star

package module
v0.0.0-...-afd10a9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2023 License: BSD-3-Clause Imports: 26 Imported by: 0

README

Prototype STAR in Go

This repository contains an implementation of the STAR protocol in Go. It is meant for research and reference purposes only, and MUST NOT be used in production systems.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	SEED_LEN_IN_BYTES   = 32
	RSA_KEY_LEN_IN_BITS = 2048
)

Functions

This section is empty.

Types

type Aes128GcmHmacKCAEAD

type Aes128GcmHmacKCAEAD struct {
	// contains filtered or unexported fields
}

func (Aes128GcmHmacKCAEAD) Nk

func (c Aes128GcmHmacKCAEAD) Nk() int

func (Aes128GcmHmacKCAEAD) Nn

func (c Aes128GcmHmacKCAEAD) Nn() int

func (Aes128GcmHmacKCAEAD) Nt

func (c Aes128GcmHmacKCAEAD) Nt() int

func (Aes128GcmHmacKCAEAD) Open

func (c Aes128GcmHmacKCAEAD) Open(key, nonce, aad, ctAndTag []byte) ([]byte, error)

def Open(key, nonce, aad, ct_and_tag):

key_prk = Extract(nil, key)
aead_key = Expand(key_prk, "aead", Nk)
hmac_key = Expand(key_prk, "hmac", 32) // 32 bytes for SHA-256
ct || tag = ct_and_tag
expected_tag = HMAC(key=hmac_key, message=ct)
if !constant_time_equal(expected_tag, tag):
  raise OpenError
pt = AES-128-GCM-Open(key=aead_key, nonce=nonce, aad=aad, ct=ct) // This can raise an OpenError
return pt

func (Aes128GcmHmacKCAEAD) Seal

func (c Aes128GcmHmacKCAEAD) Seal(key, nonce, aad, pt []byte) ([]byte, error)

def Seal(key, nonce, aad, pt):

key_prk = Extract(nil, key)
aead_key = Expand(key_prk, "aead", Nk)
hmac_key = Expand(key_prk, "hmac", 32) // 32 bytes for SHA-256
ct = AES-128-GCM-Seal(key=aead_key, nonce=nonce, aad=aad, pt=pt)
tag = HMAC(key=hmac_key, message=ct)
return ct || tag

type AggregateContext

type AggregateContext struct {
	// contains filtered or unexported fields
}

func (AggregateContext) Report

func (c AggregateContext) Report(metadata []byte) (Report, error)

func (AggregateContext) ReportGarbage

func (c AggregateContext) ReportGarbage(metadata, garbageMessage []byte) (Report, error)

type AggregateOutput

type AggregateOutput struct {
	// contains filtered or unexported fields
}

type Aggregator

type Aggregator struct {
	// contains filtered or unexported fields
}

func NewAggregator

func NewAggregator(randomConfig RandomizerPublicConfig, config AggregatorConfig) *Aggregator

func (Aggregator) AggregateBucket

func (a Aggregator) AggregateBucket(bucket []byte, validate bool) (*AggregateOutput, error)

func (Aggregator) AggregateReports

func (a Aggregator) AggregateReports(reports []Report, validate bool) (*AggregateOutput, error)

func (Aggregator) BucketSize

func (a Aggregator) BucketSize(bucket []byte) (int, error)

func (*Aggregator) Consume

func (a *Aggregator) Consume(report Report, validate bool) error

func (Aggregator) ReadyBuckets

func (a Aggregator) ReadyBuckets() [][]byte

type AggregatorConfig

type AggregatorConfig interface {
	Name() string
	Threshold() int
	Splitter() SecretSplitter
	KDF() KDF
	AEAD() KCAEAD
}

XXX(caw): rename to public config?

func NewAggregatorConfiguration

func NewAggregatorConfiguration(threshold int, splitter SecretSplitter, kdf KDF, aead KCAEAD) AggregatorConfig

func NewDefaultAggregatorConfiguration

func NewDefaultAggregatorConfiguration(threshold int) AggregatorConfig

type BlindRSAClient

type BlindRSAClient struct {
	// contains filtered or unexported fields
}

func NewBlindRSAClient

func NewBlindRSAClient(publicKey *rsa.PublicKey) BlindRSAClient

func (BlindRSAClient) Blind

func (r BlindRSAClient) Blind(element []byte) (RandomnessClientState, []byte)

XXX(caw): make this function fallible

func (BlindRSAClient) IsVerifiable

func (r BlindRSAClient) IsVerifiable() bool

func (BlindRSAClient) Verify

func (r BlindRSAClient) Verify(input, authenticator []byte) ([]byte, error)

type BlindRSAClientState

type BlindRSAClientState struct {
	// contains filtered or unexported fields
}

func (BlindRSAClientState) Finalize

func (r BlindRSAClientState) Finalize(evaluationResponse []byte) ([]byte, []byte)

XXX(caw): make this function fallible

type BlindRSARandomizerConfig

type BlindRSARandomizerConfig struct {
	// contains filtered or unexported fields
}

func NewBlindRSARandomizerConfig

func NewBlindRSARandomizerConfig() BlindRSARandomizerConfig

func (BlindRSARandomizerConfig) Name

func (BlindRSARandomizerConfig) NewServer

func (BlindRSARandomizerConfig) PublicConfig

type BlindRSARandomizerPublicConfig

type BlindRSARandomizerPublicConfig struct {
	// contains filtered or unexported fields
}

func (BlindRSARandomizerPublicConfig) NewClient

type BlindRSAServer

type BlindRSAServer struct {
	// contains filtered or unexported fields
}

func NewBlindRSAServer

func NewBlindRSAServer(privateKey *rsa.PrivateKey) BlindRSAServer

XXX(caw): make this function fallible

func (BlindRSAServer) Evaluate

func (r BlindRSAServer) Evaluate(blindedElement []byte) []byte

XXX(caw): make this function fallible

type Client

type Client struct {
	// contains filtered or unexported fields
}

func NewClient

func NewClient(config AggregatorConfig, randomConfig RandomizerPublicConfig) Client

func (Client) RandomizeRequest

func (c Client) RandomizeRequest(msg []byte) RandomizeContext

type FeldmanShare

type FeldmanShare struct {
	// contains filtered or unexported fields
}

func (*FeldmanShare) Commitment

func (s *FeldmanShare) Commitment() []byte

func (*FeldmanShare) Input

func (s *FeldmanShare) Input() group.Scalar

func (*FeldmanShare) InputRaw

func (s *FeldmanShare) InputRaw() *big.Int

func (*FeldmanShare) MarshalBinary

func (s *FeldmanShare) MarshalBinary() ([]byte, error)

func (*FeldmanShare) MarshalBinaryCompress

func (s *FeldmanShare) MarshalBinaryCompress() ([]byte, error)

func (*FeldmanShare) Output

func (s *FeldmanShare) Output() group.Scalar

func (*FeldmanShare) UnmarshalBinary

func (s *FeldmanShare) UnmarshalBinary(data []byte) error

func (*FeldmanShare) Verify

func (s *FeldmanShare) Verify() error

type FeldmanSplitter

type FeldmanSplitter struct {
}

func (*FeldmanSplitter) EmptyShare

func (s *FeldmanSplitter) EmptyShare() Share

func (*FeldmanSplitter) EncodeSecret

func (s *FeldmanSplitter) EncodeSecret(secret []byte) []byte

func (FeldmanSplitter) Name

func (s FeldmanSplitter) Name() string

func (*FeldmanSplitter) RandomShare

func (s *FeldmanSplitter) RandomShare() Share

func (*FeldmanSplitter) Recover

func (s *FeldmanSplitter) Recover(k int, shares []Share, validate bool) ([]byte, error)

func (*FeldmanSplitter) Share

func (s *FeldmanSplitter) Share(k int, msg, randomness []byte) (Share, []byte)

type GenericAggregatorConfiguration

type GenericAggregatorConfiguration struct {
	// contains filtered or unexported fields
}

func (GenericAggregatorConfiguration) AEAD

func (GenericAggregatorConfiguration) KDF

func (GenericAggregatorConfiguration) Name

func (GenericAggregatorConfiguration) Splitter

func (GenericAggregatorConfiguration) Threshold

func (c GenericAggregatorConfiguration) Threshold() int

type HkdfKDF

type HkdfKDF struct {
	// contains filtered or unexported fields
}

func (HkdfKDF) Expand

func (f HkdfKDF) Expand(prk, info []byte, L int) []byte

func (HkdfKDF) Extract

func (f HkdfKDF) Extract(salt, ikm []byte) []byte

type KCAEAD

type KCAEAD interface {
	Seal(key, nonce, aad, pt []byte) ([]byte, error)
	Open(key, nonce, aad, ct []byte) ([]byte, error)
	Nk() int
	Nn() int
	Nt() int
}

type KDF

type KDF interface {
	Extract(salt, ikm []byte) []byte
	Expand(prk, info []byte, L int) []byte
}

type PedersenShare

type PedersenShare struct {
	// contains filtered or unexported fields
}

func (*PedersenShare) Commitment

func (s *PedersenShare) Commitment() []byte

func (*PedersenShare) Input

func (s *PedersenShare) Input() group.Scalar

func (*PedersenShare) InputRaw

func (s *PedersenShare) InputRaw() *big.Int

func (*PedersenShare) MarshalBinary

func (s *PedersenShare) MarshalBinary() ([]byte, error)

func (*PedersenShare) MarshalBinaryCompress

func (s *PedersenShare) MarshalBinaryCompress() ([]byte, error)

func (*PedersenShare) Output

func (s *PedersenShare) Output() group.Scalar

func (*PedersenShare) UnmarshalBinary

func (s *PedersenShare) UnmarshalBinary(data []byte) error

func (*PedersenShare) Verify

func (s *PedersenShare) Verify() error

type PedersenSplitter

type PedersenSplitter struct {
}

func (*PedersenSplitter) EmptyShare

func (s *PedersenSplitter) EmptyShare() Share

func (*PedersenSplitter) EncodeSecret

func (s *PedersenSplitter) EncodeSecret(secret []byte) []byte

func (PedersenSplitter) Name

func (s PedersenSplitter) Name() string

func (*PedersenSplitter) RandomShare

func (s *PedersenSplitter) RandomShare() Share

func (*PedersenSplitter) Recover

func (s *PedersenSplitter) Recover(k int, shares []Share, validate bool) ([]byte, error)

func (*PedersenSplitter) Share

func (s *PedersenSplitter) Share(k int, msg, randomness []byte) (Share, []byte)

type RandomizeContext

type RandomizeContext struct {
	// contains filtered or unexported fields
}

func (RandomizeContext) Finalize

func (c RandomizeContext) Finalize(response []byte) AggregateContext

type RandomizerConfig

type RandomizerConfig interface {
	Name() string
	PublicConfig() RandomizerPublicConfig
	NewServer() RandomnessServer
}

func NewDefaultRandomizerConfig

func NewDefaultRandomizerConfig() RandomizerConfig

type RandomizerPublicConfig

type RandomizerPublicConfig interface {
	NewClient() RandomnessClient
}

type RandomnessClient

type RandomnessClient interface {
	Blind(element []byte) (RandomnessClientState, []byte)
	IsVerifiable() bool
	Verify(input, authenticator []byte) ([]byte, error)
}

XXX(caw): Add a VerifiableRandomnessClient that includes a Verify function

type RandomnessClientState

type RandomnessClientState interface {
	Finalize(evaluationResponse []byte) ([]byte, []byte)
}

type RandomnessServer

type RandomnessServer interface {
	Evaluate(blindedElement []byte) []byte
}

type Report

type Report struct {
	// contains filtered or unexported fields
}
struct {
	opaque encrypted_report<1..2^16-1>;
	opaque rand_share<1..2^16-1>;
	opaque commitment<1..2^16-1>;
  } Report;

func (*Report) Marshal

func (r *Report) Marshal() []byte

func (*Report) Unmarshal

func (r *Report) Unmarshal(data []byte) bool

type Ristretto255VOPRFClient

type Ristretto255VOPRFClient struct {
	// contains filtered or unexported fields
}

func NewRistretto255VOPRFClient

func NewRistretto255VOPRFClient(publicKey *oprf.PublicKey) Ristretto255VOPRFClient

func (Ristretto255VOPRFClient) Blind

func (r Ristretto255VOPRFClient) Blind(element []byte) (RandomnessClientState, []byte)

XXX(caw): make this function fallible

func (Ristretto255VOPRFClient) IsVerifiable

func (r Ristretto255VOPRFClient) IsVerifiable() bool

func (Ristretto255VOPRFClient) Verify

func (r Ristretto255VOPRFClient) Verify(input, authenticator []byte) ([]byte, error)

type Ristretto255VOPRFServer

type Ristretto255VOPRFServer struct {
	// contains filtered or unexported fields
}

func NewRistretto255VOPRFServer

func NewRistretto255VOPRFServer(seed, info []byte) Ristretto255VOPRFServer

XXX(caw): make this function fallible

func (Ristretto255VOPRFServer) Evaluate

func (r Ristretto255VOPRFServer) Evaluate(blindedElement []byte) []byte

XXX(caw): make this function fallible

type Ristretto255VRandomnessClientState

type Ristretto255VRandomnessClientState struct {
	// contains filtered or unexported fields
}

func (Ristretto255VRandomnessClientState) Finalize

func (state Ristretto255VRandomnessClientState) Finalize(evaluationResponse []byte) ([]byte, []byte)

XXX(caw): make this function fallible

type SecretSplitter

type SecretSplitter interface {
	Name() string
	EmptyShare() Share
	RandomShare() Share
	EncodeSecret(msg []byte) []byte
	Share(k int, msg, randomness []byte) (Share, []byte)
	Recover(k int, shares []Share, validate bool) ([]byte, error)
}

type ShamirShare

type ShamirShare struct {
	// contains filtered or unexported fields
}

func (*ShamirShare) Commitment

func (s *ShamirShare) Commitment() []byte

func (*ShamirShare) Input

func (s *ShamirShare) Input() group.Scalar

func (*ShamirShare) InputRaw

func (s *ShamirShare) InputRaw() *big.Int

func (*ShamirShare) MarshalBinary

func (s *ShamirShare) MarshalBinary() ([]byte, error)

func (*ShamirShare) MarshalBinaryCompress

func (s *ShamirShare) MarshalBinaryCompress() ([]byte, error)

func (*ShamirShare) Output

func (s *ShamirShare) Output() group.Scalar

func (*ShamirShare) UnmarshalBinary

func (s *ShamirShare) UnmarshalBinary(data []byte) error

func (*ShamirShare) Verify

func (s *ShamirShare) Verify() error

type ShamirSplitter

type ShamirSplitter struct {
}

func (*ShamirSplitter) EmptyShare

func (s *ShamirSplitter) EmptyShare() Share

func (*ShamirSplitter) EncodeSecret

func (s *ShamirSplitter) EncodeSecret(secret []byte) []byte

func (ShamirSplitter) Name

func (s ShamirSplitter) Name() string

func (*ShamirSplitter) RandomShare

func (s *ShamirSplitter) RandomShare() Share

func (*ShamirSplitter) Recover

func (s *ShamirSplitter) Recover(k int, shares []Share, validate bool) ([]byte, error)

func (*ShamirSplitter) Share

func (s *ShamirSplitter) Share(k int, secret, randomness []byte) (Share, []byte)

type Share

type Share interface {
	InputRaw() *big.Int // XXX(caw): get rid of this once we have a pow(..) like function on the Scalar interface
	Input() group.Scalar
	Output() group.Scalar
	Commitment() []byte
	Verify() error

	// BinaryMarshaler returns a byte representation of the scalar.
	encoding.BinaryMarshaler
	// BinaryUnmarshaler recovers a scalar from a byte representation produced
	// by encoding.BinaryMarshaler.
	encoding.BinaryUnmarshaler
}

XXX(caw): add an "IsValid" function that aggregators can query, or should shares "verify" upon decoding (like ristretto)?

type VOPRFRandomizerConfig

type VOPRFRandomizerConfig struct {
	// contains filtered or unexported fields
}

func (VOPRFRandomizerConfig) Name

func (c VOPRFRandomizerConfig) Name() string

func (VOPRFRandomizerConfig) NewServer

func (VOPRFRandomizerConfig) PublicConfig

type VOPRFRandomizerPublicConfig

type VOPRFRandomizerPublicConfig struct {
	// contains filtered or unexported fields
}

func (VOPRFRandomizerPublicConfig) NewClient

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL