from rendez.vous import reunion
Project description
REUNION
REUNION: rendezvous unobservability
This is the reference implementation of the REUNION cryptographic redezvous protocol.
What is REUNION?
REUNION is a privacy preserving transitionally post-quantum cryptographic protocol for rendezvous between two or more participants. With the use of an arbitrary shared passphrase and an agreed upon location or communications medium, two or more participants may exchange a message, usually contact information such as addresses or public keys.
Status of reunion implementing REUNION
This is pre-release software, under active development.
How to use REUNION?
It may be used on a local-area network with multicast with
reunion-on-an-ethernet or experimentally with reunion-client for use with a
reunion-server.
Using REUNION on an ethernet
After installing the Python reunion module it is possible to run purpose
built specific commands for the specific usecase that is interesting:
$ reunion-on-an-ethernet --help
Usage: reunion-on-an-ethernet [OPTIONS]
This implements REUNION on an ethernet.
If you run it with no arguments, you will be prompted for a passphrase and
message.
Options:
-I, --interval INTEGER Interval at which to start new sessions [default:
60]
--multicast-group TEXT [default: 224.3.29.71]
--bind-addr TEXT [default: 0.0.0.0]
--port INTEGER [default: 9005]
--reveal-once Only reveal the message to the first person with the
correct passphrase
--passphrase TEXT The passphrase
--message TEXT The message
--help Show this message and exit.
Using REUNION on a Single Point of Failure (SPOF)
Using reunion outside of a local-area network is possible. We have
implemented a web server in reunion-server. The reunion-server is a
location where reunion clients may send and receive messsages to run the
REUNION protocol.
The reunion-server program provides an HTTP interface which by design is
bound only to localhost by default:
$ reunion-server
mode http
* Serving Flask app 'reunion.server'
* Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on http://127.0.0.1:5000
Press CTRL+C to quit
The reunion-client client program connects to a reunion-server and
performs REUNION protocol runs until it is manually stopped:
$ reunion-client --msg 'hello world' --passphrase 'I am a jelly donut'
ReunionSession API
The reunion module provides an API for Python developers to integrate the
REUNION protocol into their applications. Import it from the rendez package
with: from rendez.vous import reunion to use it.
The reunion.session python module provides a sans IO implementation of the
cryptographic protocol which applications can use. So far, reunion.multicast
is the only user of this module.
Notes
-
There is no replay protection here. In the ReunionSession API, replays of the same t2 to the same t1 should always produce the same t3, regardless of if it is a dummy. Applications are currently responsible for implementing replay protection if they desire it.
-
Deviating slightly from the algorithm in the paper, we introduce a new value
dummy_seedwhich is used with an Hkdf to produce dummy t3 messages. REUNION as described in the paper requires replay protection to maintain unobservability, as its dummy t3s are specified to be random while it's legitimate t3s are deterministic. -
Different T2 messages from the same T1 will produce different T3s. The latest T2 received from a given T1 is used when computing the decryption key for its incoming T3 messages.
-
The size of the payload is not specified here. Applications may implement their own requirement that T1 messages be a fixed size, but the ReunionSession API does not require them to do so.
Setting up REUNION for development
We recommend using a Python virtual environment and installing the rendez
package with pip in editable mode:
python -m venv venv
source venv/bin/activate
pip install -e .
Running the tests
Run the test suite with pytest:
pytest -v
Building a Debian package
Generate a Debian package (e.g.: python3-rendez) for local use:
make deb
This is a deterministic reproducible build.
Running the local Woodpecker continuous integration
Install woodpecker-cli to run the pipeline locally:
woodpecker-cli exec .woodpecker.yml
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file rendez-1.1.1.tar.gz.
File metadata
- Download URL: rendez-1.1.1.tar.gz
- Upload date:
- Size: 47.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
119218ba811d7a5e5c9b73e7c621c4c17d00841618d3ee3deea409304ef8fcc6
|
|
| MD5 |
7e39051849f9be5bd345af6c6cc583aa
|
|
| BLAKE2b-256 |
73c6f1898618c0f9be56ffa17393f7d323463989623e17b78fd2157005877fc2
|
