From 21baa32f8d645581869edf78419fc1a33fc5e775 Mon Sep 17 00:00:00 2001
From: Sarah Jamie Lewis <sarah@openprivacy.ca>
Date: Sat, 30 Jan 2021 01:49:18 -0800
Subject: [PATCH] Explicit extract method and false positive rate parameter p

---
 README.md                     | 16 ++++++++++------
 benches/fuzzy_tags_benches.rs | 13 +++++++------
 src/lib.rs                    | 11 ++++++++++-
 3 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 7912f6d..3311306 100644
--- a/README.md
+++ b/README.md
@@ -22,13 +22,15 @@ Ristretto as the prime order group.
 
 This code has not undergone any significant review.
 
-Further, the properties provided by this system are highly dependent on selecting a good security parameter _γ_ for
-your system. There is no one-size-fits-all approach.
+Further, the properties provided by this system are highly dependent on selecting a **false positive rate** _p_ and 
+**scheme constant** _γ_ for your system. There is no one-size-fits-all approach.
 
-If _γ_ is too low, then the probability of false positives will be very high.
+If _p_ is too low, then the probability of false positives will be very high.
 
-If _γ_ is too high, then an adversarial server will be able to link messages to recipients with low probability. 
+If _p_ is too high, then an adversarial server will be able to link messages to recipients with low probability. 
 
+Likewise a large _γ_ means higher bandwidth costs, but a small _γ_ reveals more of the secret keys to the server and
+increases false positives. 
 
 ## Usage
 
@@ -54,9 +56,11 @@ This tag can be attached to a message in a metadata resistant system.
 
 ## Verifying Tags
 
-An adversarial server can test a given tag against a detection key:
+Extract a detection key for a given probability. This can then be 
+given to an adversarial server can test a given tag against a detection key:
 
-    if key.detection_key.test_tag(tag) {
+    let detection_key = key.extract(5);
+    if detection_key.test_tag(tag) {
         // the message attached to this tag *might* be for the party associated with the detection key
     } else {
         // the message attached to this tag is definitely *not* for the party associated with the detection key.
diff --git a/benches/fuzzy_tags_benches.rs b/benches/fuzzy_tags_benches.rs
index c067e9e..09afef5 100644
--- a/benches/fuzzy_tags_benches.rs
+++ b/benches/fuzzy_tags_benches.rs
@@ -5,19 +5,20 @@ use std::time::Duration;
 fn benchmark_generate_tag(c: &mut Criterion) {
     let mut group = c.benchmark_group("generate_tags");
     group.measurement_time(Duration::new(10,0));
-    for gamma in [2,4,8,16,24,32].iter() {
-        let key = FuzzyMetaTagKeyPair::generate(*gamma as usize);
-        group.bench_with_input(BenchmarkId::from_parameter(gamma), gamma, |b, _gamma| b.iter(|| { key.public_key.generate_tag() }));
+    let key = FuzzyMetaTagKeyPair::generate(24);
+    for p in [5,10,15].iter() {
+        group.bench_with_input(BenchmarkId::from_parameter(p), p, |b, _gamma| b.iter(|| { key.public_key.generate_tag() }));
     }
 }
 
 fn benchmark_test_tag(c: &mut Criterion) {
     let mut group = c.benchmark_group("test_tags");
     group.measurement_time(Duration::new(10,0));
-    for gamma in [2,4,8,16,24,32].iter() {
-        let key = FuzzyMetaTagKeyPair::generate(*gamma as usize);
+    let key = FuzzyMetaTagKeyPair::generate(24);
+    for p in [5,10,15].iter() {
         let tag = key.public_key.generate_tag();
-        group.bench_with_input(BenchmarkId::from_parameter(gamma), gamma, |b, _gamma| b.iter(|| { key.detection_key.test_tag(&tag) }));
+        let detection_key = key.extract(*p);
+        group.bench_with_input(BenchmarkId::from_parameter(p), p, |b, _gamma| b.iter(|| { detection_key.test_tag(&tag) }));
     }
 }
 
diff --git a/src/lib.rs b/src/lib.rs
index 1a36647..2a44b0e 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -27,7 +27,7 @@ pub struct FuzzyMetaTag {
 }
 
 /// A collection of "secret" data that can be used to determine if a `FuzzyMetaTag` was intended for
-/// the derived public key.
+/// the derived public key with probability p
 pub struct FuzzyMetaDetectionKey(Vec<Scalar>);
 
 impl FuzzyMetaDetectionKey {
@@ -159,6 +159,15 @@ impl FuzzyMetaTagKeyPair {
         }
     }
 
+
+    /// extract a detection key for a given false positive (p = 2^-n)
+    pub fn extract(&self, n: usize) -> FuzzyMetaDetectionKey {
+        let parts = self.detection_key.0.iter().take(n).cloned().collect();
+        FuzzyMetaDetectionKey {
+            0: parts
+        }
+    }
+
     /// a hash function that takes 3 risretto points as a parameter and outputs 0 or 1.
     fn h(u: RistrettoPoint, h: RistrettoPoint, w: RistrettoPoint) -> u8 {
         let hash = sha3::Sha3_256::digest(