Skip to content
/ hab Public

Post-quantum hash-based message stream authentication protocol.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

FrankMejzlik/hab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

150 Commits
.vscode
.vscode
 
 
benchmark
benchmark
 
 
examples
examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

HAB

This software is a part of the Master thesis of Frantisek Mejzlik titled Fast hash-based signing protocol for message stream authentication.

Hash-based Authentication Broadcaster (HAB in short) is a library for broadcasting and receiving authenticated data streams using a protocol built upon hash-based few-time signatures (e.g. HORST; the HORST scheme is also implemented and published by this crate as HorstSigScheme).

Beware that the HORST scheme is vulnerable to adaptive chosen-message and weak-message attacks, and even if this use case does not allow the attacker to get his messages signed, it should not be used for production builds. Schemes without known vulnerabilities (e.g. FORS) should be used for production builds.

It's important to note that the protocol implementation is independent of the few-time signature scheme used. One can implement a different signature scheme that implements FtsSchemeTrait and use it to parametrise the Sender and Receiver instances.

The crate is not yet suitable for production builds. Please see the Limitations section.

Prerequisites

  • Operating system: The crate should work fine on common modern Linux distributions, Windows NT systems and MacOS. Though, it was explicitly tested with Debian 11 and Windows 10/11.
  • Rust compiler: Version 1.58 or higher.
  • Dependencies: Not all used third-party crates may be written in pure Rust and may depend on some libraries (standard shared object libraries) that must be installed in the system. These are usually easy to install using the system package manager (apt, yum, ...). If so, the compiler will let you know what library is missing.

Build

# A debug build
cargo build
# A release build
cargo build --release

Usage

To use the library, it is quite straightforward.

// BROADCASTER
println!("Running the example broadcaster at '{}'...", params.sender_addr);
let mut bcaster = Sender::<SignerInst>::new(params);
loop {
    let data = read_input();
    println!("SEND: |{}|", String::from_utf8_lossy(&data));
    if let Err(e) = bcaster.broadcast(data) {
        eprintln!("Failed to broadcast! ERROR: {e}");
        continue;
    }
}

// RECEIVER
println!("Running the example receiver that receives from '{}'...", params.target_addr);
let mut receiver = Receiver::<SignerInst>::new(params);
loop {
    let msg = match receiver.receive() {
        Ok(x) => x,
        Err(e) => {
            eprintln!("Unable to receive! ERROR: {e}");
            continue;
        }
    };
    println!("RECV: |{:?}|{}|{}|", msg.authentication, msg.seq, String::from_utf8_lossy(&msg.message));
}

For more, please see the examples for broadcaster and receiver together with the documentation.

Implementing a custom few-time signature scheme

The Sender and Receiver structs expect one generic type parameter and that is a few-time signature scheme.

struct Sender<Signer: FtsSchemeTrait> { ... }
struct Receiver<Signer: FtsSchemeTrait> { ... }

So your signature scheme must implement the FtsScheme trait. That's it! Once you have that, your signature scheme will work as a drop-in replacement for the bundled-in HORST scheme.

Examples

# Runs the broadcaster that broadcasts the datetime string periodically
cargo run --example broadcaster
# Runs the receiver that receivers the datetime broadcasted by the broadcaster above
cargo run --example receiver

Complex example

The complex example usage is demonstrated in the separate directory audibro. Please head there to see how the library can be used for real-time audio broadcasting software.

Documentation

To see the developer documentation, run the following. The documentation will be built and shown in your default browser.

cargo doc --open

Known limitations

This crate is still in proof-of-concept state and therefore there are some things to keep in mind when using it.

  • The crate is not-optimized. It is in the state of proof-of-concept and the performance is quite poor.
  • The crate is not thoroughly tested and is not suitable for production application.

Any collaboration and improvements are very welcome.

License

Copyright © 2023 Frantisek Mejzlik frankmejzlik@proton.me

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

Post-quantum hash-based message stream authentication protocol.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages