Skip to content

feat(tokenize): Chameleon pseudonyms + key-evolving re-keying + FPE (reference engine)#24

Merged
mdheller merged 1 commit into
mainfrom
feat/exodus-tokenization-engine
Jul 6, 2026
Merged

feat(tokenize): Chameleon pseudonyms + key-evolving re-keying + FPE (reference engine)#24
mdheller merged 1 commit into
mainfrom
feat/exodus-tokenization-engine

Conversation

@mdheller

@mdheller mdheller commented Jul 6, 2026

Copy link
Copy Markdown
Member

Implements the masking-layer desensitisation primitives — the one piece not yet on main after the gate (#22) and forensic-sealing (#20) PRs landed.

What

scripts/exodus_tokenize.py (stdlib-only, reference engine):

  • Chameleon pseudonyms with genuine homomorphic re-keyingtoken = H(value)^2 ^ k(domain,epoch) mod P; re-tokenise/rotate via a tweak k2·k1⁻¹ mod Q with no cleartext.
  • domain-scoped & deterministic; cross-domain unlinkable (DDH); key-evolving epochs (consistency-preserving rotation).
  • hmac_pseudonym + build_reid_lookup (governed re-identification dictionary).
  • reference Feistel FPE (even-length digits); one_way_hash/redact/generalize/suppress.
  • apply_profile() dispatches by tokenization-profile.v1 scheme.
  • BLAKE3-opportunistic to match exodus_seal.py.

Tests

scripts/test_exodus_tokenize.py — 8 dependency-free tests (python3 scripts/test_exodus_tokenize.py), including the homomorphic identity (retokenize(t1, tweak) == native token in domain2), epoch-rotation consistency, FPE round-trip + format preservation, re-id lookup, and a safe-prime check on the reference group.

Scope / honesty

Reference implementation. Production needs a ≥2048-bit MODP/EC group, constant-time bigint, HSM-held scalars (KMIP/PKCS#11), and NIST FF1 FPE — documented in the module. Consistent with the shipped CANON-v0.1 = json-canonical; does not introduce CBOR.

Next: wire this behind the masking PDP → Catalog Gateway (emits masking-decision + BEACON_COMMIT via exodus_seal).

🤖 Generated with Claude Code

…reference engine)

Implements the masking-layer desensitisation primitives (the one piece not yet on
main after the gate + sealing PRs landed). Algebraic pseudonym is homomorphic under
re-keying, so domain re-tokenisation and key rotation never touch cleartext:

  token = H(value)^2 ^ k(domain,epoch) mod P;  retoken tweak = k2 * k1^-1 mod Q

scripts/exodus_tokenize.py
  - chameleon_token / domain_tweak / retokenize (domain-scoped, cross-domain
    unlinkable, key-evolving epochs).
  - hmac_pseudonym + build_reid_lookup (governed re-identification dictionary).
  - fpe_encrypt/decrypt (reference balanced Feistel, even-length digits).
  - one_way_hash / redact / generalize / suppress.
  - apply_profile() dispatches by tokenization-profile.v1 scheme.
  - stdlib-only; BLAKE3 opportunistic like exodus_seal.py.

scripts/test_exodus_tokenize.py (8 tests, plain-assert idiom)
  - verifies the 256-bit reference group is a safe prime; determinism;
    cross-domain unlinkability; homomorphic re-tokenisation == native token;
    epoch-rotation consistency; FPE round-trip + format; re-id lookup; dispatch.

Reference impl: production needs >=2048-bit MODP/EC group, constant-time bigint,
HSM-held scalars, and NIST FF1 FPE (documented in the module).
@mdheller mdheller merged commit 03b069a into main Jul 6, 2026
6 checks passed
@mdheller mdheller deleted the feat/exodus-tokenization-engine branch July 6, 2026 00:40
mdheller added a commit that referenced this pull request Jul 6, 2026
…#25)

* feat(tokenize): Chameleon pseudonyms + key-evolving re-keying + FPE (reference engine)

Implements the masking-layer desensitisation primitives (the one piece not yet on
main after the gate + sealing PRs landed). Algebraic pseudonym is homomorphic under
re-keying, so domain re-tokenisation and key rotation never touch cleartext:

  token = H(value)^2 ^ k(domain,epoch) mod P;  retoken tweak = k2 * k1^-1 mod Q

scripts/exodus_tokenize.py
  - chameleon_token / domain_tweak / retokenize (domain-scoped, cross-domain
    unlinkable, key-evolving epochs).
  - hmac_pseudonym + build_reid_lookup (governed re-identification dictionary).
  - fpe_encrypt/decrypt (reference balanced Feistel, even-length digits).
  - one_way_hash / redact / generalize / suppress.
  - apply_profile() dispatches by tokenization-profile.v1 scheme.
  - stdlib-only; BLAKE3 opportunistic like exodus_seal.py.

scripts/test_exodus_tokenize.py (8 tests, plain-assert idiom)
  - verifies the 256-bit reference group is a safe prime; determinism;
    cross-domain unlinkability; homomorphic re-tokenisation == native token;
    epoch-rotation consistency; FPE round-trip + format; re-id lookup; dispatch.

Reference impl: production needs >=2048-bit MODP/EC group, constant-time bigint,
HSM-held scalars, and NIST FF1 FPE (documented in the module).

* feat(mask): masking PDP — policy veto + tokenize + BEACON_COMMIT seal -> masking-decision

Composes the shipped pieces into one enforcement step (P1 #5), evaluated at
read/export/activate/re-identify time:

  policy veto (forbidden identity mixtures, e.g. no_health_adtech)
    + exodus_tokenize (per-field Chameleon/FPE/hash/redact)
    + exodus_seal (BEACON_COMMIT receipt over the decision)
  -> a masking-decision.v1 record (the decision is itself verifiable evidence)

scripts/exodus_mask.py
  - evaluate_masking(record, requesting_realm, audience, profiles, policy, ...):
    verdict allow / allow_masked / deny / review_required; applies field transforms;
    re-identification is reason-gated + profile-attr gated; emits masking-decision.v1
    with a policy-decision ref + (signed) BEACON_COMMIT receipt.
  - unlinkable-identifier / side-channel mitigations recorded on every decision.

scripts/test_exodus_mask.py (5 tests)
  - no_health_adtech veto (deny, no record returned); allow_masked tokenizes the
    field; re-identify requires reason + authz; signed receipt verifies via
    exodus_seal.verify_receipt; masking-decision.v1 shape.

Depends on exodus_tokenize (PR #24). Gateway HTTP wiring (prophet-platform) is the
remaining P1 #6 integration; this is the reusable PDP engine.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant