Skip to content
/ git-ring Public

Easy heterogeneous ring signatures for Git (and Github): prove membership among groups of users without revealing your identity.

License

AGPL-3.0 license
20 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rot256/git-ring

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

80 Commits
.github
.github
 
 
cmd
cmd
 
 
ring
ring
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
tests.sh
tests.sh
 
 

Repository files navigation

Git-Ring; Easy SSH Ring Signatures

Anonymously proving that you belong to a set of Github users is now easy.

Git(hub/lab) is one of the few places with a large repository of identities tied to associated public keys, namely, the list of authorized SSH keys for each user which these platforms make public (e.g. github.com/rot256.keys). Git-ring exploits this feature to allow anonymously proving membership among a set of users/organizations/repositories on these platforms using ring signatures (a cryptographic tool) -- without revealing your identity.

Disclaimer: Although I aim for this software to be usable and not just a demo, I take no responsibility for the correctness/security/completeness of this software: the software has not undergone a security audit and should currently be considered in an alpha state. I also do not guarantee that the CLI remains stable, or that the signature format remains backwards compatible.

There is a companion post describing how the cryptography in git-ring works.

Applications

Whistleblowing

The primary motivation for ring signatures (e.g. in the seminal work How to leak a secret by Rivest, Shamir and Tauman) is that of whistleblowing: suppose you are a member of an organization (e.g. on Github) and you want to raise an issue either publically or internally. You could post your revelations anonymously, but how do people know that the claims are not fabrications by someone with no relation to the organization? You could also raise your concerns with your name attached, so that people can verify that you belong to the organization, but that might have undesired personal ramifications...

Ring signatures (e.g. git-ring) offers a solution to this dilemma: you can prove that you belong to the organization without revealing your identity.

In git-ring, this may look something like this:

$ ./git-ring sign --msg "They are doing bad things, I work there." --github EvilCorp

Which creates a signature showing that someone within the organization "EvilCorp" created the message, but does not reveal who.

Designed Verifier Signatures

You can also use git-ring to create signatures that can only be verified by a single entity (i.e. not publicly verifiable): by including the verifying party in the ring, the signature could also be forged by the designed verifier and hence it is not convincing when passed to a third party. e.g.

$ ./git-ring --msg "Do not pass this on" --github <me> --github <you>

Creates a signature on the message "Do not pass this on" under the Github user <me> which can only be verified by the user <you>.

Features

  • Easy to use (see below).
  • Support for hetrogenous sets of keys:
    The ring of signers can contain combinations of RSA, Ed25519 and ECDSA keys
    (i.e. all the types supported by Github).
  • Perfectly deniability:
    The real signers identity is hidden even if the adversary get access to private keys or break the cryptography.
  • Easily prove membership among Github/Gitlab users.
  • Easily prove membership of a Github Organization.
  • Supports Github credentials to provide access to hidden organizations / private members.
  • Manually include SSH keys in the ring.
  • Cross platform.

Example Usage

Git-ring aims to be dead-easy to use and hard to misuse. e.g. running:

$ ./git-ring sign --msg "testing git-ring" --github WireGuard
Loading Keys from Different Entities:
Github:
    Organization: WireGuard
        mdlayher (1 keys)
        msfjarvis (2 keys)
        nathanchance (1 keys)
        rot256 (3 keys)
        smaeul (1 keys)
        zx2c4 (1 keys)
9 Keys in the ring.
Covering: 6 / 6 entities
Signature successfully generated
Saved in: ring.sig (1874 bytes)

Produces a signature on the message "test" proving that the signer ("rot256" in this case) belongs to the WireGuard organization on Github. The signature can then be verified as follows (the path to the signature is "./ring.sig" by default):

$ ./git-ring verify --github WireGuard
Loading Keys from Different Entities:
Github:
    Organization: WireGuard
        mdlayher (1 keys)
        msfjarvis (2 keys)
        nathanchance (1 keys)
        rot256 (3 keys)
        smaeul (1 keys)
        zx2c4 (1 keys)
9 Keys in the ring.
Covering: 6 / 6 entities
Message:
testing git-ring

Note git-ring signatures include the message being signed to simplify usage.

You can also include individual people in the ring, e.g. using:

$ ./git-ring sign --github rot256 --github torvalds --github gregkh --msg "testing git-ring"

Proves that one of the following people signed the message "testing git-ring":

  • Mathias Hall-Andersen (rot256).
  • Linus Torvalds (torvalds).
  • Greg Kroah-Hartman (gregkh).

More examples can be found in the tests for the command-line utility.

Installation

If you have a Go enviroment set up, then simply run:

$ go install github.com/rot256/git-ring@latest

About

Easy heterogeneous ring signatures for Git (and Github): prove membership among groups of users without revealing your identity.

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

20 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages