star

package module
v0.0.0-...-afd10a9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 31, 2023 License: BSD-3-Clause Imports: 26 Imported by: 0

README

Prototype STAR in Go

This repository contains an implementation of the STAR protocol in Go. It is meant for research and reference purposes only, and MUST NOT be used in production systems.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	SEED_LEN_IN_BYTES   = 32
	RSA_KEY_LEN_IN_BITS = 2048
)

Functions

This section is empty.

Types

type Aes128GcmHmacKCAEAD 

type Aes128GcmHmacKCAEAD struct {
	// contains filtered or unexported fields
}

func (Aes128GcmHmacKCAEAD) Nk 

func (c Aes128GcmHmacKCAEAD) Nk() int

func (Aes128GcmHmacKCAEAD) Nn 

func (c Aes128GcmHmacKCAEAD) Nn() int

func (Aes128GcmHmacKCAEAD) Nt 

func (c Aes128GcmHmacKCAEAD) Nt() int

func (Aes128GcmHmacKCAEAD) Open 

func (c Aes128GcmHmacKCAEAD) Open(key, nonce, aad, ctAndTag []byte) ([]byte, error)

def Open(key, nonce, aad, ct_and_tag): 

key_prk = Extract(nil, key)
aead_key = Expand(key_prk, "aead", Nk)
hmac_key = Expand(key_prk, "hmac", 32) // 32 bytes for SHA-256
ct || tag = ct_and_tag
expected_tag = HMAC(key=hmac_key, message=ct)
if !constant_time_equal(expected_tag, tag):
  raise OpenError
pt = AES-128-GCM-Open(key=aead_key, nonce=nonce, aad=aad, ct=ct) // This can raise an OpenError
return pt

func (Aes128GcmHmacKCAEAD) Seal 

func (c Aes128GcmHmacKCAEAD) Seal(key, nonce, aad, pt []byte) ([]byte, error)

def Seal(key, nonce, aad, pt): 

key_prk = Extract(nil, key)
aead_key = Expand(key_prk, "aead", Nk)
hmac_key = Expand(key_prk, "hmac", 32) // 32 bytes for SHA-256
ct = AES-128-GCM-Seal(key=aead_key, nonce=nonce, aad=aad, pt=pt)
tag = HMAC(key=hmac_key, message=ct)
return ct || tag

type AggregateContext 

type AggregateContext struct {
	// contains filtered or unexported fields
}

func (AggregateContext) Report 

func (c AggregateContext) Report(metadata []byte) (Report, error)

func (AggregateContext) ReportGarbage 

func (c AggregateContext) ReportGarbage(metadata, garbageMessage []byte) (Report, error)

type AggregateOutput 

type AggregateOutput struct {
	// contains filtered or unexported fields
}

type Aggregator 

type Aggregator struct {
	// contains filtered or unexported fields
}

func NewAggregator 

func NewAggregator(randomConfig RandomizerPublicConfig, config AggregatorConfig) *Aggregator

func (Aggregator) AggregateBucket 

func (a Aggregator) AggregateBucket(bucket []byte, validate bool) (*AggregateOutput, error)

func (Aggregator) AggregateReports 

func (a Aggregator) AggregateReports(reports []Report, validate bool) (*AggregateOutput, error)

func (Aggregator) BucketSize 

func (a Aggregator) BucketSize(bucket []byte) (int, error)

func (*Aggregator) Consume 

func (a *Aggregator) Consume(report Report, validate bool) error

func (Aggregator) ReadyBuckets 

func (a Aggregator) ReadyBuckets() [][]byte

type AggregatorConfig 

type AggregatorConfig interface {
	Name() string
	Threshold() int
	Splitter() SecretSplitter
	KDF() KDF
	AEAD() KCAEAD
}

XXX(caw): rename to public config?

func NewAggregatorConfiguration 

func NewAggregatorConfiguration(threshold int, splitter SecretSplitter, kdf KDF, aead KCAEAD) AggregatorConfig

func NewDefaultAggregatorConfiguration 

func NewDefaultAggregatorConfiguration(threshold int) AggregatorConfig

type BlindRSAClient 

type BlindRSAClient struct {
	// contains filtered or unexported fields
}

func NewBlindRSAClient 

func NewBlindRSAClient(publicKey *rsa.PublicKey) BlindRSAClient

func (BlindRSAClient) Blind 

func (r BlindRSAClient) Blind(element []byte) (RandomnessClientState, []byte)

XXX(caw): make this function fallible

func (BlindRSAClient) IsVerifiable 

func (r BlindRSAClient) IsVerifiable() bool

func (BlindRSAClient) Verify 

func (r BlindRSAClient) Verify(input, authenticator []byte) ([]byte, error)

type BlindRSAClientState 

type BlindRSAClientState struct {
	// contains filtered or unexported fields
}

func (BlindRSAClientState) Finalize 

func (r BlindRSAClientState) Finalize(evaluationResponse []byte) ([]byte, []byte)

XXX(caw): make this function fallible

type BlindRSARandomizerConfig 

type BlindRSARandomizerConfig struct {
	// contains filtered or unexported fields
}

func NewBlindRSARandomizerConfig 

func NewBlindRSARandomizerConfig() BlindRSARandomizerConfig

func (BlindRSARandomizerConfig) Name 

func (c BlindRSARandomizerConfig) Name() string

func (BlindRSARandomizerConfig) NewServer 

func (c BlindRSARandomizerConfig) NewServer() RandomnessServer

func (BlindRSARandomizerConfig) PublicConfig 

func (c BlindRSARandomizerConfig) PublicConfig() RandomizerPublicConfig

type BlindRSARandomizerPublicConfig 

type BlindRSARandomizerPublicConfig struct {
	// contains filtered or unexported fields
}

func (BlindRSARandomizerPublicConfig) NewClient 

func (c BlindRSARandomizerPublicConfig) NewClient() RandomnessClient

type BlindRSAServer 

type BlindRSAServer struct {
	// contains filtered or unexported fields
}

func NewBlindRSAServer 

func NewBlindRSAServer(privateKey *rsa.PrivateKey) BlindRSAServer

XXX(caw): make this function fallible

func (BlindRSAServer) Evaluate 

func (r BlindRSAServer) Evaluate(blindedElement []byte) []byte

XXX(caw): make this function fallible

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(config AggregatorConfig, randomConfig RandomizerPublicConfig) Client

func (Client) RandomizeRequest 

func (c Client) RandomizeRequest(msg []byte) RandomizeContext

type FeldmanShare 

type FeldmanShare struct {
	// contains filtered or unexported fields
}

func (*FeldmanShare) Commitment 

func (s *FeldmanShare) Commitment() []byte

func (*FeldmanShare) Input 

func (s *FeldmanShare) Input() group.Scalar

func (*FeldmanShare) InputRaw 

func (s *FeldmanShare) InputRaw() *big.Int

func (*FeldmanShare) MarshalBinary 

func (s *FeldmanShare) MarshalBinary() ([]byte, error)

func (*FeldmanShare) MarshalBinaryCompress 

func (s *FeldmanShare) MarshalBinaryCompress() ([]byte, error)

func (*FeldmanShare) Output 

func (s *FeldmanShare) Output() group.Scalar

func (*FeldmanShare) UnmarshalBinary 

func (s *FeldmanShare) UnmarshalBinary(data []byte) error

func (*FeldmanShare) Verify 

func (s *FeldmanShare) Verify() error

type FeldmanSplitter 

type FeldmanSplitter struct {
}

func (*FeldmanSplitter) EmptyShare 

func (s *FeldmanSplitter) EmptyShare() Share

func (*FeldmanSplitter) EncodeSecret 

func (s *FeldmanSplitter) EncodeSecret(secret []byte) []byte

func (FeldmanSplitter) Name 

func (s FeldmanSplitter) Name() string

func (*FeldmanSplitter) RandomShare 

func (s *FeldmanSplitter) RandomShare() Share

func (*FeldmanSplitter) Recover 

func (s *FeldmanSplitter) Recover(k int, shares []Share, validate bool) ([]byte, error)

func (*FeldmanSplitter) Share 

func (s *FeldmanSplitter) Share(k int, msg, randomness []byte) (Share, []byte)

type GenericAggregatorConfiguration 

type GenericAggregatorConfiguration struct {
	// contains filtered or unexported fields
}

func (GenericAggregatorConfiguration) AEAD 

func (c GenericAggregatorConfiguration) AEAD() KCAEAD

func (GenericAggregatorConfiguration) KDF 

func (c GenericAggregatorConfiguration) KDF() KDF

func (GenericAggregatorConfiguration) Name 

func (c GenericAggregatorConfiguration) Name() string

func (GenericAggregatorConfiguration) Splitter 

func (c GenericAggregatorConfiguration) Splitter() SecretSplitter

func (GenericAggregatorConfiguration) Threshold 

func (c GenericAggregatorConfiguration) Threshold() int

type HkdfKDF 

type HkdfKDF struct {
	// contains filtered or unexported fields
}

func (HkdfKDF) Expand 

func (f HkdfKDF) Expand(prk, info []byte, L int) []byte

func (HkdfKDF) Extract 

func (f HkdfKDF) Extract(salt, ikm []byte) []byte

type KCAEAD 

type KCAEAD interface {
	Seal(key, nonce, aad, pt []byte) ([]byte, error)
	Open(key, nonce, aad, ct []byte) ([]byte, error)
	Nk() int
	Nn() int
	Nt() int
}

type KDF 

type KDF interface {
	Extract(salt, ikm []byte) []byte
	Expand(prk, info []byte, L int) []byte
}

type PedersenShare 

type PedersenShare struct {
	// contains filtered or unexported fields
}

func (*PedersenShare) Commitment 

func (s *PedersenShare) Commitment() []byte

func (*PedersenShare) Input 

func (s *PedersenShare) Input() group.Scalar

func (*PedersenShare) InputRaw 

func (s *PedersenShare) InputRaw() *big.Int

func (*PedersenShare) MarshalBinary 

func (s *PedersenShare) MarshalBinary() ([]byte, error)

func (*PedersenShare) MarshalBinaryCompress 

func (s *PedersenShare) MarshalBinaryCompress() ([]byte, error)

func (*PedersenShare) Output 

func (s *PedersenShare) Output() group.Scalar

func (*PedersenShare) UnmarshalBinary 

func (s *PedersenShare) UnmarshalBinary(data []byte) error

func (*PedersenShare) Verify 

func (s *PedersenShare) Verify() error

type PedersenSplitter 

type PedersenSplitter struct {
}

func (*PedersenSplitter) EmptyShare 

func (s *PedersenSplitter) EmptyShare() Share

func (*PedersenSplitter) EncodeSecret 

func (s *PedersenSplitter) EncodeSecret(secret []byte) []byte

func (PedersenSplitter) Name 

func (s PedersenSplitter) Name() string

func (*PedersenSplitter) RandomShare 

func (s *PedersenSplitter) RandomShare() Share

func (*PedersenSplitter) Recover 

func (s *PedersenSplitter) Recover(k int, shares []Share, validate bool) ([]byte, error)

func (*PedersenSplitter) Share 

func (s *PedersenSplitter) Share(k int, msg, randomness []byte) (Share, []byte)

type RandomizeContext 

type RandomizeContext struct {
	// contains filtered or unexported fields
}

func (RandomizeContext) Finalize 

func (c RandomizeContext) Finalize(response []byte) AggregateContext

type RandomizerConfig 

type RandomizerConfig interface {
	Name() string
	PublicConfig() RandomizerPublicConfig
	NewServer() RandomnessServer
}

func NewDefaultRandomizerConfig 

func NewDefaultRandomizerConfig() RandomizerConfig

type RandomizerPublicConfig 

type RandomizerPublicConfig interface {
	NewClient() RandomnessClient
}

type RandomnessClient 

type RandomnessClient interface {
	Blind(element []byte) (RandomnessClientState, []byte)
	IsVerifiable() bool
	Verify(input, authenticator []byte) ([]byte, error)
}

XXX(caw): Add a VerifiableRandomnessClient that includes a Verify function

type RandomnessClientState 

type RandomnessClientState interface {
	Finalize(evaluationResponse []byte) ([]byte, []byte)
}

type RandomnessServer 

type RandomnessServer interface {
	Evaluate(blindedElement []byte) []byte
}

type Report 

type Report struct {
	// contains filtered or unexported fields
}
struct {
	opaque encrypted_report<1..2^16-1>;
	opaque rand_share<1..2^16-1>;
	opaque commitment<1..2^16-1>;
  } Report;

func (*Report) Marshal 

func (r *Report) Marshal() []byte

func (*Report) Unmarshal 

func (r *Report) Unmarshal(data []byte) bool

type Ristretto255VOPRFClient 

type Ristretto255VOPRFClient struct {
	// contains filtered or unexported fields
}

func NewRistretto255VOPRFClient 

func NewRistretto255VOPRFClient(publicKey *oprf.PublicKey) Ristretto255VOPRFClient

func (Ristretto255VOPRFClient) Blind 

func (r Ristretto255VOPRFClient) Blind(element []byte) (RandomnessClientState, []byte)

XXX(caw): make this function fallible

func (Ristretto255VOPRFClient) IsVerifiable 

func (r Ristretto255VOPRFClient) IsVerifiable() bool

func (Ristretto255VOPRFClient) Verify 

func (r Ristretto255VOPRFClient) Verify(input, authenticator []byte) ([]byte, error)

type Ristretto255VOPRFServer 

type Ristretto255VOPRFServer struct {
	// contains filtered or unexported fields
}

func NewRistretto255VOPRFServer 

func NewRistretto255VOPRFServer(seed, info []byte) Ristretto255VOPRFServer

XXX(caw): make this function fallible

func (Ristretto255VOPRFServer) Evaluate 

func (r Ristretto255VOPRFServer) Evaluate(blindedElement []byte) []byte

XXX(caw): make this function fallible

type Ristretto255VRandomnessClientState 

type Ristretto255VRandomnessClientState struct {
	// contains filtered or unexported fields
}

func (Ristretto255VRandomnessClientState) Finalize 

func (state Ristretto255VRandomnessClientState) Finalize(evaluationResponse []byte) ([]byte, []byte)

XXX(caw): make this function fallible

type SecretSplitter 

type SecretSplitter interface {
	Name() string
	EmptyShare() Share
	RandomShare() Share
	EncodeSecret(msg []byte) []byte
	Share(k int, msg, randomness []byte) (Share, []byte)
	Recover(k int, shares []Share, validate bool) ([]byte, error)
}

type ShamirShare 

type ShamirShare struct {
	// contains filtered or unexported fields
}

func (*ShamirShare) Commitment 

func (s *ShamirShare) Commitment() []byte

func (*ShamirShare) Input 

func (s *ShamirShare) Input() group.Scalar

func (*ShamirShare) InputRaw 

func (s *ShamirShare) InputRaw() *big.Int

func (*ShamirShare) MarshalBinary 

func (s *ShamirShare) MarshalBinary() ([]byte, error)

func (*ShamirShare) MarshalBinaryCompress 

func (s *ShamirShare) MarshalBinaryCompress() ([]byte, error)

func (*ShamirShare) Output 

func (s *ShamirShare) Output() group.Scalar

func (*ShamirShare) UnmarshalBinary 

func (s *ShamirShare) UnmarshalBinary(data []byte) error

func (*ShamirShare) Verify 

func (s *ShamirShare) Verify() error

type ShamirSplitter 

type ShamirSplitter struct {
}

func (*ShamirSplitter) EmptyShare 

func (s *ShamirSplitter) EmptyShare() Share

func (*ShamirSplitter) EncodeSecret 

func (s *ShamirSplitter) EncodeSecret(secret []byte) []byte

func (ShamirSplitter) Name 

func (s ShamirSplitter) Name() string

func (*ShamirSplitter) RandomShare 

func (s *ShamirSplitter) RandomShare() Share

func (*ShamirSplitter) Recover 

func (s *ShamirSplitter) Recover(k int, shares []Share, validate bool) ([]byte, error)

func (*ShamirSplitter) Share 

func (s *ShamirSplitter) Share(k int, secret, randomness []byte) (Share, []byte)

type Share 

type Share interface {
	InputRaw() *big.Int // XXX(caw): get rid of this once we have a pow(..) like function on the Scalar interface
	Input() group.Scalar
	Output() group.Scalar
	Commitment() []byte
	Verify() error

	// BinaryMarshaler returns a byte representation of the scalar.
	encoding.BinaryMarshaler
	// BinaryUnmarshaler recovers a scalar from a byte representation produced
	// by encoding.BinaryMarshaler.
	encoding.BinaryUnmarshaler
}

XXX(caw): add an "IsValid" function that aggregators can query, or should shares "verify" upon decoding (like ristretto)?

type VOPRFRandomizerConfig 

type VOPRFRandomizerConfig struct {
	// contains filtered or unexported fields
}

func (VOPRFRandomizerConfig) Name 

func (c VOPRFRandomizerConfig) Name() string

func (VOPRFRandomizerConfig) NewServer 

func (c VOPRFRandomizerConfig) NewServer() RandomnessServer

func (VOPRFRandomizerConfig) PublicConfig 

func (c VOPRFRandomizerConfig) PublicConfig() RandomizerPublicConfig

type VOPRFRandomizerPublicConfig 

type VOPRFRandomizerPublicConfig struct {
	// contains filtered or unexported fields
}

func (VOPRFRandomizerPublicConfig) NewClient 

func (c VOPRFRandomizerPublicConfig) NewClient() RandomnessClient

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.