Table of Contents
Fetching ...

zkRansomware: Proof-of-Data Recoverability and Multi-round Game Theoretic Modeling of Ransomware Decisions

Xinyu Hou, Yang Lu, Rabimba Karanjai, Lei Xu, Weidong Shi

TL;DR

This work introduces zkRansomware, a ransomware model that employs verifiable encryption and smart contracts to guarantee data recovery and enable multi‑round payments, reducing data‑privacy risk and enabling new attacker–victim dynamics. It develops a formal multi‑round game‑theoretic framework with reputation dynamics, providing backward‑induction based strategies and linear programs to compute optimal attacker reputations and continuation decisions. Prototyping with VECK/FDE and zk‑SNARKs, plus simulations over data‑value distributions and decay functions, shows that multi‑round payments under credible reputation can increase attacker profits, while also offering the victim greater control over risk; the results depend on data value, leakage dynamics, and the attacker’s reputation management. The paper also discusses mitigation strategies, including detecting FDE patterns and reinforcing data‑at‑rest privacy, and highlights a new equilibrium in ransomware decision making with practical implications for risk analysis and incident response.

Abstract

Ransomware is still one of the most serious cybersecurity threats. Victims often pay but fail to regain access to their data, while also facing the danger of losing data privacy. These uncertainties heavily shape the attacker-victim dynamics in decision-making. In this paper, we introduce and analyze zkRansomware. This new ransomware model integrates zero-knowledge proofs to enable verifiable data recovery and uses smart contracts to enforce multi-round payments while mitigating the risk of data disclosure and privacy loss. We show that zkRansomware is technically feasible using existing cryptographic and blockchain tools and, perhaps counterintuitively, can align incentives between the attacker and the victim. Finally, we develop a theoretical decision-making framework for zkRansomware that distinguishes it from known ransomware decision models and discusses its implications for ransomware risk analysis and response decision support.

zkRansomware: Proof-of-Data Recoverability and Multi-round Game Theoretic Modeling of Ransomware Decisions

TL;DR

This work introduces zkRansomware, a ransomware model that employs verifiable encryption and smart contracts to guarantee data recovery and enable multi‑round payments, reducing data‑privacy risk and enabling new attacker–victim dynamics. It develops a formal multi‑round game‑theoretic framework with reputation dynamics, providing backward‑induction based strategies and linear programs to compute optimal attacker reputations and continuation decisions. Prototyping with VECK/FDE and zk‑SNARKs, plus simulations over data‑value distributions and decay functions, shows that multi‑round payments under credible reputation can increase attacker profits, while also offering the victim greater control over risk; the results depend on data value, leakage dynamics, and the attacker’s reputation management. The paper also discusses mitigation strategies, including detecting FDE patterns and reinforcing data‑at‑rest privacy, and highlights a new equilibrium in ransomware decision making with practical implications for risk analysis and incident response.

Abstract

Ransomware is still one of the most serious cybersecurity threats. Victims often pay but fail to regain access to their data, while also facing the danger of losing data privacy. These uncertainties heavily shape the attacker-victim dynamics in decision-making. In this paper, we introduce and analyze zkRansomware. This new ransomware model integrates zero-knowledge proofs to enable verifiable data recovery and uses smart contracts to enforce multi-round payments while mitigating the risk of data disclosure and privacy loss. We show that zkRansomware is technically feasible using existing cryptographic and blockchain tools and, perhaps counterintuitively, can align incentives between the attacker and the victim. Finally, we develop a theoretical decision-making framework for zkRansomware that distinguishes it from known ransomware decision models and discusses its implications for ransomware risk analysis and response decision support.
Paper Structure (17 sections, 6 theorems, 19 equations, 10 figures, 1 table)

This paper contains 17 sections, 6 theorems, 19 equations, 10 figures, 1 table.

Key Result

Theorem 1

Faced with the worst-reputation attacker, victims will never pay the ransom. The attacker will choose to sell the data.

Figures (10)

  • Figure 1: A high-level diagram of zkRansomware.
  • Figure 2: Average attacker profit under different data values.
  • Figure 3: Total attacker profit under different data values.
  • Figure 4: Profit under different data value ranges.
  • Figure 5: Optimal reputation with $f(x) = (1-x)^2$.
  • ...and 5 more figures

Theorems & Definitions (11)

  • Theorem 1
  • Theorem 2
  • Theorem 3
  • Theorem 4
  • Proposition 5
  • Theorem 6
  • proof
  • proof
  • proof
  • proof
  • ...and 1 more