|
|
|
|
@ -45,8 +45,7 @@ messaging service / privacy-preserving application.
|
|
|
|
|
`key.detection_key` can be given to untrusted _adversarial_ servers.
|
|
|
|
|
|
|
|
|
|
`gamma` is security property (_γ_) in the system. For a given gamma, a tag generated for a specific public key will
|
|
|
|
|
validate against a random public key with probability 2^-gamma. The actual value of gamma needed to protect the metadata
|
|
|
|
|
of a given application is specific to that application, the number of parties involved, the number of messages involved etc.
|
|
|
|
|
validate against a random public key with a maximum probability of 2^-gamma.
|
|
|
|
|
|
|
|
|
|
## Generating Tags
|
|
|
|
|
|
|
|
|
|
@ -56,16 +55,15 @@ This tag can be attached to a message in a metadata resistant system.
|
|
|
|
|
|
|
|
|
|
## Verifying Tags
|
|
|
|
|
|
|
|
|
|
Extract a detection key for a given probability. This can then be
|
|
|
|
|
given to an adversarial server can test a given tag against a detection key:
|
|
|
|
|
First it is necessary to extract a detection key for a given false positive probability 0 <= 2^-n <= 2^-γ.
|
|
|
|
|
|
|
|
|
|
This extracted key can then be given to an adversarial server can test a given tag against a detection key e.g.:
|
|
|
|
|
|
|
|
|
|
let detection_key = key.extract(5);
|
|
|
|
|
if detection_key.test_tag(tag) {
|
|
|
|
|
// the message attached to this tag *might* be for the party associated with the detection key
|
|
|
|
|
// the message attached to this tag *might* be for the party associated with the detection key
|
|
|
|
|
} else {
|
|
|
|
|
// the message attached to this tag is definitely *not* for the party associated with the detection key.
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
