Paper 2024/447
ORIGO: Proving Provenance of Sensitive Data with Constant Communication
Abstract
Transport Layer Security ( TLS ) is foundational for safeguarding client-server communication. However, it does not extend integrity guarantees to third-party verification of data authenticity. If a client wants to present data obtained from a server, it cannot convince any other party that the data has not been tampered with. TLS oracles ensure data authenticity beyond the client-server TLS connection, such that clients can obtain data from a server and ensure provenance to any third party, without server-side modifications. Generally, a TLS oracle involves a third party, the verifier, in a TLS session to verify that the data obtained by the client is accurate. Existing protocols for TLS oracles are communication-heavy, as they rely on interactive protocols. We present ORIGO, a TLS oracle with constant communication. Similar to prior work, ORIGO introduces a third party in a TLS session, and provides a protocol to ensure the authenticity of data transmitted in a TLS session, without forfeiting its confidentiality. Compared to prior work, we rely on intricate details specific to TLS 1.3, which allow us to prove correct key derivation, authentication and encryption within a Zero Knowledge Proof (ZKP). This, combined with optimizations for TLS 1.3, leads to an efficient protocol with constant communication in the online phase. Our work reduces online communication by $375 \times$ and online runtime by up to $4.6 \times$, compared to prior work.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint.
- Contact author(s)
-
jens ernstberger @ tum de
jan lauinger @ tum de
yinnan wu @ tum de
arthur @ gervais cc
sebastian steinhorst @ tum de - History
- 2024-12-15: revised
- 2024-03-15: received
- See all versions
- Short URL
- https://ia.cr/2024/447
- License
-
CC BY-NC-ND
BibTeX
@misc{cryptoeprint:2024/447, author = {Jens Ernstberger and Jan Lauinger and Yinnan Wu and Arthur Gervais and Sebastian Steinhorst}, title = {{ORIGO}: Proving Provenance of Sensitive Data with Constant Communication}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/447}, year = {2024}, url = {https://eprint.iacr.org/2024/447} }