fuzzymetatag is a probabilistic cryptographic structure to do just that! Specifically it provides the following
properties:
* Correctness: Valid tags constructed for a specific public key will always validate when tested using the detection key
* Fuzziness: Invalid tags will produce false positives with probability _p_ related to the security property (_γ_)
* Security: An adversarial server with access to the detection key is unable to distinguish false positives from true positives. (Detection Ambiguity)
## Security (hic sunt dracones)
This crate provides an experimental implementation of the `FMD2` scheme described in ["Fuzzy Message Detection"](https://eprint.iacr.org/2021/089). Using
Ristretto as the prime order group.
This code has not undergone any significant review.
Further, the properties provided by this system are highly dependent on selecting a good security parameter _γ_ for
your system. There is no one-size-fits-all approach.
If _γ_ is too low, then the probability of false positives will be very high.
If _γ_ is too high, then an adversarial server will be able to link messages to recipients with low probability.
## Usage
Generate a key pair:
let gamma = 3;
let key = FuzzyMetaTagKeyPair::generate(gamma);
`key.public_key` can be given to parties who you want to be able to communicate with you over a specific anonymous
messaging service / privacy-preserving application.
`key.detection_key` can be given to untrusted _adversarial_ servers.
`gamma` is security property (_γ_) in the system. For a given gamma, a tag generated for a specific public key will
validate against a random public key with probability 2^-gamma. The actual value of gamma needed to protect the metadata
of a given application is specific to that application, the number of parties involved, the number of messages involved etc.
## Generating Tags
let tag = public_key.flag()
This tag can be attached to a message in a metadata resistant system.
## Verifying Tags
An adversarial server can test a given tag against a detection key:
if detection_key.test(tag) {
// the message attached to this tag *might* be for the party associated with the detection key
} else {
// the message attached to this tag is definitely *not* for the party associated with the detection key.