diff --git a/kt/client.go b/kt/client.go index 5173aaa..029aebc 100644 --- a/kt/client.go +++ b/kt/client.go @@ -13,7 +13,7 @@ type Client struct { servCli *advrpc.Client servSigPk cryptoffi.SigPublicKey servVrfPk *cryptoffi.VrfPublicKey - // seenDigs stores, for an epoch, if we've gotten a commitment for it. + // seenDigs stores, for an epoch, if we've gotten a digest for it. seenDigs map[uint64]*SigDig // nextEpoch is the min epoch that we haven't yet seen, an UB on seenDigs. nextEpoch uint64 @@ -70,7 +70,7 @@ func checkMemb(pk *cryptoffi.VrfPublicKey, uid uint64, ver uint64, dig []byte, m if err { return true } - mapVal := compMapVal(memb.EpochAdded, memb.CommOpen) + mapVal := compMapVal(memb.EpochAdded, memb.PkOpen) return merkle.CheckProof(true, memb.MerkProof, label, mapVal, dig) } @@ -122,7 +122,7 @@ func (c *Client) Put(pk []byte) (uint64, *ClientErr) { if dig.Epoch != latest.EpochAdded { return 0, stdErr } - if !std.BytesEqual(pk, latest.CommOpen.Pk) { + if !std.BytesEqual(pk, latest.PkOpen.Val) { return 0, stdErr } // check bound has right ver. @@ -169,7 +169,7 @@ func (c *Client) Get(uid uint64) (bool, []byte, uint64, *ClientErr) { if checkNonMemb(c.servVrfPk, uid, boundVer, dig.Dig, bound) { return false, nil, 0, stdErr } - return isReg, latest.CommOpen.Pk, dig.Epoch, &ClientErr{Err: false} + return isReg, latest.PkOpen.Val, dig.Epoch, &ClientErr{Err: false} } // SelfMon self-monitors for the client's own key, and returns the epoch diff --git a/kt/serde.go b/kt/serde.go index e94c348..f548820 100644 --- a/kt/serde.go +++ b/kt/serde.go @@ -16,20 +16,20 @@ type MapLabelPre struct { Ver uint64 } -type PkCommOpen struct { - Pk []byte - R []byte +type CommitOpen struct { + Val []byte + Rand []byte } type MapValPre struct { - Epoch uint64 - PkComm []byte + Epoch uint64 + PkCommit []byte } type Memb struct { LabelProof []byte EpochAdded uint64 - CommOpen *PkCommOpen + PkOpen *CommitOpen MerkProof [][][]byte } diff --git a/kt/serde.out.go b/kt/serde.out.go index 227a27a..d1f1c4a 100644 --- a/kt/serde.out.go +++ b/kt/serde.out.go @@ -63,13 +63,13 @@ func MapLabelPreDecode(b0 []byte) (*MapLabelPre, []byte, bool) { } return &MapLabelPre{Uid: a1, Ver: a2}, b2, false } -func PkCommOpenEncode(b0 []byte, o *PkCommOpen) []byte { +func CommitOpenEncode(b0 []byte, o *CommitOpen) []byte { var b = b0 - b = marshalutil.WriteSlice1D(b, o.Pk) - b = marshalutil.WriteSlice1D(b, o.R) + b = marshalutil.WriteSlice1D(b, o.Val) + b = marshalutil.WriteSlice1D(b, o.Rand) return b } -func PkCommOpenDecode(b0 []byte) (*PkCommOpen, []byte, bool) { +func CommitOpenDecode(b0 []byte) (*CommitOpen, []byte, bool) { a1, b1, err1 := marshalutil.ReadSlice1D(b0) if err1 { return nil, nil, true @@ -78,12 +78,12 @@ func PkCommOpenDecode(b0 []byte) (*PkCommOpen, []byte, bool) { if err2 { return nil, nil, true } - return &PkCommOpen{Pk: a1, R: a2}, b2, false + return &CommitOpen{Val: a1, Rand: a2}, b2, false } func MapValPreEncode(b0 []byte, o *MapValPre) []byte { var b = b0 b = marshal.WriteInt(b, o.Epoch) - b = marshalutil.WriteSlice1D(b, o.PkComm) + b = marshalutil.WriteSlice1D(b, o.PkCommit) return b } func MapValPreDecode(b0 []byte) (*MapValPre, []byte, bool) { @@ -95,13 +95,13 @@ func MapValPreDecode(b0 []byte) (*MapValPre, []byte, bool) { if err2 { return nil, nil, true } - return &MapValPre{Epoch: a1, PkComm: a2}, b2, false + return &MapValPre{Epoch: a1, PkCommit: a2}, b2, false } func MembEncode(b0 []byte, o *Memb) []byte { var b = b0 b = marshalutil.WriteSlice1D(b, o.LabelProof) b = marshal.WriteInt(b, o.EpochAdded) - b = PkCommOpenEncode(b, o.CommOpen) + b = CommitOpenEncode(b, o.PkOpen) b = marshalutil.WriteSlice3D(b, o.MerkProof) return b } @@ -114,7 +114,7 @@ func MembDecode(b0 []byte) (*Memb, []byte, bool) { if err2 { return nil, nil, true } - a3, b3, err3 := PkCommOpenDecode(b2) + a3, b3, err3 := CommitOpenDecode(b2) if err3 { return nil, nil, true } @@ -122,7 +122,7 @@ func MembDecode(b0 []byte) (*Memb, []byte, bool) { if err4 { return nil, nil, true } - return &Memb{LabelProof: a1, EpochAdded: a2, CommOpen: a3, MerkProof: a4}, b4, false + return &Memb{LabelProof: a1, EpochAdded: a2, PkOpen: a3, MerkProof: a4}, b4, false } func MembHideEncode(b0 []byte, o *MembHide) []byte { var b = b0 diff --git a/kt/server.go b/kt/server.go index 2b9a130..8da8e70 100644 --- a/kt/server.go +++ b/kt/server.go @@ -16,23 +16,12 @@ func compMapLabel(uid uint64, ver uint64, sk *cryptoffi.VrfPrivateKey) ([]byte, return h, p } -func compMapVal(epoch uint64, open *PkCommOpen) []byte { - openByt := PkCommOpenEncode(make([]byte, 0), open) - comm := cryptoffi.Hash(openByt) - v := &MapValPre{Epoch: epoch, PkComm: comm} - vByt := MapValPreEncode(make([]byte, 0), v) - return vByt -} - -// genValComm rets mapVal (epoch || commitment) and a commitment opening, -// where commitment = Hash(pk || randBytes). -func genValComm(epoch uint64, pk []byte) ([]byte, *PkCommOpen) { - // from 8.12 of [Boneh-Shoup] v0.6, a 512-bit rand space provides statistical - // hiding for this sha256-based commitment scheme. - // [Boneh-Shoup]: https://toc.cryptobook.us - r := cryptoffi.RandBytes(2 * cryptoffi.HashLen) - open := &PkCommOpen{Pk: pk, R: r} - return compMapVal(epoch, open), open +// compMapVal rets mapVal (epoch || Hash(pk || rand)). +func compMapVal(epoch uint64, pkOpen *CommitOpen) []byte { + openByt := CommitOpenEncode(make([]byte, 0), pkOpen) + commit := cryptoffi.Hash(openByt) + v := &MapValPre{Epoch: epoch, PkCommit: commit} + return MapValPreEncode(make([]byte, 0), v) } type servEpochInfo struct { @@ -51,7 +40,7 @@ type Server struct { // histInfo stores info about prior epochs. histInfo []*servEpochInfo // pkCommOpens stores pk commitment openings for a particular mapLabel. - pkCommOpens map[string]*PkCommOpen + pkCommOpens map[string]*CommitOpen // nextVers stores next version #'s for a particular uid. nextVers map[uint64]uint64 } @@ -67,7 +56,7 @@ func (s *Server) getMemb(uid, ver uint64) *Memb { primitive.Assert(!err0) open, ok0 := s.pkCommOpens[string(label)] primitive.Assert(ok0) - return &Memb{LabelProof: vrfProof, EpochAdded: valPre.Epoch, CommOpen: open, MerkProof: getReply.Proof} + return &Memb{LabelProof: vrfProof, EpochAdded: valPre.Epoch, PkOpen: open, MerkProof: getReply.Proof} } // getMembHide pre-cond that (uid, ver) in-bounds. @@ -115,14 +104,24 @@ func (s *Server) getDig() *SigDig { return &SigDig{Epoch: numEpochs - 1, Dig: lastInfo.dig, Sig: lastInfo.sig} } +// genCommitOpen generates a commitment opening for val. +func genCommitOpen(val []byte) *CommitOpen { + // from 8.12 of [Boneh-Shoup] v0.6, a 512-bit rand space provides statistical + // hiding for this sha256-based commitment scheme. + // [Boneh-Shoup]: https://toc.cryptobook.us + r := cryptoffi.RandBytes(2 * cryptoffi.HashLen) + return &CommitOpen{Val: val, Rand: r} +} + func (s *Server) Put(uid uint64, pk []byte) (*SigDig, *Memb, *NonMemb) { s.mu.Lock() // add to key map. ver := s.nextVers[uid] label, _ := compMapLabel(uid, ver, s.vrfSk) nextEpoch := uint64(len(s.histInfo)) - val, open := genValComm(nextEpoch, pk) - dig, _, err0 := s.keyMap.Put(label, val) + open := genCommitOpen(pk) + mapVal := compMapVal(nextEpoch, open) + dig, _, err0 := s.keyMap.Put(label, mapVal) primitive.Assert(!err0) // update supporting stores. @@ -132,7 +131,7 @@ func (s *Server) Put(uid uint64, pk []byte) (*SigDig, *Memb, *NonMemb) { // sign new dig. updates := make(map[string][]byte) - updates[string(label)] = val + updates[string(label)] = mapVal preSig := &PreSigDig{Epoch: nextEpoch, Dig: dig} preSigByt := PreSigDigEncode(make([]byte, 0), preSig) sig := s.sigSk.Sign(preSigByt) @@ -157,7 +156,7 @@ func (s *Server) Get(uid uint64) (*SigDig, []*MembHide, bool, *Memb, *NonMemb) { nextVer := s.nextVers[uid] if nextVer == 0 { s.mu.Unlock() - return dig, hist, false, &Memb{CommOpen: &PkCommOpen{}}, bound + return dig, hist, false, &Memb{PkOpen: &CommitOpen{}}, bound } latest := s.getLatest(uid) s.mu.Unlock() @@ -190,7 +189,7 @@ func NewServer() (*Server, cryptoffi.SigPublicKey, *cryptoffi.VrfPublicKey) { sigPk, sigSk := cryptoffi.SigGenerateKey() vrfPk, vrfSk := cryptoffi.VrfGenerateKey() m := &merkle.Tree{} - opens := make(map[string]*PkCommOpen) + opens := make(map[string]*CommitOpen) vers := make(map[uint64]uint64) // commit to init epoch.