Secure transport for running MPC protocols backed by Signal

Overview

MPC over Signal

Overview

This library provides a high-level interface for connecting to Signal Server and using it to exchange messages with other connected nodes (parties). Together with round_based crate, it allows you running any MPC protocol that implements round_based::StateMachine over secure transport backed by Signal.

Here is a demo showing how to use this library to run threshold BLS keygen & signing. For more details read our blog as well.

Self-hosted Signal Server

In order to be more confident in the server and to reduce the load on the original Signal Server, better option would be using self hosted Signal Server. The Signal Server code is open source and there are unofficial instructions on deploying it (here, here). This library is designed to work with any Signal-compatible API.

How to use it

Construct SignalClient

It is first required to specify how to reach the Signal Server. If using the Signal messenger Server, then the default settings are enough:

let client = SignalClient::new()?;

In case of self-hosted Signal Server, address and CA certificate must be set:

let mut root_certs = rustls::RootCertStore::empty();
root_certs
    .add_pem_file(&mut &include_bytes!("path/to/certificate.pem")[..])?;

let mut tls_config = rustls::ClientConfig::new();
tls_config.root_store = root_certs;

let client = awc::Client::builder()
    .connector(
        awc::Connector::new()
            .rustls(tls_config.into())
            .finish())
    .finish();

let mut builder = SignalClient::builder()?;
builder
    .set_server_host("https://localhost:1234/")?
    .set_http_client(client);
let client = builder.finish();

Link with Signal account

To communicate through Signal, obviously you need to have a Signal account. This library can only link with existing accounts, creating a new one is out of scope. Process of linking is the same as logging in to Signal Desktop: it is done by scanning the QR code with a mobile app.

use futures::channel::oneshot;
use rand::rngs::OsRng;

let (provision_url_tx, provision_url) = oneshot::channel();
let device_future = signal_client
    .login(&mut OsRng, provision_url_tx, "MPC device");

Method login takes oneshot channel and fires it when it got a provision URL. Provision URL should be rendered as QR code and scanned with a phone (linked device). After it has been scanned, device_future completes, and you can obtain your Device:

let device: Device = device_future.await?;

Distribute Public Identities

Before the parties can talk with each other, they need to know all counter parties identities.

Obtain a local party's identity:

let me: ParticipantIdentity = device.me();

Distribute it among group of parties you want to communicate with and receive their identities. Then construct a group that will run an MPC protocol:

// Order doesn't matter. It must include local party's identity too.
let group = Group::new(vec![me, party2, party3]); 

Start messaging

To construct a stream of incoming messages and sink for outgoing messages, call this:

let device = DeviceStore::new(device);

let mut binded_client = signal_client
    .start_listening_for_incoming_messages(device)
    .await?;
let (incoming, outgoing) = binded_client.join_computation(me.addr, group);

Now incoming and outgoing can be used to send or receive messages. Transmitting messages have type round_based::Msg<T> where T is any type implementing serde's Serialize and Deserialize traits.

To run an MPC protocol that implements round_based::StateMachine, use round_based::AsyncProtocol. See demo sources for details.

Supported Rust version

The only supported version is Rust Nightly 1.49.0. This is a limitation of libsignal-protocol crate.

License

MPC-over-Signal is released under the terms of the AGPLv3 license. See LICENSE for more information.

Development Process & Contact

This library is maintained by ZenGo-X. Contributions are highly welcomed! Besides GitHub issues and PRs, feel free to reach out by mail or join ZenGo X Telegram for discussions on code and research.

You might also like...
Cyg will help you to secure files in your repository directly using PGP encryption

cyg: Secure files in your repository Cyg will help you to secure files in your repository directly using PGP encryption. The name "cyg" was inspired b

Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

mpc, but implemented in Rust.

rsmpc mpc, but implemented in Rust. Note: This is not meant to be a direct implementation, there will be some differences. For example: I moved the op

Rosenpass is a formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data.

Rosenpass README This repository contains A description of the Rosenpass protocol The reference implementation of the protocol – the rosenpass tool A

 (Pre-Release Software) Secure, Encrypted, P2P chat written atop Warp, IPFS, LibP2P, Dioxus and many more awesome projects and protocols.
(Pre-Release Software) Secure, Encrypted, P2P chat written atop Warp, IPFS, LibP2P, Dioxus and many more awesome projects and protocols.

Uplink Privacy First, Modular, P2P messaging client built atop Warp. Uplink is written in pure Rust with a UI in Dioxus (which is also written in Rust

Secure mTLS and gRPC backed runtime daemon. Alternative to systemd. Written in Rust.

Auraed A runtime daemon written in Rust. Designed to run as pid 1 mTLS backed gRPC API over unix domain socket Run executables Run containers Run virt

Employ your built-in wetware pattern recognition and signal processing facilities to understand your network traffic

Nethoscope Employ your built-in wetware pattern recognition and signal processing facilities to understand your network traffic. Check video on how it

A thread-safe signal/slot library based on boost::signals2

About signals2 is a thread-safe signal/slot library based on the boost::signals2 C++ library. Signals are objects that contain a list of callback func

Tiny crate that allows to wait for a stop signal across multiple threads

Tiny crate that allows to wait for a stop signal across multiple threads. Helpful mostly in server applications that run indefinitely and need a signal for graceful shutdowns.

A modular command line digital signal processor built in rust

Ever wanted to pipe raw audio samples around in the terminal to impress your friends at a party? Well then, you've come to the right place.

MollySocket allows getting signal notifications via UnifiedPush.

MollySocket This software is still in alpha. MollySocket allows getting signal notifications via UnifiedPush. It works like a linked device, which doe

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

ARM TrustZone-M example application in Rust, both secure world side and non-secure world side

ARM TrustZone-M example application in Rust, both secure world side and non-secure world side; projects are modified from generated result of cortex-m-quickstart.

User-friendly secure computation engine based on secure multi-party computation
User-friendly secure computation engine based on secure multi-party computation

CipherCore If you have any questions, or, more generally, would like to discuss CipherCore, please join the Slack community. See a vastly extended ver

A µTP (Micro/uTorrent Transport Library) library implemented in Rust

rust-utp A Micro Transport Protocol library implemented in Rust. API documentation Overview The Micro Transport Protocol is a reliable transport proto

🥧 Savoury implementation of the QUIC transport protocol and HTTP/3

quiche is an implementation of the QUIC transport protocol and HTTP/3 as specified by the IETF. It provides a low level API for processing QUIC packet

fftp is the "Fast File Transport Protocol". It transfers files quickly between computers on a network with low overhead.

fftp fftp is the "Fast File Transport Protocol". It transfers files quickly between computers on a network with low overhead. Motivation FTP uses two

Rust bindings to the Wolfram Symbolic Transport Protocol (WSTP)

wstp Bindings to the Wolfram Symbolic Transfer Protocol (WSTP) library. This crate provides a set of safe and ergonomic bindings to the WSTP library,

CLI to query for public transport connections in switzerland

Swiss Public Transport CLI This is a simple tool to search public transport connections from one station to another, possible with a via. It uses the

Comments
  • Unresolved import libsignal_protocol::SenderKeyName, HKDF

    Unresolved import libsignal_protocol::SenderKeyName, HKDF

    Hi Team,

    I am currently trying to use the MPC library using signal but it seems that there are some missing imports (SenderKeyName, HKDF) from the library. I saw that there are a couple of changes made to the signal client library.

    May I know if the library used in this repository is the right one ? Currently it is pulling from here:

    [dependencies.libsignal-protocol] git = "https://github.com/signalapp/libsignal-client"

    Many thanks in advance!

    Erwin

    opened by Rwinwij 1
  • Use libsignal-service-rs ?

    Use libsignal-service-rs ?

    Hey! Full disclosure: I'm one of the main people behind https://github.com/Michael-F-Bryan/libsignal-service-rs/. I wonder why you folks rolled your own, and what would be missing in our library such that we can help each other? We already have unidentified senders (#4), for instance.

    Want to team up?

    opened by rubdos 5
  • Custom Error type

    Custom Error type

    Currently mpc-over-signal library uses anyhow::Error. It's good for prototyping, but generally it's preferred for a library to have custom Error types. This makes easier to reason about what can go wrong as good-defined Error type enumerates all the ways of getting an error. thiserror crate can be used.

    opened by survived 0
  • Actors' code is too complicated

    Actors' code is too complicated

    There're two actors that were introduced into the code to handle shared state more nicely. Though using actors pattern achieves its main goal here: no mutex or other sync primitives are used, code got very hard to read. I believe that the main reason why it looks odd is because of having long chains of .map() .then() methods in order to access to actor's state. Probably it would look better if it were written using this approach: Actors with Tokio

    opened by survived 0
Owner
[ZenGo X]
Threshold cryptography for blockchains. Projects with "city" in name are work in progress.
[ZenGo X]
A simple scanner that loops through ips and checks if a minecraft server is running on port 25565

scanolotl Scanolotl is a simple scanner that loops through ips and checks if a minecraft server is running on port 25565. Scanolotl can also preform a

JustFr33z 3 Jul 28, 2022
Rust library for building and running BPF/eBPF modules

RedBPF A Rust eBPF toolchain. Overview The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes: redbp

foniod 1.5k Jan 1, 2023
Checks whether the process is running as root/sudo/admin permission in Windows and Unix systems

Is_sudo Checks if program is running as sudo in unix systems, or using admin permission in windows. Usage use is_sudo::check; use is_sudo::RunningAs;

Spark 2 Aug 12, 2022
Secure drive wipe

Lethe A secure, free, cross-platform and open-source drive wiping utility. Should work with any HDD, SSD (read limitations) and flash drives. The usua

Konstantin Alexandroff 70 Dec 19, 2022
Secure multithreaded packet sniffer

sniffglue sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Projec

null 914 Dec 30, 2022
Secure sandboxing system for untrusted code execution

Godbox Secure sandboxing system for untrusted code execution. It uses isolate which uses specific functionnalities of the Linux kernel, thus godbox no

Nathanael Demacon 19 Dec 14, 2022
Cross-platform Secure TUI Secret Locker

SafeCloset keeps your secrets in password protected files. SafeCloset is designed to be convenient and avoid common weaknesses like external editing or temporary files written on disk.

Canop 63 Dec 26, 2022
Secure and fast microVMs for serverless computing.

Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads. Read more about the Firecracker Charter

firecracker-microvm 20.3k Jan 1, 2023
Secure storage for cryptographic secrets in Rust

secrets secrets is a library to help Rust programmers safely held cryptographic secrets in memory. It is mostly an ergonomic wrapper around the memory

Stephen Touset 165 Dec 22, 2022
Use Touch ID / Secure Enclave for SSH Authentication!

SeKey About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave

SeKey 2.3k Dec 26, 2022