Privacy Pass and tokens #57

New Issue

Open

opened 2023-06-16 18:36:49 +00:00 by psyc · 5 comments

psyc commented 2023-06-16 18:36:49 +00:00

Copy Link

I have been playing around with tapir for possible integration into a project I have been working on and I wanted to get a demo running. I created 3 applications using the code from your tokenboard tests, 2 different AuthApps for client and server, and 1 token server. The client and server connect and auth just fine but when trying to purchase tokens I run into the below issues. The only real difference from your test code is that they are all separated out into different apps. Any idea where I went wrong?

2023/06/16 11:20:50 tor/BaseOnionService.go [DBUG] Lookup up a connection *****aysjshhmxbn6d7isqnqd...
2023/06/16 11:20:50 tor/BaseOnionService.go [DBUG] Found 1 connections for *****aysjshhmxbn6d7isqnqd, but it lacks the desired capability HasTokensCapability
2023/06/16 11:20:51 privacypass/token.go [DBUG] Failed to unblind tokens:
---- new-protcol: pow-app ----
pow-seed (27) 636f6e6e656374696f6e2d6f6a794f4a764d536f5335314c513d3d;
extract pow-challenge: [216 52 195 146 136 74 18 36 107 229 65 177 73 213 116 246 212 26 79 135 109 157 209 212 24 175 50 57 37 146 232 36 157 245 56 42 220 174 27 98 209 7 164 21 52 69 224 72 237 204 83 93 178 167 199 225 165 163 206 28 164 193 190 147]
pow-solution (32) 0b924c77b242dc8b0dde629438af9e536daab9cdc180b3d85f2809305a872700;
---- new-protcol: token-app ----
---- new-protcol: privacy-pass-batch-proof ----
X-batch (32) e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76;
Y-batch (32) bec57a46365bd5c1088123d7fb77c3b4f1082e2d16896d74bdd22f6d65de265f;
P-vector (471) 5b7b5970396b55374e784e4d4d34514d42392f63794a32634648726549536f5a39694c775537595a4a6d4a30733d7d207b7a4e4b77495364542b776e4854465033576f4274374a614d3648375638646d477a4873535961374f3577303d7d207b306943577443355859345842676f7552522f6d524f6e72687758504330667a744845706659422f526f536b3d7d207b766a4d4a6536414e484578457061335a69385337445972416e682b7a77714a77547834732f446b5a54696b3d7d207b6f756336756f366f4d6263507477445a61667a574a5a304f38394f434d75415a483168344a5432743178303d7d207b7073534a75644732314d4f4d75336e74776152685556413937556f726b4b59506e55453746534233696a303d7d207b666b4f43787668714d4734454f76732b714f55386a734438557379796b6e50484f414c36412f50796d6c493d7d207b6d4966694b793672586c586a35453345573431746b5944395948792b3137636b774a62306c4f65507441733d7d207b6c4a342b79586f61795644747a5a50714433442b464a324a73526673497155452f497568634b4b635853413d7d207b526a50475855493244537250536f3744574e47646f7455736575316f685641756a56524843664e4d7269673d7d5d;
Q-vector (471) 5b7b384d6d6f2f6e4b6570425a2b6332615a7663482f3476445370455846706c2f3679685a5a654470667753673d7d207b3249612b56634b66642f4744756f314135423666645150727459776f343167584a6f3445664637414431673d7d207b63433335726b36767071486b436a4e6f69653472796f382b457764776e6f426839646533773169512b46513d7d207b4645514f7944656e7642314b7930353971574471457432454b3776674b576b516671307a557768566167593d7d207b376a2f6742646b57484d6d626556684b69765036687750676867387a517a704451764b73774143472b79633d7d207b4c4d2b482b582f37704b5a51386436763545502b2b685a42494974596f674e6c2f6f6376707459367133303d7d207b2b50694b64584a554d2f7a5549383455654353786769516143585a6a437a61686167336956754a644a54553d7d207b677534366a376f51674d4f7952756d73494a33516779644e70747574376564506a5a36762b3950777946673d7d207b4372595956536d5a53645579592f454838664232327866754a36376b44703564764b58697a4d614e346b383d7d207b79725a5778374a2b576e4d4d476e614b36444439326d66584a652f536c5a616d6c5446645a4b46636d47733d7d5d;
X (32) e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76;
Y (32) bec57a46365bd5c1088123d7fb77c3b4f1082e2d16896d74bdd22f6d65de265f;
P (32) 8ed67ec4dcd245fe5951d7ddd456f87bd1bd2ef734a9948462edf797f02ca412;
Q (32) 741b699024a5c2427a560542476c6ae2c6931d7cdfc1b3cea6cc282a6fe00772;
A (32) b033aa9684c17dbc01d097344891d114148a0a48ec8cb6f6f1f62d92fd679300;
B (32) 86f86fd40eed7c1cf809c58cfe543b07720a6ced9c422250b2eb6498bdc6b512;
extract c: [113 115 65 217 69 56 142 242 123 179 78 215 20 166 81 234 2 204 16 83 253 75 240 111 155 225 76 171 30 65 193 254 174 196 39 160 118 14 16 162 59 107 96 161 182 128 214 59 253 240 42 251 40 144 80 152 25 60 73 45 46 103 158 168]
2023/06/16 11:20:51 applications/token_app.go [DBUG] Failed to verify signed token batch

I have been playing around with tapir for possible integration into a project I have been working on and I wanted to get a demo running. I created 3 applications using the code from your tokenboard tests, 2 different AuthApps for client and server, and 1 token server. The client and server connect and auth just fine but when trying to purchase tokens I run into the below issues. The only real difference from your test code is that they are all separated out into different apps. Any idea where I went wrong? ``` 2023/06/16 11:20:50 tor/BaseOnionService.go [DBUG] Lookup up a connection *****aysjshhmxbn6d7isqnqd... 2023/06/16 11:20:50 tor/BaseOnionService.go [DBUG] Found 1 connections for *****aysjshhmxbn6d7isqnqd, but it lacks the desired capability HasTokensCapability 2023/06/16 11:20:51 privacypass/token.go [DBUG] Failed to unblind tokens: ---- new-protcol: pow-app ---- pow-seed (27) 636f6e6e656374696f6e2d6f6a794f4a764d536f5335314c513d3d; extract pow-challenge: [216 52 195 146 136 74 18 36 107 229 65 177 73 213 116 246 212 26 79 135 109 157 209 212 24 175 50 57 37 146 232 36 157 245 56 42 220 174 27 98 209 7 164 21 52 69 224 72 237 204 83 93 178 167 199 225 165 163 206 28 164 193 190 147] pow-solution (32) 0b924c77b242dc8b0dde629438af9e536daab9cdc180b3d85f2809305a872700; ---- new-protcol: token-app ---- ---- new-protcol: privacy-pass-batch-proof ---- X-batch (32) e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76; Y-batch (32) bec57a46365bd5c1088123d7fb77c3b4f1082e2d16896d74bdd22f6d65de265f; P-vector (471) 5b7b5970396b55374e784e4d4d34514d42392f63794a32634648726549536f5a39694c775537595a4a6d4a30733d7d207b7a4e4b77495364542b776e4854465033576f4274374a614d3648375638646d477a4873535961374f3577303d7d207b306943577443355859345842676f7552522f6d524f6e72687758504330667a744845706659422f526f536b3d7d207b766a4d4a6536414e484578457061335a69385337445972416e682b7a77714a77547834732f446b5a54696b3d7d207b6f756336756f366f4d6263507477445a61667a574a5a304f38394f434d75415a483168344a5432743178303d7d207b7073534a75644732314d4f4d75336e74776152685556413937556f726b4b59506e55453746534233696a303d7d207b666b4f43787668714d4734454f76732b714f55386a734438557379796b6e50484f414c36412f50796d6c493d7d207b6d4966694b793672586c586a35453345573431746b5944395948792b3137636b774a62306c4f65507441733d7d207b6c4a342b79586f61795644747a5a50714433442b464a324a73526673497155452f497568634b4b635853413d7d207b526a50475855493244537250536f3744574e47646f7455736575316f685641756a56524843664e4d7269673d7d5d; Q-vector (471) 5b7b384d6d6f2f6e4b6570425a2b6332615a7663482f3476445370455846706c2f3679685a5a654470667753673d7d207b3249612b56634b66642f4744756f314135423666645150727459776f343167584a6f3445664637414431673d7d207b63433335726b36767071486b436a4e6f69653472796f382b457764776e6f426839646533773169512b46513d7d207b4645514f7944656e7642314b7930353971574471457432454b3776674b576b516671307a557768566167593d7d207b376a2f6742646b57484d6d626556684b69765036687750676867387a517a704451764b73774143472b79633d7d207b4c4d2b482b582f37704b5a51386436763545502b2b685a42494974596f674e6c2f6f6376707459367133303d7d207b2b50694b64584a554d2f7a5549383455654353786769516143585a6a437a61686167336956754a644a54553d7d207b677534366a376f51674d4f7952756d73494a33516779644e70747574376564506a5a36762b3950777946673d7d207b4372595956536d5a53645579592f454838664232327866754a36376b44703564764b58697a4d614e346b383d7d207b79725a5778374a2b576e4d4d476e614b36444439326d66584a652f536c5a616d6c5446645a4b46636d47733d7d5d; X (32) e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76; Y (32) bec57a46365bd5c1088123d7fb77c3b4f1082e2d16896d74bdd22f6d65de265f; P (32) 8ed67ec4dcd245fe5951d7ddd456f87bd1bd2ef734a9948462edf797f02ca412; Q (32) 741b699024a5c2427a560542476c6ae2c6931d7cdfc1b3cea6cc282a6fe00772; A (32) b033aa9684c17dbc01d097344891d114148a0a48ec8cb6f6f1f62d92fd679300; B (32) 86f86fd40eed7c1cf809c58cfe543b07720a6ced9c422250b2eb6498bdc6b512; extract c: [113 115 65 217 69 56 142 242 123 179 78 215 20 166 81 234 2 204 16 83 253 75 240 111 155 225 76 171 30 65 193 254 174 196 39 160 118 14 16 162 59 107 96 161 182 128 214 59 253 240 42 251 40 144 80 152 25 60 73 45 46 103 158 168] 2023/06/16 11:20:51 applications/token_app.go [DBUG] Failed to verify signed token batch ```

sarah commented 2023-06-16 18:50:00 +00:00

Owner

Copy Link

Hi, it's hard to tell without seeing the code, but my first guess would be key confusion.

The original code was written with the assumption of having two different servers do the payment / verification - so I would check that you are providing the correct public keys in the correct functions - both the client and the server should have access to a third public key (the token service public key) which is used within the protocol (denoted Y in the code - https://git.openprivacy.ca/cwtch.im/tapir/src/branch/master/primitives/privacypass/tokenserver.go#L34)

Hi, it's hard to tell without seeing the code, but my first guess would be key confusion. The original code was written with the assumption of having two different servers do the payment / verification - so I would check that you are providing the correct public keys in the correct functions - both the client and the server should have access to a third public key (the token service public key) which is used within the protocol (denoted Y in the code - https://git.openprivacy.ca/cwtch.im/tapir/src/branch/master/primitives/privacypass/tokenserver.go#L34)

psyc commented 2023-06-16 19:25:49 +00:00

Author

Copy Link

Thanks for the quick reply! Now that makes sense since the client and server both have the token server initialized as: privacypass.NewTokenServer()
and only get the hostname for the freepaymenthandler. How would I go about passing the public key to the client and server?

Thanks for the quick reply! Now that makes sense since the client and server both have the token server initialized as: privacypass.NewTokenServer() and only get the hostname for the freepaymenthandler. How would I go about passing the public key to the client and server?

sarah commented 2023-06-16 19:36:46 +00:00

Owner

Copy Link

How would I go about passing the public key to the client and server?

This is an implementation specific decision - security-wise the only requirement is that both the client and the server agree on the public key.

You may want to investigate the tokenboard integration test which is an end-to-end test of the privacy pass functionality: https://git.openprivacy.ca/cwtch.im/tapir/src/branch/master/applications/tokenboard

We use a modified version of that in Cwtch itself:

How Cwtch Tokenboard Clients are implemented (https://git.openprivacy.ca/cwtch.im/cwtch/src/branch/master/protocol/connections/tokenboardclientapp.go)

And the server side: https://git.openprivacy.ca/cwtch.im/server/src/branch/trunk/server_tokenboard.go

> How would I go about passing the public key to the client and server? This is an implementation specific decision - security-wise the only requirement is that both the client and the server agree on the public key. You may want to investigate the tokenboard integration test which is an end-to-end test of the privacy pass functionality: https://git.openprivacy.ca/cwtch.im/tapir/src/branch/master/applications/tokenboard We use a modified version of that in Cwtch itself: How Cwtch Tokenboard Clients are implemented (https://git.openprivacy.ca/cwtch.im/cwtch/src/branch/master/protocol/connections/tokenboardclientapp.go) And the server side: https://git.openprivacy.ca/cwtch.im/server/src/branch/trunk/server_tokenboard.go

sarah commented 2023-06-16 19:40:48 +00:00

Owner

Copy Link

On the key question:

You can extract just the public key from tokenservice: https://git.openprivacy.ca/cwtch.im/server/src/branch/trunk/server.go#L147

For Cwtch Servers we basically just package and export a set of public keys in a JSON struct: https://git.openprivacy.ca/cwtch.im/cwtch/src/branch/master/model/keyBundle.go

For historical reasons this code is part of Cwtch and not Tapir, but is generic enough that it should be able to be lifted as is with minimal modifications.

On the key question: You can extract just the public key from tokenservice: https://git.openprivacy.ca/cwtch.im/server/src/branch/trunk/server.go#L147 For Cwtch Servers we basically just package and export a set of public keys in a JSON struct: https://git.openprivacy.ca/cwtch.im/cwtch/src/branch/master/model/keyBundle.go For historical reasons this code is part of Cwtch and not Tapir, but is generic enough that it should be able to be lifted as is with minimal modifications.

psyc commented 2023-06-16 19:52:36 +00:00

Author

Copy Link

Thanks for the help! I have a good idea of where to go from here.

Thanks for the help! I have a good idea of where to go from here.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

crypto_improvement

drone_update

update-deps

cbump

gc

decrypt_error

perf

upgrade_conn1.8.2

send_fixes

upgrade_conn

upgrades

wait

networking

chainbug

dedupe

conVbump

thread_safety

bug_fix

bugfix

hmac_size_fix

metrics

broadcast

upgrade-connectivity

upgrade-ristretto

transcript

bulletproofs

clean

identity

progress

v0.6.0

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.2

v0.2.1

v0.2.0

v0.1.18

v0.1.17

v0.1.16

v0.1.15

v0.1.14

v0.1.13

v0.1.12

v0.1.11

v0.1.10

v0.1.9

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cwtch.im/tapir#57

No description provided.