Merge pull request #74 from derekpierre/acp

ACP/ThresholdMessageKit Work

CHANGELOG.md

@@ -3,6 +3,24 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+
+## [0.12.0] - Unreleased
+
+### Changed
+
+- Modified `ThresholdDecryptionResponse`  to use `CiphertextHeader` and `AccessControlPolicy` to utilize encapsulation now provided by `ferveo`. ([#74])
+
+### Added
+
+- Added `ThresholdMessageKit` which is the representation of data encrypted via `ferveo` that utilizes data encapsulation and ephemeral symmetric key. ([#74])
+- Added `AccessControlPolicy` which contains access metadata (conditions, public key, authorization etc.) which forms part of the `ThresholdMessageKit`. ([#74])
+- Added `AuthenticatedData` which forms part of the `AccessControlPolicy` and is needed to ensure that the aad is consistent during encryption process and during decryption process. ([#74])
+- Added `encrypt_for_dkg` method for generation of `ferveo` `Ciphertext` and `AuthenticatedData`. ([#74])
+
+
+[#74]: https://github.com/nucypher/nucypher-core/pull/74
+
+
 ## [0.11.0] - 2023-08-01
 
 ### Changed

nucypher-core-python/Cargo.toml

@@ -11,7 +11,7 @@ crate-type = ["cdylib"]
 pyo3 = "0.18"
 nucypher-core = { path = "../nucypher-core" }
 umbral-pre = { version = "0.11.0", features = ["bindings-python"] }
-ferveo = { version = "0.2.1", package = "ferveo-pre-release", features = ["bindings-python"] }
+ferveo = { package = "ferveo-pre-release", git = "https://github.com/derekpierre/nucypher-ferveo.git", branch = "acp", features = ["bindings-python"] }
 derive_more = { version = "0.99", default-features = false, features = ["from", "as_ref"] }
 
 [build-dependencies]

nucypher-core-python/nucypher_core/__init__.py

@@ -17,6 +17,9 @@
     MetadataRequest,
     MetadataResponse,
     MetadataResponsePayload,
+    AccessControlPolicy,
+    AuthenticatedData,
+    ThresholdMessageKit,
     ThresholdDecryptionRequest,
     ThresholdDecryptionResponse,
     EncryptedThresholdDecryptionRequest,
@@ -25,4 +28,5 @@
     SessionStaticKey,
     SessionStaticSecret,
     SessionSecretFactory,
+    encrypt_for_dkg,
 )

nucypher-core-python/nucypher_core/__init__.pyi

@@ -11,9 +11,11 @@ from .umbral import (
 )
 
 from .ferveo import (
-    FerveoPublicKey,
     Ciphertext,
-    FerveoVariant
+    CiphertextHeader,
+    DkgPublicKey,
+    FerveoPublicKey,
+    FerveoVariant, SharedSecret,
 )
 
 
@@ -429,22 +431,89 @@ class MetadataResponse:
         ...
 
 
+@final
+class AuthenticatedData:
+
+    def __init__(self, public_key: DkgPublicKey, conditions: Optional[Conditions]):
+        ...
+
+    public_key: DkgPublicKey
+
+    conditions: Optional[Conditions]
+
+    def aad(self) -> bytes:
+        ...
+
+    @staticmethod
+    def from_bytes(data: bytes) -> AuthenticatedData:
+        ...
+
+    def __bytes__(self) -> bytes:
+        ...
+
+
+def encrypt_for_dkg(data: bytes, public_key: DkgPublicKey, conditions: Optional[Conditions]) -> Tuple[Ciphertext, AuthenticatedData]:
+    ...
+
+
+@final
+class AccessControlPolicy:
+
+    def __init__(self, auth_data: AuthenticatedData, authorization: bytes):
+        ...
+
+    public_key: DkgPublicKey
+
+    conditions: Optional[Conditions]
+
+    authorization: bytes
+
+    def aad(self) -> bytes:
+        ...
+
+    @staticmethod
+    def from_bytes(data: bytes) -> AccessControlPolicy:
+        ...
+
+    def __bytes__(self) -> bytes:
+        ...
+
+@final
+class ThresholdMessageKit:
+
+    def __init__(self, ciphertext: Ciphertext, acp: AccessControlPolicy):
+        ...
+
+    acp: AccessControlPolicy
+
+    ciphertext_header: CiphertextHeader
+
+    def decrypt_with_shared_secret(self, shared_secret: SharedSecret):
+        ...
+
+    @staticmethod
+    def from_bytes(data: bytes) -> ThresholdMessageKit:
+        ...
+
+    def __bytes__(self) -> bytes:
+        ...
+
+
 @final
 class ThresholdDecryptionRequest:
 
-    def __init__(self, ritual_id: int, variant: FerveoVariant, ciphertext: Ciphertext, conditions: Optional[Conditions],
-                 context: Optional[Context]):
+    def __init__(self, ritual_id: int, variant: FerveoVariant, ciphertext_header: CiphertextHeader, acp: AccessControlPolicy, context: Optional[Context]):
         ...
 
     ritual_id: int
 
-    conditions: Optional[Conditions]
+    acp: AccessControlPolicy
 
     context: Optional[Context]
 
     variant: FerveoVariant
 
-    ciphertext: Ciphertext
+    ciphertext_header: CiphertextHeader
 
     def encrypt(self, shared_secret: SessionSharedSecret,
                 requester_public_key: SessionStaticKey) -> EncryptedThresholdDecryptionRequest:

nucypher-core-python/nucypher_core/ferveo.py

@@ -35,3 +35,4 @@
 ValidatorsNotSorted = _ferveo.ValidatorsNotSorted
 ValidatorPublicKeyMismatch = _ferveo.ValidatorPublicKeyMismatch
 SerializationError = _ferveo.SerializationError
+CiphertextHeader = _ferveo.CiphertextHeader

nucypher-core-python/nucypher_core/ferveo.pyi

@@ -119,6 +119,9 @@ class Dkg:
 
 @final
 class Ciphertext:
+    header: CiphertextHeader
+    payload: bytes
+
     @staticmethod
     def from_bytes(data: bytes) -> Ciphertext:
         ...
@@ -127,6 +130,16 @@ class Ciphertext:
         ...
 
 
+@final
+class CiphertextHeader:
+    @staticmethod
+    def from_bytes(data: bytes) -> CiphertextHeader:
+        ...
+
+    def __bytes__(self) -> bytes:
+        ...
+
+
 @final
 class DecryptionShareSimple:
     @staticmethod
@@ -159,7 +172,7 @@ class AggregatedTranscript:
     def create_decryption_share_simple(
             self,
             dkg: Dkg,
-            ciphertext: Ciphertext,
+            ciphertext_header: CiphertextHeader,
             aad: bytes,
             validator_keypair: Keypair
     ) -> DecryptionShareSimple:
@@ -168,7 +181,7 @@ class AggregatedTranscript:
     def create_decryption_share_precomputed(
             self,
             dkg: Dkg,
-            ciphertext: Ciphertext,
+            ciphertext_header: CiphertextHeader,
             aad: bytes,
             validator_keypair: Keypair
     ) -> DecryptionSharePrecomputed: