Paper 2022/1774
PECO: methods to enhance the privacy of DECO protocol
, Instituto de TelecomunicaçõesAbstract
The DECentralized Oracle (DECO) protocol enables the verifiable provenance of data from Transport Layer Security (TLS) connections through secure two-party computation and zero-knowledge proofs. In this paper, we present PECO, an extension of DECO that enhances privacy features through the integration of two new private three-party handshake protocols (P3P-HS). PECO allows any web user to prove to a verifier the properties of data from TLS connections without disclosing the identity of the servers. Like DECO's three-party handshake protocol, PECO's P3P-HS methods do not require any changes on the server side. PECO offers two options: one that provides $k-$anonymity for the server's identity, and another that completely masks the server's identity from the verifier. PECO is based on three main protocols: (a) commit-and-proof zero-knowledge proofs (CP-ZKP) that enable the proof of relations under committed values in zero-knowledge, (b) verification of Elliptic Curve Digital Signature Algorithm (ECDSA) signatures under a committed public key without revealing the key (zkAttest), and (c) a proof of membership to verify that a committed key belongs to a set of keys. We estimate the performance of both P3P-HS protocols and compare it to TLS timeout using state-of-the-art implementations.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Preprint.
- Keywords
- privacyweb attestationzero-knowledgeTLS
- Contact author(s)
- manuel batalha dos santos @ ist utl pt
- History
- 2022-12-31: approved
- 2022-12-28: received
- See all versions
- Short URL
- https://ia.cr/2022/1774
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1774,
author = {Manuel B. Santos},
title = {{PECO}: methods to enhance the privacy of {DECO} protocol},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/1774},
year = {2022},
url = {https://eprint.iacr.org/2022/1774}
}
