TY - GEN
T1 - NOPE
T2 - 30th ACM Symposium on Operating Systems Principles, SOSP 2024
AU - Destefano, Zachary
AU - Ma, Jeff J.
AU - Bonneau, Joseph
AU - Walfish, Michael
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/11/15
Y1 - 2024/11/15
N2 - Server authentication assures users that they are communicating with a server that genuinely represents a claimed domain. Today, server authentication relies on certification authorities (CAs), third parties who sign statements binding public keys to domains. CAs remain a weak spot in Internet security, as any faulty CA can issue a certificate for any domain.This paper describes the design, implementation, and experimental evaluation of nope, a new mechanism for server authentication that uses succinct proofs (for example, zero-knowledge proofs) to prove that a DNSSEC chain exists that links a public key to a specified domain. The use of DNSSEC dramatically reduces reliance on CAs, and the small size of the proofs enables compatibility with legacy infrastructure, including TLS servers, certificate formats, and certificate transparency. nope proofs add minimal performance overhead to clients, increasing the size of a typical certificate chain by about 10% and requiring just over 1 ms to verify. nope's core technical contributions (which generalize beyond nope) include efficient techniques for representing parsing and cryptographic operations within succinct proofs, which reduce proof generation time and memory requirements by nearly an order of magnitude.
AB - Server authentication assures users that they are communicating with a server that genuinely represents a claimed domain. Today, server authentication relies on certification authorities (CAs), third parties who sign statements binding public keys to domains. CAs remain a weak spot in Internet security, as any faulty CA can issue a certificate for any domain.This paper describes the design, implementation, and experimental evaluation of nope, a new mechanism for server authentication that uses succinct proofs (for example, zero-knowledge proofs) to prove that a DNSSEC chain exists that links a public key to a specified domain. The use of DNSSEC dramatically reduces reliance on CAs, and the small size of the proofs enables compatibility with legacy infrastructure, including TLS servers, certificate formats, and certificate transparency. nope proofs add minimal performance overhead to clients, increasing the size of a typical certificate chain by about 10% and requiring just over 1 ms to verify. nope's core technical contributions (which generalize beyond nope) include efficient techniques for representing parsing and cryptographic operations within succinct proofs, which reduce proof generation time and memory requirements by nearly an order of magnitude.
KW - ACME
KW - CAs
KW - DNSSEC
KW - SNARKs
KW - TLS
KW - probabilistic proofs
KW - succinct proofs
KW - zero-knowledge proofs
UR - http://www.scopus.com/inward/record.url?scp=85215533808&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85215533808&partnerID=8YFLogxK
U2 - 10.1145/3694715.3695962
DO - 10.1145/3694715.3695962
M3 - Conference contribution
AN - SCOPUS:85215533808
T3 - SOSP 2024 - Proceedings of the 2024 ACM SIGOPS 30th Symposium on Operating Systems Principles
SP - 673
EP - 692
BT - SOSP 2024 - Proceedings of the 2024 ACM SIGOPS 30th Symposium on Operating Systems Principles
PB - Association for Computing Machinery, Inc
Y2 - 4 November 2024 through 6 November 2024
ER -