chore: Upgrade tlsn

[0xJepsen]

This PR upgrades tlsn to alpha7

[0xJepsen]

Upgrade to alpha.5 involves and api change in the builder, separating the max_rec and max_sent, from the notary verifier builder.

[0xJepsen]

Upgrade to alpha.6 involves a deprecation of the tracing feature and performance improvements.

[mattes]

We can probably hard code the max_rec/max_sent values if we are not already doing that today. No need to send those values via the client.

[devloper]

Matt had attempted this upgrade in the past, but encountered performance regression back then and we created this ticket: #47

Can you benchmark on ios/wasm before/after?

[0xJepsen]

Matt had attempted this upgrade in the past, but encountered performance regression back then and we created this ticket: #47

Can you benchmark on ios/wasm before/after?

yes. In any case even with a performance degradation i think it makes sense to use the up to date work and just communicate that regression to their team. Reading the change log it seams like the performance regressions were reduced in a number of dimensions in alpha.6 and alpha.7

[0xJepsen]

There is one part of this i am battling right now around the tokioIo type that the TCP on upgrade returns. It doesn't match the new notaries trait signature (which wants futureUtils::asyncRead, and futureUtils::asyncWrite) right now we have hyper async read and write (which i think under the hood are tokio). @mattes I remember you had spent a good amount of time battling the different async networking components, do you have any wisdom here? Maybe we can pair for a bit tomorrow?

[0xJepsen]

To bring this across the line we would need to integrate tlsn into the manifest flow we have now

[Autoparallel]

@0xJepsen are you interested in finishing the tasks here this week?

[0xJepsen]

Yeah i need to meet with @mattes to understand how we would incorporate this into the manifest

[Autoparallel]

That's fair. I think we are likely going to lean to decoupling the manifests used for TEEs and circuits/MPC a bit. However, we should discuss more

[devloper]

imo the right place to start is to make origo manifest work with upgraded TLSN, that's the simplest and most stable.

[lonerapier]

TLSN related changes:

• integrate TLSN with manifest
  • add selective disclosure for responses using TLSN api
• verification at notary with SignatureVerificationReply
• make TLSN work for ios/wasm
• add TLSN CI for native/wasm

Cleaning Efforts

• refactor: verification logic with common methods at one place, and not inside different modes
  • common verify method in client
  • common sign method in notary
• refactor: add proper suffixes for respective Mode structs/method

[lonerapier]

verify method is common for all modes in client

[lonerapier]

Logic for TLSN selective disclosure. flow is pretty similar to TLSN vanilla example flow:

• choose a target
• create prover with committment config
• perform MPC-TLS with notary
• prover parses HTTP transcript into individual elements each with its own Span
  • Span is auxiliary data for each token inside the grammar. For example: HTTP have startline, headers (with separate name, value structs inside it), body.
  • Span contains indices of the token inside the data which is used to commit to specific token when proving.
• commits to the transcript
  • http start line for req/res
  • headers
  • traversing each key, committing to object indices
• notary creates an attestation on the committed config
• take the manifest, and reveal the bytes at exact same location as in committed config
• create a Presentation containing partial transcript, committment keys, and other auxiliary proofs like server name, server info, connection info, etc...
• notary performs verification, and signs the final response which looks something like this:

HTTP/1.1 200 OK
Connection: XXXXX
Content-Length: XX
Cache-Control: XXXXXXXXXXX
Content-Security-Policy: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Content-Type: text/plain; charset=utf-8
ETag: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Strict-Transport-Security: XXXXXXXXXXXXXXXX
X-Content-Type-Options: XXXXXXX
X-Frame-Options: XXXX
X-XSS-Protection: XXXXXXXXXXXXX
X-GitHub-Request-Id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Accept-Ranges: XXXXX
Date: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Via: XXXXXXXXXXX
X-Served-By: XXXXXXXXXXXXXXXXXXXX
X-Cache: XXX
X-Cache-Hits: X
X-Timer: XXXXXXXXXXXXXXXXXXXXXXXXXX
Vary: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Access-Control-Allow-Origin: X
Cross-Origin-Resource-Policy: XXXXXXXXXXXX
X-Fastly-Request-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Expires: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Source-Age: XXX

{
  XhelloXXXXworldX
}

[0xJepsen]

looks like this might need a rebase

[lonerapier]

CI passes, all review changes are done. Merging!!