Skip to content

hpicrypto/zkgroup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits

.github/workflows

.github/workflows

 
 

tests

tests

 
 

zkgroup

zkgroup

 
 

.gitignore

.gitignore

 
 

.mypy.ini

.mypy.ini

 
 

.pylintrc

.pylintrc

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

Zero-Knowledge Groups

A python implementation for Zero-Knowledge groups using the generic KVAC library.

Disclaimer

This module was developed as part of the 2022/23 Current Topics in Group Messaging seminar at the Hasso-Plattner-Institute (HPI) trying to reproduce the Signal Private Group system described by the paper "The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption" by Chase et al. Therefore, it is supposed to solely fulfill academic purposes.

THE AUTHORS DO NOT ASSUME RESPONSIBILITY FOR THE CORRECTNESS OF THE PERFORMED CRYPTOGRAPHIC OPERATIONS. THERE WAS NO REVIEW PERFORMED BY AN EXPERT. DO NOT USE THIS PROJECT IN A PRODUCTION ENVIRONMENT.

Usage

As this module is intended to demonstrate the usage of the KVAC library, there is not much point to using it as a standalone library. To verify that the implementation works, you can run the tests.

How it Works

This module is intended to demonstrate the usage of the KVAC library by implementing AuthCredentials and ProfileKeyCredentials as described in the Signal Private Group System paper, as well as demonstrate how to use them when performing the group management operations the authors describe.

To this end, the module implements a mock Server and Client, which are used to demonstrate the usage of the credentials. The Server is responsible for keeping the group state as well as controlling access to it, while the Client is responsible for performing the group management operations.

Note that this module does not contain any actual networking, messaging, or other capabilities that the authors of the aforementioned paper assume to exist, such as the capability to send end-to-end encrypted messages between individual users or the means to authenticate to the server.

More specifically, the Server:

  • generates two key pairs (one for Auth- and one for ProfileKeyCredentials),
  • keeps track of all groups and their state, and
  • keeps track of all ProfileKeyCommitments.

It also provides (among others) the following operations:

  • create_group: Creates a new group
  • delete_group: Deletes an existing group
  • add_member: Adds a new member to an existing group
  • remove_member: Removes a member from an existing group
  • fetch_group_members: Fetches the members of an existing group

To perform these operations, the Server uses the AuthCredentials to authenticate the Client, and the ProfileKeyCredentials to verify that the Client is authorized to perform the requested operation with regard to the target user (e.g., when adding a new member).

Meanwhile, the Client keeps track of the following:

  • Its UID and AuthCredential,
  • its own ProfileKey and the ProfileKeyCredentials for other users, and
  • the groups it is a member of.

It can use this information to anonymously perform the server operations described above.

For more details on these interactions, please check out the client and server components and refer to the Signal Private Group System paper.

Testing

PYTHONPATH+=":$PWD" pytest tests/

About

No description, website, or topics provided.

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

zkgroup 0.1.0 Latest
Feb 28, 2023

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages