Paper 2016/925

Secure Channel Injection and Anonymous Proofs of Account Ownership

Liang Wang, Rafael Pass, abhi shelat, and Thomas Ristenpart

Abstract

We introduce secure channel injection (SCI) protocols, which allow one party to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. This allows alice@mail.com to prove ownership of some email address @mail.com, without revealing ``alice'' to the verifier. We show experimentally that our system works with standard email server implementations as well as Gmail. We go on to extend our basic SCI protocol to realize a ``blind'' certificate authority: the account holder can obtain a valid X.509 certificate binding alice@mail.com to her public key, if it can prove ownership of some email address @mail.com. The authority never learns which email account is used.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
privacyanonymityzero knowledgesecure multiparty computation
Contact author(s)
liangw @ cs wisc edu
History
2016-09-24: received
Short URL
https://ia.cr/2016/925
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/925,
      author = {Liang Wang and Rafael Pass and abhi shelat and Thomas Ristenpart},
      title = {Secure Channel Injection and Anonymous Proofs of Account Ownership},
      howpublished = {Cryptology ePrint Archive, Paper 2016/925},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/925}},
      url = {https://eprint.iacr.org/2016/925}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.