tlsnotary/docs-mdbook
1
0
Fork 0
mirror of https://github.com/tlsnotary/docs-mdbook.git synced 2026-01-09 20:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

deploy: f75dae7b08

Browse Source
This commit is contained in:
heeckhau
2023-08-09 07:41:38 +00:00
parent 5585ab6528
commit 0d801d0da8
18 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
overview.html
View File

@@ -172,7 +172,7 @@
<h1 id="overview"><a class="header" href="#overview">Overview</a></h1>
<p>The following diagram is a high-level protocol overview introducing the main components of
TLSNotary.</p>
<p><img src="tlsnotary_overview.png" alt="TLSNotary Overview" /></p>
<p><img src="./png-diagrams/intro-diagram.png" alt="TLSNotary Overview" /></p>
</main>

BIN
png-diagrams/client-state-diagram.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 604 KiB

BIN
png-diagrams/crate_structure.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

BIN
png-diagrams/data_provenance.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 264 KiB

BIN
png-diagrams/gc-types.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 219 KiB

BIN
png-diagrams/intro-diagram.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 449 KiB

BIN
png-diagrams/key_exchange.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 243 KiB

BIN
png-diagrams/overview.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 415 KiB

BIN
png-diagrams/overview2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 126 KiB

BIN
png-diagrams/overview3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 155 KiB

BIN
png-diagrams/overview_notarization.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 203 KiB

BIN
png-diagrams/protocol.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 627 KiB

BIN
png-diagrams/tls12-multiround.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 770 KiB

BIN
png-diagrams/transcript.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 299 KiB

8
print.html
View File

@@ -208,7 +208,7 @@ Verifier do not want to trust some Notary server, you can run one yourself.</li>
<h1 id="overview"><a class="header" href="#overview">Overview</a></h1>
<p>The following diagram is a high-level protocol overview introducing the main components of
TLSNotary.</p>
<p><img src="tlsnotary_overview.png" alt="TLSNotary Overview" /></p>
<p><img src="./png-diagrams/intro-diagram.png" alt="TLSNotary Overview" /></p>
<div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="notarization-phase"><a class="header" href="#notarization-phase">Notarization Phase</a></h1>
<p>During the Notarization Phase the <code>Requester</code>, otherwise referred to as the <code>User</code>, and the <code>Notary</code> work together to generate an authenticated <code>Transcript</code> of a TLS session with a <code>Server</code>.</p>
@@ -224,16 +224,16 @@ TLSNotary.</p>
<p>The <code>Notary</code> is the party of which the authenticity of the <code>Transcript</code> relies on. During the session the <code>Notary</code> withholds its' shares of the TLS keys and participates in a series of secure 2-party computation protocols with the <code>Requester</code> to operate the TLS connection.</p>
<h2 id="server"><a class="header" href="#server">Server</a></h2>
<p>The <code>Server</code> can be any server which supports TLS. The TLSNotary protocol is entirely transparent to the <code>Server</code>, thus it can not be censored nor does it have to support any additional functionality.</p>
<img src="https://raw.githubusercontent.com/tlsnotary/docs-assets/main/diagrams/tls12-multiround.png">
<img src="protocol/notarization/../../png-diagrams/tls12-multiround.png">
<h2 id="transcript"><a class="header" href="#transcript">Transcript</a></h2>
<p>The primary artifact generated from this phase is called the <code>Transcript</code>. It contains session meta-data, handshake data, and commitments to all the requests and responses. Typically the <code>Transcript</code> is signed by the <code>Notary</code>, however that is not necessary in the case where the <code>Notary</code> will also act as the <code>Verifier</code> in the selective disclosure phase.</p>
<blockquote>
<p>Note that the server ephemeral key does not reveal the identity of the server to the <code>Notary</code>.</p>
</blockquote>
<img src="https://raw.githubusercontent.com/tlsnotary/docs-assets/main/diagrams/transcript.png"><div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<img src="protocol/notarization/../../png-diagrams/transcript.png"><div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="key-exchange"><a class="header" href="#key-exchange">Key Exchange</a></h1>
<p>In TLS, the first step towards obtaining TLS session keys is to compute a shared secret between the client and the server by running the <a href="https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman">ECDH protocol</a>. The resulting shared secret in TLS terms is called the pre-master secret <code>PMS</code>.</p>
<img src="https://raw.githubusercontent.com/tlsnotary/docs-assets/main/diagrams/key_exchange.png" width="800">
<img src="protocol/notarization/../../png-diagrams/key_exchange.png" width="800">
<p>Using the notation from Wikipedia, below is the 3-party ECDH protocol between the <code>Server</code> the <code>Requester</code> and the <code>Notary</code>, enabling the <code>Requester</code> and the <code>Notary</code> to arrive at shares of <code>PMS</code>.</p>
<ol>
<li><code>Server</code> sends its public key <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.8778em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal">Q</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span class="vlist" style="height:0.3361em;"><span style="top:-2.55em;margin-left:0em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">b</span></span></span></span><span class="vlist-s"></span></span><span class="vlist-r"><span class="vlist" style="height:0.15em;"><span></span></span></span></span></span></span></span></span></span> to <code>Requester</code>, and <code>Requester</code> forwards it to <code>Notary</code></li>

4
protocol/notarization/index.html
View File

@@ -183,13 +183,13 @@
<p>The <code>Notary</code> is the party of which the authenticity of the <code>Transcript</code> relies on. During the session the <code>Notary</code> withholds its' shares of the TLS keys and participates in a series of secure 2-party computation protocols with the <code>Requester</code> to operate the TLS connection.</p>
<h2 id="server"><a class="header" href="#server">Server</a></h2>
<p>The <code>Server</code> can be any server which supports TLS. The TLSNotary protocol is entirely transparent to the <code>Server</code>, thus it can not be censored nor does it have to support any additional functionality.</p>
<img src="https://raw.githubusercontent.com/tlsnotary/docs-assets/main/diagrams/tls12-multiround.png">
<img src="../../png-diagrams/tls12-multiround.png">
<h2 id="transcript"><a class="header" href="#transcript">Transcript</a></h2>
<p>The primary artifact generated from this phase is called the <code>Transcript</code>. It contains session meta-data, handshake data, and commitments to all the requests and responses. Typically the <code>Transcript</code> is signed by the <code>Notary</code>, however that is not necessary in the case where the <code>Notary</code> will also act as the <code>Verifier</code> in the selective disclosure phase.</p>
<blockquote>
<p>Note that the server ephemeral key does not reveal the identity of the server to the <code>Notary</code>.</p>
</blockquote>
<img src="https://raw.githubusercontent.com/tlsnotary/docs-assets/main/diagrams/transcript.png">
<img src="../../png-diagrams/transcript.png">
</main>
<nav class="nav-wrapper" aria-label="Page navigation">

2
protocol/notarization/key_exchange.html
View File

@@ -171,7 +171,7 @@
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css" integrity="sha384-AfEj0r4/OFrOo5t7NnNe46zW/tFgW6x/bCJG8FqQCEo3+Aro6EYUG4+cU+KJWu/X" crossorigin="anonymous">
<h1 id="key-exchange"><a class="header" href="#key-exchange">Key Exchange</a></h1>
<p>In TLS, the first step towards obtaining TLS session keys is to compute a shared secret between the client and the server by running the <a href="https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman">ECDH protocol</a>. The resulting shared secret in TLS terms is called the pre-master secret <code>PMS</code>.</p>
<img src="https://raw.githubusercontent.com/tlsnotary/docs-assets/main/diagrams/key_exchange.png" width="800">
<img src="../../png-diagrams/key_exchange.png" width="800">
<p>Using the notation from Wikipedia, below is the 3-party ECDH protocol between the <code>Server</code> the <code>Requester</code> and the <code>Notary</code>, enabling the <code>Requester</code> and the <code>Notary</code> to arrive at shares of <code>PMS</code>.</p>
<ol>
<li><code>Server</code> sends its public key <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.8778em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal">Q</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span class="vlist" style="height:0.3361em;"><span style="top:-2.55em;margin-left:0em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">b</span></span></span></span><span class="vlist-s"></span></span><span class="vlist-r"><span class="vlist" style="height:0.15em;"><span></span></span></span></span></span></span></span></span></span> to <code>Requester</code>, and <code>Requester</code> forwards it to <code>Notary</code></li>

BIN
tlsnotary_overview.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 122 KiB