Browse Source

ZXAD docker repo

Ian Goldberg 1 year ago
commit
ebff7199b4
5 changed files with 127 additions and 0 deletions
  1. 76 0
      README.md
  2. 3 0
      build-docker
  3. 39 0
      docker/Dockerfile
  4. 8 0
      download-docker
  5. 1 0
      zxad-image.tar.gz.sha256

+ 76 - 0
README.md

@@ -0,0 +1,76 @@
+# ZXAD implementation docker image
+
+ZXAD (pronounced "zed-zad") is a zero-knowledge based _private_ Tor
+exit abuse detection system.  ZXAD detects large-volume traffic attacks
+without revealing any information, apart from the fact that some user is
+conveying a high volume of traffic through Tor.
+
+See [our technical report on eprint](https://eprint.iacr.org/2021/374)
+for more information:
+
+Akshaya Mani and Ian Goldberg. "ZXAD: Zero-knowledge Exit Abuse
+Detection for Tor".  ePrint technical report 2021/374.
+
+This repository contains a docker image with the source code of a
+kyber-based implementation (in go) and a libsnark-based implementation
+(in C++), as well as timing scripts.
+
+## Creating the docker image
+
+You can either build the docker image yourself with `./build-docker`,
+_or_ download and install the image with `./download-docker` (note:
+718MB download!).  Either method will create a docker image named
+`zxad`.
+
+## Running the docker image
+
+Run the image in the usual way: `docker run -it zxad bash`
+
+## Running the libsnark-based experiments
+
+The libsnark-based code is in the `snarkcode` directory:
+
+  * `cd snarkcode`
+  * `./run_timings`
+  * Wait a while for it to finish.  It will write its output to the file `zxad_mnt4_true.out`
+  * `./get_timings < zxad_mnt4_true.out > zxad_timings.csv` will output
+    a csv with the measured timings.
+    
+    The first few columns are:
+    * mnt4 or mnt6: which curve the zkSNARK is over (defaults to mnt4)
+    * true or false: whether the G2 group cofactor is cleared inside the
+      zkSNARK itself (defaults to true)
+    * the maximum number of unlinkable connections to a given webserver
+      allowed
+
+    The remaining columns are the name of each step of the proof or
+    verification, and the time for that step in milliseconds.
+
+## Running the kyber-based experiments
+
+The kyber-based code is in the `code` directory:
+
+* `cd code/src`
+
+The three benchmarks can be run by:
+
+1. Blind signature transfer and BLS signature
+
+      * `cd Bproof/benchmark/`
+      * `./benchmark.sh [no_of_iterations]` will write output to benchmark.csv
+      * Run without argument for default value (no_of_iterations = 2500) used in the paper.
+      * The columns in benchmark.csv are the iteration number, the BLS timing, the proving time, the verifying time, and the proof size.
+
+2. Circuit token proof
+      * `cd Circuitproof/benchmark/`
+      * `./benchmark.sh [no_of_iterations]` will write output to benchmark.csv
+      * Run without argument for default value (no_of_iterations = 2500) used in the paper.
+      * The columns in benchmark.csv are the iteration number, the proving time, the verifying time, and the proof size.
+
+3. Stream token proof and Hash to G1
+      * `cd Streamproof/benchmark/`
+      * `./benchmark.sh [no_of_iterations] [ring_length]` will write output to benchmark.csv
+      * Run without arguments for default value (no_of_iterations = 100 and ring_length = 25) used in the paper.
+      * The columns in benchmark.csv are the ring size, the iteration number, the hash to G1 timing, the proving time, the verifying time, and the proof size.
+
+The proving and verifying times for the stream token proof are in milliseconds. All other timings are in microseconds. All proof sizes are in bytes.

+ 3 - 0
build-docker

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+cd docker && docker build $* -t zxad .

+ 39 - 0
docker/Dockerfile

@@ -0,0 +1,39 @@
+FROM ubuntu:16.04
+
+RUN apt update && apt install -y wget git build-essential cmake \
+    libgmp-dev libprocps4-dev libssl-dev pkg-config sudo \
+    libboost-all-dev perl
+
+WORKDIR /root
+
+# This is the version of go we used, so we pin it for replicability.
+# It's likely newer versions will also work, however.
+RUN wget https://golang.org/dl/go1.13.5.linux-amd64.tar.gz
+RUN tar -C /usr/local -xzvvf go1.13.5.linux-amd64.tar.gz
+RUN cd /usr/local/bin && ln -s ../go/bin/* .
+
+RUN useradd -ms /bin/bash zxad
+RUN adduser zxad sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+
+USER zxad
+WORKDIR /home/zxad
+
+# Our version of kyber patched to support hash-to-G2, while our pull
+# requests are pending:
+# https://github.com/dedis/kyber/pull/424 (merged)
+# https://github.com/dedis/kyber/pull/428 (not yet)
+RUN git clone git://git-crysp.uwaterloo.ca/zxad/kyber
+RUN cd kyber/pairing/bn256 && go test -v ./...
+
+RUN git clone git://git-crysp.uwaterloo.ca/zxad/code
+RUN cd code && go get -d ./...
+# Replace the downloaded kyber with our version above
+RUN cd go/src/go.dedis.ch && rm -rf kyber && ln -s ../../../kyber .
+RUN cd code/src && \
+    for i in */benchmark; do ( cd $i; go build ); done
+
+RUN git clone git://git-crysp.uwaterloo.ca/zxad/snarkcode
+RUN cd snarkcode && git submodule update --init --recursive && \
+    cd libsnark && mkdir build && cd build && cmake -DCURVE=BN128 .. && \
+    make -j8 && cd ../.. && make -j8 zxad

+ 8 - 0
download-docker

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Fetch the prebuilt docker image and check its checksum
+wget https://crysp.uwaterloo.ca/software/zxad/zxad-image.tar.gz
+sha256sum -c zxad-image.tar.gz.sha256 || exit 1
+
+# Load the downloaded image
+docker load < zxad-image.tar.gz

+ 1 - 0
zxad-image.tar.gz.sha256

@@ -0,0 +1 @@
+b73f29e7995af849b077c50d2ee263043baed7cf5ab3aaa2fe13141735c23cad  zxad-image.tar.gz