1 files changed, 77 insertions, 0 deletions
diff --git a/doc/sphinx/introduction.rst b/doc/sphinx/introduction.rst
new file mode 100644
index 0000000..bfff83a
--- /dev/null
+++ b/doc/sphinx/introduction.rst
@@ -0,0 +1,77 @@
+..
+  This file is part of Anastasis
+  Copyright (C) 2019-2021 Anastasis SARL
+  Anastasis is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free Software
+  Foundation; either version 2.1, or (at your option) any later version.
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+  You should have received a copy of the GNU Affero General Public License along with
+  Anastasis; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+  @author Christian Grothoff
+  @author Dominik Meister
+  @author Dennis Neufeld
+============
+Introduction
+============
+To understand how Anastasis works, you need to understand three key
+concepts: user identifiers, our adversary model and the role of the
+recovery document.
+User Identifiers
+----------------
+To uniquely identify users, an "unforgettable" **identifier** is used.  This
+identifier should be difficult to guess for anybody but the user. However, the
+**identifier** is not expected to have sufficient entropy or secrecy to be
+cryptographically secure. Examples for such identifier would be a
+concatenation of the full name of the user and their social security or
+passport number(s).  For Swiss citizens, the AHV number could also be used.
+Adversary models
+----------------
+The adversary model of Anastasis has two types of adversaries: weak
+adversaries which do not know the user's **identifier**, and strong
+adversaries which somehow do know a user's **identifier**.  For weak
+adversaries the system guarantees full confidentiality.  For strong
+adversaries, breaking confidentiality additionally requires that Anastasis
+escrow providers must have colluded.  The user is able to specify a set of
+**policies** which determine which Anastasis escrow providers would need to
+collude to break confidentiality. These policies also set the bar for the user
+to recover their core secret.
+The recovery document
+---------------------
+A **recovery document** includes all of the information a user needs to
+recover access to their core secret.  It specifies a set of **escrow
+methods**, which specify how the user should convince the Anastasis server
+that they are "real".  Escrow methods can for example include SMS-based
+verification, video identification or a security question.  For each escrow
+method, the Anastasis server is provided with **truth**, that is data the
+Anastasis operator may learn during the recovery process to authenticate the
+user.  Examples for truth would be a phone number (for SMS), a picture of the
+user (for video identification), or the (hash of) a security answer.  A strong
+adversary is assumed to be able to learn the truth, while weak adversaries
+must not.  In addition to a set of escrow methods and associated Anastasis
+server operators, the **recovery document** also specifies **policies**, which
+describe the combination(s) of the escrow methods that suffice to obtain
+access to the core secret.  For example, a **policy** could say that the
+escrow methods (A and B) suffice, and a second policy may permit (A and C).  A
+different user may choose to use the policy that (A and B and C) are all
+required.  Anastasis imposes no limit on the number of policies in a
+**recovery document**, or the set of providers or escrow methods involved in
+guarding a user's secret.  Weak adversaries must not be able to deduce
+information about a user's **recovery document** (except for its length, which
+may be exposed to an adversary which monitors the user's network traffic).

diff --git a/doc/sphinx/introduction.rst b/doc/sphinx/introduction.rst new file mode 100644 index 0000000..bfff83a --- /dev/null +++ b/doc/sphinx/introduction.rst
@@ -0,0 +1,77 @@
	1	..
	2	This file is part of Anastasis
	3	Copyright (C) 2019-2021 Anastasis SARL
	4
	5	Anastasis is free software; you can redistribute it and/or modify it under the
	6	terms of the GNU Affero General Public License as published by the Free Software
	7	Foundation; either version 2.1, or (at your option) any later version.
	8
	9	Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
	10	WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
	11	A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
	12
	13	You should have received a copy of the GNU Affero General Public License along with
	14	Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
	15
	16	@author Christian Grothoff
	17	@author Dominik Meister
	18	@author Dennis Neufeld
	19
	20	============
	21	Introduction
	22	============
	23
	24	To understand how Anastasis works, you need to understand three key
	25	concepts: user identifiers, our adversary model and the role of the
	26	recovery document.
	27
	28
	29	User Identifiers
	30	----------------
	31
	32	To uniquely identify users, an "unforgettable" identifier is used. This
	33	identifier should be difficult to guess for anybody but the user. However, the
	34	identifier is not expected to have sufficient entropy or secrecy to be
	35	cryptographically secure. Examples for such identifier would be a
	36	concatenation of the full name of the user and their social security or
	37	passport number(s). For Swiss citizens, the AHV number could also be used.
	38
	39
	40	Adversary models
	41	----------------
	42
	43	The adversary model of Anastasis has two types of adversaries: weak
	44	adversaries which do not know the user's identifier, and strong
	45	adversaries which somehow do know a user's identifier. For weak
	46	adversaries the system guarantees full confidentiality. For strong
	47	adversaries, breaking confidentiality additionally requires that Anastasis
	48	escrow providers must have colluded. The user is able to specify a set of
	49	policies which determine which Anastasis escrow providers would need to
	50	collude to break confidentiality. These policies also set the bar for the user
	51	to recover their core secret.
	52
	53
	54	The recovery document
	55	---------------------
	56
	57	A recovery document includes all of the information a user needs to
	58	recover access to their core secret. It specifies a set of **escrow
	59	methods**, which specify how the user should convince the Anastasis server
	60	that they are "real". Escrow methods can for example include SMS-based
	61	verification, video identification or a security question. For each escrow
	62	method, the Anastasis server is provided with truth, that is data the
	63	Anastasis operator may learn during the recovery process to authenticate the
	64	user. Examples for truth would be a phone number (for SMS), a picture of the
	65	user (for video identification), or the (hash of) a security answer. A strong
	66	adversary is assumed to be able to learn the truth, while weak adversaries
	67	must not. In addition to a set of escrow methods and associated Anastasis
	68	server operators, the recovery document also specifies policies, which
	69	describe the combination(s) of the escrow methods that suffice to obtain
	70	access to the core secret. For example, a policy could say that the
	71	escrow methods (A and B) suffice, and a second policy may permit (A and C). A
	72	different user may choose to use the policy that (A and B and C) are all
	73	required. Anastasis imposes no limit on the number of policies in a
	74	recovery document, or the set of providers or escrow methods involved in
	75	guarding a user's secret. Weak adversaries must not be able to deduce
	76	information about a user's recovery document (except for its length, which
	77	may be exposed to an adversary which monitors the user's network traffic).