README
¶
The Trusternity Project
1. Overview
Public key server is a simple yet effective way of key manage-ment in secure end-to-end communication. To ensure the trustworthinessof a public key server, a Key Transparency solution employs a tamper-evident data structureon the server and a gossiping protocol among clients in order to detectcompromised servers. However, due to lack of incentive and vulnerabilityto malicious clients, a gossiping protocol is hard to implement in practice or too costly to operate.
We present Trusternity, an auditing scheme for Key Transparency server relying on Ethereum blockchain that is easy to implement, inexpensive to operate and resilientto malicious clients. Trusternity is implemented as an extension to CONIKS, a key management system that provides transparency and privacy for end-user public keys.
2. Extension over CONIKS-GO
We introduce several extensions to CONIKS-go.
init
The CONIKS server init now creates an eth.toml config file.
coniksserver init -c
A new eth.toml is as follows.
geth_rpc_endpoint_url = "127.0.0.1:"
eth_account_address = ""
trusternity_contract_address = ""
You must edit this file to add Geth RPC endpoint port (default 8545), an account address of the server wallet and the address of Trusternity contract. In a private network, you can deploy your own Trusternity contract here
Here is a sample config file after modified
geth_rpc_endpoint_url = "127.0.0.1:8545"
eth_account_address = "0xcaaC50c6D025A1F7F912f9d120f90796C6Fb30aA"
trusternity_contract_address = "0x012bb0dC4E7ce56440d3AaDC68b6cDB240dC6b57"
Trusternity Server
We can now run a Trusternity server by providing CONIKS server with 2 extra flags:
coniksserver -e
coniksserver -e -t "path to eth.toml"
The first is to run with a default eth.toml inside the working directory. The second is to provide the path to the config file.
For detail usage instructions for the CONIKS server, see the documentation in their respective packages: CONIKS-server
Trusternity Client
Similar to Trusternity Server, we need to turn on ethereum mode in the client as
coniksclient -e -t "path to eth.toml"
Then we can perform audit for a specific epoch by using a REPL command
audit $epoch
where we can replace $epoch with the corresponding epoch number. The client then download and extract the published STR via Geth.
3. Test Net
In order to build a private Ethereum Test Network, you can find the instructions here
Directories
¶
| Path | Synopsis |
|---|---|
|
Package bots implements the CONIKS account verification protocol for first-party identity providers.
|
Package bots implements the CONIKS account verification protocol for first-party identity providers. |
|
coniksbot
Executable CONIKS registration proxy for Twitter usernames.
|
Executable CONIKS registration proxy for Twitter usernames. |
|
coniksbot/internal/cmd
Package cmd provides the CLI commands for a CONIKS account verification bot for Twitter accounts.
|
Package cmd provides the CLI commands for a CONIKS account verification bot for Twitter accounts. |
|
Package client provides an executable reference implementation of a simple client for the CONIKS key management system.
|
Package client provides an executable reference implementation of a simple client for the CONIKS key management system. |
|
coniksclient
Executable CONIKS test client.
|
Executable CONIKS test client. |
|
Package crypto contains the cryptographic routines for CONIKS: hashing, cryptographic commitments, digital signatures, VRF, and random number generation.
|
Package crypto contains the cryptographic routines for CONIKS: hashing, cryptographic commitments, digital signatures, VRF, and random number generation. |
|
internal/ed25519/edwards25519
Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519.
|
Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519. |
|
sign
Package sign implements a digital signature scheme using the Edwards form of Curve25519.
|
Package sign implements a digital signature scheme using the Edwards form of Curve25519. |
|
vrf
Package vrf implements a verifiable random function using the Edwards form of Curve25519, SHA3 and the Elligator map.
|
Package vrf implements a verifiable random function using the Edwards form of Curve25519, SHA3 and the Elligator map. |
|
Package keyserver provides an executable reference implementation of a server for the CONIKS key management system.
|
Package keyserver provides an executable reference implementation of a server for the CONIKS key management system. |
|
coniksserver
Executable CONIKS key server.
|
Executable CONIKS key server. |
|
coniksserver/internal/cmd
Package cmd implements the CLI commands for a CONIKS key server.
|
Package cmd implements the CLI commands for a CONIKS key server. |
|
testutil
Package testutil provides utility functions for writing server tests and generating a test server configuration.
|
Package testutil provides utility functions for writing server tests and generating a test server configuration. |
|
Package merkletree implements a Merkle prefix tree and related data structures.
|
Package merkletree implements a Merkle prefix tree and related data structures. |
|
Package protocol is a library for building compatible CONIKS clients and servers.
|
Package protocol is a library for building compatible CONIKS clients and servers. |
|
Package storage implements hooks for different kinds of persistent storage backends.
|
Package storage implements hooks for different kinds of persistent storage backends. |
|
kv
Package kv contains a generic interface for key-value databases with support for batch writes.
|
Package kv contains a generic interface for key-value databases with support for batch writes. |
|
kv/leveldbkv
Package leveldbkv implements the kv interface using leveldb.
|
Package leveldbkv implements the kv interface using leveldb. |
|
Package utils contains utility functions used in the coniks-go library.
|
Package utils contains utility functions used in the coniks-go library. |