Paper 2024/447

ORIGO: Proving Provenance of Sensitive Data with Constant Communication

Jens Ernstberger, Technical University of Munich
Jan Lauinger, Technical University of Munich
Yinnan Wu, Technical University of Munich
Arthur Gervais, University College London
Sebastian Steinhorst, Technical University of Munich
Abstract

Transport Layer Security ( TLS ) is foundational for safeguarding client-server communication. However, it does not extend integrity guarantees to third-party verification of data authenticity. If a client wants to present data obtained from a server, it cannot convince any other party that the data has not been tampered with. TLS oracles ensure data authenticity beyond the client-server TLS connection, such that clients can obtain data from a server and ensure provenance to any third party, without server-side modifications. Generally, a TLS oracle involves a third party, the verifier, in a TLS session to verify that the data obtained by the client is accurate. Existing protocols for TLS oracles are communication-heavy, as they rely on interactive protocols. We present ORIGO, a TLS oracle with constant communication. Similar to prior work, ORIGO introduces a third party in a TLS session, and provides a protocol to ensure the authenticity of data transmitted in a TLS session, without forfeiting its confidentiality. Compared to prior work, we rely on intricate details specific to TLS 1.3, which allow us to prove correct key derivation, authentication and encryption within a Zero Knowledge Proof (ZKP). This, combined with optimizations for TLS 1.3, leads to an efficient protocol with constant communication in the online phase. Our work reduces online communication by $375 \times$ and online runtime by up to $4.6 \times$, compared to prior work.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Contact author(s)
jens ernstberger @ tum de
jan lauinger @ tum de
yinnan wu @ tum de
arthur @ gervais cc
sebastian steinhorst @ tum de
History
2024-03-15: approved
2024-03-15: received
See all versions
Short URL
https://ia.cr/2024/447
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2024/447,
      author = {Jens Ernstberger and Jan Lauinger and Yinnan Wu and Arthur Gervais and Sebastian Steinhorst},
      title = {{ORIGO}: Proving Provenance of Sensitive Data with Constant Communication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/447},
      year = {2024},
      url = {https://eprint.iacr.org/2024/447}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.