// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // https://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; option optimize_for = LITE_RUNTIME; package private_membership; option go_package = "github.com/google/private-membership"; // An enum describing different types of available hash functions. enum HashType { HASH_TYPE_UNDEFINED = 0; TEST_HASH_TYPE = 1; SHA256 = 2; reserved 3; // Add more hash types if necessary. } // LINT.IfChange // An enum describing how to hash IDs to encrypted buckets. enum EncryptedBucketHashType { ENCRYPTED_BUCKET_HASH_TYPE_UNDEFINED = 0; ENCRYPTED_BUCKET_TEST_HASH_TYPE = 3; // Use SHA256 of injective concatenation of non-sensitive and sensitive IDs. // For backwards compatibility, this hash type should be used if this proto // field is not specified. SHA256_NON_SENSITIVE_AND_SENSITIVE_ID = 1; reserved 2; } // LINT.ThenChange(//depot/google3/privacy/private_membership/rlwe/shared/rlwe_id_utils_test.cc:encrypted_bucket_hash_types) // A proto message that holds the doubly encrypted identifier. message DoublyEncryptedId { // The identifier encrypted using the elliptic curve commutative // cipher under an ephemeral key generated by the client that was sent in // the request. bytes queried_encrypted_id = 1; // The double encryption of a client requested identifier. The encryption // scheme used is the Elliptic Curve commutation cipher. The // first encryption layer uses the client's ephemeral key while the second // encryption layer uses the server's match key. // // The client will decrypt this field to get their queried identifier // encrypted under only the server's key. The client will use this value to // match with the contents of the encrypted bucket to determine if there is a // match or not. bytes doubly_encrypted_id = 2; } // A proto message used to store the plaintext response of a membership query of // a single identifier. message MembershipResponse { // True if and only if the queried identifier was a member. bool is_member = 1; // The associated value if the queried identifier was a member. If the // queried identifier is not a member, the value will be an empty string. string value = 2; }