Cryptology ePrint Archive: Report 2016/925

Secure Channel Injection and Anonymous Proofs of Account Ownership

Liang Wang and Rafael Pass and abhi shelat and Thomas Ristenpart

Abstract: We introduce secure channel injection (SCI) protocols, which allow one party to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. This allows alice@mail.com to prove ownership of some email address @mail.com, without revealing ``alice'' to the verifier. We show experimentally that our system works with standard email server implementations as well as Gmail. We go on to extend our basic SCI protocol to realize a ``blind'' certificate authority: the account holder can obtain a valid X.509 certificate binding alice@mail.com to her public key, if it can prove ownership of some email address @mail.com. The authority never learns which email account is used.

Category / Keywords: applications / privacy; anonymity; zero knowledge; secure multiparty computation

Date: received 23 Sep 2016

Contact author: liangw at cs wisc edu

Available format(s): PDF | BibTeX Citation

Version: 20160924:221048 (All versions of this report)

Short URL: ia.cr/2016/925

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]