Paper 2023/1377

Janus: Fast Privacy-Preserving Data Provenance For TLS 1.3

Jan Lauinger, Technical University of Munich
Jens Ernstberger, Technical University of Munich
Andreas Finkenzeller, Technical University of Munich
Sebastian Steinhorst, Technical University of Munich

Web users can gather data from secure endpoints and demonstrate the provenance of the data to any third party by using TLS oracles. Beyond that, TLS oracles can confirm the provenance and policy compliance of private online data by using zero-knowledge-proof systems. In practice, privacy-preserving TLS oracles can efficiently verify private data up to 1 kB in size selectively, preventing the verification of sensitive documents larger than 1 kB. In this work, we introduce a new oracle protocol for TLS 1.3, which reaches new scales in selectively verifying the provenance of confidential data. We tailor the deployment of secure computation techniques to the conditions found in TLS 1.3 and verify private TLS data in a dedicated proof system that leverages the asymmetric privacy setting between the client parties of TLS oracles. Our results show that 8 kB of sensitive data can be verified in 6.7 seconds, outperforming related approaches by 8x. With that, we enable new boundaries to verify the web provenance of confidential documents.

Available format(s)
Cryptographic protocols
Publication info
TLS OraclesData ProvenanceZero-knowledge ProofsSecure Two-party ComputationTLS 1.3
Contact author(s)
jan lauinger @ tum de
jens ernstberger @ tum de
andreas finkenzeller @ tum de
sebastian steinhorst @ tum de
2023-11-08: last of 3 revisions
2023-09-14: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial-NoDerivs


      author = {Jan Lauinger and Jens Ernstberger and Andreas Finkenzeller and Sebastian Steinhorst},
      title = {Janus: Fast Privacy-Preserving Data Provenance For TLS 1.3},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1377},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.