ -178,7 +148,6 @@ pub(crate) async fn verify<T: Vm<Binary> + KeyStore + Send + Sync>(
     Ok(VerifierOutput {
         server_name,
         transcript: request.reveal().is_some().then_some(transcript),
-        encoder_secret,
         transcript_commitments,
     })
 }

crates/tlsn/tests/test.rs

@@ -1,5 +1,4 @@
 use futures::{AsyncReadExt, AsyncWriteExt};
-use rangeset::set::RangeSet;
 use tlsn::{
     config::{
         prove::ProveConfig,
@@ -9,12 +8,9 @@ use tlsn::{
         verifier::VerifierConfig,
     },
     connection::ServerName,
-    hash::{HashAlgId, HashProvider},
+    hash::HashAlgId,
     prover::Prover,
-    transcript::{
-        Direction, Transcript, TranscriptCommitConfig, TranscriptCommitment,
-        TranscriptCommitmentKind, TranscriptSecret,
-    },
+    transcript::{Direction, Transcript, TranscriptCommitConfig, TranscriptCommitmentKind},
     verifier::{Verifier, VerifierOutput},
     webpki::{CertificateDer, RootCertStore},
 };
@@ -42,7 +38,7 @@ async fn test() {
 
     let (socket_0, socket_1) = tokio::io::duplex(2 << 23);
 
-    let ((full_transcript, prover_output), verifier_output) =
+    let ((_full_transcript, _prover_output), verifier_output) =
         tokio::join!(prover(socket_0), verifier(socket_1));
 
     let partial_transcript = verifier_output.transcript.unwrap();
@@ -58,50 +54,6 @@ async fn test() {
         partial_transcript.received_authed().iter().next().unwrap(),
         0..10
     );
-
-    let encoding_tree = prover_output
-        .transcript_secrets
-        .iter()
-        .find_map(|secret| {
-            if let TranscriptSecret::Encoding(tree) = secret {
-                Some(tree)
-            } else {
-                None
-            }
-        })
-        .unwrap();
-
-    let encoding_commitment = prover_output
-        .transcript_commitments
-        .iter()
-        .find_map(|commitment| {
-            if let TranscriptCommitment::Encoding(commitment) = commitment {
-                Some(commitment)
-            } else {
-                None
-            }
-        })
-        .unwrap();
-
-    let prove_sent = RangeSet::from(1..full_transcript.sent().len() - 1);
-    let prove_recv = RangeSet::from(1..full_transcript.received().len() - 1);
-    let idxs = [
-        (Direction::Sent, prove_sent.clone()),
-        (Direction::Received, prove_recv.clone()),
-    ];
-    let proof = encoding_tree.proof(idxs.iter()).unwrap();
-    let (auth_sent, auth_recv) = proof
-        .verify_with_provider(
-            &HashProvider::default(),
-            &verifier_output.encoder_secret.unwrap(),
-            encoding_commitment,
-            full_transcript.sent(),
-            full_transcript.received(),
-        )
-        .unwrap();
-
-    assert_eq!(auth_sent, prove_sent);
-    assert_eq!(auth_recv, prove_recv);
 }
 
 #[instrument(skip(verifier_socket))]
@@ -110,11 +62,7 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
 ) -> (Transcript, ProverOutput) {
     let (client_socket, server_socket) = tokio::io::duplex(2 << 16);
 
-    let client_socket = client_socket.compat();
-    let server_socket = server_socket.compat();
-    let mut verifier_socket = verifier_socket.compat();
-
-    let server_task = tokio::spawn(bind(server_socket));
+    let server_task = tokio::spawn(bind(server_socket.compat()));
 
     let prover = Prover::new(ProverConfig::builder().build().unwrap())
         .commit(
@@ -130,13 +78,13 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
                 )
                 .build()
                 .unwrap(),
-            &mut verifier_socket,
+            verifier_socket.compat(),
         )
         .await
         .unwrap();
 
-    let (mut tls_connection, prover) = prover
-        .setup(
+    let (mut tls_connection, prover_fut) = prover
+        .connect(
             TlsClientConfig::builder()
                 .server_name(ServerName::Dns(SERVER_DOMAIN.try_into().unwrap()))
                 .root_store(RootCertStore {
@@ -144,47 +92,44 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
                 })
                 .build()
                 .unwrap(),
+            client_socket.compat(),
         )
+        .await
         .unwrap();
-
-    let prover_task = tokio::spawn(prover.run(client_socket, verifier_socket));
+    let prover_task = tokio::spawn(prover_fut);
 
     tls_connection
         .write_all(b"GET / HTTP/1.1\r\nConnection: close\r\n\r\n")
         .await
         .unwrap();
+    tls_connection.close().await.unwrap();
 
     let mut response = vec![0u8; 1024];
     tls_connection.read_to_end(&mut response).await.unwrap();
 
-    tls_connection.close().await.unwrap();
     let _ = server_task.await.unwrap();
 
-    let (mut prover, _, mut verifier_socket) = prover_task.await.unwrap().unwrap();
+    let mut prover = prover_task.await.unwrap().unwrap();
     let sent_tx_len = prover.transcript().sent().len();
     let recv_tx_len = prover.transcript().received().len();
 
     let mut builder = TranscriptCommitConfig::builder(prover.transcript());
 
-    for kind in [
-        TranscriptCommitmentKind::Encoding,
-        TranscriptCommitmentKind::Hash {
-            alg: HashAlgId::SHA256,
-        },
-    ] {
-        builder
-            .commit_with_kind(&(0..sent_tx_len), Direction::Sent, kind)
-            .unwrap();
-        builder
-            .commit_with_kind(&(0..recv_tx_len), Direction::Received, kind)
-            .unwrap();
-        builder
-            .commit_with_kind(&(1..sent_tx_len - 1), Direction::Sent, kind)
-            .unwrap();
-        builder
-            .commit_with_kind(&(1..recv_tx_len - 1), Direction::Received, kind)
-            .unwrap();
-    }
+    let kind = TranscriptCommitmentKind::Hash {
+        alg: HashAlgId::SHA256,
+    };
+    builder
+        .commit_with_kind(&(0..sent_tx_len), Direction::Sent, kind)
+        .unwrap();
+    builder
+        .commit_with_kind(&(0..recv_tx_len), Direction::Received, kind)
+        .unwrap();
+    builder
+        .commit_with_kind(&(1..sent_tx_len - 1), Direction::Sent, kind)
+        .unwrap();
+    builder
+        .commit_with_kind(&(1..recv_tx_len - 1), Direction::Received, kind)
+        .unwrap();
 
     let transcript_commit = builder.build().unwrap();
 
@@ -199,8 +144,8 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
 
     let config = builder.build().unwrap();
     let transcript = prover.transcript().clone();
-    let output = prover.prove(&config, &mut verifier_socket).await.unwrap();
-    prover.close(&mut verifier_socket).await.unwrap();
+    let output = prover.prove(&config).await.unwrap();
+    prover.close().await.unwrap();
 
     (transcript, output)
 }
@@ -209,8 +154,6 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
 async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
     socket: T,
 ) -> VerifierOutput {
-    let mut socket = socket.compat();
-
     let verifier = Verifier::new(
         VerifierConfig::builder()
             .root_store(RootCertStore {
@@ -221,24 +164,18 @@ async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
     );
 
     let verifier = verifier
-        .commit(&mut socket)
+        .commit(socket.compat())
         .await
         .unwrap()
-        .accept(&mut socket)
+        .accept()
         .await
         .unwrap()
-        .run(&mut socket)
+        .run()
         .await
         .unwrap();
 
-    let (output, verifier) = verifier
-        .verify(&mut socket)
-        .await
-        .unwrap()
-        .accept(&mut socket)
-        .await
-        .unwrap();
-    verifier.close(&mut socket).await.unwrap();
+    let (output, verifier) = verifier.verify().await.unwrap().accept().await.unwrap();
+    verifier.close().await.unwrap();
 
     output
 }

crates/wasm/Cargo.toml

@@ -23,9 +23,9 @@ no-bundler = ["web-spawn/no-bundler"]
 tlsn-core = { workspace = true }
 tlsn = { workspace = true, features = ["web", "mozilla-certs"] }
 tlsn-server-fixture-certs = { workspace = true }
+tlsn-tls-client-async = { workspace = true }
 tlsn-tls-core = { workspace = true }
 
-async_io_stream = { version = "0.3" }
 bincode = { workspace = true }
 console_error_panic_hook = { version = "0.1" }
 enum-try-as-inner = { workspace = true }

crates/wasm/src/prover/mod.rs

@@ -2,11 +2,11 @@ mod config;
 
 pub use config::ProverConfig;
 
-use async_io_stream::IoStream;
 use enum_try_as_inner::EnumTryAsInner;
 use futures::TryFutureExt;
 use http_body_util::{BodyExt, Full};
 use hyper::body::Bytes;
+use tls_client_async::TlsConnection;
 use tlsn::{
     config::{
         prove::ProveConfig,
@@ -14,13 +14,13 @@ use tlsn::{
         tls_commit::{mpc::MpcTlsConfig, TlsCommitConfig},
     },
     connection::ServerName,
-    prover::{state, Prover, TlsConnection},
+    prover::{state, Prover},
     webpki::{CertificateDer, PrivateKeyDer, RootCertStore},
 };
 use tracing::info;
 use wasm_bindgen::{prelude::*, JsError};
 use wasm_bindgen_futures::spawn_local;
-use ws_stream_wasm::{WsMeta, WsStreamIo};
+use ws_stream_wasm::WsMeta;
 
 use crate::{io::FuturesIo, types::*};
 
@@ -36,14 +36,8 @@ pub struct JsProver {
 #[derive_err(Debug)]
 enum State {
     Initialized(Prover<state::Initialized>),
-    CommitAccepted {
-        prover: Prover<state::CommitAccepted>,
-        verifier_conn: IoStream<WsStreamIo, Vec<u8>>,
-    },
-    Committed {
-        prover: Prover<state::Committed>,
-        verifier_conn: IoStream<WsStreamIo, Vec<u8>>,
-    },
+    CommitAccepted(Prover<state::CommitAccepted>),
+    Committed(Prover<state::Committed>),
     Complete,
     Error,
 }
@@ -102,16 +96,12 @@ impl JsProver {
         info!("connecting to verifier");
 
         let (_, verifier_conn) = WsMeta::connect(verifier_url, None).await?;
-        let mut verifier_conn = verifier_conn.into_io();
 
         info!("connected to verifier");
 
-        let prover = prover.commit(config, &mut verifier_conn).await?;
+        let prover = prover.commit(config, verifier_conn.into_io()).await?;
 
-        self.state = State::CommitAccepted {
-            prover,
-            verifier_conn,
-        };
+        self.state = State::CommitAccepted(prover);
 
         Ok(())
     }
@@ -122,7 +112,7 @@ impl JsProver {
         ws_proxy_url: &str,
         request: HttpRequest,
     ) -> Result<HttpResponse> {
-        let (prover, mut verifier_conn) = self.state.take().try_into_commit_accepted()?;
+        let prover = self.state.take().try_into_commit_accepted()?;
 
         let mut builder = TlsClientConfig::builder()
             .server_name(ServerName::Dns(
@@ -155,41 +145,35 @@ impl JsProver {
         info!("connecting to server");
 
         let (_, server_conn) = WsMeta::connect(ws_proxy_url, None).await?;
-        let mut server_conn = server_conn.into_io();
 
         info!("connected to server");
 
-        let (tls_conn, prover) = prover.setup(config)?;
-        let mut prover = prover.connect(&mut server_conn, &mut verifier_conn);
+        let (tls_conn, prover_fut) = prover.connect(config, server_conn.into_io()).await?;
 
         info!("sending request");
 
-        let (response, _) = futures::try_join!(
+        let (response, prover) = futures::try_join!(
             send_request(tls_conn, request),
-            (&mut prover).map_err(Into::into)
+            prover_fut.map_err(Into::into)
         )?;
-        let prover = prover.finish()?;
 
         info!("response received");
 
-        self.state = State::Committed {
-            prover,
-            verifier_conn,
-        };
+        self.state = State::Committed(prover);
 
         Ok(response)
     }
 
     /// Returns the transcript.
     pub fn transcript(&self) -> Result<Transcript> {
-        let (prover, _) = self.state.try_as_committed()?;
+        let prover = self.state.try_as_committed()?;
 
         Ok(Transcript::from(prover.transcript()))
     }
 
     /// Reveals data to the verifier and finalizes the protocol.
     pub async fn reveal(&mut self, reveal: Reveal) -> Result<()> {
-        let (mut prover, mut verifier_conn) = self.state.take().try_into_committed()?;
+        let mut prover = self.state.take().try_into_committed()?;
 
         info!("revealing data");
 
@@ -209,8 +193,8 @@ impl JsProver {
 
         let config = builder.build()?;
 
-        prover.prove(&config, &mut verifier_conn).await?;
-        prover.close(&mut verifier_conn).await?;
+        prover.prove(&config).await?;
+        prover.close().await?;
 
         info!("Finalized");
 

crates/wasm/src/verifier/mod.rs

@@ -2,7 +2,6 @@ mod config;
 
 pub use config::VerifierConfig;
 
-use async_io_stream::IoStream;
 use enum_try_as_inner::EnumTryAsInner;
 use tlsn::{
     config::tls_commit::TlsCommitProtocolConfig,
@@ -13,7 +12,7 @@ use tlsn::{
 };
 use tracing::info;
 use wasm_bindgen::prelude::*;
-use ws_stream_wasm::{WsMeta, WsStreamIo};
+use ws_stream_wasm::{WsMeta, WsStream};
 
 use crate::types::VerifierOutput;
 
@@ -27,13 +26,9 @@ pub struct JsVerifier {
 
 #[derive(EnumTryAsInner)]
 #[derive_err(Debug)]
-#[allow(unused_assignments)]
 enum State {
     Initialized(Verifier<state::Initialized>),
-    Connected {
-        verifier: Verifier<state::Initialized>,
-        prover_conn: IoStream<WsStreamIo, Vec<u8>>,
-    },
+    Connected((Verifier<state::Initialized>, WsStream)),
     Complete,
     Error,
 }
@@ -71,23 +66,19 @@ impl JsVerifier {
         info!("Connecting to prover");
 
         let (_, prover_conn) = WsMeta::connect(prover_url, None).await?;
-        let prover_conn = prover_conn.into_io();
 
         info!("Connected to prover");
 
-        self.state = State::Connected {
-            verifier,
-            prover_conn,
-        };
+        self.state = State::Connected((verifier, prover_conn));
 
         Ok(())
     }
 
     /// Verifies the connection and finalizes the protocol.
     pub async fn verify(&mut self) -> Result<VerifierOutput> {
-        let (verifier, mut prover_conn) = self.state.take().try_into_connected()?;
+        let (verifier, prover_conn) = self.state.take().try_into_connected()?;
 
-        let verifier = verifier.commit(&mut prover_conn).await?;
+        let verifier = verifier.commit(prover_conn.into_io()).await?;
         let request = verifier.request();
 
         let TlsCommitProtocolConfig::Mpc(mpc_tls_config) = request.protocol() else {
@@ -107,15 +98,11 @@ impl JsVerifier {
         };
 
         if reject.is_some() {
-            verifier.reject(&mut prover_conn, reject).await?;
+            verifier.reject(reject).await?;
             return Err(JsError::new("protocol configuration rejected"));
         }
 
-        let verifier = verifier
-            .accept(&mut prover_conn)
-            .await?
-            .run(&mut prover_conn)
-            .await?;
+        let verifier = verifier.accept().await?.run().await?;
 
         let sent = verifier
             .tls_transcript()
@@ -142,12 +129,8 @@ impl JsVerifier {
             },
         };
 
-        let (output, verifier) = verifier
-            .verify(&mut prover_conn)
-            .await?
-            .accept(&mut prover_conn)
-            .await?;
-        verifier.close(&mut prover_conn).await?;
+        let (output, verifier) = verifier.verify().await?.accept().await?;
+        verifier.close().await?;
 
         self.state = State::Complete;