Better README
This commit is contained in:
parent
5ba94fd57e
commit
13af02641c
65
README.md
65
README.md
|
@ -1,12 +1,67 @@
|
||||||
# fuzzymetatag
|
# fuzzymetatag
|
||||||
|
|
||||||
Experimental Rust implementation of https://eprint.iacr.org/2021/089 using Ristretto.
|
Anonymous messaging systems (and other privacy-preserving applications) often require a mechanism for one party
|
||||||
|
to learn that another party has messaged them.
|
||||||
|
|
||||||
A tag is a probabilistic cryptographic structure. When constructed for a given FuzzyMetaPublicKey it will pass the FuzzyMetaDetectionKey::test 100% of the time. For other public keys it will pass the test with probability gamma related to the security parameter of the system. This system provides the following security properties:
|
Many schemes rely on a bandwidth-intensive "download everything and attempt-decryption" approach. Others rely on a trusted
|
||||||
|
3rd party to provide the service.
|
||||||
|
|
||||||
* Correctness: Valid tags for a public key for a key pair always validate when tested against the secret key
|
It would be awesome if we could get an untrusted server to do the work for us without compromising metadata-resistance!
|
||||||
* Fuzziness: Invalid matches should produce false positives with probability p related to the security property (γ)
|
|
||||||
* Security: An adversarial server with access to Test oracle (i.e. the detection key) is unable to distinguish false positives from true positives. (Detection Ambiguity)
|
fuzzymetatag is a probabilistic cryptographic structure to do just that! Specifically it provides the following
|
||||||
|
properties:
|
||||||
|
|
||||||
|
* Correctness: Valid tags constructed for a specific public key will always validate when tested using the detection key
|
||||||
|
* Fuzziness: Invalid tags will produce false positives with probability _p_ related to the security property (_γ_)
|
||||||
|
* Security: An adversarial server with access to the detection key is unable to distinguish false positives from true positives. (Detection Ambiguity)
|
||||||
|
|
||||||
|
## Security (hic sunt dracones)
|
||||||
|
|
||||||
|
This crate provides an experimental implementation of the `FMD2` scheme described in ["Fuzzy Message Detection"](https://eprint.iacr.org/2021/089). Using
|
||||||
|
Ristretto as the prime order group.
|
||||||
|
|
||||||
|
This code has not undergone any significant review.
|
||||||
|
|
||||||
|
Further, the properties provided by this system are highly dependent on selecting a good security parameter _γ_ for
|
||||||
|
your system. There is no one-size-fits-all approach.
|
||||||
|
|
||||||
|
If _γ_ is too low, then the probability of false positives will be very high.
|
||||||
|
|
||||||
|
If _γ_ is too high, then an adversarial server will be able to link messages to recipients with low probability.
|
||||||
|
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Generate a key pair:
|
||||||
|
|
||||||
|
let gamma = 3;
|
||||||
|
let key = FuzzyMetaTagKeyPair::generate(gamma);
|
||||||
|
|
||||||
|
`key.public_key` can be given to parties who you want to be able to communicate with you over a specific anonymous
|
||||||
|
messaging service / privacy-preserving application.
|
||||||
|
|
||||||
|
`key.detection_key` can be given to untrusted _adversarial_ servers.
|
||||||
|
|
||||||
|
`gamma` is security property (_γ_) in the system. For a given gamma, a tag generated for a specific public key will
|
||||||
|
validate against a random public key with probability 2^-gamma. The actual value of gamma needed to protect the metadata
|
||||||
|
of a given application is specific to that application, the number of parties involved, the number of messages involved etc.
|
||||||
|
|
||||||
|
## Generating Tags
|
||||||
|
|
||||||
|
let tag = public_key.flag()
|
||||||
|
|
||||||
|
This tag can be attached to a message in a metadata resistant system.
|
||||||
|
|
||||||
|
## Verifying Tags
|
||||||
|
|
||||||
|
An adversarial server can test a given tag against a detection key:
|
||||||
|
|
||||||
|
if detection_key.test(tag) {
|
||||||
|
// the message attached to this tag *might* be for the party associated with the detection key
|
||||||
|
} else {
|
||||||
|
// the message attached to this tag is definitely *not* for the party associated with the detection key.
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -17,9 +17,10 @@ use std::ops::{Add, Mul, Sub};
|
||||||
/// it will pass the `FuzzyMetaDetectionKey::test` 100% of the time. For other public keys
|
/// it will pass the `FuzzyMetaDetectionKey::test` 100% of the time. For other public keys
|
||||||
/// it will pass the test with probability `gamma` related to the security parameter of the system.
|
/// it will pass the test with probability `gamma` related to the security parameter of the system.
|
||||||
/// This system provides the following security properties:
|
/// This system provides the following security properties:
|
||||||
/// - Correctness: Valid tags for a public key for a key pair always validate when tested against the secret key
|
/// * Correctness: Valid tags constructed for a specific public key will always validate when tested using the detection key
|
||||||
/// - Fuzziness: Invalid matches should produce false positives with probability p related to the security property (γ)
|
/// * Fuzziness: Invalid tags will produce false positives with probability _p_ related to the security property (_γ_)
|
||||||
/// - Security: An adversarial server with access to Test oracle (i.e. the detection key) is unable to distinguish false positives from true positives. (Detection Ambiguity)
|
/// * Security: An adversarial server with access to the detection key is unable to distinguish false positives from true positives. (Detection Ambiguity)
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct FuzzyMetaTag {
|
pub struct FuzzyMetaTag {
|
||||||
u: RistrettoPoint,
|
u: RistrettoPoint,
|
||||||
|
|
Loading…
Reference in New Issue