v0.1.0-alpha.6

This release includes performance and stability improvements, as well as preparation work for future upgrades.

Unfortunately, the long-awaited Authdecode feature is not included in this release (sad trombone noises). However, we plan to release updates at a faster pace, so it will land soon™. Join our next office hours event to hear more about our priorities and what's next.

Highlights

mpz Upgrade

We have made significant improvements to mpz, the MPC library used by TLSNotary. This release includes enhancements to the handshake/online time of the protocol, reducing online time by up to 30% on higher latency connections, which should help alleviate server timeout issues. More improvements in this area will be included in future releases, supported by further upgrades to mpz.

GHASH Update

We've updated the 2PC-GHASH protocol so that the Prover no longer needs to reveal the MAC keys to the Verifier after the TLS connection is closed to perform consistency checks. This key revelation step was shown to be unnecessary by PADO in their Lightweight Authentication of Web Data via Garble-Then-Prove paper, demonstrating that semi-honest OLE is sufficient. We thank PADO Labs for their discussion and collaborative spirit.

Notary Client

We have added a client implementation in #489, which simplifies interacting with our reference Notary server. It handles the low-level details of setting up a notarization session, allowing developers to focus on their applications.

What's Changed

⛰️ Features

• Add notary client crate (#489)

🐛 Bug Fixes

• (tlsn-server-fixture) Update cert fixtures (#499)

🚜 Refactor

• Restructure notary crates (#508)
• (universal-hash) Mpz upgrade (#502)
• (key-exchange) Mpz upgrade (#496)
• (cipher) Mpz upgrade (#501)
• (prf) Mpz upgrade (#497)
• (prf) Relax hiding of transcript hash, optimize latency (#505)
• (aead) Mpz upgrade (#504)
• (tls-mpc) Mpz upgrade (#511)
• (tlsn) Mpz upgrade (#512)

📚 Documentation

• Miscellaneous fixups (#475)
• Fix style issues (#476)
• Fix style in components (except TLS) (#477)
• Update CONTRIBUTING.md (#483)

⚙️ Miscellaneous Tasks

• Refactor and improve CI build (#486)
• Update notary certificate (#519)
• Add rebase action (#515)
• (uid-mix) Delete crate, moved to tlsn-utils (#506)
• Remove stale test and clean up CI job (#514)
• Update CI configuration
• Bump mpz version

v0.1.0-alpha.5

This release delivers performance improvements, bug fixes, and updates to our example documentation. We've opted to release these enhancements early to support our community in time for the ETHDam hackathon.

The AuthDecode PR is scheduled for inclusion in our next release. This decision allows us to expedite the current update, ensuring you have access to the latest improvements as quickly as possible.

Highlights

Transcript Size Configuration

Independent limits are now set for the sent and received data transcripts. This adjustment allows for more precise specification of expected data volumes and complements the record layer preprocessing described below.

Record Layer Preprocessing

The MPC-TLS protocol now preprocess the MPC for the sent data transcript, adhering to the configured sent data transcript limit. This enhancement shortens connection times with the server and helps mitigate timeouts.

The default sent data limit is 4KB, but it can be adjusted to accommodate larger HTTP requests or reduced to minimize overall proving time. For configuration options, see ProverConfigBuilder and VerifierConfigBuilder (make sure their settings match!).

Interactive Verifier Example

Explore the interactive verifier example to utilize the protocol's "trustless" configuration, which omits Notary attestation and directly proves data to the Verifier.

What's Changed

• Update notary server README on frequently asked questions. by @yuroitaki in #441
• Show basic html info response for notary server's root endpoint by @heeckhau in #439
• feat: separate transcript size limits by @sinui0 in #435
• Update repo readme. by @yuroitaki in #450
• interactive verifier example by @heeckhau in #451
• fix(tlsn-formats): fix commitment error caused by empty headers by @sinui0 in #452
• feat: automated network benches by @sinui0 in #457
• feat: record layer preprocessing by @sinui0 in #455
• Feat/automate bench docker by @heeckhau in #460
• Deployment of multiple stable versions by @ntampakas in #459
• Add branches info in readme. by @yuroitaki in #467
• Correct branch links in readme. by @yuroitaki in #469
• Add api key whitelist hot reloading and small touch-up by @yuroitaki in #458
• Readme for interactive example by @heeckhau in #471
• Bump versions for release alpha.5. by @yuroitaki in #470
• fix: interactive example by @sinui0 in #472

Full Changelog: v0.1.0-alpha.4...v0.1.0-alpha.5

v0.1.0-alpha.4

Highlights

This release contains new features, performance optimizations, bugfixes and, of course, breaking changes!

Interactive Verifier

This release introduces support for directly proving the server identity to the MPC-TLS verifier and selective disclosure of the transcript. This configuration is important as it is the "trustless" variant of the protocol which does not rely on a third-party attestation (from a Notary).

Examples and additional documentation are coming soon™

Deferred Decryption

The new deferred decryption feature is one to take a look at. It is an optimization which can be activated when server response data can be decrypted after the TLS connection is closed. For example, you can activate it before sending a final HTTP request to the server, and it will defer decryption of the response.

The benefit of doing this is two-fold:

1. It significantly reduces upload bandwidth utilization from the Prover to the Verifier
2. It reduces CPU utilization for both parties.

Both of which can lead to large reductions in the total runtime of the protocol, particularly for a Prover with an asymmetric internet connection to the Verifier.

An example of how to use this feature is demonstrated in the twitter example.

This feature paves the way for massive performance increases in the future when we integrate VOLE-based interactive ZK proofs. Unlocking the ability to prove data on the order of megabytes.

Selective Disclosure API

This release provides a simplified API for selective disclosure of HTTP and JSON data. The previous release provided a rather clunky builder style API for generating commitments and proofs for both formats. The new commitment API is closer to a "visitor" style, and provides reasonable defaults that should cover most use-cases so you don't need to implement it yourself (unless you want to). For selective disclosure you get to work with the format types directly.

Check out the twitter example to see it in action.

What's Changed

Features

• Interactive verifier (#379) (#401)
• Tls-client backend buffer (#414)
• Deferred decryption (#416)
• Network simulation benches (#417)
• Default commit to entire http request/response (#433)

Performance

• Adjust mux config (#418)

Bug Fixes

• Use non_exhaustive instead of private zst (#428)
• Prevent duplicate json array commitment (#432)

Documentation

• Updated examples based on the Progcrypto workshop (#399)
• Add style guide (#411)
• Update Direction docs (#427)
• Remove dead argument docs (#429)

Refactor

• Use tls prf from tls-core in rc backend (#413)
• Add AEAD prove/verify + tag methods (#415)
• Tlsn-common mux module (#420)
• Selective disclosure api (#380)
• Update hyper and use http prover (#434)

Miscellaneous Tasks

• Clippy fix (#400)

New Contributors

• @ntampakas made their first contribution in #419

Full Changelog: v0.1.0-alpha.3...v0.1.0-alpha.4

v0.1.0-alpha.3

What's Changed

• Show badges on top of README page on GitHub by @heeckhau in #346
• Check that benches compile in GitHub workflow by @heeckhau in #350
• Yamux send tls closenotify by @yuroitaki in #355
• axum server fixture by @sinui0 in #356
• tlsn-core fixtures by @sinui0 in #359
• chore: restore cert tests by @sinui0 in #361
• Migrate notary-server repo by @yuroitaki in #358
• Fix PRF benchmark by @0xvon in #363
• Tidy up examples folder. by @yuroitaki in #362
• Modify notary url parsing to make it generic for both ip and domain by @yuroitaki in #366
• feat: selective disclosure tooling by @sinui0 in #335
• refactor: tlsn-verifier by @sinui0 in #360
• Also redact some received data in simple_prover by @heeckhau in #370
• Enable clippy for examples in ci build by @heeckhau in #373
• perf: pre-garble key exchange and PRF by @sinui0 in #371
• Adapted readme for docker image by @th4s in #382
• Replace std::time::SystemTime::now to support wasm32 by @mhchia in #383
• Add auth middleware, info endpoint to notary server by @yuroitaki in #368
• Make CORS permissive by @mhchia in #385
• feat: stream cipher zk by @sinui0 in #384
• fix: unused doc comment by @sinui0 in #386
• Make tls optional between prover and notary. by @yuroitaki in #387
• Add git commit hash and timestamp to info endpoint by @yuroitaki in #392
• Use ring v0.17 by @mhchia in #391
• Optimise test to use release profile to speed up notary server integration test by @yuroitaki in #393
• Use ring 0.17 in prf tests too by @heeckhau in #395
• Add ci build for WASM target for specific packages by @heeckhau in #394
• Bump version for release 0.1.0-alpha.3 by @yuroitaki in #397

New Contributors

• @0xvon made their first contribution in #363
• @mhchia made their first contribution in #383

Full Changelog: v0.1.0-alpha.2...v0.1.0-alpha.3

v0.1.0-alpha.2

Changes

• Publish rustdoc to docs folder by @heeckhau in #337
• feat: add add_pem() to RootCertStore by @themighty1 in #338
• fix: sort merkle indices by @sinui0 in #343
• refactor: simplify verifier flow by @sinui0 in #341
• Discord example by @sinui0 in #345

v0.1.0-alpha.1

First alpha release!