Web ProofsTLS Notary

TLSNotary

How does TLSNotary work?

The TLS Notary (TLSN) Protocol was originally developed in 2014 and has been subsequently re-designed and re-implemented by the Ethereum Privacy, Scaling, and Exploration group with modern cryptographic components. The TLSN documentation is high-quality and comprehensive as well.

In our How does TLSNotary work? blog post, we dive deeper into the mechanics of the protocol and provide the necessary mathematical background to understand the protocol. Please refer to that blog post for a more detailed overview of the below.

How does Pluto use TLSNotary?

We at Pluto.xyz are productionizing TLSN to enable smart contract developers to take advantage of any off-chain data sources in their smart contracts in a service that we are calling Web Proofs.

If you were to share the contents of your TLS transcript with a third party, that party would have no way to detect whether the transcript had been forged with faulty data. TLSN is a protocol for Data Provenance — data with proof of origination from some particular server.

TLS Notary (TLSN) at a high level

TLS (or Transport Layer Security) is a protocol for encrypting and authenticating communication between two parties: a Client (described elsewhere in this post as the Prover) and a Server. TLS Notary is a protocol that allows the Client to prove Data Provenance to a third party; in other words, TLS demonstrates that the Client honestly obtained the data from the Server, and did not interfere with the contents.

The TLS Notary protocol aims to achieve the following properties:

  • Authenticity - the protocol should demonstrate that TLS transcript is not a forgery by the client
  • Provenance - the protocol should authenticate the identity of the server via certificate chain verification—a valid transcript with a fake giithub.com should be rejected
  • Privacy - the Client should not have to sacrifice the privacy of their data or credentials to a third party
  • Non-Proprietary - The protocol should avoid enshrining a single service provider as intermediary

For more information on the inner workings of Pluto’s TLSNotary implementation, please see the How does TLSNotary work? blog post.