tlsnotary/docs-mdbook
1
0
Fork 0
mirror of https://github.com/tlsnotary/docs-mdbook.git synced 2026-01-09 12:47:57 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
de4f6ee5c8bd130491f5662fce04503bbbbf8f65
docs-mdbook/intro.html
heeckhau de4f6ee5c8 deploy: 2d6b6abcdc
2024-07-23 06:16:56 +00:00

284 lines
20 KiB
HTML
Raw Blame History

<!DOCTYPE HTML>
<html lang="en" class="ayu" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Introduction - tlsn-docs</title>
<!-- Custom HTML head -->
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="favicon.svg">
<link rel="shortcut icon" href="favicon.png">
<link rel="stylesheet" href="css/variables.css">
<link rel="stylesheet" href="css/general.css">
<link rel="stylesheet" href="css/chrome.css">
<link rel="stylesheet" href="css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="highlight.css">
<link rel="stylesheet" href="tomorrow-night.css">
<link rel="stylesheet" href="ayu-highlight.css">
<!-- Custom theme stylesheets -->
<link rel="stylesheet" href="src/css/katex.css">
<link rel="stylesheet" href="src/css/global.css">
</head>
<body class="sidebar-visible no-js">
<div id="body-container">
<!-- Provide site root to javascript -->
<script>
var path_to_root = "";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "ayu" : "ayu";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('ayu')
html.classList.add(theme);
var body = document.querySelector('body');
body.classList.remove('no-js')
body.classList.add('js');
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
var body = document.querySelector('body');
var sidebar = null;
var sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
body.classList.remove('sidebar-visible');
body.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html" class="active">Introduction</a></li><li class="chapter-item expanded affix "><a href="motivation.html">Motivation</a></li><li class="chapter-item expanded affix "><a href="faq.html">FAQ</a></li><li class="chapter-item expanded affix "><li class="part-title">Getting Started</li><li class="chapter-item expanded "><a href="quick_start/index.html"><strong aria-hidden="true">1.</strong> Quick Start</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="quick_start/rust.html"><strong aria-hidden="true">1.1.</strong> Rust</a></li><li class="chapter-item expanded "><a href="quick_start/tlsn-js.html"><strong aria-hidden="true">1.2.</strong> Browser</a></li><li class="chapter-item expanded "><a href="quick_start/browser_extension.html"><strong aria-hidden="true">1.3.</strong> Browser Extension</a></li></ol></li><li class="chapter-item expanded "><a href="developers/notary_server.html"><strong aria-hidden="true">2.</strong> Run a Notary Server</a></li><li class="chapter-item expanded affix "><li class="part-title">Protocol</li><li class="chapter-item expanded "><a href="protocol/mpc-tls/index.html"><strong aria-hidden="true">3.</strong> MPC-TLS</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="protocol/mpc-tls/handshake.html"><strong aria-hidden="true">3.1.</strong> Handshake</a></li><li class="chapter-item expanded "><a href="protocol/mpc-tls/encryption.html"><strong aria-hidden="true">3.2.</strong> Encryption and Decryption</a></li></ol></li><li class="chapter-item expanded "><a href="protocol/notarization.html"><strong aria-hidden="true">4.</strong> Notarization</a></li><li class="chapter-item expanded "><a href="protocol/verification.html"><strong aria-hidden="true">5.</strong> Verification</a></li><li class="chapter-item expanded "><div><strong aria-hidden="true">6.</strong> Selective Disclosure</div></li><li class="chapter-item expanded affix "><li class="part-title">MPC</li><li class="chapter-item expanded "><a href="mpc/key_exchange.html"><strong aria-hidden="true">7.</strong> Key Exchange</a></li><li class="chapter-item expanded "><a href="mpc/ff-arithmetic.html"><strong aria-hidden="true">8.</strong> Finite-Field Arithmetic</a></li><li class="chapter-item expanded "><a href="mpc/deap.html"><strong aria-hidden="true">9.</strong> Dual Execution with Asymmetric Privacy</a></li><li class="chapter-item expanded "><a href="mpc/encryption.html"><strong aria-hidden="true">10.</strong> Encryption</a></li><li class="chapter-item expanded "><a href="mpc/mac.html"><strong aria-hidden="true">11.</strong> MAC</a></li><li class="chapter-item expanded "><a href="mpc/commitments.html"><strong aria-hidden="true">12.</strong> Commitments</a></li><li class="chapter-item expanded affix "><a href="glossary.html">Glossary</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<!-- Track and set sidebar scroll position -->
<script>
var sidebarScrollbox = document.querySelector('#sidebar .sidebar-scrollbox');
sidebarScrollbox.addEventListener('click', function(e) {
if (e.target.tagName === 'A') {
sessionStorage.setItem('sidebar-scroll', sidebarScrollbox.scrollTop);
}
}, { passive: true });
var sidebarScrollTop = sessionStorage.getItem('sidebar-scroll');
sessionStorage.removeItem('sidebar-scroll');
if (sidebarScrollTop) {
// preserve sidebar scroll position when navigating via links within sidebar
sidebarScrollbox.scrollTop = sidebarScrollTop;
} else {
// scroll sidebar to current active section when navigating via "next/previous chapter" buttons
var activeSection = document.querySelector('#sidebar .active');
if (activeSection) {
activeSection.scrollIntoView({ block: 'center' });
}
}
</script>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">tlsn-docs</h1>
<div class="right-buttons">
<a href="print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/tlsnotary/docs-mdbook" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/tlsnotary/docs-mdbook/edit/main/src/intro.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.16.4/dist/katex.min.css">
<h1 id="introduction"><a class="header" href="#introduction">Introduction</a></h1>
<h2 id="data-provenance-without-compromising-privacy-that-is-why"><a class="header" href="#data-provenance-without-compromising-privacy-that-is-why">Data Provenance without Compromising Privacy, That is Why!</a></h2>
<p>The Internet currently lacks effective, privacy-preserving <strong>Data Provenance</strong>. <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS</a>, also known as the "s" in "https" 🔐 to the general public, ensures that data can be securely communicated between a server and a user. But how can this user credibly share this data with another user or server without compromising security, privacy, and control?</p>
<p>Enter TLSNotary: a protocol enabling users to export data securely from any website. Using Zero Knowledge Proof (ZKP) technology, this data can be selectively shared with others in a cryptographically verifiable manner.</p>
<p>TLSNotary makes data truly portable and allows a user, the <code>Prover</code>, to share it with another party, the <code>Verifier</code>, as they see fit.</p>
<h2 id="how-does-the-tlsnotary-protocol-work"><a class="header" href="#how-does-the-tlsnotary-protocol-work">How Does the TLSNotary Protocol Work?</a></h2>
<p>The TLSNotary protocol consists of 3 steps:</p>
<ol>
<li>The <code>Prover</code> <strong>requests</strong> data from a <code>Server</code> over TLS while cooperating with the <code>Verifier</code> in secure and privacy-preserving <em>multi-party computation (MPC)</em>.</li>
<li>The <code>Prover</code> <strong>selectively discloses</strong> the data to the <code>Verifier</code>.</li>
<li>The <code>Verifier</code> <strong>verifies</strong> the data.</li>
</ol>
<p><img src="./diagrams/overview_prover_verifier.svg" alt="" /></p>
<h3 id="①-multi-party-tls-request"><a class="header" href="#①-multi-party-tls-request">① Multi-party TLS Request</a></h3>
<p>TLSNotary works by adding a third party, a <code>Verifier</code>, to the usual TLS connection between the <code>Prover</code> and a <code>Server</code>. This <code>Verifier</code> is <strong>not "<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">a man in the middle</a>"</strong>. Instead, the <code>Verifier</code> participates in a <strong>secure multi-party computation</strong> (MPC) to jointly operate the TLS connection without seeing the data in plain text. By participating in the MPC, the <code>Verifier</code> can validate the authenticity of the data the <code>Prover</code> received from the <code>Server</code>.</p>
<p>The TLSNotary protocol is transparent to the <code>Server</code>. From the <code>Server</code>'s perspective, the <code>Prover</code>'s connection is a standard TLS connection.</p>
<h3 id="②-selective-disclosure"><a class="header" href="#②-selective-disclosure">② Selective Disclosure</a></h3>
<p>The TLSNotary protocol enables the <code>Prover</code> to selectively prove the authenticity of arbitrary parts of the data to a <code>Verifier</code>. In this <strong>selective disclosure</strong> phase, the <code>Prover</code> can <strong>redact</strong> sensitive information from the data prior to sharing it with the <code>Verifier</code>.</p>
<p>This capability can be paired with Zero-Knowledge Proofs to prove properties of the redacted data without revealing the data itself.</p>
<h3 id="③-data-verification"><a class="header" href="#③-data-verification">③ Data Verification</a></h3>
<p>The <code>Verifier</code> now validates the proof received from the <code>Prover</code>. The data origin can be verified by inspecting the <code>Server</code> certificate through trusted certificate authorities (CAs). The <code>Verifier</code> can now make assertions about the non-redacted content of the transcript.</p>
<h2 id="tls-verification-with-a-general-purpose-notary"><a class="header" href="#tls-verification-with-a-general-purpose-notary">TLS verification with a general-purpose Notary</a></h2>
<p>Since the validation of the TLS traffic neither reveals anything about the plaintext of the TLS session nor about the <code>Server</code>, it is possible to outsource the MPC-TLS verification ① to a general-purpose TLS verifier, which we term a <code>Notary</code>. This <code>Notary</code> can sign (aka <em>notarize</em>) ② the data, making it portable. The <code>Prover</code> can then take this signed data and selectively disclose ③ sections to an application-specific <code>Verifier</code>, who then verifies the data ④.</p>
<p><img src="./diagrams/overview_notary.svg" alt="" /></p>
<p>In this setup, the <code>Notary</code> cryptographically signs commitments to the data and the server's identity. The <code>Prover</code> can store this signed data, redact it, and share it with any <code>Verifier</code> as they see fit, making the signed data both reusable and portable.</p>
<p><code>Verifiers</code> will only accept the signed data if they trust the <code>Notary</code>. A data <code>Verifier</code> can also require signed data from multiple <code>Notaries</code> to rule out collusion between the <code>Prover</code> and a <code>Notary</code>.</p>
<h2 id="what-can-tlsnotary-do"><a class="header" href="#what-can-tlsnotary-do">What Can TLSNotary Do?</a></h2>
<p>TLSNotary can be used for various purposes. For example, you can use TLSNotary to prove that:</p>
<ul>
<li>you have access to an account on a web platform</li>
<li>a website showed specific content on a certain date</li>
<li>you have private information about yourself (address, birth date, health, etc.)</li>
<li>you have received a money transfer using your online banking account without revealing your login credentials or sensitive financial information</li>
<li>you received a private message from someone</li>
<li>you purchased an item online</li>
<li>you were blocked from using an app</li>
<li>you earned professional certificates</li>
</ul>
<p>While TLSNotary can notarize publicly available data, it does not solve the "<a href="https://ethereum.org/en/developers/docs/oracles/">oracle problem</a>". For this use case, existing oracle solutions are more suitable.</p>
<h2 id="what-tls-version-does-tlsnotary-support"><a class="header" href="#what-tls-version-does-tlsnotary-support">What TLS version does TLSNotary support?</a></h2>
<p>TLSNotary currently supports TLS 1.2. TLS 1.3 support will be added in 2024.</p>
<h2 id="who-is-behind-tlsnotary"><a class="header" href="#who-is-behind-tlsnotary">Who is behind TLSNotary?</a></h2>
<p>TLSNotary is developed by the <a href="https://pse.dev">Privacy and Scaling Exploration (PSE)</a> research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives.</p>
<p>TLSNotary is not a new project; in fact, it has been around for <a href="https://bitcointalk.org/index.php?topic=173220.0">more than a decade</a>.</p>
<p>In 2022, TLSNotary was rebuilt from the ground up in <a href="https://www.rust-lang.org/">Rust</a> incorporating state-of-the-art cryptographic protocols. This renewed version of the TLSNotary protocol offers enhanced security, privacy, and performance.</p>
<p>Older versions of TLSNotary, including PageSigner, have been archived due to a security vulnerability.</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="next prefetch" href="motivation.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="next prefetch" href="motivation.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="elasticlunr.min.js"></script>
<script src="mark.min.js"></script>
<script src="searcher.js"></script>
<script src="clipboard.min.js"></script>
<script src="highlight.js"></script>
<script src="book.js"></script>
<!-- Custom JS scripts -->
</div>
<script>
var _paq = window._paq = window._paq || [];
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="https://psedev.matomo.cloud/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '16']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.async=true; g.src='//cdn.matomo.cloud/psedev.matomo.cloud/matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink