Explicit extract method and false positive rate parameter p
This commit is contained in:
parent
d5adb82a58
commit
21baa32f8d
16
README.md
16
README.md
|
@ -22,13 +22,15 @@ Ristretto as the prime order group.
|
||||||
|
|
||||||
This code has not undergone any significant review.
|
This code has not undergone any significant review.
|
||||||
|
|
||||||
Further, the properties provided by this system are highly dependent on selecting a good security parameter _γ_ for
|
Further, the properties provided by this system are highly dependent on selecting a **false positive rate** _p_ and
|
||||||
your system. There is no one-size-fits-all approach.
|
**scheme constant** _γ_ for your system. There is no one-size-fits-all approach.
|
||||||
|
|
||||||
If _γ_ is too low, then the probability of false positives will be very high.
|
If _p_ is too low, then the probability of false positives will be very high.
|
||||||
|
|
||||||
If _γ_ is too high, then an adversarial server will be able to link messages to recipients with low probability.
|
If _p_ is too high, then an adversarial server will be able to link messages to recipients with low probability.
|
||||||
|
|
||||||
|
Likewise a large _γ_ means higher bandwidth costs, but a small _γ_ reveals more of the secret keys to the server and
|
||||||
|
increases false positives.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
@ -54,9 +56,11 @@ This tag can be attached to a message in a metadata resistant system.
|
||||||
|
|
||||||
## Verifying Tags
|
## Verifying Tags
|
||||||
|
|
||||||
An adversarial server can test a given tag against a detection key:
|
Extract a detection key for a given probability. This can then be
|
||||||
|
given to an adversarial server can test a given tag against a detection key:
|
||||||
|
|
||||||
if key.detection_key.test_tag(tag) {
|
let detection_key = key.extract(5);
|
||||||
|
if detection_key.test_tag(tag) {
|
||||||
// the message attached to this tag *might* be for the party associated with the detection key
|
// the message attached to this tag *might* be for the party associated with the detection key
|
||||||
} else {
|
} else {
|
||||||
// the message attached to this tag is definitely *not* for the party associated with the detection key.
|
// the message attached to this tag is definitely *not* for the party associated with the detection key.
|
||||||
|
|
|
@ -5,19 +5,20 @@ use std::time::Duration;
|
||||||
fn benchmark_generate_tag(c: &mut Criterion) {
|
fn benchmark_generate_tag(c: &mut Criterion) {
|
||||||
let mut group = c.benchmark_group("generate_tags");
|
let mut group = c.benchmark_group("generate_tags");
|
||||||
group.measurement_time(Duration::new(10,0));
|
group.measurement_time(Duration::new(10,0));
|
||||||
for gamma in [2,4,8,16,24,32].iter() {
|
let key = FuzzyMetaTagKeyPair::generate(24);
|
||||||
let key = FuzzyMetaTagKeyPair::generate(*gamma as usize);
|
for p in [5,10,15].iter() {
|
||||||
group.bench_with_input(BenchmarkId::from_parameter(gamma), gamma, |b, _gamma| b.iter(|| { key.public_key.generate_tag() }));
|
group.bench_with_input(BenchmarkId::from_parameter(p), p, |b, _gamma| b.iter(|| { key.public_key.generate_tag() }));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn benchmark_test_tag(c: &mut Criterion) {
|
fn benchmark_test_tag(c: &mut Criterion) {
|
||||||
let mut group = c.benchmark_group("test_tags");
|
let mut group = c.benchmark_group("test_tags");
|
||||||
group.measurement_time(Duration::new(10,0));
|
group.measurement_time(Duration::new(10,0));
|
||||||
for gamma in [2,4,8,16,24,32].iter() {
|
let key = FuzzyMetaTagKeyPair::generate(24);
|
||||||
let key = FuzzyMetaTagKeyPair::generate(*gamma as usize);
|
for p in [5,10,15].iter() {
|
||||||
let tag = key.public_key.generate_tag();
|
let tag = key.public_key.generate_tag();
|
||||||
group.bench_with_input(BenchmarkId::from_parameter(gamma), gamma, |b, _gamma| b.iter(|| { key.detection_key.test_tag(&tag) }));
|
let detection_key = key.extract(*p);
|
||||||
|
group.bench_with_input(BenchmarkId::from_parameter(p), p, |b, _gamma| b.iter(|| { detection_key.test_tag(&tag) }));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
11
src/lib.rs
11
src/lib.rs
|
@ -27,7 +27,7 @@ pub struct FuzzyMetaTag {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// A collection of "secret" data that can be used to determine if a `FuzzyMetaTag` was intended for
|
/// A collection of "secret" data that can be used to determine if a `FuzzyMetaTag` was intended for
|
||||||
/// the derived public key.
|
/// the derived public key with probability p
|
||||||
pub struct FuzzyMetaDetectionKey(Vec<Scalar>);
|
pub struct FuzzyMetaDetectionKey(Vec<Scalar>);
|
||||||
|
|
||||||
impl FuzzyMetaDetectionKey {
|
impl FuzzyMetaDetectionKey {
|
||||||
|
@ -159,6 +159,15 @@ impl FuzzyMetaTagKeyPair {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/// extract a detection key for a given false positive (p = 2^-n)
|
||||||
|
pub fn extract(&self, n: usize) -> FuzzyMetaDetectionKey {
|
||||||
|
let parts = self.detection_key.0.iter().take(n).cloned().collect();
|
||||||
|
FuzzyMetaDetectionKey {
|
||||||
|
0: parts
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// a hash function that takes 3 risretto points as a parameter and outputs 0 or 1.
|
/// a hash function that takes 3 risretto points as a parameter and outputs 0 or 1.
|
||||||
fn h(u: RistrettoPoint, h: RistrettoPoint, w: RistrettoPoint) -> u8 {
|
fn h(u: RistrettoPoint, h: RistrettoPoint, w: RistrettoPoint) -> u8 {
|
||||||
let hash = sha3::Sha3_256::digest(
|
let hash = sha3::Sha3_256::digest(
|
||||||
|
|
Loading…
Reference in New Issue