{"id":15716967,"url":"https://github.com/cjpatton/store","last_synced_at":"2026-05-18T10:05:26.556Z","repository":{"id":57526452,"uuid":"95705813","full_name":"cjpatton/store","owner":"cjpatton","description":"Oblivious storage of Go maps.","archived":false,"fork":false,"pushed_at":"2019-06-12T22:42:40.000Z","size":150,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-20T06:35:17.453Z","etag":null,"topics":["cryptography","go"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cjpatton.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-06-28T19:48:16.000Z","updated_at":"2019-08-31T22:06:08.000Z","dependencies_parsed_at":"2022-09-07T05:30:36.806Z","dependency_job_id":null,"html_url":"https://github.com/cjpatton/store","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cjpatton/store","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fstore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fstore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fstore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fstore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cjpatton","download_url":"https://codeload.github.com/cjpatton/store/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fstore/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33174091,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-18T09:27:30.708Z","status":"ssl_error","status_checked_at":"2026-05-18T09:27:28.300Z","response_time":71,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","go"],"created_at":"2024-10-03T21:48:20.196Z","updated_at":"2026-05-18T10:05:26.538Z","avatar_url":"https://github.com/cjpatton.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"Oblivous Go maps\n================\n\nThis package provides secure storage of `map[string]string` objects. The\ncontents of the structure cannot be deduced from its public representation, and\nquerying it requires knowledge of a secret key. It is suitable for client/server\nprotocols where the service is trusted only to provide storage. In addition to\nproviding confidentiality, it allows the client to verify the integrity of the\nserver's responses.\n\nAn overview and installation instructions follow; the package documentation is\nindexed on [GoDoc](http://godoc.org/github.com/cjpatton/store).\n\n![#b8b8b8](https://placehold.it/15/b8b8b8/000000?text=+) **DISCLAIMER:** This\ncode is related to a research paper, which will be up on ePrint at some point.\n\n![#b8b8b8](https://placehold.it/15/b8b8b8/000000?text=+) **FUTURE WORK:**\nCurrently this package only provides _immutable_ storage of maps, meaning once\nyou've created a data store, you can't change its contents. However, with some\nmodifications it should be possible to insert, remove, and update input/output\npairs securely. I'll be working on this next.\n\nThe `store` package\n-------------------\n\nThe main package provides two data structures: **Store** and **Dict**. The\nformer offers _confidentiality_ and _integrity_ for `map[string]string` objects\nwith arbitrary-length inputs and outputs. Its security follows from the\ncombination of _authenticated encryption with associated data_\n([AEAD](https://en.wikipedia.org/wiki/Authenticated_encryption)) and the latter\nstructure, which offers only _confidentiality_ and is only suitable for maps\nwho's outputs are of length _at most_ 60.\n\n**Store.**\nThe client possesses a secret key `K` and data `M` (of type `map[string]string`).\nIt executes:\n```\npub, priv, err := store.NewStore(K, M)\n```\n\nand transmits `pub`, the public representation of `M`, to the server.\nTo compute `M[input]`, the client executes:\n```\nx, y, err := priv.GetIdx(input)\n```\n\nand sends `x` and `y` (both of type `int`) to the server. The pair `(x,y)` is\ncalled the _index_ and is used by the server to compute its share of the\noutput.  The server computes:\n```\npubShare, err := pub.GetShare(x, y)\n```\nand sends `pubShare` (of type `[]byte`) to the client. Finally, the client\nexecutes:\n```\noutput, err := priv.GetOutput(input, pubShare)\n```\n\nThis combines `pubShare` with a private share computed from `input` and `K`.\nThe result is `output = M[input]`.  Note that the server is not entrusted with\nthe key; its only job is to look up the index requested by the client. The\nunderlying data structure is designed so that _no_ information about `input` or\n`output` is leaked to any party not in possession of the secret key.\n\nFor convenience, this package also provides an interface for querying `pub`\ndirectly:\n```\noutput, err := priv.Get(pub, input)\n```\n\n**Dict.**\nThis light-weight structure is the core of **Store.** The Go package is an\ninterface for the underlying C implementation.  It can be used in exactly the\nsame way as **Store**, but is only suitable for short (60 byte) outputs. See the\npackage documentation for an explanation of this limitation. To construct it,\nthe client executes:\n```\npub, priv, err := store.NewDict(K, M)\n```\n\nThe remaining functions are as above.\n\nThe `store/pb` package\n----------------------\nFile `pb/store.proto` specifies a bare-bones [remote procedure\ncall](http://www.grpc.io/docs/quickstart/go.html) for the client and server\nroles in the protocol above.\n\n**The `StoreProvider` service.**\nThe `user` computes `pub` from its map `M` and key `K` and provisions the\nservice provider (out-of-band) with `pub`.  The request consists of the `user`\nand `(x,y)`, and the response consists of the `pubShare` computed from `x`, `y`,\nand `pub`.\n\nThis simple RPC provides no authentication of the user, so any *anyone* can get\nthe *entire* public store of *any* user. This is not a problem, however, as long\nas the adversary doesn't know (or can't guess) `K`. But if `K` is derived from a\npassword, for example, then the contents of `pub` are susceptible to dictionary\nattacks.\n\nFor documentation of this package, check out the\n[GoDoc](http://godoc.org/github.com/cjpatton/store/pb) index.\n\nInstallation\n------------\nFirst, you'll need Go. To get the latest version on Ubuntu, do\n\n```\n$ sudo add-apt-repository ppa:longsleep/golang-backports\n$ sudo apt update\n$ sudo apt install golang-go\n```\n\nOn Mac, download the [pkg](https://golang.org/dl/) and install it. Next, add the\nfollowing lines to the end of`.bashrc` on Ubuntu or `.bash_profile` on Mac:\n\n```\nexport GOPATH=\"$HOME/go\"\nexport PATH=\"$PATH:$GOPATH/bin\"\n```\n\nIn a new terminal, make the directory `$HOME/go`, go to the directory and type:\n```\ngo get github.com/cjpatton/store\n```\nThis downloads this repository and puts it in\n`go/src/github.com/cjpatton/store`.\n\nNext, the core data structures are implemented in C. (Navigate to\n`go/src/github.com/cjpatton/store/c/`.)  The `Makefile` compiles a shared object\nfor which the Go code has bindings. They depend on OpenSSL (SHA512 and\nHMAC-SHA512), so you'll need to install this library in advance. On Ubuntu:\n```\n$ sudo apt-get install libssl-dev\n```\nOn Mac via Homebrew:\n```\n$ brew install openssl\n```\n(Homebrew puts the includes in `/usr/local/opt/openssl/include`, which is a\nnon-standard location. `Makefile` passes this directory to the compioler via\n`-I`, so this shouldn't be a problem.) To build the C code and run tests do:\n```\n$ make \u0026\u0026 make test\n```\nNote that, since the data strucutres are probabilistic, the tests will produce\nwarnings from time to time. (This is OK as long as it doesn't produce **a lot**\nof warnings.) To install, do\n```\n$ sudo make install \u0026\u0026 sudo ldconfig\n```\n\nThis builds a file called `libstructsec.so` and moves it to `/usr/local/lib` and\ncopies the header files to `/usr/local/include/structsec`.\n\nNow you should be able to build the package. To run tests, do\n```\n$ go test github.com/cjpatton/store\n```\n\nRunning the toy application\n---------------------------\n`hadee/server/hadee_server.go` implements the RPC service and serves a single\nuser. It takes as input the user name and a file containing the public store.\nTo run it, first generate a sample store by doing:\n```\n$ cd hadee/gen \u0026\u0026 go install \u0026\u0026 hadee_gen\n```\nIt will prompt you for a \"master password\" used to derive a key, which is used\nto generate the structure. This writes a file `store.pub` to the current\ndirectory. (The map it represents is hard-coded in the Go code.) To run the\nserver, do:\n```\n$ cd hadee/server \u0026\u0026 go install \u0026\u0026 hadee_server cjpatton store.pub\n```\nThis opens a TCP socket on localhost:50051 and begins serving requests. To run\nthe client, do:\n```\n$ cd hadee/client \u0026\u0026 go install \u0026\u0026 hadee_client cjpatton\n```\n\n![#f03c15](https://placehold.it/15/f03c15/000000?text=+) **SECURITY WARNING:**\nDo NOT use this for anything real. As is, the protocol is susceptible to\ndictionary attacks on the master password.\n\nModifying `store.proto`\n----------------------\n**You only need to do this if you want to modify the protocol buffers or RPC.**\nThis project uses protcool buffers and remote procedure calls. To build you'll\nfirst need the lastest version of `protoc`. Go to [protobuf\ndocumentation](https://developers.google.com/protocol-buffers/docs/gotutorial)\nfor instructions. To build `store.pb.go`, go to\n`$HOME/go/src/github.com/cjpatton/store/pb` and run\n```\n  $ protoc -I . store.proto --go_out=plugins=grpc:.\n```\nNote that you only need to do this if you modify `store.proto`.\n\nCopyright notice\n----------------\nThis software is distributed under the terms of the 3-Clause BSD License; see\n`LICENSE` in the root project directory for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcjpatton%2Fstore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcjpatton%2Fstore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcjpatton%2Fstore/lists"}