Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AccessControlPolicy (ACP) and ThresholdMessageKit #3194

Merged
merged 24 commits into from
Aug 27, 2023
Merged

AccessControlPolicy (ACP) and ThresholdMessageKit #3194

merged 24 commits into from
Aug 27, 2023

Conversation

derekpierre
Copy link
Member

@derekpierre derekpierre commented Jul 25, 2023
edited by KPrasch
Loading

Type of PR:

  • Bugfix
  • Feature
  • Documentation
  • Other

Required reviews:

  • 1
  • 2
  • 3

What this does:

High-level idea of the changes introduced in this PR.
List relevant API changes (if any), as well as related PRs and issues.

Issues fixed/closed:
Related to:

Closes:

Depends on:

Why it's needed:

Explain how this PR fits in the greater context of the NuCypher Network.
E.g., if this PR address a nucypher/productdev issue, let reviewers know!

Notes for reviewers:

What should reviewers focus on?
Is there a particular commit/function/section of your PR that requires more attention from reviewers?

@codecov
Copy link

codecov bot commented Jul 25, 2023
edited
Loading

Codecov Report

Merging #3194 (a9cce0b) into development (44d36df) will increase coverage by 0.00%.
Report is 1 commits behind head on development.
The diff coverage is 91.66%.

@@             Coverage Diff              @@
##           development    #3194   +/-   ##
============================================
  Coverage        78.59%   78.60%           
============================================
  Files              112      112           
  Lines            11616    11624    +8     
============================================
+ Hits              9130     9137    +7     
- Misses            2486     2487    +1
Flag Coverage Δ
acceptance 87.66% <100.00%> (+0.06%) ⬆️
integration 71.54% <90.47%> (+0.04%) ⬆️
unit 57.42% <26.31%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
nucypher/crypto/powers.py 86.63% <ø> (ø)
nucypher/blockchain/eth/agents.py 54.52% <50.00%> (-0.02%) ⬇️
nucypher/network/server.py 76.47% <83.33%> (+0.22%) ⬆️
nucypher/blockchain/eth/actors.py 81.81% <100.00%> (-0.12%) ⬇️
nucypher/characters/chaotic.py 99.02% <100.00%> (ø)
nucypher/characters/lawful.py 84.38% <100.00%> (+0.05%) ⬆️
nucypher/crypto/ferveo/dkg.py 86.11% <100.00%> (ø)
tests/acceptance/actors/test_dkg_ritual.py 96.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

KPrasch
KPrasch reviewed Jul 25, 2023
View reviewed changes
nucypher/characters/lawful.py Outdated
@@ -1466,11 +1469,26 @@ def encrypt_for_pre(
)
return message_kit

def encrypt_for_dkg(self, plaintext: bytes, conditions: Lingo) -> Ciphertext:
def encrypt_for_dkg(self, plaintext: bytes, conditions: Lingo) -> DkgMessageKit:
Copy link
Member

@KPrasch KPrasch Jul 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also want to take a pause here to build on my above comment and revisit the discussion about keeping the developer/user-facing abstraction Ciphertext. Perhaps we don't need a new name here, just a new format?

@derekpierre derekpierre mentioned this pull request Jul 26, 2023
Closed
@derekpierre derekpierre mentioned this pull request Jul 27, 2023
Closed
@derekpierre derekpierre changed the title [WIP] AccessControlPolicy (ACP) and MessageKit [WIP] AccessControlPolicy (ACP) and ThresholdMessageKit Jul 28, 2023
@cygnusv cygnusv mentioned this pull request Aug 3, 2023
Merged
8 tasks
@derekpierre derekpierre mentioned this pull request Aug 8, 2023
Closed
piotr-roslaniec
piotr-roslaniec reviewed Aug 14, 2023
View reviewed changes
nucypher/core.py Outdated Show resolved Hide resolved
@piotr-roslaniec
Copy link
Contributor

Is the progress of this issue blocked by anything?

AFAIK ThresholdMessageKit will be rewritten into nucypher-core. There are also some references to possible changes in ferveo. Would it be helpful if we scoped them, maybe finalizing this issue?

@piotr-roslaniec piotr-roslaniec mentioned this pull request Aug 14, 2023
Merged
@derekpierre
Copy link
Member Author

Is the progress of this issue blocked by anything?

AFAIK ThresholdMessageKit will be rewritten into nucypher-core. There are also some references to possible changes in ferveo. Would it be helpful if we scoped them, maybe finalizing this issue?

Resolving nucypher/ferveo#154 / nucypher/ferveo#155 would help. Once those are nailed down then the ideas from that can be incorporated here to see what nucypher-core could look like. Then just transfer the changes to nucypher-core. It's simpler when things are clearer on the python side.

This was referenced Aug 16, 2023
Merged
Merged
Closed
Closed
Closed
derekpierre added a commit to derekpierre/nucypher that referenced this pull request Aug 22, 2023
@derekpierre
Add newsfragment for nucypher#3194.
cb24b78
@derekpierre @KPrasch
Update threshold_decrypt to take a DkgMessageKit instead of ciphertex…
a84680e 
…t and conditions.
@derekpierre @KPrasch
Rename DkgMessageKit to ThresholdMessageKit.
f93f1b1
@derekpierre @KPrasch
Add the ability for Ursula to use the ACP, obtained from the modified…
98cbe16 
… ThresholdDecryptionRequest, to check whether the data is encrypted by an authorized party.

Stub method added to CoordinatorAgent for now.
@derekpierre @KPrasch
Fix chaotic characters to work with latest ThresholdDecryptionRequest…
6bb6d0c 
… modifications.
@derekpierre @KPrasch
Use ciphertext hash as the digest value when determining whether the …
d55a956 
…encrypted data was produced by an authorized party.
@derekpierre @KPrasch
Pretend that we receive a kem_ciphertext and dem_ciphertext from ferv…
8c959e0 
…eo - fake it for now by using the same ciphertext for both. ThresholdMessageKit includes both ciphertexts, but the ThresholdDecryptionRequest only requires the kem_ciphertext.
@derekpierre @KPrasch
Fix test affected by member variable naming change to ThresholdMessag…
04a0c02 
…eKit.
@derekpierre @KPrasch
Use fernet symmetric encryption as a stop gap measure until ferveo pr…
51e78a1 
…ovides kem/dem functionality.
@derekpierre @KPrasch
Move KEM/DEM logic to ThresholdMessageKit, and add ACP.aad() function…
fc9edd9 
… - the AAD can be controlled by versioning but the TMK dictates the AAD and so must be linked somehow with the ACP.aad() function. For now this is done via a compatibility check function.
@derekpierre @KPrasch
Fix serialization of updated FerveoVariant - workaround since I'm dea…
12f4f43 
…ling in Python space and not `nucypher-core`.
@derekpierre @KPrasch
Not the cleanest but mimic ciphertext header / payload from conversat…
ed4a8fb 
…ions in ferveo#155.
@derekpierre @KPrasch
Remove fake python core shim, and use actual nucypher_core objects no…
ce3d399 
…w that they are available via associated nucypher-core PR.
@derekpierre @KPrasch
Fix alignment to make linter happy.
68e9e3d
@derekpierre @KPrasch
Incorporate latest changes from ferveo and nucypher-core that exposes…
a75c5da 
… key encapsulation so that only encrypted symmetric key and associated data (CiphertextHeader) are included in ThresholdDecryptionRequest.
@derekpierre @KPrasch
Update dev version of nucypher-core to use.
30cb008
@derekpierre @KPrasch
Use ciphertext header for authorization.
131c042
@derekpierre @KPrasch
Use latest AuthenticatedData/AccessControlPolicy updated types for en…
6dfb7e3 
…cryption.

Finally remove python core shim.
@derekpierre @KPrasch
Move allow logic authorization check before evalulation of conditions.
8021d36 
Add TODO for actually calling contract to determine allow logic authorization.
@derekpierre @KPrasch
Use encrypt_for_dkg function from nucypher-core so that Authenticat…
62b4ed7 
…edData is returned as part of encryption.
@derekpierre @KPrasch
Utilize efficiency improvements to ThresholdMessageKit that ensures t…
03ca66b 
…hat Ciphertext is not needlessly copied between python layer and Rust later.

Allow ciphertext header to be directly obtained without needing to first get the Ciphertext.
Move decryption of ferveo encrypted data into a method on ThresholdMessageKit so that the Ciphertext data can be used directly in Rust layer, and not pulled into python to then pass
it back into the Rust layer for decryption.
@derekpierre @KPrasch
Add newsfragment for nucypher#3194.
a9cce0b
@KPrasch
Copy link
Member

KPrasch commented Aug 27, 2023

rebased @ 2fc713b

@KPrasch KPrasch merged commit 8ae3452 into nucypher:development Aug 27, 2023
6 of 7 checks passed
This was referenced Aug 30, 2023
Closed
Closed
Merged
@derekpierre derekpierre mentioned this pull request Sep 14, 2023
Closed
KPrasch pushed a commit that referenced this pull request Nov 30, 2023
@derekpierre @KPrasch
Add newsfragment for #3194.
2f25ee9
@arjunhassard arjunhassard mentioned this pull request Feb 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@piotr-roslaniec piotr-roslaniec piotr-roslaniec approved these changes

@KPrasch KPrasch KPrasch approved these changes

@jMyles jMyles Awaiting requested review from jMyles

@cygnusv cygnusv Awaiting requested review from cygnusv

@theref theref Awaiting requested review from theref

@manumonti manumonti Awaiting requested review from manumonti

Assignees

@KPrasch KPrasch

@derekpierre derekpierre

Labels
None yet
Projects
v7.0.0 (TACo)
Status: Completed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@derekpierre @piotr-roslaniec @KPrasch