All notable changes to this project will be documented in this file.
- Change
AxistoDimensionwith a clear distinction betweenOrderedandUnordered. - Create a
Dictionarydata structure to store and updateOrdered Dimensionefficiently - Change the data structure of
MasterSecretKeyandUserSecretKeyto keep track of subkeys version. - Policy does not count the attribute rotations anymore as they are stored in the subkeys.
- a
UserSecretKeycan now be refreshed without any externalPolicyinformation. - Internalize
Policyparsing method from the KMS to improve encapsulation.
- KMAC compute deterministic & Policy edit edge case (#117)
- Add KMAC to attest the authenticity of user keys (#114) and make policy editable (#115):
-
In Covercrypt, we have the following properties:
the number of attribute values grows with the number of attribute modifications performed: rotations add a new value for an existing attribute while attribute creations add a new attribute with a new value; the number of partitions is equal to the number of combinations of attribute values that can be created by using one value associated to an attribute from each axis; the number of keys in each master key is equal to the number of partitions that can be created using their associated policy.
-
Hence, if a great number of attributes are created or a great number of rotations are performed, the size of both the policy and the master keys will grow drastically.
-
To prevent this, we need to allow dropping attribute values from the policy:
removing an attribute from a policy axis could prevent the number of attributes from growing too big; retaining only a given number of values per attribute could allow purging the policy from old rotated attribute values.
-
Then a master key update should synchronize the master keys with the updated policy.
-
Note: this is not a problem for user secret keys since they generally hold a small subset of the policy rights; they also can be purged from old sub-keys at each refresh by setting the keep_old_rights parameter to false which prevents rotations from rendering them unmanageable.
-
- Support
crypto_corev9.2.0
- Update crypto_core to 9.1.0
- patched kyber seed security issue
- use CryptoCore v9.0
- remove generics
- update namings to follow paper updates
- harden zeroization of private data
- Update cryptographic paper and README.md
- Fix formulas + describe how partitions work
- Release 11.0.1 in order to upgrade crypto_core and use ECIES
- Missing github caches cleanup
- Decrypt test example
- Update readme
- [breaking] Move all interfaces (FFI, Wasm, pyo3) to
cloudproof_rustrepository - remove unneeded dependencies
- remove inline macros
- remove serde wherever possible
- Add autopublish action
- Re-expose non-regression mechanism
- Update readme with benchmarks and sizes
- Merge AbePolicy
- Adapt FFI, WASM and pyo3 interfaces
- Update KMS version
- Rebase externals repos
- hybridized version of CoverCrypt using Kyber
- all serializations
- directory structure
- most of
core::partition
- CI: verify inter-compatibility between Java, JS, Flutter and python
- python publish
- speedup ci
- non regression test vectors with different encryption policies
- PyO3 functions signature is exported via a python interface file
- improve serialization
- new python interfaces based on objects rather than functions covering a broader range of functionalities
- add FFI call to convert a policy expression to JSON
webassembly_hybrid_decryptnow returns a binary format containing the metadata and the decrypted value (leb128 length + metadata + decrypted value)
- added encrypt / decrypt to FFI
build.shonly build for features FFI for GLIBC_2.17- no encryption in header if additional data is empty
- change
wasmtarget toweb
- instantiated types in
statics.rs Serializabletrait
- use
Shake256to derive keys - use constant generics instead of
GenericArray - make
EncryptedHeadergeneric - make
ClearTextHeadergeneric - use EAKEM (cf MR)
UserSecretKey::xis now aHashSet(Partitions are removed)CoverCrypt::encaps()now takes anAccessPolicy- replace
Hc128byChaCha12Rngas RNG
Metadata
README.md
- expose boolean Access Policy parsing in WASM
- CI: use KMS version from Gitlab variable
- Update license
- Rename library
cover_crypttocosmian_cover_crypt
- Strip symbols on release for native library (libcover_crypt.so)
- Adapt CI for
cosmian_js_libtests: - populate postgres and postgrest docker containers
- Simplify CI tests on
cosmian_js_libandcosmian_java_lib
- Enable tests on
cosmian_js_libandcosmian_java_lib - Auto NPM publish on tags
- Fix error message on invalid size errors.
write_array::<Length>()read_array::<Length>()
read_array()->read_vec()write_array()->write_vec()bytes_ser_deis now private
- Use CryptoCore v2.0.0
- Serialization saves some more bytes
- Remove
Partitions fromEncapsulations: now CoverCrypt returns a vector of symmetric keys whendecaps. These keys should be tried on real symmetric ciphertexts in order to determine which is the good one. This works because symmetric ciphertexts are authenticated.
- bug in public key rotation
- Documentation
- Use CryptoCore v1.0
- rename two
statics.rsAPIs
- serialization
write_array()now takes a slice as argument - replace some
Vec::new()byVec::with_capacity()
- Implements the new version of CoverCrypt (V2).
-bumped crypto_base to 2.1.0
- Attributes rotation; wrong update of the master keys
- Returns in FFI functions (before exiting) the required pre-allocated out buffer size when buffer is too small
- Use
abe_policylibrary.
- Remove
policy.rsfrom the library
- Bump the cosmian_crypto_base version
- [pyo3 + JS/bindgen + FFI] Add CoverCrypt attributes rotation mechanism
- Fix access policy to partitions
- Add Gitlab CI .gitlab-ci.yml
- [pyo3] Add Rust bindings for Python thanks to Pyo3
- API changed:
to_bytesbecometry_to_bytesforPrivateKeyandPublicKey
- [JS/bindgen + FFI] Add ABE keys generation
- [pyo3] Add ABE keys generation
- Complete revamp of encoding of encapsulations and keys for a much more compact size. CipherTexts are NOT compatible with those of the 1.x releases
- [JS/bindgen] Add
webassembly_encrypt_hybrid_block
- Fix decryption header with invalid first bytes in encrypted header
- fix zero length metadata bug + fix symmetric overhead size bug + bump crypto_base to 1.2.2
- Cosmian Attributes Based Encryption (ABE) implementation 1.0.0