Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Search-Bound Proximity Proofs: Binding Encrypted Geographic Search to Zero-Knowledge Verification

Yoshiyuki Ootani

Abstract

Location-based systems that combine encrypted geographic search with zero-knowledge proximity proofs typically treat the two phases as independent. Under an honest-but-curious server, this leaves an authorization provenance gap: once session state is purged, no forensic procedure can attribute a proof to its originating search session, because the proof's public inputs encode no session-identifying information. We formalize this gap as the search-authorized proof (SAP) security notion and show via a concrete audit re-association attack that proof-external mechanisms, where authorization evidence remains outside the proof, cannot prevent forensic misattribution when the same drop parameters recur across sessions. Search-Bound Proximity Proofs (SBPP) realize the SAP requirements without modifying the ZKP circuit: session nonce, Merkle-root result-set commitment, and signed receipt are decomposed into independently auditable components, enabling property-level fault isolation in offline audit. Experiments on synthetic and real-world data (110,776 OpenStreetMap POIs) show sub-millisecond absolute overhead on a 125 ms Groth16 baseline.

Search-Bound Proximity Proofs: Binding Encrypted Geographic Search to Zero-Knowledge Verification

Abstract

Location-based systems that combine encrypted geographic search with zero-knowledge proximity proofs typically treat the two phases as independent. Under an honest-but-curious server, this leaves an authorization provenance gap: once session state is purged, no forensic procedure can attribute a proof to its originating search session, because the proof's public inputs encode no session-identifying information. We formalize this gap as the search-authorized proof (SAP) security notion and show via a concrete audit re-association attack that proof-external mechanisms, where authorization evidence remains outside the proof, cannot prevent forensic misattribution when the same drop parameters recur across sessions. Search-Bound Proximity Proofs (SBPP) realize the SAP requirements without modifying the ZKP circuit: session nonce, Merkle-root result-set commitment, and signed receipt are decomposed into independently auditable components, enabling property-level fault isolation in offline audit. Experiments on synthetic and real-world data (110,776 OpenStreetMap POIs) show sub-millisecond absolute overhead on a 125 ms Groth16 baseline.

Paper Structure

This paper contains 48 sections, 7 theorems, 5 equations, 1 figure, 5 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Searchable Symmetric Encryption
  4. Zero-Knowledge Proximity Proofs
  5. Context Binding
  6. Problem Statement and Threat Model
  7. System Model
  8. Adversary Model
  9. The Search-Verify Gap
  10. Attack Classes
  11. SBPP Protocol
  12. Protocol Overview
  13. Session Management
  14. Search-Proof Binding
  15. Digest-Based Binding
  16. ...and 33 more sections

Key Result

Theorem 1

If SHA-256 is collision-resistant and Groth16 is sound, then for any PPT adversary $\mathcal{A}$ that generates transcript $\tau^*$ using a nonce $N^* \neq N_S$: $\blacktriangleleft$$\blacktriangleleft$

Figures (1)

  • Figure 1: SBPP protocol. After token matching (step 5), the server computes a Merkle root over the result set (step 6). The client embeds both $N$ and the root in the ZKP challenge digest (step 8) and submits a Merkle membership proof for the selected drop. Search tokens (step 3) do not contain $N$.

Theorems & Definitions (20)

  • Definition 1: Authorization Provenance Gap
  • Definition 2: Search-Authorized Proof
  • Definition 3: Proof-external authorization
  • Definition 4: Core SBPP Verification
  • Theorem 1: Core Session Binding
  • proof : Proof sketch
  • Theorem 2: Cross-Session Isolation
  • proof : Proof sketch
  • Definition 5: Full SBPP Verification
  • Theorem 3: Transcript-Level Authorization (A4b)
  • ...and 10 more