Explicit extract method and false positive rate parameter p
This commit is contained in:
parent
d5adb82a58
commit
21baa32f8d
16
README.md
16
README.md
|
@ -22,13 +22,15 @@ Ristretto as the prime order group.
|
|||
|
||||
This code has not undergone any significant review.
|
||||
|
||||
Further, the properties provided by this system are highly dependent on selecting a good security parameter _γ_ for
|
||||
your system. There is no one-size-fits-all approach.
|
||||
Further, the properties provided by this system are highly dependent on selecting a **false positive rate** _p_ and
|
||||
**scheme constant** _γ_ for your system. There is no one-size-fits-all approach.
|
||||
|
||||
If _γ_ is too low, then the probability of false positives will be very high.
|
||||
If _p_ is too low, then the probability of false positives will be very high.
|
||||
|
||||
If _γ_ is too high, then an adversarial server will be able to link messages to recipients with low probability.
|
||||
If _p_ is too high, then an adversarial server will be able to link messages to recipients with low probability.
|
||||
|
||||
Likewise a large _γ_ means higher bandwidth costs, but a small _γ_ reveals more of the secret keys to the server and
|
||||
increases false positives.
|
||||
|
||||
## Usage
|
||||
|
||||
|
@ -54,9 +56,11 @@ This tag can be attached to a message in a metadata resistant system.
|
|||
|
||||
## Verifying Tags
|
||||
|
||||
An adversarial server can test a given tag against a detection key:
|
||||
Extract a detection key for a given probability. This can then be
|
||||
given to an adversarial server can test a given tag against a detection key:
|
||||
|
||||
if key.detection_key.test_tag(tag) {
|
||||
let detection_key = key.extract(5);
|
||||
if detection_key.test_tag(tag) {
|
||||
// the message attached to this tag *might* be for the party associated with the detection key
|
||||
} else {
|
||||
// the message attached to this tag is definitely *not* for the party associated with the detection key.
|
||||
|
|
|
@ -5,19 +5,20 @@ use std::time::Duration;
|
|||
fn benchmark_generate_tag(c: &mut Criterion) {
|
||||
let mut group = c.benchmark_group("generate_tags");
|
||||
group.measurement_time(Duration::new(10,0));
|
||||
for gamma in [2,4,8,16,24,32].iter() {
|
||||
let key = FuzzyMetaTagKeyPair::generate(*gamma as usize);
|
||||
group.bench_with_input(BenchmarkId::from_parameter(gamma), gamma, |b, _gamma| b.iter(|| { key.public_key.generate_tag() }));
|
||||
let key = FuzzyMetaTagKeyPair::generate(24);
|
||||
for p in [5,10,15].iter() {
|
||||
group.bench_with_input(BenchmarkId::from_parameter(p), p, |b, _gamma| b.iter(|| { key.public_key.generate_tag() }));
|
||||
}
|
||||
}
|
||||
|
||||
fn benchmark_test_tag(c: &mut Criterion) {
|
||||
let mut group = c.benchmark_group("test_tags");
|
||||
group.measurement_time(Duration::new(10,0));
|
||||
for gamma in [2,4,8,16,24,32].iter() {
|
||||
let key = FuzzyMetaTagKeyPair::generate(*gamma as usize);
|
||||
let key = FuzzyMetaTagKeyPair::generate(24);
|
||||
for p in [5,10,15].iter() {
|
||||
let tag = key.public_key.generate_tag();
|
||||
group.bench_with_input(BenchmarkId::from_parameter(gamma), gamma, |b, _gamma| b.iter(|| { key.detection_key.test_tag(&tag) }));
|
||||
let detection_key = key.extract(*p);
|
||||
group.bench_with_input(BenchmarkId::from_parameter(p), p, |b, _gamma| b.iter(|| { detection_key.test_tag(&tag) }));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
11
src/lib.rs
11
src/lib.rs
|
@ -27,7 +27,7 @@ pub struct FuzzyMetaTag {
|
|||
}
|
||||
|
||||
/// A collection of "secret" data that can be used to determine if a `FuzzyMetaTag` was intended for
|
||||
/// the derived public key.
|
||||
/// the derived public key with probability p
|
||||
pub struct FuzzyMetaDetectionKey(Vec<Scalar>);
|
||||
|
||||
impl FuzzyMetaDetectionKey {
|
||||
|
@ -159,6 +159,15 @@ impl FuzzyMetaTagKeyPair {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/// extract a detection key for a given false positive (p = 2^-n)
|
||||
pub fn extract(&self, n: usize) -> FuzzyMetaDetectionKey {
|
||||
let parts = self.detection_key.0.iter().take(n).cloned().collect();
|
||||
FuzzyMetaDetectionKey {
|
||||
0: parts
|
||||
}
|
||||
}
|
||||
|
||||
/// a hash function that takes 3 risretto points as a parameter and outputs 0 or 1.
|
||||
fn h(u: RistrettoPoint, h: RistrettoPoint, w: RistrettoPoint) -> u8 {
|
||||
let hash = sha3::Sha3_256::digest(
|
||||
|
|
Loading…
Reference in New Issue