Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DECO: Liberating Web Data Using Decentralized Oracles for TLS

Fan Zhang, Sai Krishna Deepak Maram, Harjasleen Malvai, Steven Goldfeder, Ari Juels

TL;DR

DECO introduces a privacy_preserving, decentralized oracle for TLS data that enables provable data provenance without trusted hardware or server modifications. It achieves this via a novel three_party handshake that secret_shares TLS keys between prover and verifier, a query_execution phase that preserves data privacy, and a proof_generation phase employing selective_opening and context_integrity through two_stage_parsing. The work provides formal security definitions, outlines UC_secure proofs, and demonstrates practical end_to_end performance with three real applications, including confidential financial instruments and anonymous credentials. This approach potentially liberates private web data from silos, enabling secure cross_domain applications while highlighting regulatory and compliance considerations.

Abstract

Thanks to the widespread deployment of TLS, users can access private data over channels with end-to-end confidentiality and integrity. What they cannot do, however, is prove to third parties the {\em provenance} of such data, i.e., that it genuinely came from a particular website. Existing approaches either introduce undesirable trust assumptions or require server-side modifications. As a result, the value of users' private data is locked up in its point of origin. Users cannot export their data with preserved integrity to other applications without help and permission from the current data holder. We propose DECO (short for \underline{dec}entralized \underline{o}racle) to address the above problems. DECO allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret. DECO is the first such system that works without trusted hardware or server-side modifications. DECO can liberate data from centralized web-service silos, making it accessible to a rich spectrum of applications. To demonstrate the power of DECO, we implement three applications that are hard to achieve without it: a private financial instrument using smart contracts, converting legacy credentials to anonymous credentials, and verifiable claims against price discrimination.

DECO: Liberating Web Data Using Decentralized Oracles for TLS

TL;DR

DECO introduces a privacy_preserving, decentralized oracle for TLS data that enables provable data provenance without trusted hardware or server modifications. It achieves this via a novel three_party handshake that secret_shares TLS keys between prover and verifier, a query_execution phase that preserves data privacy, and a proof_generation phase employing selective_opening and context_integrity through two_stage_parsing. The work provides formal security definitions, outlines UC_secure proofs, and demonstrates practical end_to_end performance with three real applications, including confidential financial instruments and anonymous credentials. This approach potentially liberates private web data from silos, enabling secure cross_domain applications while highlighting regulatory and compliance considerations.

Abstract

Thanks to the widespread deployment of TLS, users can access private data over channels with end-to-end confidentiality and integrity. What they cannot do, however, is prove to third parties the {\em provenance} of such data, i.e., that it genuinely came from a particular website. Existing approaches either introduce undesirable trust assumptions or require server-side modifications. As a result, the value of users' private data is locked up in its point of origin. Users cannot export their data with preserved integrity to other applications without help and permission from the current data holder. We propose DECO (short for \underline{dec}entralized \underline{o}racle) to address the above problems. DECO allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret. DECO is the first such system that works without trusted hardware or server-side modifications. DECO can liberate data from centralized web-service silos, making it accessible to a rich spectrum of applications. To demonstrate the power of DECO, we implement three applications that are hard to achieve without it: a private financial instrument using smart contracts, converting legacy credentials to anonymous credentials, and verifiable claims against price discrimination.

Paper Structure

This paper contains 62 sections, 1 theorem, 8 equations, 11 figures, 2 tables.

Table of Contents

  1. Introduction
  2. $\mathsf{DECO}$
  3. Technical challenges
  4. Implementation and evaluation
  5. Background
  6. Transport Layer Security (TLS)
  7. Multi-party computation
  8. Overview
  9. Problem statement: Decentralized oracles
  10. Notation and definitions
  11. A strawman protocol
  12. Overview of $\mathsf{DECO}$
  13. Three-party handshake
  14. Query execution
  15. Proof generation
  16. ...and 47 more sections

Key Result

theorem 1

Assuming the discrete log problem is hard in the group used in the three-party handshake, and that $f$ (the compression function of SHA-256) is an random oracle, $\mathsf{Prot}_\text{$\mathsf{DECO}$\xspace}$ UC-securely realizes $\mathcal{F}_{\text{Oracle}}$ in the $(\mathcal{F}_\text{2PC},\mathcal{

Figures (11)

  • Figure 1: The oracle functionality.
  • Figure 2: An overview of the workflow in $\mathsf{DECO}$. The protocol has three phases: a three-party handshake phase to establish session keys in a special format to achieve unforgeability, a query execution phase where $\textcolor{party}{\mathcal{P}}$ queries the server for data using a query built from the template with her private parameters $\textcolor{private}{\theta_s}$, and finally a proof generation phase in which $\textcolor{party}{\mathcal{P}}$ proves that the query is well-formed and the response satisfies the desired condition.
  • Figure 3: Example bank statement to demonstrate selective opening and context-integrity attacks.
  • Figure 4: The $\mathsf{DECO}$ protocol. We only show the CBC-HMAC variant for clarify, while the GCM variant is described in \ref{['sec:full protocol']}.
  • Figure 5: Two parties Alice and Bob execute a confidential binary option. Alice uses $\mathsf{DECO}$ to access a stock price API and convince $\mathcal{O}\xspace$ she has won. Examples of request and response are shown to the right. Text in red is sensitive information to be redacted.
  • ...and 6 more figures

Theorems & Definitions (6)

  • definition 1
  • theorem 1: Security of $\mathsf{Prot}_{\mathsf{DECO}\xspace}$
  • definition 2
  • definition 3
  • definition 4
  • Claim 1