{"id":50758586,"url":"https://github.com/flammafex/matchlock","last_synced_at":"2026-06-11T07:33:15.912Z","repository":{"id":346489218,"uuid":"1190209232","full_name":"flammafex/matchlock","owner":"flammafex","description":"Privacy-preserving mutual match: detect when two parties select each other without revealing unilateral selections to anyone.","archived":false,"fork":false,"pushed_at":"2026-03-24T04:19:37.000Z","size":75,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-25T05:24:09.370Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flammafex.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-24T04:10:27.000Z","updated_at":"2026-03-24T04:19:40.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/flammafex/matchlock","commit_stats":null,"previous_names":["flammafex/matchlock"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/flammafex/matchlock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fmatchlock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fmatchlock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fmatchlock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fmatchlock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flammafex","download_url":"https://codeload.github.com/flammafex/matchlock/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fmatchlock/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34188272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-11T07:33:15.138Z","updated_at":"2026-06-11T07:33:15.904Z","avatar_url":"https://github.com/flammafex.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🗝️ Matchlock\n\nPrivacy-preserving mutual match: detect when two parties select each other without revealing unilateral selections to anyone.\n\n## The problem\n\nEvery existing matching platform operates as a trusted intermediary that sees all preferences. They know who you selected and who selected you, including rejections. This is a structural surveillance problem, not an implementation detail.\n\n## How Matchlock works\n\nMatchlock composes two primitives:\n\n**1. DH token derivation**\n\nTwo parties independently derive *identical* match tokens when they mutually select each other, using X25519 Diffie-Hellman:\n\n```\nAlice selects Bob:\n  token = SHA256(DH(alice_priv, bob_pub) || poolId || \"rendezvous-match-v1\")\n\nBob selects Alice:\n  token = SHA256(DH(bob_priv, alice_pub) || poolId || \"rendezvous-match-v1\")\n\n// DH commutativity: same shared secret → same token\n```\n\nTokens are derived locally. No server interaction required. The server never sees your selections — only the derived tokens you choose to submit.\n\n**2. Private Set Intersection (PSI)**\n\nPSI allows the server to detect overlapping tokens without learning which tokens each participant submitted. Built on [OpenMined's PSI.js](https://github.com/OpenMined/PSI) with an owner-held key architecture: the PSI server key is encrypted to the pool owner's public key, so the server cannot process queries without owner participation.\n\nTogether:\n\n| Party | Learns | Does NOT learn |\n|-------|--------|----------------|\n| Server | Set sizes, timing | Your selections or matches |\n| You | Your matches only | Who rejected you, or who others selected |\n| Pool owner | Match token hashes | Whose key belongs to whom |\n\n## Installation\n\n```bash\nnpm install matchlock\n```\n\n## Usage\n\n```typescript\nimport { generateKeypair, deriveMatchToken, PsiService } from 'matchlock';\n\nconst alice = generateKeypair();\nconst bob = generateKeypair();\n\n// Both derive the same token (DH commutativity)\nconst tokenA = deriveMatchToken(alice.privateKey, bob.publicKey, 'pool-1');\nconst tokenB = deriveMatchToken(bob.privateKey, alice.publicKey, 'pool-1');\nconsole.log(tokenA === tokenB); // true — mutual match\n```\n\nSee [`examples/mutual-match.ts`](examples/mutual-match.ts) for a complete end-to-end walkthrough.\n\n## Security properties\n\n- **Zero server knowledge**: The server sees only opaque hash values.\n- **Unilateral privacy**: If Alice selects Bob but Bob doesn't select Alice, Bob learns nothing about Alice's selection.\n- **Pool isolation**: Tokens are scoped to a pool ID. Cross-pool linkability requires breaking SHA-256.\n- **Replay protection**: Nullifiers prevent re-submission within a pool while remaining unlinkable across pools.\n- **Owner-held PSI keys**: The PSI server key is ECIES-encrypted to the pool owner's X25519 public key. The infrastructure operator cannot process PSI queries independently.\n\n## License\n\nApache-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflammafex%2Fmatchlock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflammafex%2Fmatchlock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflammafex%2Fmatchlock/lists"}