Paper 2023/1343

Universally Composable Auditable Surveillance

Valerie Fetzer, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Michael Klooß, Aalto University
Jörn Müller-Quade, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Markus Raiber, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Andy Rupp, University of Luxembourg
Abstract

User privacy is becoming increasingly important in our digital society. Yet, many applications face legal requirements or regulations that prohibit unconditional anonymity guarantees, e.g., in electronic payments where surveillance is mandated to investigate suspected crimes. As a result, many systems have no effective privacy protections at all, or have backdoors, e.g., stored at the operator side of the system, that can be used by authorities to disclose a user’s private information (e.g., lawful interception). The problem with such backdoors is that they also enable silent mass surveillance within the system. To prevent such misuse, various approaches have been suggested which limit possible abuse or ensure it can be detected. Many works consider auditability of surveillance actions but do not enforce that traces are left when backdoors are retrieved. A notable exception which offers retrospective and silent surveillance is the recent work on misuse-resistant surveillance by Green et al. (EUROCRYPT’21). However, their approach relies on extractable witness encryption, which is a very strong primitive with no known efficient and secure implementations. In this work, we develop a building block for auditable surveillance. In our protocol, backdoors or escrow secrets of users are protected in multiple ways: (1) Backdoors are short-term and user-specific; (2) they are shared between trustworthy parties to avoid a single point of failure; and (3) backdoor access is given conditionally. Moreover (4) there are audit trails and public statistics for every (granted) backdoor request; and (5) surveillance remains silent, i.e., users do not know they are surveilled. Concretely, we present an abstract UC-functionality which can be used to augment applications with auditable surveillance capabilities. Our realization makes use of threshold encryption to protect user secrets, and is concretely built in a blockchain context with committee-based YOSO MPC. As a consequence, the committee can verify that the conditions for backdoor access are given, e.g., that law enforcement is in possession of a valid surveillance warrant (via a zero-knowledge proof). Moreover, access leaves an audit trail on the ledger, which allows an auditor to retrospectively examine surveillance decisions. As a toy example, we present an Auditably Sender-Traceable Encryption scheme, a PKE scheme where the sender can be deanonymized by law enforcement. We observe and solve problems posed by retrospective surveillance via a special non-interactive non-committing encryption scheme which allows zero-knowledge proofs over message, sender identity and (escrow) secrets.

Note: This is the full version of the IACR ASIACRYPT 2023 publication.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2023
Keywords
AnonymityAuditabilityProvable SecurityUniversal ComposabilityUCYOSOProtocols
Contact author(s)
valerie fetzer @ kit edu
michael klooss @ aalto fi
markus raiber @ kit edu
andy rupp @ uni lu
History
2023-09-11: approved
2023-09-08: received
See all versions
Short URL
https://ia.cr/2023/1343
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1343,
      author = {Valerie Fetzer and Michael Klooß and Jörn Müller-Quade and Markus Raiber and Andy Rupp},
      title = {Universally Composable Auditable Surveillance},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1343},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1343}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.