{"id":24196568,"url":"https://github.com/dedis/calypso_ots","last_synced_at":"2025-06-29T14:32:23.835Z","repository":{"id":140110953,"uuid":"254554923","full_name":"dedis/calypso_ots","owner":"dedis","description":"Calypso's One Time Secret implementation","archived":false,"fork":false,"pushed_at":"2023-01-25T22:10:15.000Z","size":7484,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-06-04T20:18:25.355Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dedis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-10T05:51:07.000Z","updated_at":"2023-01-25T22:10:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"0f03cf6c-7539-4958-bc37-9c324409f693","html_url":"https://github.com/dedis/calypso_ots","commit_stats":null,"previous_names":["calypso-demo/ots"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dedis/calypso_ots","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fcalypso_ots","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fcalypso_ots/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fcalypso_ots/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fcalypso_ots/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dedis","download_url":"https://codeload.github.com/dedis/calypso_ots/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fcalypso_ots/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262609002,"owners_count":23336608,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-13T19:35:54.392Z","updated_at":"2025-06-29T14:32:23.801Z","avatar_url":"https://github.com/dedis.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"### WARNING:\nThis repository contains the original OTS implementation that was implemented in 2017-2018 as part of the Calypso research paper. The OTS experiments in the paper are based on this implementation. Additionally, it was a part of the demo that we prepared for our VLDB'21 submission. This version builds on an old version of cothority, which at the moment did not support Byzcoin-style smart contracts, and therefore should only be maintained for archival/historical purposes. A new implementation of the OTS protocol, which also includes the implementation of the _post-quantum OTS (PQ-OTS)_ protocol, based on `cothority/byzcoin` can be found [here](https://github.com/dedis/cothority/tree/ots).\n\n# One-Time Secrets\n\nOne-time secrets (OTS) is an implementation of the _on-chain secrets_ protocol. It is\nmore suitable for being deployed in permissionless environments, as oppposed to\nlong-term secrets (LTS), which is a better fit for the permissioned setting.\n\nOTS uses both the access-control and secret-management cothority:\n\n- The access-control cothority (ACC) is implemented using skipchains and distributed\n  access right controls (Darcs).\n- The secret-management cothority (SMC) uses an onet service, called `OTSSMC`, to\n  handle the decryption requests. Unlike LTS, SMC nodes do not run a distributed\n  key-generation protocol. Instead, they each have a unique Ed25519 key pair.\n\n## OTS Workflow\n\n1. Writer runs PVSS on the client-side using the `SetupPVSS` function in the\n   [client-side library](./otsclient/ots.go). Writer establishes the SMC at this stage\n   by using the public keys of the nodes in PVSS. She uses the secret generated\n   by PVSS as the symmetric key to encrypt the data that she wants to share.\n   Additionally, she creates a simple access control policy that specifies the\n   authorized readers.\n2. Writer sends a write transaction to ACC by calling\n   [`OTSWriteRequest`](./onchain-secrets/api.go), which serves as an endpoint for [the ACC\n   service](./onchain-secrets/service.go).\n3. Reader first fetches the proof for the write transaction from the skipchain.\n   He then creates a read transaction and sends it to ACC by calling\n   [`OTSReadRequest`](./onchain-secrets/api.go), which serves as an endpoint for [the ACC\n   service](./onchain-secrets/service.go).\n4. Reader prepares the decryption request using the proofs for read and write\n   transactions. He sends the request to SMC by calling\n   [`OTSDecrypt`](./otssmc/api.go), which serves as an endpoint for the\n   [`OTSSMC` service](./otssmc/service.go).\n5. Each trustee in SMC receives the decryption request and does the following:\n   (1) verify the read and write transaction proofs, (2) verify that the\n   decryption request is coming from an authorized reader as specified in the\n   write transaction, (3) verify that the writer created its encrypted PVSS\n   share correctly (done by verifying a non-interactive zero-knowledge proof),\n   (4) decrypt its share and encrypt it under reader's public key. All of these\n   steps are performed by executing the [`otssmc`\n   protocol](./otssmc/protocol.go) at each trustee.\n6. Reader gets back the decrypted shares and runs the Lagrange interpolation. If\n   there are at least _t_ correctly decrypted shares (out of _n_), he recovers\n   the secret (_i.e.,_ the symmetric key) and can decrypt the data.\n\n## Directory Information\n\n* `otsclient/`: This directory contains the client-side operations:\n  * `ots.go`: This file mainly contains two types of functions: (1) client-side helper functions and (2) API functions of OTS. The API functions serve as wrappers around the `onchain-secrets` API.\n  * `otsclient-test.go`: This is a go-test file that runs the workflow described above.\n* `otssmc/`: This directory contains the service that is run by SMC.\n  * `api.go`: Endpoint for the `OTSSMC` service.\n  * `service.go`: Implementation of the `OTSSMC` service. It handles the decryption request.\n  * `protocol.go`: The protocol used by the `OTSSMC` service to perform step 5 of the workflow.\n* `onchain-secrets/`: This contains the original `onchain-secrets` service.\n  * `api.go`: This file contains the original API functions of the `onchain-secrets` service and the new ones that are added for OTS.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdedis%2Fcalypso_ots","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdedis%2Fcalypso_ots","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdedis%2Fcalypso_ots/lists"}