|
|
@@ -0,0 +1,76 @@
|
|
|
+# ZXAD implementation docker image
|
|
|
+
|
|
|
+ZXAD (pronounced "zed-zad") is a zero-knowledge based _private_ Tor
|
|
|
+exit abuse detection system. ZXAD detects large-volume traffic attacks
|
|
|
+without revealing any information, apart from the fact that some user is
|
|
|
+conveying a high volume of traffic through Tor.
|
|
|
+
|
|
|
+See [our technical report on eprint](https://eprint.iacr.org/2021/374)
|
|
|
+for more information:
|
|
|
+
|
|
|
+Akshaya Mani and Ian Goldberg. "ZXAD: Zero-knowledge Exit Abuse
|
|
|
+Detection for Tor". ePrint technical report 2021/374.
|
|
|
+
|
|
|
+This repository contains a docker image with the source code of a
|
|
|
+kyber-based implementation (in go) and a libsnark-based implementation
|
|
|
+(in C++), as well as timing scripts.
|
|
|
+
|
|
|
+## Creating the docker image
|
|
|
+
|
|
|
+You can either build the docker image yourself with `./build-docker`,
|
|
|
+_or_ download and install the image with `./download-docker` (note:
|
|
|
+718MB download!). Either method will create a docker image named
|
|
|
+`zxad`.
|
|
|
+
|
|
|
+## Running the docker image
|
|
|
+
|
|
|
+Run the image in the usual way: `docker run -it zxad bash`
|
|
|
+
|
|
|
+## Running the libsnark-based experiments
|
|
|
+
|
|
|
+The libsnark-based code is in the `snarkcode` directory:
|
|
|
+
|
|
|
+ * `cd snarkcode`
|
|
|
+ * `./run_timings`
|
|
|
+ * Wait a while for it to finish. It will write its output to the file `zxad_mnt4_true.out`
|
|
|
+ * `./get_timings < zxad_mnt4_true.out > zxad_timings.csv` will output
|
|
|
+ a csv with the measured timings.
|
|
|
+
|
|
|
+ The first few columns are:
|
|
|
+ * mnt4 or mnt6: which curve the zkSNARK is over (defaults to mnt4)
|
|
|
+ * true or false: whether the G2 group cofactor is cleared inside the
|
|
|
+ zkSNARK itself (defaults to true)
|
|
|
+ * the maximum number of unlinkable connections to a given webserver
|
|
|
+ allowed
|
|
|
+
|
|
|
+ The remaining columns are the name of each step of the proof or
|
|
|
+ verification, and the time for that step in milliseconds.
|
|
|
+
|
|
|
+## Running the kyber-based experiments
|
|
|
+
|
|
|
+The kyber-based code is in the `code` directory:
|
|
|
+
|
|
|
+* `cd code/src`
|
|
|
+
|
|
|
+The three benchmarks can be run by:
|
|
|
+
|
|
|
+1. Blind signature transfer and BLS signature
|
|
|
+
|
|
|
+ * `cd Bproof/benchmark/`
|
|
|
+ * `./benchmark.sh [no_of_iterations]` will write output to benchmark.csv
|
|
|
+ * Run without argument for default value (no_of_iterations = 2500) used in the paper.
|
|
|
+ * The columns in benchmark.csv are the iteration number, the BLS timing, the proving time, the verifying time, and the proof size.
|
|
|
+
|
|
|
+2. Circuit token proof
|
|
|
+ * `cd Circuitproof/benchmark/`
|
|
|
+ * `./benchmark.sh [no_of_iterations]` will write output to benchmark.csv
|
|
|
+ * Run without argument for default value (no_of_iterations = 2500) used in the paper.
|
|
|
+ * The columns in benchmark.csv are the iteration number, the proving time, the verifying time, and the proof size.
|
|
|
+
|
|
|
+3. Stream token proof and Hash to G1
|
|
|
+ * `cd Streamproof/benchmark/`
|
|
|
+ * `./benchmark.sh [no_of_iterations] [ring_length]` will write output to benchmark.csv
|
|
|
+ * Run without arguments for default value (no_of_iterations = 100 and ring_length = 25) used in the paper.
|
|
|
+ * The columns in benchmark.csv are the ring size, the iteration number, the hash to G1 timing, the proving time, the verifying time, and the proof size.
|
|
|
+
|
|
|
+The proving and verifying times for the stream token proof are in milliseconds. All other timings are in microseconds. All proof sizes are in bytes.
|
