This repository is a decentralized access control system for off-chain service supporting fair access and policy confidentiality.

• Time-based secret management is constructed by zero-knowledge proofs, HTLPs and verifiable secret sharing.
  • VTSS contains the vss and HTLP module.
  • ZK contains the zero-knowledge proof circuit.
  • VE contains the verifiable encryption module.
  • FE contains the functional encryption module.
  • JWT contains the JSON Web Token module.
• Private access policies is constructed by the garbling scheme and the secure two party computation protocol
  • GC contains the garbled circuit module.
    • yao contains the yao's garbled circuit implementation.
    • utils contains the utility functions for socket communication and prime calculation.
  • mp-spdz contains the secure two party computation protocol.
  • circuits contains the boolean circuits.
  • data contains the plaintext and ciphertext data owned by the service provider.
• main.py is the main module for the service provider, access controller and client.

This project is built using Rust, Python and Circom in Linux system. The following instructions will guide you through the installation of the necessary dependencies.

On Debian (Bullseye / 11 and later) or Ubuntu (Eoan / 19.10 and later):

sudo apt update
sudo apt install build-essential libsodium23 python3-dev libgmp3-dev m4 nodejs npm

To have Rust available in your system, you can install rustup. If you’re using Linux or macOS, open a terminal and enter the following command:

curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | sh

git clone https://github.com/iden3/circom.git
cd circom
cargo build --release
cargo install --path circom

curl -LSfs get.zokrat.es | sh

npm install -g snarkjs

Download Python 3.7 or higher

Install pbc library

wget https://crypto.stanford.edu/pbc/files/pbc-0.5.14.tar.gz
tar -xvf pbc-0.5.14.tar.gz
cd pbc-0.5.14
./configure
make
sudo make install

Install Charm-Crypto

git clone https://github.com/JHUISI/charm.git
cd charm
./configure.sh
make
sudo make install
python setup.py install --user

sudo npm install -g ganache-cli

wget https://dist.ipfs.tech/go-ipfs/v0.7.0/go-ipfs_v0.7.0_linux-amd64.tar.gz
tar -xvzf go-ipfs_v0.7.0_linux-amd64.tar.gz
cd go-ipfs
sudo bash install.sh
chmod +x /usr/local/bin/ipfs
ipfs init
ipfs daemon

git clone https://github.com/faderer/heimdall.git
cd heimdall
pip install -r requirements.txt
cd ZK
cargo build --release
cd ..
cd VE
python secret_nft/compile_zk.py

1. By default all tests are done on the local network. You can edit the network informations in GC/utils.py.
2. Start the IPFS daemon: ipfs daemon.
3. Run the access controller (Bob): make bob.
4. In another terminal, run the service provider (Alice): python3 main.py alice -c <circuit.json>.
5. In another terminal, run the client (Carol): make carol.

First, Alice will send the encrypted data to the IPFS network and send the garbled circuit to Bob. Then, Alice will split the secret key and send them to Bob. Upon recieving the request from Carol, Alice will send the labels information to Carol. After recieving the labels information, Carol will send the encoded input to Bob with zero-knowledge proof. Bob will then verify the zero-knowledge proof, evaluate the garbled circuit and send the secret shares to Carol. Carol will then reconstruct the secret key and decrypt the data downloaded from IPFS.

1.Encrypt the puzzle
2.Garble the circuit
3.Split the secret
4.Encrypt the data and send the ciphertext to IPFS
5.Time puzzle decrypted
6.Proof generated
7.Verification successful
8.Secret recovered
9.Decrypted file: data/financial_info_down.txt.dec