1/* 2 * Copyright 2019 Google LLC 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17syntax = "proto3"; 18 19package fcp.secagg; 20 21option java_package = "fcp.secagg.server"; 22option java_outer_classname = "SecAggServerEnums"; 23 24// Describes current state of SecAggServer. 25enum SecAggServerStateKind { 26 UNKNOWN_STATE = 0; 27 R0_ADVERTISE_KEYS = 1; 28 R1_SHARE_KEYS = 2; 29 R2_MASKED_INPUT_COLLECTION = 3; 30 R3_UNMASKING = 4; 31 PRNG_RUNNING = 5; 32 COMPLETED = 6; 33 ABORTED = 7; 34} 35 36// Describes version of SecAggServer implementation. 37enum ServerVariant { 38 UNKNOWN_VERSION = 0; 39 OBSOLETE_JAVA = 1; 40 NATIVE_V1 = 2; 41 RLWE_HOMOMORPHIC_KEYS = 3; 42 NATIVE_SUBGRAPH = 4; 43} 44 45// Describes the outcome of running SecAgg protocol on server. 46enum SecAggServerOutcome { 47 // A public abort() method of SecAggServerImpl was called. 48 EXTERNAL_REQUEST = 0; 49 // Too many clients dropped out for the protocol to continue. 50 NOT_ENOUGH_CLIENTS_REMAINING = 1; 51 // Some error occurred and was not otherwise handled. 52 UNHANDLED_ERROR = 2; 53 // The protocol ran to success and the server produced an output value. 54 SUCCESS = 3; 55} 56 57// Used by descendants of SecAggServerState to track the status of clients. This 58// is referred to as a "status" rather than a "state" because it does not 59// necessarily correspond with the client's actual state in the FSM. 60enum ClientStatus { 61 READY_TO_START = 0; 62 DEAD_BEFORE_SENDING_ANYTHING = 1; 63 ADVERTISE_KEYS_RECEIVED = 2; 64 DEAD_AFTER_ADVERTISE_KEYS_RECEIVED = 3; 65 SHARE_KEYS_RECEIVED = 4; 66 DEAD_AFTER_SHARE_KEYS_RECEIVED = 5; 67 MASKED_INPUT_RESPONSE_RECEIVED = 6; 68 DEAD_AFTER_MASKED_INPUT_RESPONSE_RECEIVED = 7; 69 UNMASKING_RESPONSE_RECEIVED = 8; 70 DEAD_AFTER_UNMASKING_RESPONSE_RECEIVED = 9; 71} 72 73// Error codes summarizing the reason why a client was dropped. 74enum ClientDropReason { 75 // Received abort message from the client. 76 SENT_ABORT_MESSAGE = 0; 77 // Message type received different from expected. 78 UNEXPECTED_MESSAGE_TYPE = 1; 79 // Message type not recognized or not set. 80 UNKNOWN_MESSAGE_TYPE = 2; 81 // Not expecting an AdvertiseKeys message from this client. 82 ADVERTISE_KEYS_UNEXPECTED = 3; 83 // One of the public keys in an AdvertiseKeys message has length 0. 84 EMPTY_PUBLIC_KEY = 4; 85 // Did not send an AdvertiseKeys message before round ended. 86 NO_ADVERTISE_KEYS = 5; 87 // Not expecting a ShareKeysResponse message from this client. 88 SHARE_KEYS_UNEXPECTED = 6; 89 // ShareKeysResponse did not have the expected number of key shares. 90 WRONG_NUMBER_OF_KEY_SHARES = 7 [deprecated = true]; 91 // ShareKeysResponse does not include key shares for all clients it should. 92 MISSING_KEY_SHARE = 8 [deprecated = true]; 93 // ShareKeysResponse sent a key share for a client it shouldn't have. 94 EXTRA_KEY_SHARE = 9 [deprecated = true]; 95 // Did not send a ShareKeysResponse message before round ended. 96 NO_SHARE_KEYS = 10; 97 // Not expecting a MaskedInputResponse message from this client. 98 MASKED_INPUT_UNEXPECTED = 11; 99 // Masked input received does not match the input specification. 100 INVALID_MASKED_INPUT = 12; 101 // Did not send a MaskedInputResponse message before round ended. 102 NO_MASKED_INPUT = 13; 103 // Not expecting an UnmaskingResponse message from this client. 104 UNMASKING_RESPONSE_UNEXPECTED = 14; 105 // UnmaskingResponse received does not contain the correct type of key shares. 106 INVALID_UNMASKING_RESPONSE = 15; 107 // Did not send an UnmaskingResponse message before round ended. 108 NO_UNMASKING_RESPONSE = 16; 109 // AdvertiseKeys message contained a public key of invalid size. 110 INVALID_PUBLIC_KEY = 17; 111 // Protocol aborted the client either due to early success or internal errors. 112 SERVER_PROTOCOL_ABORT_CLIENT = 18; 113 // Client is no longer needed but marks the protocol as success. 114 EARLY_SUCCESS = 19; 115 // Client connection closed. 116 CONNECTION_CLOSED = 20; 117 // Invalid ShareKeysResponse (e.g. one that doesn't have the expected number 118 // of key shares, doesn't include key shares for all clients it should, or 119 // has a key share for a client it shouldn't have). 120 INVALID_SHARE_KEYS_RESPONSE = 21; 121} 122 123// Error codes describing why the client was aborted by the protocol. 124enum ClientAbortReason { 125 // Client was aborted because it sent an invalid message. 126 INVALID_MESSAGE = 0; 127 // Client never checked-in with a handshake message. 128 NOT_CHECKED_IN = 1; 129 // Client connection dropped over the wire. 130 CONNECTION_DROPPED = 2; 131 // Client is running an obsolete version. 132 OBSOLETE_VERSION = 3 [deprecated = true]; 133} 134enum AdversaryClass { 135 NONE = 0; 136 // A semi-honest/honest-but-curious adversary controlling the server and a 137 // fraction of the clients 138 CURIOUS_SERVER = 1; 139 // A semi-honest adversary controlling the server and a fraction of the 140 // clients that might perform the following malicious attack: 141 // Consider a client i that submits its masked input y. The server 142 // requests t (the shamir threshold) shares to recover the self-mask of i, and 143 // additionally (and this is the malicious behaviour) 144 // obtains another t shares to recover the pairwise masks of i from the 145 // number_of_neighbors - t clients from with a share of a self-mask had not 146 // been requested. Using both pairwise and self masks the value of i can be 147 // recovered by the server. 148 SEMI_MALICIOUS_SERVER = 2; 149} 150