Comment on page
3P-TLS and MPC
What is TLS(Transport Layer Security)
TLS (Transport Layer Security) is a cryptographic protocol designed to secure communications across computer networks. It succeeds SSL (Secure Sockets Layer) and is widely used to safeguard HTTP (Hypertext Transfer Protocol) transactions, including those related to online shopping, email, and other sensitive data transfers.
TLS 1.0, the first version of TLS, was introduced in 1999 as a derivative of SSL 3.0. Subsequent versions, such as TLS 1.1 in 2006, TLS 1.2 in 2008, and TLS 1.3 in 2018, brought new features and improved security.
The TLS protocol employs a combination of asymmetric and symmetric cryptography. Asymmetric cryptography, also known as public-key cryptography, establishes secure connections between parties by exchanging public keys for encryption and decryption. Conversely, symmetric cryptography is used to encrypt and decrypt the data transmitted between parties.
To ensure the zkPass Protocol offers broad compatibility and rapid data source access, we've restructured nearly all TLS components using efficient Oblivious Transfer Extension (OTE) and Multi-Party Computation (MPC) algorithms. We've expanded the standard 2-party TLS protocol to include a 3-party TLS protocol. Consequently, any HTTPS website accessed via a browser becomes a potential data source for the zkPass Protocol. This enhancement significantly bolsters the trusted identity layer of Web3, unlocking infinite possibilities within the Web3 landscape.
Multi-party Computation (MPC) has its origins in the millionaire problem, which was proposed by Andrew Yao in 1982. MPC enables participants to collectively compute a function using their private inputs without revealing the inputs themselves. Even if one or more parties are compromised during the computation, MPC ensures the confidentiality of the participants' original secret data and guarantees the accuracy of the function's output.
Since the development of MPC theory, several specialized techniques have emerged, including Garbled Circuits (GC), Secret Sharing (SS), Homomorphic Encryption (HE), and Oblivious Transfer (OT). Each of these techniques addresses different aspects of privacy-preserving computation, offering unique security properties and performance characteristics.
The zkPass Protocol requires a significant number of bitwise operations. As a result, high-performance Oblivious Transfer Extension (OTE) and Garbled Circuits (GC) algorithms were chosen for implementation. These algorithms optimize the efficiency of secure computations while maintaining robust privacy guarantees, making them an ideal fit for the complex requirements of the zkPass Protocol. By utilizing these advanced MPC techniques, the zkPass Protocol can deliver a privacy-preserving, high-performance identity solution that meets the demands of the Web3 ecosystem.
In the 3P-TLS protocol, there are three key players: S, who serves as a trusted data source, P, the Prover/user, and V, the zkPass node. P and V collaborate as a client to establish secure communication with S through a series of stages.
The first stage involves a three-party handshake protocol. Here, P, V, and S collectively generate session keys. P and V each obtain a share of these keys. This is achieved using the Paillier encryption algorithm, which offers additive homomorphism. The pre-master key is divided into two parts, with P and V receiving one-half each, while S retains the complete pre-master key. Importantly, to prevent the client from forging fake websites, after the Client and Server exchange greetings, the Client will ask the Server to return the certificate. The subsequent key exchange phase also includes the server’s public key signature, which is signed by the private key of the certificate. This allows V within the Client to also obtain the certificate and signature for verification, ensuring trust in the data source.
In steps 6 and 7, P and V engage in MPC to compute the encryption key (enc_key) for data protection and the message authentication code key (mac_key) for data integrity. It’s essential to note that V only possesses a share of the mac_key and no enc_key. This ensures that V cannot access the user’s private information. In contrast, P holds a share of the mac_key, granting access to specific identity information without the ability to tamper with it. Any tampering can be detected by verifying message authenticity using the mac_key.
Steps 8 and 9 follow standard TLS protocol procedures for application data. In steps 10 to 12, P and V exchange keys in preparation for an upcoming phase involving zero-knowledge proofs.
At this point, the three-party TLS protocol concludes. The MPC algorithm of zkPass has undergone significant optimization in terms of communication time, hash functions for Garbler, Evaluator, and OT, as well as memory copying operations. This has resulted in an efficiency improvement of over threefold. Additionally, a new AES128 proof method has been adopted which has reduced the number of blocks by 300 times and improved Garbler/Evaluator execution time tenfold. Specifically, zkPass employs Silent OT for OT operations, effectively reducing offline network communication during OT generation. In terms of Garbled Circuits, zkPass utilizes Stacked GC which significantly reduces the size of Garbled Circuits thereby decreasing online communication and execution time. This overall optimization has substantially reduced the runtime of the entire MPC process.