diff --git a/implementation-profiles/profile.md b/implementation-profiles/profile.md new file mode 100644 index 0000000..3bd94ad --- /dev/null +++ b/implementation-profiles/profile.md @@ -0,0 +1,73 @@ +# DP3-T Implementation profile +Against version 2020/4/8 of the whitepaper + +## Design 2 + +### General + +Byte sequences are 8 bit octed strings. + +### Generating Empheral IDs + +The H is an SHA256 as per per RFC 6234 + +TRUNKCATE128() takes the first 32 bytes (of the 64 byte SHA256) + +Test vector: + + Seed: 0000000000000000000000000000000000000000000000000000000000000000 + (i.e. 0x00, 0x00 .. 0x00 32 bytes) + H (seed): 66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925 + TRUNKCATE128(H(seed)): + 66687aadf862bd776c8fc18b8e9f8e20 + +### Local storare / handling of ‘t’ + +‘t’ is a network order (big endian) unsigned 32 bit number. I.e. the number 1 is encoded transmitted as 0x00, 0x00, 0x00, 0x01 on the wire. + +‘t’ contains the unix UTC/Z timestamp as defined by RFC 3339. + +So the H(EphID||t) stored is a SHA256 taken over 16 + 4 = 20 sequentiel bytes in that order (EphID, then time). + +Test vector: + + Time: 2020-4-10 00:00:00 UTC + T = 1586476800 + 5E8FB700 (4 bytes) + EphID || t = + 66687aadf862bd776c8fc18b8e9f8e201586476800) (16+4 butes) + H(EphID || t) + 109708e29597623f56fd365ba92f1c717ca23994aabd7939822909c465cb10a5 (32 bytes) + +### Cuckoo filter and serialisation + +The depth of the Cuckoo filter shall be 4. + +The Cuckoo filter shall be serialised as: + +- Depth: unsigned 32 bit integer (A) +- Number of slots: unsigned 32 bit integer (S) +- Number of buckets: unsigned 32 bit integer (B) +- Buckets B x ( A x slotsID) +- with the slotID an unsigned 32 bit integer. +- Slots(numbered 0 .. slotsID) S x ( key ) +- with the key a 31 bit unsigned int; +- the topbit denotes a populated (0) or empty (1) slot. + +### Cuckoo filter publication + +The filter should be published prefixed by an RFC3161 timestamp. + + + + +## Design 1 + +The PRF used is HMAC-SHA256 as per RFC 6234 and RFC 2104 - and and where Skt_ is used as the `key’ and the string “broadcast key” (without trailing \0, i.e. exactly those 13 US-ASCII characters is the plaintext. + +The PRG used is AES128 in counter mode; with the IV set to a 128 bit unsigned number in network order (i.e the first IV is a byte array if [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 ]) we start at 0, not 1 + +and the plaintext 128 bits of 0’s. + + + diff --git a/implementation-profiles/vectors.c b/implementation-profiles/vectors.c new file mode 100644 index 0000000..bb34191 --- /dev/null +++ b/implementation-profiles/vectors.c @@ -0,0 +1,66 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + + +void printhex(uint8_t * hashed_seed, size_t len) { + for(int i = 0; i < len; i++) + printf("%02x",hashed_seed[i]); + printf(" (size %lu)\n", len); +}; + +int main(int argc, char ** argv) { + SHA256_CTX sha256; + + uint8_t seed[ 32 ]; + bzero(seed,sizeof(seed)); + + printf("Seed:\t\t"); printhex(seed,sizeof(seed)); + + uint8_t hashed_seed[32]; + SHA256_Init(&sha256); + SHA256_Update(&sha256, seed, 32); + SHA256_Final(hashed_seed, &sha256); + printf("H(Seed):\t\t"); printhex(hashed_seed, 32); + + printf("TRUNCATE128(H(Seed)):\t"); printhex(hashed_seed, 128 / 8 ); + + struct tm ts = { + .tm_sec = 0, .tm_min = 0, .tm_hour = 0, + .tm_mon = 3, .tm_year = 120, + .tm_wday = 5, + .tm_isdst = 0, .tm_gmtoff = 0 + }; + + time_t t = timegm(&ts); + printf("Time:\t\t%lu\n", t); + uint8_t tbuff[4]; + *(uint32_t *)tbuff= htonl(t); + + printf("t:\t\t"); printhex(tbuff,4); + + uint8_t ephid_concat_t[16 + 4]; + bcopy(hashed_seed, ephid_concat_t + 0, 16); + bcopy(tbuff ,ephid_concat_t + 16, 4); + + printf("ephid||t:\t\t"); printhex(ephid_concat_t, 16+4); + + uint8_t hash[32]; + SHA256_Init(&sha256); + SHA256_Update(&sha256, ephid_concat_t, 16 + 4); + SHA256_Final(hash, &sha256); + printf("H(E || t)):\t"); printhex(hash, 32); + +}