Documentation
¶
Overview ¶
Package messages implements the message types communicated between client and server. The messaging in a successful run is sequenced as follows:
Client | Server
PR --> Pair Request
(wait for epoch)
<-- BR Begin Run
KE --> Key Exchange
<-- KEs Server broadcasts all KE messages to all peers
CT --> Post-Quantum ciphertext exchange
<-- CTs Server broadcasts ciphertexts created by others for us
SR --> Slot Reserve
<-- RM Recovered Messages
DC --> DC-net broadcast
<-- CM Confirm Messages (unsigned)
CM --> Confirm Messages (signed)
(server joins all signatures)
<-- CM Confirm Messages (with all signatures)
If a peer fails to find their message after either the exponential slot reservation or XOR DC-net, the DC or CM message indicates to the server that blame must be assigned to remove malicious peers from the mix. This process requires secrets committed to by the KE to be revealed.
Client | Server
PR --> Pair Request
(wait for epoch)
<-- BR Begin Run
KE --> Key Exchange
<-- KEs Server broadcasts all KE messages to all peers
CT --> Post-Quantum ciphertext exchange
<-- CTs Server broadcasts ciphertexts created by others for us
SR --> Slot Reserve
<-- RM Recovered Messages
DC --> DC-net broadcast (with RevealSecrets=true)
<-- CM Confirm Messages (with RevealSecrets=true)
RS --> Reveal Secrets
(server discovers misbehaving peers)
<-- BR Begin Run (with removed peers)
...
At any point, if the server times out receiving a client message, the following message contains a nonzero BR field, and a new run is performed, beginning with a new key exchange.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BR ¶
type BR struct {
Vk []ed25519.PublicKey
MessageCounts []int
Sid []byte
Err ServerError
}
BR is the begin run message. It is sent to all remaining valid peers when a new run begins.
func (*BR) ServerError ¶
type BinaryRepresentable ¶
type BinaryRepresentable interface {
encoding.BinaryMarshaler
encoding.BinaryUnmarshaler
}
BinaryRepresentable is a union of the BinaryMarshaler and BinaryUnmarshaler interfaces.
type CM ¶
type CM struct {
Mix BinaryRepresentable
RevealSecrets bool
BR // Indicates to begin new run after peer exclusion
Err ServerError
Signature []byte
}
CM is the confirmed mix message.
func ConfirmMix ¶
func ConfirmMix(sk ed25519.PrivateKey, mix BinaryRepresentable) *CM
ConfirmedMix creates the confirmed mix message, sending either the confirmed mix or indication of a confirmation failure to the server.
func (*CM) ServerError ¶
type CT ¶
type CT struct {
Ciphertexts []*Sntrup4591761Ciphertext
Signature []byte
}
CT is the client's exchange of post-quantum shared key ciphertexts with all other peers in the run.
func Ciphertexts ¶
func Ciphertexts(ciphertexts []*Sntrup4591761Ciphertext, ses *Session) *CT
Ciphertexts creates the ciphertext message.
type CTs ¶
type CTs struct {
Ciphertexts []*Sntrup4591761Ciphertext
BR // Indicates to begin a new run after peer exclusion
Err ServerError
}
CTs is the server's broadcast of encapsulated shared key ciphertexts created by all other peers for our client.
func (*CTs) ServerError ¶
type DC ¶
DC is the DC-net broadcast.
type KE ¶
type KE struct {
Run int // 0, 1, ...
ECDH *x25519.Public
PQPK *Sntrup4591761PublicKey
Commitment []byte // Hash of RS (reveal secrets) message contents
Signature []byte
}
KE is the client's opening key exchange message of a run.
func KeyExchange ¶
KeyExchange creates a signed key exchange message to verifiably provide the x25519 and sntrup4591761 public keys.
type KEs ¶
type KEs struct {
KEs []*KE
BR // Indicates to begin new run after peer exclusion
Err ServerError
}
KEs is the server's broadcast of all received key exchange messages.
func (*KEs) ServerError ¶
type PR ¶
type PR struct {
Identity ed25519.PublicKey // Ephemeral session public key
PairCommitment []byte // Requirements for compatible mixes, e.g. same output amounts, tx versions, ...
Unmixed []byte // Unmixed data contributed to a run result, e.g. transaction inputs and change outputs
MessageCount int // Number of messages being mixed
Signature []byte
}
PR is the client's pairing request message. It is only seen at the start of the protocol.
func PairRequest ¶
func PairRequest(pk ed25519.PublicKey, sk ed25519.PrivateKey, commitment, unmixed []byte, mixes int) *PR
PairRequest creates a signed request to be paired in a mix described by commitment, with possible initial unmixed data appearing in the final result. Ephemeral session keys pk and sk are used throughout the protocol.
type RM ¶
type RM struct {
Run int
Roots []*big.Int
RevealSecrets bool
BR // Indicates to begin new run after peer exclusion
Err ServerError
}
RM is the recovered messages result of collecting all SR messages and solving for the mixed original messages.
func RecoveredMessages ¶
RecoveredMessages creates a recovered messages message.
func (*RM) ServerError ¶
type RS ¶
RS is the reveal secrets message. It reveals a run's PRNG seed, SR and DC secrets at the end of a failed run for blame assignment and misbehaving peer removal.
func RevealSecrets ¶
RevealSecrets creates the reveal secrets message.
type SR ¶
SR is the slot reservation broadcast.
func SlotReserve ¶
SlotReserve creates a slot reservation message to discover random, anonymous slot assignments for an XOR DC-net by mixing random data in a exponential DC-mix.
type ServerError ¶
type ServerError int
ServerError describes an error message sent by the server. The peer cannot continue in the mix session if an error is received. The zero value indicates the absence of an error.
const ( ErrAbortedSession ServerError = iota + 1 ErrInvalidUnmixed ErrTooFewPeers )
Server errors
func (ServerError) Error ¶
func (e ServerError) Error() string
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Session describes a current mixing session and run.
func NewSession ¶
NewSession creates a run session from a unique session identifier and peer ed25519 pubkeys ordered by peer index. If sk is non-nil, signed message types created using this session will contain a valid signature.
type Signed ¶
type Signed interface {
VerifySignature(pub ed25519.PublicKey) bool
// contains filtered or unexported methods
}
Signed indicates a session message carries an ed25519 signature that must be checked.
type Sntrup4591761Ciphertext ¶
type Sntrup4591761Ciphertext = [sntrup4591761.CiphertextSize]byte
type Sntrup4591761PublicKey ¶
type Sntrup4591761PublicKey = [sntrup4591761.PublicKeySize]byte
Source Files