Paper 2023/1056
DIDO: Data Provenance from Restricted TLS 1.3 Websites
Abstract
Public data can be authenticated by obtaining from a trustworthy website with TLS. Private data, such as user profile, are usually restricted from public access. If a user wants to authenticate his private data (e.g., address) provided by a restricted website (e.g., user profile page of a utility company website) to a verifier, he cannot simply give his username and password to the verifier. DECO (CCS 2020) provides a solution for liberating these data without introducing undesirable trust assumption, nor requiring server-side modification. Their implementation is mainly based on TLS 1.2. In this paper, we propose an optimized solution for TLS 1.3 websites. We tackle a number of open problems, including the support of X25519 key exchange in TLS 1.3, the design of round-optimal three-party key exchange, the architecture of two-party computation of TLS 1.3 key scheduling, and circuit design optimized for two-party computation. We test our implementation with real world website and show that our optimization is necessary to avoid timeout in TLS handshake.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. ISPEC 2023: The 18th International Conference on Information Security Practice and Experience
- Keywords
- TLS1.3two-party computationdecentralized identification oracle
- Contact author(s)
-
kychan @ cs hku hk
hdcui @ cs hku hk
thyuen @ cs hku hk - History
- 2023-07-11: approved
- 2023-07-06: received
- See all versions
- Short URL
- https://ia.cr/2023/1056
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1056,
author = {Kwan Yin Chan and Handong Cui and Tsz Hon Yuen},
title = {DIDO: Data Provenance from Restricted TLS 1.3 Websites},
howpublished = {Cryptology ePrint Archive, Paper 2023/1056},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/1056}},
url = {https://eprint.iacr.org/2023/1056}
}
