| // Copyright 2020 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // https://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| syntax = "proto3"; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| package private_membership; |
| |
| option go_package = "github.com/google/private-membership"; |
| |
| // An enum describing different types of available hash functions. |
| enum HashType { |
| HASH_TYPE_UNDEFINED = 0; |
| TEST_HASH_TYPE = 1; |
| SHA256 = 2; |
| |
| reserved 3; |
| |
| // Add more hash types if necessary. |
| } |
| |
| // LINT.IfChange |
| // An enum describing how to hash IDs to encrypted buckets. |
| enum EncryptedBucketHashType { |
| ENCRYPTED_BUCKET_HASH_TYPE_UNDEFINED = 0; |
| |
| ENCRYPTED_BUCKET_TEST_HASH_TYPE = 3; |
| |
| // Use SHA256 of injective concatenation of non-sensitive and sensitive IDs. |
| // For backwards compatibility, this hash type should be used if this proto |
| // field is not specified. |
| SHA256_NON_SENSITIVE_AND_SENSITIVE_ID = 1; |
| |
| reserved 2; |
| } |
| // LINT.ThenChange(//depot/google3/privacy/private_membership/rlwe/shared/rlwe_id_utils_test.cc:encrypted_bucket_hash_types) |
| |
| // A proto message that holds the doubly encrypted identifier. |
| message DoublyEncryptedId { |
| // The identifier encrypted using the elliptic curve commutative |
| // cipher under an ephemeral key generated by the client that was sent in |
| // the request. |
| bytes queried_encrypted_id = 1; |
| |
| // The double encryption of a client requested identifier. The encryption |
| // scheme used is the Elliptic Curve commutation cipher. The |
| // first encryption layer uses the client's ephemeral key while the second |
| // encryption layer uses the server's match key. |
| // |
| // The client will decrypt this field to get their queried identifier |
| // encrypted under only the server's key. The client will use this value to |
| // match with the contents of the encrypted bucket to determine if there is a |
| // match or not. |
| bytes doubly_encrypted_id = 2; |
| } |
| |
| // A proto message used to store the plaintext response of a membership query of |
| // a single identifier. |
| message MembershipResponse { |
| // True if and only if the queried identifier was a member. |
| bool is_member = 1; |
| |
| // The associated value if the queried identifier was a member. If the |
| // queried identifier is not a member, the value will be an empty string. |
| string value = 2; |
| } |