Rotatable Zero Knowledge Sets: Post Compromise Secure Auditable Dictionaries with Application to Key Transparency

Brian Chen; Yevgeniy Dodis; Esha Ghosh; Eli Goldin; Balachandar Kesavan; Antonio Marcedone; Merry Ember Mou

doi:10.1007/978-3-031-22969-5_19

Rotatable Zero Knowledge Sets: Post Compromise Secure Auditable Dictionaries with Application to Key Transparency

Brian Chen, Yevgeniy Dodis, Esha Ghosh, Eli Goldin, Balachandar Kesavan, Antonio Marcedone, Merry Ember Mou

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Key Transparency (KT) systems allow end-to-end encrypted service providers (messaging, calls, etc.) to maintain an auditable directory of their users’ public keys, producing proofs that all participants have a consistent view of those keys, and allowing each user to check updates to their own keys. KT has lately received a lot of attention, in particular its privacy preserving variants, which also ensure that users and auditors do not learn anything beyond what is necessary to use the service and keep the service provider accountable. Abstractly, the problem of building such systems reduces to constructing so-called append-only Zero-Knowledge Sets (aZKS). Unfortunately, existing aZKS (and KT) solutions do not allow to adequately restore the privacy guarantees after a server compromise, a form of Post-Compromise Security (PCS), while maintaining the auditability properties. In this work we address this concern through the formalization of an extension of aZKS called Rotatable ZKS (RZKS ). In addition to providing PCS, our notion of RZKS has several other attractive features, such as a stronger (extractable) soundness notion, and the ability for a communication party with out-of-date data to efficiently “catch up” to the current epoch while ensuring that the server did not erase any of the past data. Of independent interest, we also introduce a new primitive called a Rotatable Verifiable Random Function (VRF), and show how to build RZKS in a modular fashion from a rotatable VRF, ordered accumulator, and append-only vector commitment schemes.

Original language	English (US)
Title of host publication	Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings
Editors	Shweta Agrawal, Dongdai Lin
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	547-580
Number of pages	34
ISBN (Print)	9783031229688
DOIs	https://doi.org/10.1007/978-3-031-22969-5_19
State	Published - 2022
Event	28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022 - Taipei, Taiwan, Province of China Duration: Dec 5 2022 → Dec 9 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13793 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022
Country/Territory	Taiwan, Province of China
City	Taipei
Period	12/5/22 → 12/9/22

Keywords

Key Transparency
Post-compromise security
Verifiable random functions
Zero-knowledge sets

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-031-22969-5_19

Cite this

Chen, B., Dodis, Y., Ghosh, E., Goldin, E., Kesavan, B., Marcedone, A., & Mou, M. E. (2022). Rotatable Zero Knowledge Sets: Post Compromise Secure Auditable Dictionaries with Application to Key Transparency. In S. Agrawal, & D. Lin (Eds.), Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings (pp. 547-580). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13793 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-22969-5_19

Rotatable Zero Knowledge Sets: Post Compromise Secure Auditable Dictionaries with Application to Key Transparency. / Chen, Brian; Dodis, Yevgeniy; Ghosh, Esha et al.
Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings. ed. / Shweta Agrawal; Dongdai Lin. Springer Science and Business Media Deutschland GmbH, 2022. p. 547-580 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13793 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chen, B, Dodis, Y, Ghosh, E, Goldin, E, Kesavan, B, Marcedone, A & Mou, ME 2022, Rotatable Zero Knowledge Sets: Post Compromise Secure Auditable Dictionaries with Application to Key Transparency. in S Agrawal & D Lin (eds), Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13793 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 547-580, 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022, Taipei, Taiwan, Province of China, 12/5/22. https://doi.org/10.1007/978-3-031-22969-5_19

Chen B, Dodis Y, Ghosh E, Goldin E, Kesavan B, Marcedone A et al. Rotatable Zero Knowledge Sets: Post Compromise Secure Auditable Dictionaries with Application to Key Transparency. In Agrawal S, Lin D, editors, Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 547-580. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-22969-5_19

Chen, Brian ; Dodis, Yevgeniy ; Ghosh, Esha et al. / Rotatable Zero Knowledge Sets : Post Compromise Secure Auditable Dictionaries with Application to Key Transparency. Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings. editor / Shweta Agrawal ; Dongdai Lin. Springer Science and Business Media Deutschland GmbH, 2022. pp. 547-580 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0cfe51eaae884d23a4ce5a1e7786997b,

title = "Rotatable Zero Knowledge Sets: Post Compromise Secure Auditable Dictionaries with Application to Key Transparency",

abstract = "Key Transparency (KT) systems allow end-to-end encrypted service providers (messaging, calls, etc.) to maintain an auditable directory of their users{\textquoteright} public keys, producing proofs that all participants have a consistent view of those keys, and allowing each user to check updates to their own keys. KT has lately received a lot of attention, in particular its privacy preserving variants, which also ensure that users and auditors do not learn anything beyond what is necessary to use the service and keep the service provider accountable. Abstractly, the problem of building such systems reduces to constructing so-called append-only Zero-Knowledge Sets (aZKS). Unfortunately, existing aZKS (and KT) solutions do not allow to adequately restore the privacy guarantees after a server compromise, a form of Post-Compromise Security (PCS), while maintaining the auditability properties. In this work we address this concern through the formalization of an extension of aZKS called Rotatable ZKS (RZKS ). In addition to providing PCS, our notion of RZKS has several other attractive features, such as a stronger (extractable) soundness notion, and the ability for a communication party with out-of-date data to efficiently “catch up” to the current epoch while ensuring that the server did not erase any of the past data. Of independent interest, we also introduce a new primitive called a Rotatable Verifiable Random Function (VRF), and show how to build RZKS in a modular fashion from a rotatable VRF, ordered accumulator, and append-only vector commitment schemes.",

keywords = "Key Transparency, Post-compromise security, Verifiable random functions, Zero-knowledge sets",

author = "Brian Chen and Yevgeniy Dodis and Esha Ghosh and Eli Goldin and Balachandar Kesavan and Antonio Marcedone and Mou, {Merry Ember}",

note = "Publisher Copyright: {\textcopyright} 2022, International Association for Cryptologic Research.; 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022 ; Conference date: 05-12-2022 Through 09-12-2022",

year = "2022",

doi = "10.1007/978-3-031-22969-5_19",

language = "English (US)",

isbn = "9783031229688",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "547--580",

editor = "Shweta Agrawal and Dongdai Lin",

booktitle = "Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Rotatable Zero Knowledge Sets

T2 - 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022

AU - Chen, Brian

AU - Dodis, Yevgeniy

AU - Ghosh, Esha

AU - Goldin, Eli

AU - Kesavan, Balachandar

AU - Marcedone, Antonio

AU - Mou, Merry Ember

PY - 2022

Y1 - 2022

N2 - Key Transparency (KT) systems allow end-to-end encrypted service providers (messaging, calls, etc.) to maintain an auditable directory of their users’ public keys, producing proofs that all participants have a consistent view of those keys, and allowing each user to check updates to their own keys. KT has lately received a lot of attention, in particular its privacy preserving variants, which also ensure that users and auditors do not learn anything beyond what is necessary to use the service and keep the service provider accountable. Abstractly, the problem of building such systems reduces to constructing so-called append-only Zero-Knowledge Sets (aZKS). Unfortunately, existing aZKS (and KT) solutions do not allow to adequately restore the privacy guarantees after a server compromise, a form of Post-Compromise Security (PCS), while maintaining the auditability properties. In this work we address this concern through the formalization of an extension of aZKS called Rotatable ZKS (RZKS ). In addition to providing PCS, our notion of RZKS has several other attractive features, such as a stronger (extractable) soundness notion, and the ability for a communication party with out-of-date data to efficiently “catch up” to the current epoch while ensuring that the server did not erase any of the past data. Of independent interest, we also introduce a new primitive called a Rotatable Verifiable Random Function (VRF), and show how to build RZKS in a modular fashion from a rotatable VRF, ordered accumulator, and append-only vector commitment schemes.

AB - Key Transparency (KT) systems allow end-to-end encrypted service providers (messaging, calls, etc.) to maintain an auditable directory of their users’ public keys, producing proofs that all participants have a consistent view of those keys, and allowing each user to check updates to their own keys. KT has lately received a lot of attention, in particular its privacy preserving variants, which also ensure that users and auditors do not learn anything beyond what is necessary to use the service and keep the service provider accountable. Abstractly, the problem of building such systems reduces to constructing so-called append-only Zero-Knowledge Sets (aZKS). Unfortunately, existing aZKS (and KT) solutions do not allow to adequately restore the privacy guarantees after a server compromise, a form of Post-Compromise Security (PCS), while maintaining the auditability properties. In this work we address this concern through the formalization of an extension of aZKS called Rotatable ZKS (RZKS ). In addition to providing PCS, our notion of RZKS has several other attractive features, such as a stronger (extractable) soundness notion, and the ability for a communication party with out-of-date data to efficiently “catch up” to the current epoch while ensuring that the server did not erase any of the past data. Of independent interest, we also introduce a new primitive called a Rotatable Verifiable Random Function (VRF), and show how to build RZKS in a modular fashion from a rotatable VRF, ordered accumulator, and append-only vector commitment schemes.

KW - Key Transparency

KW - Post-compromise security

KW - Verifiable random functions

KW - Zero-knowledge sets

UR - http://www.scopus.com/inward/record.url?scp=85149627060&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85149627060&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-22969-5_19

DO - 10.1007/978-3-031-22969-5_19

M3 - Conference contribution

AN - SCOPUS:85149627060

SN - 9783031229688

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 547

EP - 580

BT - Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings

A2 - Agrawal, Shweta

A2 - Lin, Dongdai

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 5 December 2022 through 9 December 2022

ER -