v0.1.0-alpha.7

Highlights

The main feature of this release is a rewrite of tlsn-core summarized below:

• Improved the structure of attestations
  • Header has a static smol size and now includes a version tag and unique identifier
  • Body fields are now merkelized so that only fields necessary to prove desired statements need to be included
  • Body is forward-compatible with new kinds of fields (for example, new kinds of commitments)
• Added a Request pattern which will allow a Prover to configure aspects of the attestation depending on what the Notary supports.
  • This paves the way for custom extensions, eg #342
• Further encapsulated various kinds of proofs
  • ServerIdentityProof proves the server name using the certificate chain
  • AttestationProof proves the Notary signature and attestation body
  • TranscriptProof proves subsequences of the transcript using the encoding or hash commitments.
• Extensible cryptographic algorithms via CryptoProvider (inspired by rustls).
  • Added keccak256 and sha256 to officially supported, including user provided custom algorithms.
  • Added secp256k1 signatures, including user provided custom algorithms.
• Added a new PlaintextHash commitment type (not fully exposed yet) which will be implemented with authdecode. See #479
• Encapsulated more logic into this crate in the form of builders, reducing API surface area and making it more difficult to misuse.

We are open to requests for adding more officially supported algorithms, please open an issue. We already plan to add Poseidon hashes with popular parameters, such as being circomlib compatible.

Check out the API docs!

In addition to the tlsn-core rewrite there are numerous stability, error handling and ergonomic improvements. Including consolidating all our crates into a single workspace, which improved compile times.

What's Changed

🚀 Features

• (tlsn-wasm) Wasm bindings (#536)
• (wasm) No-bundler flag (#546)
• Add protocol configuration negotiation (#513)
• Make defer-decryption default
• (wasm) Clone getters (#600)
• (wasm) Expose presentation verifying key

🐛 Bug Fixes

• Miscellaneous fixes on documentations (#528)
• Clippy gh action and linting (#531)
• Notary cd (#538)
• Correct paths following repo reorg (#554)
• Repair wasm build. (#567)
• Check if already committed in commit (#568)
• Aead unit tests no longer deadlock
• (wasm) Attestation.deserialize should return Attestation (#597)
• (verifier) Correct error display (#599)
• Clippy fix too_long_first_doc_paragraph in enum_builders
• (core) Remove serde flatten
• (wasm) Remove presentation verify from test
• (examples) Fix examples for alpha.7 release (#603)

🚜 Refactor

• Consolidate workspaces (#537)
• Modularize server-fixture (#563)
• (core) Alpha.7 rewrite (#574)

📚 Documentation

• Fix links in README.md (#544)
• Fix and improve interactive example (#552)
• Describe execution modes (#464)
• Fix typos (#569)
• Added note about "format on save" to the contribution guide
• Add section about linting to contribution guide
• Rustfmt wrap_comments (#611)
• (core) Additional documentation and examples (#613)
• Correct foldername in examples readme (#624)

⚙️ Miscellaneous Tasks

• Add check to identify number of stable versions deployed (#532)
• Cleanup after workspace consolidation
• Extend tls certs perpetually (#555)
• Temporarily disable deadlocked tests in aead (#547)
• (examples) Remove examples, fix bug (#585)
• Add favicon to wasm-test-runner to avoid 404 in tests
• Run test with debug logging, not the build
• Remove clippy::blocks_in_conditions (#592)
• (notary) Change fixture pub key to compressed form (#623)
• Prepare alpha.7 release (#620)
• Core-rewrite unit tests (#608)

New Contributors

• @valo made their first contribution in #592

Full Changelog: v0.1.0-alpha.6...v0.1.0-alpha.7

v0.1.0-alpha.6

This release includes performance and stability improvements, as well as preparation work for future upgrades.

Unfortunately, the long-awaited Authdecode feature is not included in this release (sad trombone noises). However, we plan to release updates at a faster pace, so it will land soon™. Join our next office hours event to hear more about our priorities and what's next.

Highlights

mpz Upgrade

We have made significant improvements to mpz, the MPC library used by TLSNotary. This release includes enhancements to the handshake/online time of the protocol, reducing online time by up to 30% on higher latency connections, which should help alleviate server timeout issues. More improvements in this area will be included in future releases, supported by further upgrades to mpz.

GHASH Update

We've updated the 2PC-GHASH protocol so that the Prover no longer needs to reveal the MAC keys to the Verifier after the TLS connection is closed to perform consistency checks. This key revelation step was shown to be unnecessary by PADO in their Lightweight Authentication of Web Data via Garble-Then-Prove paper, demonstrating that semi-honest OLE is sufficient. We thank PADO Labs for their discussion and collaborative spirit.

Notary Client

We have added a client implementation in #489, which simplifies interacting with our reference Notary server. It handles the low-level details of setting up a notarization session, allowing developers to focus on their applications.

What's Changed

⛰️ Features

• Add notary client crate (#489)

🐛 Bug Fixes

• (tlsn-server-fixture) Update cert fixtures (#499)

🚜 Refactor

• Restructure notary crates (#508)
• (universal-hash) Mpz upgrade (#502)
• (key-exchange) Mpz upgrade (#496)
• (cipher) Mpz upgrade (#501)
• (prf) Mpz upgrade (#497)
• (prf) Relax hiding of transcript hash, optimize latency (#505)
• (aead) Mpz upgrade (#504)
• (tls-mpc) Mpz upgrade (#511)
• (tlsn) Mpz upgrade (#512)

📚 Documentation

• Miscellaneous fixups (#475)
• Fix style issues (#476)
• Fix style in components (except TLS) (#477)
• Update CONTRIBUTING.md (#483)

⚙️ Miscellaneous Tasks

• Refactor and improve CI build (#486)
• Update notary certificate (#519)
• Add rebase action (#515)
• (uid-mix) Delete crate, moved to tlsn-utils (#506)
• Remove stale test and clean up CI job (#514)
• Update CI configuration
• Bump mpz version

v0.1.0-alpha.5

This release delivers performance improvements, bug fixes, and updates to our example documentation. We've opted to release these enhancements early to support our community in time for the ETHDam hackathon.

The AuthDecode PR is scheduled for inclusion in our next release. This decision allows us to expedite the current update, ensuring you have access to the latest improvements as quickly as possible.

Highlights

Transcript Size Configuration

Independent limits are now set for the sent and received data transcripts. This adjustment allows for more precise specification of expected data volumes and complements the record layer preprocessing described below.

Record Layer Preprocessing

The MPC-TLS protocol now preprocess the MPC for the sent data transcript, adhering to the configured sent data transcript limit. This enhancement shortens connection times with the server and helps mitigate timeouts.

The default sent data limit is 4KB, but it can be adjusted to accommodate larger HTTP requests or reduced to minimize overall proving time. For configuration options, see ProverConfigBuilder and VerifierConfigBuilder (make sure their settings match!).

Interactive Verifier Example

Explore the interactive verifier example to utilize the protocol's "trustless" configuration, which omits Notary attestation and directly proves data to the Verifier.

What's Changed

• Update notary server README on frequently asked questions. by @yuroitaki in #441
• Show basic html info response for notary server's root endpoint by @heeckhau in #439
• feat: separate transcript size limits by @sinui0 in #435
• Update repo readme. by @yuroitaki in #450
• interactive verifier example by @heeckhau in #451
• fix(tlsn-formats): fix commitment error caused by empty headers by @sinui0 in #452
• feat: automated network benches by @sinui0 in #457
• feat: record layer preprocessing by @sinui0 in #455
• Feat/automate bench docker by @heeckhau in #460
• Deployment of multiple stable versions by @ntampakas in #459
• Add branches info in readme. by @yuroitaki in #467
• Correct branch links in readme. by @yuroitaki in #469
• Add api key whitelist hot reloading and small touch-up by @yuroitaki in #458
• Readme for interactive example by @heeckhau in #471
• Bump versions for release alpha.5. by @yuroitaki in #470
• fix: interactive example by @sinui0 in #472

Full Changelog: v0.1.0-alpha.4...v0.1.0-alpha.5

v0.1.0-alpha.4

Highlights

This release contains new features, performance optimizations, bugfixes and, of course, breaking changes!

Interactive Verifier

This release introduces support for directly proving the server identity to the MPC-TLS verifier and selective disclosure of the transcript. This configuration is important as it is the "trustless" variant of the protocol which does not rely on a third-party attestation (from a Notary).

Examples and additional documentation are coming soon™

Deferred Decryption

The new deferred decryption feature is one to take a look at. It is an optimization which can be activated when server response data can be decrypted after the TLS connection is closed. For example, you can activate it before sending a final HTTP request to the server, and it will defer decryption of the response.

The benefit of doing this is two-fold:

1. It significantly reduces upload bandwidth utilization from the Prover to the Verifier
2. It reduces CPU utilization for both parties.

Both of which can lead to large reductions in the total runtime of the protocol, particularly for a Prover with an asymmetric internet connection to the Verifier.

An example of how to use this feature is demonstrated in the twitter example.

This feature paves the way for massive performance increases in the future when we integrate VOLE-based interactive ZK proofs. Unlocking the ability to prove data on the order of megabytes.

Selective Disclosure API

This release provides a simplified API for selective disclosure of HTTP and JSON data. The previous release provided a rather clunky builder style API for generating commitments and proofs for both formats. The new commitment API is closer to a "visitor" style, and provides reasonable defaults that should cover most use-cases so you don't need to implement it yourself (unless you want to). For selective disclosure you get to work with the format types directly.

Check out the twitter example to see it in action.

What's Changed

Features

• Interactive verifier (#379) (#401)
• Tls-client backend buffer (#414)
• Deferred decryption (#416)
• Network simulation benches (#417)
• Default commit to entire http request/response (#433)

Performance

• Adjust mux config (#418)

Bug Fixes

• Use non_exhaustive instead of private zst (#428)
• Prevent duplicate json array commitment (#432)

Documentation

• Updated examples based on the Progcrypto workshop (#399)
• Add style guide (#411)
• Update Direction docs (#427)
• Remove dead argument docs (#429)

Refactor

• Use tls prf from tls-core in rc backend (#413)
• Add AEAD prove/verify + tag methods (#415)
• Tlsn-common mux module (#420)
• Selective disclosure api (#380)
• Update hyper and use http prover (#434)

Miscellaneous Tasks

• Clippy fix (#400)

New Contributors

• @ntampakas made their first contribution in #419

Full Changelog: v0.1.0-alpha.3...v0.1.0-alpha.4

v0.1.0-alpha.3

What's Changed

• Show badges on top of README page on GitHub by @heeckhau in #346
• Check that benches compile in GitHub workflow by @heeckhau in #350
• Yamux send tls closenotify by @yuroitaki in #355
• axum server fixture by @sinui0 in #356
• tlsn-core fixtures by @sinui0 in #359
• chore: restore cert tests by @sinui0 in #361
• Migrate notary-server repo by @yuroitaki in #358
• Fix PRF benchmark by @0xvon in #363
• Tidy up examples folder. by @yuroitaki in #362
• Modify notary url parsing to make it generic for both ip and domain by @yuroitaki in #366
• feat: selective disclosure tooling by @sinui0 in #335
• refactor: tlsn-verifier by @sinui0 in #360
• Also redact some received data in simple_prover by @heeckhau in #370
• Enable clippy for examples in ci build by @heeckhau in #373
• perf: pre-garble key exchange and PRF by @sinui0 in #371
• Adapted readme for docker image by @th4s in #382
• Replace std::time::SystemTime::now to support wasm32 by @mhchia in #383
• Add auth middleware, info endpoint to notary server by @yuroitaki in #368
• Make CORS permissive by @mhchia in #385
• feat: stream cipher zk by @sinui0 in #384
• fix: unused doc comment by @sinui0 in #386
• Make tls optional between prover and notary. by @yuroitaki in #387
• Add git commit hash and timestamp to info endpoint by @yuroitaki in #392
• Use ring v0.17 by @mhchia in #391
• Optimise test to use release profile to speed up notary server integration test by @yuroitaki in #393
• Use ring 0.17 in prf tests too by @heeckhau in #395
• Add ci build for WASM target for specific packages by @heeckhau in #394
• Bump version for release 0.1.0-alpha.3 by @yuroitaki in #397

New Contributors

• @0xvon made their first contribution in #363
• @mhchia made their first contribution in #383

Full Changelog: v0.1.0-alpha.2...v0.1.0-alpha.3

v0.1.0-alpha.2

Changes

• Publish rustdoc to docs folder by @heeckhau in #337
• feat: add add_pem() to RootCertStore by @themighty1 in #338
• fix: sort merkle indices by @sinui0 in #343
• refactor: simplify verifier flow by @sinui0 in #341
• Discord example by @sinui0 in #345

v0.1.0-alpha.1

First alpha release!