tlsnotary/tlsn
1
0
Fork 0
mirror of https://github.com/tlsnotary/tlsn.git synced 2026-01-08 21:08:04 -05:00
Code Issues Packages Projects Releases 12 Wiki Activity

refactor(mpc-tls): remove commit-reveal from tag verification (#907)

Browse Source
This commit is contained in:
sinu.eth
2025-06-05 23:39:12 -07:00
committed by GitHub
parent 345d5d45ad
commit 79c230f2fa
3 changed files with 22 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crates/mpc-tls/src/record_layer.rs
View File

@@ -450,16 +450,15 @@ impl RecordLayer {
let verify_tags = decrypt::verify_tags(&mut (*vm), &mut decrypter, &decrypt_ops)?;
// Run tag computation and VM in parallel.
let (mut tags, _, _) = ctx
.try_join3(
async move |ctx| {
compute_tags
.run(ctx)
.map_err(MpcTlsError::record_layer)
.await
},
let (mut tags, _) = ctx
.try_join(
async move |ctx| {
verify_tags
.run(ctx)
.map_err(MpcTlsError::record_layer)
.await?;
compute_tags
.run(ctx)
.map_err(MpcTlsError::record_layer)
.await

4
crates/mpc-tls/src/record_layer/aead/aes_gcm.rs
View File

@@ -323,7 +323,7 @@ impl MpcAesGcm {
}
/// Computes tags for the provided ciphertext. See
/// [`verify_tags`](MpcAesGcm::verify_tags) for a method that verifies an
/// [`verify_tags`](MpcAesGcm::verify_tags) for a method that verifies
/// tags instead.
///
/// # Arguments
@@ -379,6 +379,8 @@ impl MpcAesGcm {
/// Verifies the tags for the provided ciphertexts.
///
/// Ciphertexts are only authenticated from the leader's perspective.
///
/// # Arguments
///
/// * `vm` - Virtual machine.

47
crates/mpc-tls/src/record_layer/aead/ghash/verify.rs
View File

@@ -3,7 +3,6 @@ use std::sync::Arc;
use async_trait::async_trait;
use futures::{stream::FuturesOrdered, StreamExt};
use mpz_common::{Context, Task};
use mpz_core::commit::{Decommitment, HashCommit};
use serio::{stream::IoStreamExt, SinkExt};
use tlsn_common::ghash::build_ghash_data;
@@ -81,51 +80,29 @@ impl Task for VerifyTags {
}
let io = ctx.io_mut();
let peer_tag_shares = match role {
match role {
Role::Leader => {
// Send commitment to follower.
let (decommitment, commitment) = tag_shares.clone().hash_commit();
io.send(commitment).await.map_err(AeadError::tag)?;
let follower_tag_shares: Vec<TagShare> =
let peer_tag_shares: Vec<TagShare> =
io.expect_next().await.map_err(AeadError::tag)?;
if follower_tag_shares.len() != tag_shares.len() {
if peer_tag_shares.len() != tag_shares.len() {
return Err(AeadError::tag("follower tag shares length mismatch"));
}
// Send decommitment to follower.
io.send(decommitment).await.map_err(AeadError::tag)?;
let expected_tags = tag_shares
.into_iter()
.zip(peer_tag_shares)
.map(|(tag_share, peer_tag_share)| tag_share + peer_tag_share)
.collect::<Vec<_>>();
follower_tag_shares
if tags != expected_tags {
return Err(AeadError::tag("failed to verify tags"));
}
}
Role::Follower => {
// Wait for commitment from leader.
let commitment = io.expect_next().await.map_err(AeadError::tag)?;
// Send tag shares to leader.
io.send(tag_shares.clone()).await.map_err(AeadError::tag)?;
// Expect decommitment from leader.
let decommitment: Decommitment<Vec<TagShare>> =
io.expect_next().await.map_err(AeadError::tag)?;
// Verify decommitment.
decommitment.verify(&commitment).map_err(AeadError::tag)?;
decommitment.into_inner()
io.send(tag_shares).await.map_err(AeadError::tag)?;
}
};
let expected_tags = tag_shares
.into_iter()
.zip(peer_tag_shares)
.map(|(tag_share, peer_tag_share)| tag_share + peer_tag_share)
.collect::<Vec<_>>();
if tags != expected_tags {
return Err(AeadError::tag("failed to verify tags"));
}
Ok(())