Problem: no way for mls member to prove invalid ciphertext (fixes #1797)

Solution: sketched out core of "NACK" mechanism which involves revealing shared secrets from invalid message parts and including DLEQ proofs. -- currently, needs: 1) latest master of p256 which contains scalar arithmetic (not yet released) 2) for the high-level API, it needs to directly decrypt HPKE ciphertext from a shared secret -- this may not ever be released also needs "verify_node_private_key" from #2018
crypto-com · Jul 30, 2020 · ebcc923 · ebcc923
1 parent 0f24178
commit ebcc923
Show file tree

Hide file tree

Showing 9 changed files with 735 additions and 12 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -60,3 +60,5 @@ default-members = [
 ring = { git = "https://github.com/crypto-com/ring.git", rev = "bdbcc7041095f028d49d9fecd7edcf26d6083274" }
 # FIXME: use upstream when merged
 sha2 = { git = "https://github.com/crypto-com/hashes.git", rev = "289d5b76f2163a3808010341ed1df3cb156d97e1" }
+# FIXME: before official spec has a solution
+hpke = { git = "https://github.com/crypto-com/rust-hpke.git", rev = "25686eb87d2862535b1d5107d74e2ac8bd992bae" }
diff --git a/chain-tx-enclave-next/mls/Cargo.toml b/chain-tx-enclave-next/mls/Cargo.toml
@@ -22,6 +22,10 @@ chrono="0.4.13"
 ra-client = { path = "../enclave-ra/ra-client" }
 subtle = "2.2.3"
 chain-util = { path = "../../chain-util" }
+# FIXME: use upstream when released
+p256 = { version = "0.3.0", features = ["arithmetic", "zeroize"], git = "https://github.com/crypto-com/elliptic-curves.git", rev = "15df32b45d8395a1e00eeb3873e1266063e1ec53" }
+zeroize = "1.1"
+parity-scale-codec = { features = ["derive"], default-features = false, version = "1.3" }
 
 [dev-dependencies]
 chrono = "0.4"