tlsnotary/docs-mdbook
1
0
Fork 0
mirror of https://github.com/tlsnotary/docs-mdbook.git synced 2026-01-09 20:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 57c12b5b7d

Browse Source
This commit is contained in:
themighty1
2022-10-28 07:14:50 +00:00
parent 5c9a58e355
commit f0395f12c5
15 changed files with 487 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
404.html
View File

@@ -78,7 +78,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
index.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
intro.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html" class="active">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html" class="active">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

59
print.html
View File

@@ -78,7 +78,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -435,6 +435,63 @@ verify_data = p1[:12]
<li>To evaluate the circuit, <code>N</code> inputs <code>MS</code> <code>outer hash state</code> (from Step 10) and <code>U</code> inputs <code>inner hash</code> of <code>p1</code>. The circuit outputs <code>verify_data</code> for <code>SF</code> to <code>U</code>.</li>
</ol>
<p>The parties proceed to decrypt and authenticate the <code>SF</code> in 2PC. <code>U</code> checks that <code>verify_data</code> from <code>SF</code> matches <code>verify_data</code> from Step 25.</p>
<div style="break-before: page; page-break-before: always;"></div><p>At the end of the TLSNotary protocol, the User has the authenticated AES ciphertext which can be thought of as a commitment to the plaintext. This form of commitment is not amenable to use cases when the User wants to make part of the plaintext public while keeping another part private. Naively, the User's option is to prove the decryption of the ciphertext in zero-knowledge which is computationally expensive.</p>
<p>We describe two less computationally heavy approaches for converting the AES ciphertext commitments. </p>
<p>The first approach is useful for commitments to the data which the User intends to make public. It is based on decrypting the ciphertext with Garbled Circuits and producing a hash commitment to the wire labels.</p>
<p>The second approach is useful for commitments to the private data which the User later intends to prove statements about in zero-knowledge. This approach produces a Poseidon hash over the private data. </p>
<div style="break-before: page; page-break-before: always;"></div><p>We describe an interactive protocol between the User <code>U</code> and the Notary <code>N</code>, whereby <code>U</code> can convert the authenticated AES ciphertext into a hash commitment to Garbled Circuits wire labels.</p>
<h3 id="-----creating-the-new-commitment"><a class="header" href="#-----creating-the-new-commitment">---- Creating the new commitment</a></h3>
<ol start="0">
<li>
<p>At the end of the TLSNotary session, both <code>U</code> and <code>N</code> know the authenticated AES <code>ciphertext</code>. </p>
</li>
<li>
<p><code>N</code> reveals his TLS session key shares to <code>U</code>.</p>
</li>
<li>
<p><code>U</code> decrypts the <code>ciphertext</code> in the clear and learns the plaintext <code>p</code>.</p>
</li>
<li>
<p><code>N</code> picks a <code>seed</code> and uses it as the source of randomness to generate (in the semi-honest model) a privacy-free garbled circuit whose functionality is to accept the plaintext input, encrypt it, and output the ciphertext. </p>
</li>
<li>
<p>With <code>p</code> as her circuit input, <code>U</code> receives input wire labels <code>IWLs</code> via Oblivious Transfer and then evaluates the circuit on those <code>IWLs</code>. The result of the evaluation are output wire labels <code>OWLs</code> which <code>U</code> does not know the decoding for.</p>
</li>
<li>
<p><code>U</code> sends two commitments: <code>commitment to IWLs</code> and <code>commitment to OWLs</code> to <code>N</code>.</p>
</li>
<li>
<p><code>N</code> reveals the <code>seed</code> and <code>U</code> checks that the circuit (including its <code>IWLs</code> and <code>OWLs</code>) was generated correctly and, if successful, reveals her <code>OWLs</code>.</p>
</li>
<li>
<p><code>N</code> verifies <code>commitment to OWLs</code> and then checks that decoded <code>OWLs</code> match the <code>ciphertext</code> (from Step 0) and, if successful, signs (<code>seed</code> + <code>commitment to IWLs</code>). </p>
</li>
</ol>
<blockquote>
<p>Now, (<code>seed</code> + <code>commitment to IWLs</code>) become <code>U</code>'s new commitment to <code>p</code>.</p>
</blockquote>
<h3 id="-----verifying-the-commitment"><a class="header" href="#-----verifying-the-commitment">---- Verifying the commitment</a></h3>
<p>Verifier performs the following steps:</p>
<ol>
<li>
<p>Receives the following from <code>U</code>: plaintext <code>p</code>, <code>signature</code> for (<code>seed</code> + <code>commitment to IWLs</code>), <code>seed</code>, <code>commitment to IWLs</code>.</p>
</li>
<li>
<p>(using a trusted <code>N</code>s pubkey) Verifies the <code>signature</code>.</p>
</li>
<li>
<p>Re-generates the <code>IWLs</code> from the <code>seed</code>.</p>
</li>
<li>
<p>Picks only those <code>IWLs</code> which correspond to <code>p</code> and checks that the commitment to those <code>IWLs</code> matches <code>commitment to IWLs</code>.</p>
</li>
<li>
<p>Accepts <code>p</code> as authentic.</p>
</li>
</ol>
<h3 id="-----dynamic-commitment-using-a-merkle-tree"><a class="header" href="#-----dynamic-commitment-using-a-merkle-tree">---- Dynamic commitment using a Merkle tree</a></h3>
<p>In situations where <code>U</code> does not know in advance which subset of the public data she will be revealing later to the Verifier, <code>U</code> can commit to the Merkle tree of all her input wire labels (from Step 4 above).
Later, <code>U</code> can reveal only those Merkle leaves which she wants to make public to the Verifier. </p>
<div style="break-before: page; page-break-before: always;"></div><h1 id="secure-2-party-computation"><a class="header" href="#secure-2-party-computation">Secure 2-Party Computation</a></h1>
<div style="break-before: page; page-break-before: always;"></div><p>To ensure malicious security of the Garbled Circuits 2PC, TLSNotary uses the <a href="https://securecomputation.org/docs/pragmaticmpc.pdf">Dual Execution protocol</a> (see Section 7.6).</p>
<p>DualEX inherently leaks one bit of private input with probability 1/2. This is not a problem during the TLS handshake when the private inputs are symmetric keys or hash pre-images. Leaking 1 bit does not give the adversary any advantage, since with the same probability the adversary may have guessed that bit while brute-forcing the key or the pre-image.</p>

2
protocol/2pc/dual_execution.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html" class="active"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html" class="active"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
protocol/2pc/dual_execution_with_privacy_only_for_the_user.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html" class="active"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html" class="active"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

6
protocol/2pc/garbled_circuits.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html" class="active"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html" class="active"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -142,7 +142,7 @@
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../../protocol/notarization/prf.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<a rel="prev" href="../../protocol/notarization/public_data_commitment.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../protocol/2pc/dual_execution.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
@@ -154,7 +154,7 @@
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../../protocol/notarization/prf.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<a rel="prev" href="../../protocol/notarization/public_data_commitment.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../protocol/2pc/dual_execution.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">

2
protocol/2pc/mac.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html" class="active"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html" class="active"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

182
protocol/notarization/commitment.html Normal file
View File

@@ -0,0 +1,182 @@
<!DOCTYPE HTML>
<html lang="en" class="sidebar-visible no-js ayu">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Commitment - tlsn-docs</title>
<!-- Custom HTML head -->
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff" />
<link rel="icon" href="../../favicon.svg">
<link rel="shortcut icon" href="../../favicon.png">
<link rel="stylesheet" href="../../css/variables.css">
<link rel="stylesheet" href="../../css/general.css">
<link rel="stylesheet" href="../../css/chrome.css">
<link rel="stylesheet" href="../../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="../../highlight.css">
<link rel="stylesheet" href="../../tomorrow-night.css">
<link rel="stylesheet" href="../../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- MathJax -->
<script async type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
</head>
<body>
<!-- Provide site root to javascript -->
<script type="text/javascript">
var path_to_root = "../../";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "ayu";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script type="text/javascript">
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script type="text/javascript">
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add('js');
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script type="text/javascript">
var html = document.querySelector('html');
var sidebar = 'hidden';
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html" class="active"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky bordered">
<div class="left-buttons">
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</button>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu (default)</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">tlsn-docs</h1>
<div class="right-buttons">
<a href="../../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script type="text/javascript">
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<p>At the end of the TLSNotary protocol, the User has the authenticated AES ciphertext which can be thought of as a commitment to the plaintext. This form of commitment is not amenable to use cases when the User wants to make part of the plaintext public while keeping another part private. Naively, the User's option is to prove the decryption of the ciphertext in zero-knowledge which is computationally expensive.</p>
<p>We describe two less computationally heavy approaches for converting the AES ciphertext commitments. </p>
<p>The first approach is useful for commitments to the data which the User intends to make public. It is based on decrypting the ciphertext with Garbled Circuits and producing a hash commitment to the wire labels.</p>
<p>The second approach is useful for commitments to the private data which the User later intends to prove statements about in zero-knowledge. This approach produces a Poseidon hash over the private data. </p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../../protocol/notarization/prf.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../protocol/notarization/public_data_commitment.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../../protocol/notarization/prf.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../protocol/notarization/public_data_commitment.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script type="text/javascript">
window.playground_copyable = true;
</script>
<script src="../../elasticlunr.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../mark.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../searcher.js" type="text/javascript" charset="utf-8"></script>
<script src="../../clipboard.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../highlight.js" type="text/javascript" charset="utf-8"></script>
<script src="../../book.js" type="text/javascript" charset="utf-8"></script>
<!-- Custom JS scripts -->
</body>
</html>

2
protocol/notarization/index.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html" class="active"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html" class="active"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

2
protocol/notarization/key_exchange.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html" class="active"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html" class="active"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>

6
protocol/notarization/prf.html
View File

@@ -77,7 +77,7 @@
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html" class="active"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.3.</strong> Commitment</div></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html" class="active"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
@@ -315,7 +315,7 @@ verify_data = p1[:12]
<a rel="prev" href="../../protocol/notarization/key_exchange.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../protocol/2pc/garbled_circuits.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<a rel="next" href="../../protocol/notarization/commitment.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
@@ -327,7 +327,7 @@ verify_data = p1[:12]
<a rel="prev" href="../../protocol/notarization/key_exchange.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../protocol/2pc/garbled_circuits.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<a rel="next" href="../../protocol/notarization/commitment.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>

231
protocol/notarization/public_data_commitment.html Normal file
View File

@@ -0,0 +1,231 @@
<!DOCTYPE HTML>
<html lang="en" class="sidebar-visible no-js ayu">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Commitment to public data - tlsn-docs</title>
<!-- Custom HTML head -->
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff" />
<link rel="icon" href="../../favicon.svg">
<link rel="shortcut icon" href="../../favicon.png">
<link rel="stylesheet" href="../../css/variables.css">
<link rel="stylesheet" href="../../css/general.css">
<link rel="stylesheet" href="../../css/chrome.css">
<link rel="stylesheet" href="../../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="../../highlight.css">
<link rel="stylesheet" href="../../tomorrow-night.css">
<link rel="stylesheet" href="../../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- MathJax -->
<script async type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
</head>
<body>
<!-- Provide site root to javascript -->
<script type="text/javascript">
var path_to_root = "../../";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "ayu";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script type="text/javascript">
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script type="text/javascript">
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add('js');
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script type="text/javascript">
var html = document.querySelector('html');
var sidebar = 'hidden';
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../../intro.html">Introduction</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><div><strong aria-hidden="true">1.</strong> Overview</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/index.html"><strong aria-hidden="true">2.</strong> Notarization</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">2.1.</strong> TLS Handshake</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/key_exchange.html"><strong aria-hidden="true">2.1.1.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="../../protocol/notarization/prf.html"><strong aria-hidden="true">2.1.2.</strong> Symmetric key derivation</a></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">2.2.</strong> (Enc/Dec)ryption</div></li><li class="chapter-item expanded "><a href="../../protocol/notarization/commitment.html"><strong aria-hidden="true">2.3.</strong> Commitment</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/notarization/public_data_commitment.html" class="active"><strong aria-hidden="true">2.3.1.</strong> Commitment to public data</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">3.</strong> Selective Disclosure</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/garbled_circuits.html"><strong aria-hidden="true">4.</strong> Secure 2-Party Computation</a></li><li><ol class="section"><li class="chapter-item expanded "><div><strong aria-hidden="true">4.1.</strong> Garbled Circuits</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution.html"><strong aria-hidden="true">4.1.1.</strong> Dual Execution</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../../protocol/2pc/dual_execution_with_privacy_only_for_the_user.html"><strong aria-hidden="true">4.1.1.1.</strong> Dual Execution with privacy only for the User</a></li></ol></li></ol></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.2.</strong> Oblivious Transfer</div></li><li class="chapter-item expanded "><div><strong aria-hidden="true">4.3.</strong> Paillier</div></li><li class="chapter-item expanded "><a href="../../protocol/2pc/mac.html"><strong aria-hidden="true">4.4.</strong> MAC</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky bordered">
<div class="left-buttons">
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</button>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu (default)</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">tlsn-docs</h1>
<div class="right-buttons">
<a href="../../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script type="text/javascript">
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<p>We describe an interactive protocol between the User <code>U</code> and the Notary <code>N</code>, whereby <code>U</code> can convert the authenticated AES ciphertext into a hash commitment to Garbled Circuits wire labels.</p>
<h3 id="-----creating-the-new-commitment"><a class="header" href="#-----creating-the-new-commitment">---- Creating the new commitment</a></h3>
<ol start="0">
<li>
<p>At the end of the TLSNotary session, both <code>U</code> and <code>N</code> know the authenticated AES <code>ciphertext</code>. </p>
</li>
<li>
<p><code>N</code> reveals his TLS session key shares to <code>U</code>.</p>
</li>
<li>
<p><code>U</code> decrypts the <code>ciphertext</code> in the clear and learns the plaintext <code>p</code>.</p>
</li>
<li>
<p><code>N</code> picks a <code>seed</code> and uses it as the source of randomness to generate (in the semi-honest model) a privacy-free garbled circuit whose functionality is to accept the plaintext input, encrypt it, and output the ciphertext. </p>
</li>
<li>
<p>With <code>p</code> as her circuit input, <code>U</code> receives input wire labels <code>IWLs</code> via Oblivious Transfer and then evaluates the circuit on those <code>IWLs</code>. The result of the evaluation are output wire labels <code>OWLs</code> which <code>U</code> does not know the decoding for.</p>
</li>
<li>
<p><code>U</code> sends two commitments: <code>commitment to IWLs</code> and <code>commitment to OWLs</code> to <code>N</code>.</p>
</li>
<li>
<p><code>N</code> reveals the <code>seed</code> and <code>U</code> checks that the circuit (including its <code>IWLs</code> and <code>OWLs</code>) was generated correctly and, if successful, reveals her <code>OWLs</code>.</p>
</li>
<li>
<p><code>N</code> verifies <code>commitment to OWLs</code> and then checks that decoded <code>OWLs</code> match the <code>ciphertext</code> (from Step 0) and, if successful, signs (<code>seed</code> + <code>commitment to IWLs</code>). </p>
</li>
</ol>
<blockquote>
<p>Now, (<code>seed</code> + <code>commitment to IWLs</code>) become <code>U</code>'s new commitment to <code>p</code>.</p>
</blockquote>
<h3 id="-----verifying-the-commitment"><a class="header" href="#-----verifying-the-commitment">---- Verifying the commitment</a></h3>
<p>Verifier performs the following steps:</p>
<ol>
<li>
<p>Receives the following from <code>U</code>: plaintext <code>p</code>, <code>signature</code> for (<code>seed</code> + <code>commitment to IWLs</code>), <code>seed</code>, <code>commitment to IWLs</code>.</p>
</li>
<li>
<p>(using a trusted <code>N</code>s pubkey) Verifies the <code>signature</code>.</p>
</li>
<li>
<p>Re-generates the <code>IWLs</code> from the <code>seed</code>.</p>
</li>
<li>
<p>Picks only those <code>IWLs</code> which correspond to <code>p</code> and checks that the commitment to those <code>IWLs</code> matches <code>commitment to IWLs</code>.</p>
</li>
<li>
<p>Accepts <code>p</code> as authentic.</p>
</li>
</ol>
<h3 id="-----dynamic-commitment-using-a-merkle-tree"><a class="header" href="#-----dynamic-commitment-using-a-merkle-tree">---- Dynamic commitment using a Merkle tree</a></h3>
<p>In situations where <code>U</code> does not know in advance which subset of the public data she will be revealing later to the Verifier, <code>U</code> can commit to the Merkle tree of all her input wire labels (from Step 4 above).
Later, <code>U</code> can reveal only those Merkle leaves which she wants to make public to the Verifier. </p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../../protocol/notarization/commitment.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../protocol/2pc/garbled_circuits.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../../protocol/notarization/commitment.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../../protocol/2pc/garbled_circuits.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script type="text/javascript">
window.playground_copyable = true;
</script>
<script src="../../elasticlunr.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../mark.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../searcher.js" type="text/javascript" charset="utf-8"></script>
<script src="../../clipboard.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../highlight.js" type="text/javascript" charset="utf-8"></script>
<script src="../../book.js" type="text/javascript" charset="utf-8"></script>
<!-- Custom JS scripts -->
</body>
</html>

2
searchindex.js
View File

File diff suppressed because one or more lines are too long

2
searchindex.json
View File

File diff suppressed because one or more lines are too long