Anonymous Outsourced Statekeeping with Reduced Server Storage

Dana Dachman-Soled; Esha Ghosh; Mingyu Liang; Ian Miers; Michael Rosenberg

Paper 2024/1139

Anonymous Outsourced Statekeeping with Reduced Server Storage

Dana Dachman-Soled

, University of Maryland, College Park

Esha Ghosh

, Microsoft (United States)

Mingyu Liang

, University of Maryland, College Park

Ian Miers

, University of Maryland, College Park

Michael Rosenberg

, University of Maryland, College Park

Abstract

Strike-lists are a common technique for rollback and replay prevention in protocols that require that clients remain anonymous or that their current position in a state machine remain confidential. Strike-lists are heavily used in anonymous credentials, e-cash schemes, and trusted execution environments, and are widely deployed on the web in the form of Privacy Pass (PoPETS '18) and Google Private State Tokens. In such protocols, clients submit pseudorandom tokens associated with each action (e.g., a page view in Privacy Pass) or state transition, and the token is added to a server-side list to prevent reuse. Unfortunately, the size of a strike-list, and hence the storage required by the server, is proportional to the total number of issued tokens, , where is the number of clients and is the maximum number of tickets per client. In this work, we ask whether it is possible to realize a strike-list-like functionality, which we call the anonymous tickets functionality, with storage requirements proportional to . For the anonymous tickets functionality we construct a secure protocol from standard assumptions that achieves server storage of ciphertexts, where each ciphertext encrypts a message of length . We also consider an extension of the strike-list functionality where the server stores an arbitrary state for each client and clients advance their state with some function , which we call the anonymous outsourced state-keeping functionality. In this setting, malicious clients are prevented from rolling back their state, while honest clients are guaranteed anonymity and confidentiality against a malicious server. We achieve analogous results in this setting for two different classes of functions. Our results rely on a new technique to preserve client anonymity in the face of selective failure attacks by a malicious server. Specifically, our protocol guarantees that misbehavior of the server either (1) does not prevent the honest client from redeeming a ticket or (2) provides the honest client with an escape hatch that can be used to simulate a redeem in a way that is indistinguishable to the server.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: anonymous tickets anonymous outsourced statekeeping NIZK additively homomorphic encryption
Contact author(s): danadach @ umd edu
esha ghosh @ microsoft com
mliang @ umd edu
imiers @ umd edu
micro @ umd edu
History: 2024-07-15: approved; 2024-07-12: received; See all versions
Short URL: https://ia.cr/2024/1139
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1139,
      author = {Dana Dachman-Soled and Esha Ghosh and Mingyu Liang and Ian Miers and Michael Rosenberg},
      title = {Anonymous Outsourced Statekeeping with Reduced Server Storage},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1139},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1139}
}