How does libpsi support tls？

[nihaoqingtuan]

i am learning how to use it.

[ladnir]

It doesn't really. There is some support for wolfssl via cryptoTools but that's more or less deprecated.

You can use your own tls socket type and have Channel wrap it. See the networking tutorial.

Or you can use vole-psi https://github.com/Visa-Research/volepsi

This has open ssl support via coproto.

[nihaoqingtuan]

i see that https://github.com/ladnir/cryptoTools/blob/master/cryptoTools/Network/TLS.cpp .can it be used in libpsi?

[ladnir]

You can try it. Will require coding some to get it to work. You first have to install wolfssl. You then have to build libOTe & cryptoTools with wolfssl enabled. You then have to create a Channel with your tls setting...

Overall what's your goal? You want to use the library in production?

[nihaoqingtuan]

i just try to learn something.To be honest, I don't really get what you said above.I'm just a beginner

[ladnir]

I see. so it is possible to run the library with tls. but often, when someone wants to run the library with TLS they already have their own TLS library. Its rare for people to want to use the TLS library that comes integrated with cryptoTools.

I implemented TLS support partially as an experiment/proof of concept. I no longer use it and so it can't promise that it works well. If you are just curious, then it will probably meet your needs.

• You first have to download and install wolfssl. https://www.wolfssl.com/
• you then need to configure libOTe (a dependency of libPSI) to build with wolf ssl support. You can do this by removing the libPSI/out folder and then editing this file https://github.com/osu-crypto/libPSI/blob/master/thirdparty/getLibOTe.cmake#L30 to include -DENABLE_WOLFSSL=ON
• This should then build the library with TLS support. You then need to create a tls channel. see here for an example https://github.com/ladnir/cryptoTools/blob/44f83312748d2b42a44f41f1487b1243a701e55c/tests_cryptoTools/WolfSSL_Tests.cpp#L425

you can then use that channel to perform the protocol and tls will be enabled.

[ladnir]

also, this is all untested for a long time so it might be broken...

[nihaoqingtuan]

thanks for your help. but wolfssl and libOTe should be in the same parent directory as libPSI, right?

[ladnir]

wolfssl should be installed on the system. Or you can try to install it to libPSI/out/install/<platform>. I think that would work too.

[nihaoqingtuan]

Does the way you say require a c++ programming foundation？if yes,what you said is beyond my ability.i am learning psi ,i even never study c++. So I can't go any further on c++ programming methods, I'm just doing black box testing. Thanks for your patience

[ladnir]

Then this is beyond your ability... Probably not worth the effort regardless

[nihaoqingtuan]

hhh, thanks a lot.I'm going to learn c++ and try what you said

[ladnir]

You could also try vole-psi. This is my current psi protocol (better than this library for the most part) and has better ssl support. Although it still requires some amount of configuration to turn tls on.

[nihaoqingtuan]

ok. So can you tell me what configuration this library needs to support tls

[ladnir]

I'll push some code tomorrow to make it easy and get back to you.

[nihaoqingtuan]

My God, I got such good positive feedback for the first time I tried to communicate with people in English, thank you so much

[nihaoqingtuan]

By the way, there is another problem. Is the version of these libraries required for cmake and gcc?

[ladnir]

Cmake 3.20 should work and I think gcc 8 works.

For the tls stuff, give me until next week. Not quite happy with how it currently works and want to fix a few things.

[nihaoqingtuan]

ok.thank you

[nihaoqingtuan]

hi, i'm learning how to use openssl. But I can't find anything about adding openssl to the volepsi communication channel. Can you recommend some materials, such as books, videos, etc.?

[ladnir]

Still working on this. Realized the tls implementation was not correct and currently fixing it.

[nihaoqingtuan]

ok. thanks for your work. I am also learning skills in this area. Can you simply recommend some study materials?

[ladnir]

You want to learn about psi or tls?

[nihaoqingtuan]

both. After all, i need to learn step by step

[nihaoqingtuan]

More accurate is to learn c++, on how to support TLS for all psi

[nihaoqingtuan]

All I know is some basic socket programming, such as writing a client and a server and then using function methods to create objects to receive and send messages. But about having them support tls communication in a project like libpsi. I don't have a clear concept

[ladnir]

For PSI reading the papers and watching the talks is the best suggestion I have.

For getting better at writing and reading protocols I think that it just takes practice. Maybe implement some stuff and see what you learn. You can take a look at my networking tutorial on coproto or the one on Channel

For TLS, I'm not really sure. I've only learned a subset of it by simply playing around with it.

Keep in mind that the communication and MPC/PSI protocol are typically abstracted away from eachother. For example, Google's implementation of PSI does not directly interact with TLS. Instead their protocol implementation simply hands out messages to be sent and lets a different system actually handle the message passing. This is typically the case in more "production" codebases due to the complexity of setting up communication channels.