From 79c230f2fa661f3bb2e0952efff8a1493115ec4c Mon Sep 17 00:00:00 2001
From: "sinu.eth" <65924192+sinui0@users.noreply.github.com>
Date: Thu, 5 Jun 2025 23:39:12 -0700
Subject: [PATCH] refactor(mpc-tls): remove commit-reveal from tag verification
 (#907)

---
 crates/mpc-tls/src/record_layer.rs            | 15 +++---
 .../mpc-tls/src/record_layer/aead/aes_gcm.rs  |  4 +-
 .../src/record_layer/aead/ghash/verify.rs     | 47 +++++--------------
 3 files changed, 22 insertions(+), 44 deletions(-)

diff --git a/crates/mpc-tls/src/record_layer.rs b/crates/mpc-tls/src/record_layer.rs
index 9c43a1b38..e350c578a 100644
--- a/crates/mpc-tls/src/record_layer.rs
+++ b/crates/mpc-tls/src/record_layer.rs
@@ -450,16 +450,15 @@ impl RecordLayer {
         let verify_tags = decrypt::verify_tags(&mut (*vm), &mut decrypter, &decrypt_ops)?;
 
         // Run tag computation and VM in parallel.
-        let (mut tags, _, _) = ctx
-            .try_join3(
-                async move |ctx| {
-                    compute_tags
-                        .run(ctx)
-                        .map_err(MpcTlsError::record_layer)
-                        .await
-                },
+        let (mut tags, _) = ctx
+            .try_join(
                 async move |ctx| {
                     verify_tags
+                        .run(ctx)
+                        .map_err(MpcTlsError::record_layer)
+                        .await?;
+
+                    compute_tags
                         .run(ctx)
                         .map_err(MpcTlsError::record_layer)
                         .await
diff --git a/crates/mpc-tls/src/record_layer/aead/aes_gcm.rs b/crates/mpc-tls/src/record_layer/aead/aes_gcm.rs
index 8667c2e2d..74fd8c9d6 100644
--- a/crates/mpc-tls/src/record_layer/aead/aes_gcm.rs
+++ b/crates/mpc-tls/src/record_layer/aead/aes_gcm.rs
@@ -323,7 +323,7 @@ impl MpcAesGcm {
     }
 
     /// Computes tags for the provided ciphertext. See
-    /// [`verify_tags`](MpcAesGcm::verify_tags) for a method that verifies an
+    /// [`verify_tags`](MpcAesGcm::verify_tags) for a method that verifies
     /// tags instead.
     ///
     /// # Arguments
@@ -379,6 +379,8 @@ impl MpcAesGcm {
 
     /// Verifies the tags for the provided ciphertexts.
     ///
+    /// Ciphertexts are only authenticated from the leader's perspective.
+    ///
     /// # Arguments
     ///
     /// * `vm` - Virtual machine.
diff --git a/crates/mpc-tls/src/record_layer/aead/ghash/verify.rs b/crates/mpc-tls/src/record_layer/aead/ghash/verify.rs
index 70953962a..b68a5592f 100644
--- a/crates/mpc-tls/src/record_layer/aead/ghash/verify.rs
+++ b/crates/mpc-tls/src/record_layer/aead/ghash/verify.rs
@@ -3,7 +3,6 @@ use std::sync::Arc;
 use async_trait::async_trait;
 use futures::{stream::FuturesOrdered, StreamExt};
 use mpz_common::{Context, Task};
-use mpz_core::commit::{Decommitment, HashCommit};
 use serio::{stream::IoStreamExt, SinkExt};
 use tlsn_common::ghash::build_ghash_data;
 
@@ -81,51 +80,29 @@ impl Task for VerifyTags {
         }
 
         let io = ctx.io_mut();
-        let peer_tag_shares = match role {
+        match role {
             Role::Leader => {
-                // Send commitment to follower.
-                let (decommitment, commitment) = tag_shares.clone().hash_commit();
-
-                io.send(commitment).await.map_err(AeadError::tag)?;
-
-                let follower_tag_shares: Vec<TagShare> =
+                let peer_tag_shares: Vec<TagShare> =
                     io.expect_next().await.map_err(AeadError::tag)?;
 
-                if follower_tag_shares.len() != tag_shares.len() {
+                if peer_tag_shares.len() != tag_shares.len() {
                     return Err(AeadError::tag("follower tag shares length mismatch"));
                 }
 
-                // Send decommitment to follower.
-                io.send(decommitment).await.map_err(AeadError::tag)?;
+                let expected_tags = tag_shares
+                    .into_iter()
+                    .zip(peer_tag_shares)
+                    .map(|(tag_share, peer_tag_share)| tag_share + peer_tag_share)
+                    .collect::<Vec<_>>();
 
-                follower_tag_shares
+                if tags != expected_tags {
+                    return Err(AeadError::tag("failed to verify tags"));
+                }
             }
             Role::Follower => {
-                // Wait for commitment from leader.
-                let commitment = io.expect_next().await.map_err(AeadError::tag)?;
-
                 // Send tag shares to leader.
-                io.send(tag_shares.clone()).await.map_err(AeadError::tag)?;
-
-                // Expect decommitment from leader.
-                let decommitment: Decommitment<Vec<TagShare>> =
-                    io.expect_next().await.map_err(AeadError::tag)?;
-
-                // Verify decommitment.
-                decommitment.verify(&commitment).map_err(AeadError::tag)?;
-
-                decommitment.into_inner()
+                io.send(tag_shares).await.map_err(AeadError::tag)?;
             }
-        };
-
-        let expected_tags = tag_shares
-            .into_iter()
-            .zip(peer_tag_shares)
-            .map(|(tag_share, peer_tag_share)| tag_share + peer_tag_share)
-            .collect::<Vec<_>>();
-
-        if tags != expected_tags {
-            return Err(AeadError::tag("failed to verify tags"));
         }
 
         Ok(())