research-article

Type-checking zero-knowledge

Authors:
Michael Backes

Saarland University, MPI-SWS, Saarbruecken, Germany

Saarland University, MPI-SWS, Saarbruecken, Germany
View Profile

,
Cǎtǎlin Hritcu

Saarland University, Saarbruecken, Germany

Saarland University, Saarbruecken, Germany
View Profile

,
Matteo Maffei

Saarland University, Saarbruecken, Germany

Saarland University, Saarbruecken, Germany
View Profile

CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityOctober 2008Pages 357–370https://doi.org/10.1145/1455770.1455816

Published:27 October 2008Publication History

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Pages 357–370

ABSTRACT

This paper presents the first type system for statically analyzing security protocols that are based on zero-knowledge proofs. We show how certain properties offered by zero-knowledge proofs can be characterized in terms of authorization policies and statically enforced by a type system. The analysis is modular and compositional, and provides security proofs for an unbounded number of protocol executions. We develop a new type-checker that conducts the analysis in a fully automated manner. We exemplify the applicability of our technique to real-world protocols by verifying the authenticity and secrecy properties of the Direct Anonymous Attestation (DAA) protocol. The analysis of DAA takes less than three seconds.

References

M. Abadi. Secrecy by typing in security protocols. Journal of the ACM, 46(5):749--786, 1999. Google ScholarDigital Library
M. Abadi. Logic in access control. In Proc. 18th IEEE Symposium on Logic in Computer Science (LICS), pages 228--233. IEEE Computer Society Press, 2003. Google ScholarDigital Library
M. Abadi and B. Blanchet. Secrecy types for asymmetric communication. In Proc. 4th International Conference on Foundations of Software Science and Computation Structures (FOSSACS), volume 2030 of Lecture Notes in Computer Science, pages 25--41. Springer-Verlag, 2001. Google ScholarDigital Library
M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. Journal of the ACM, 52(1):102--146, 2005. Google ScholarDigital Library
M. Abadi, B. Blanchet, and C. Fournet. Automated verification of selected equivalences for security protocols. In Proc. 20th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 331--340. IEEE Computer Society Press, 2005. Google ScholarDigital Library
A. Acquisti. Receipt-free homomorphic elections and write-in ballots. Cryptology ePrint Archive, Report 2004/105, 2004. http://eprint.iacr.org/.Google Scholar
L. Bachmair and H. Ganzinger. Rewrite-based equational theorem proving with selection and simplification. Journal of Logic and Computation, 4(3):217--247, 1994.Google ScholarCross Ref
M. Backes, A. Cortesi, R. Focardi, and M. Maffei. A calculus of challenges and responses. In Proc. 5th ACM Workshop on Formal Methods in Security Engineering (FMSE), pages 101--116. ACM Press, 2007. Google ScholarDigital Library
M. Backes, C. Hritcu, and M. Maffei. Automated verification of remote electronic voting protocols in the applied pi-calculus. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 195--209. IEEE Computer Society Press, 2008. Google ScholarDigital Library
M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. Long version available at http://www.infsec.cs.uni-sb.de/~hritcu/publications/zk-types-full.pdf, 2008. Google ScholarDigital Library
M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. Implementation available at http://www.infsec.cs.uni-sb.de/projects/zk-typechecker, 2008. Google ScholarDigital Library
M. Backes, M. Maffei, and D. Unruh. Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In Proc. 29th IEEE Symposium on Security and Privacy, pages 202--215. IEEE Computer Society Press, 2008. Google ScholarDigital Library
M. Backes and D. Unruh. Computational soundness of symbolic zero-knowledge proofs against active attackers. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 255--269. IEEE Computer Society Press, 2008. Google ScholarDigital Library
J. Bengtson, K. Bhargavan, C. Fournet, A.D. Gordon, and S. Maffeis. Refinement types for secure implementations. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 17--32. IEEE Computer Society Press, 2008. Google ScholarDigital Library
B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pages 82--96. IEEE Computer Society Press, 2001. Google ScholarDigital Library
D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS. In Advances in Cryptology: CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, pages 1--12. Springer-Verlag, 1998. Google ScholarDigital Library
E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proc. 11th ACM Conference on Computer and Communications Security, pages 132--145. ACM Press, 2004. Google ScholarDigital Library
M. Bugliesi, R. Focardi, and M. Maffei. Dynamic types for authentication. Journal of Computer Security, 15(6):563--617, 2007. Google ScholarDigital Library
F. Butler, I. Cervesato, A.D. Jaggard, A. Scedrov, and C. Walstad. Formal analysis of Kerberos 5. Theoretical Computer Science, 367(1):57--87, 2006. Google ScholarDigital Library
D. Chaum. Blind signatures for untraceable payments. In Advances in Cryptology: CRYPTO'82, pages 199--203, 1983.Google ScholarCross Ref
M.R. Clarkson, S. Chong, and A.C. Myers. Civitas: A secure voting system. In Proc. 29th IEEE Symposium on Security and Privacy, pages 354--368. IEEE Computer Society Press, 2008. Google ScholarDigital Library
R. Corin, P. Denielou, C. Fournet, K. Bhargavan, and J. Leifer. Secure implementations for typed session abstractions. In Proc. 20th IEEE Symposium on Computer Security Foundations (CSF), pages 170--186. IEEE Computer Society Press, 2007. Google ScholarDigital Library
S. Delaune, S. Kremer, and M. Ryan. Coercion-resistance and receipt-freeness in electronic voting. In Proc. 19th IEEE Computer Security Foundations Workshop (CSFW), pages 28--42. IEEE Computer Society Press, 2006. Google ScholarDigital Library
S. Delaune, M. Ryan, and B. Smyth. Automatic verification of privacy properties in the applied pi calculus. To appear in 2nd Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM'08), 2008.Google Scholar
B. Dragovic, E. Kotsovinos, S. Hand, and P.R. Pietzuch. Xenotrust: Event-based distributed trust management. In Proc. 14th International Workshop on Database and Expert Systems Applications (DEXA'03), pages 410--414. IEEE Computer Society Press, 2003. Google ScholarDigital Library
D. Fisher. Millions of .Net Passport accounts put at risk. eWeek, May 2003. (Flaw detected by Muhammad Faisal Rauf Danka).Google Scholar
C. Fournet, A.D. Gordon, and S. Maffeis. A type discipline for authorization policies. In Proc. 14th European Symposium on Programming (ESOP), Lecture Notes in Computer Science, pages 141--156. Springer-Verlag, 2005.Google ScholarDigital Library
C. Fournet, A.D. Gordon, and S. Maffeis. A type discipline for authorization in distributed systems. In Proc. 20th IEEE Symposium on Computer Security Foundations (CSF), pages 31--45. IEEE Computer Society Press, 2007. Google ScholarDigital Library
O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001. Google ScholarCross Ref
A.D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 4(11):451--521, 2003. Google ScholarDigital Library
A.D. Gordon and A. Jeffrey. Types and effects for asymmetric cryptographic protocols. Journal of Computer Security, 12(3):435--484, 2004. Google ScholarDigital Library
A.D. Gordon and A. Jeffrey. Secrecy despite compromise: Types, cryptography, and the pi-calculus. In Proc. 16th International Conference on Concurrency Theory (CONCUR), volume 3653, pages 186--201. Springer-Verlag, 2005. Google ScholarDigital Library
C. Haack and A. Jeffrey. Timed spi-calculus with types for secrecy and authenticity. In Proc. 16th International Conference on Concurrency Theory (CONCUR), volume 3653, pages 202--216. Springer-Verlag, 2005. Google ScholarDigital Library
C. Haack and A. Jeffrey. Pattern-matching spi-calculus. Information and Computation, 204(8):1195--1263, 2006. Google ScholarDigital Library
A. Juels, D. Catalano, and M. Jakobsson. Coercion-resistant electronic elections. In Proc. 4nd ACM Workshop on Privacy in the Electronic Society (WPES), pages 61--70. ACM Press, 2005. Google ScholarDigital Library
S.D. Kamvar, M. Schlosser, and H. Garcia-Molina. The eigentrust algorithm for reputation management in p2p networks. In In Proc. 12th International World Wide Web Conference (WWW), pages 640--651. ACM Press, 2003. Google ScholarDigital Library
L. Lu, J. Han, L. Hu, J. Huai, Y. Liu, and L.M. Ni. Pseudo trust: Zero-knowledge based authentication in anonymous peer-to-peer protocols. In Proc. 2007 IEEE International Parallel and Distributed Processing Symposium, page 94. IEEE Computer Society Press, 2007.Google Scholar
D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proc. 2nd USENIX Workshop on Electronic Commerce, pages 29--40, 1996. Google ScholarDigital Library
C. Weidenbach, R. Schmidt, T. Hillenbrand, R. Rusev, and D. Topic. System description: SPASS version 3.0. In Automated Deduction -- CADE-21 : 21st International Conference on Automated Deduction, volume 4603 of Lecture Notes in Artificial Intelligence, pages 514--520. Springer, 2007. Google ScholarDigital Library

Index Terms

Type-checking zero-knowledge
1. Networks
  1. Network protocols
    1. Protocol correctness
      1. Protocol testing and verification
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

Achieving Security Despite Compromise Using Zero-knowledge
CSF '09: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium

One of the important challenges when designing and analyzing cryptographic protocols is the enforcement of security properties in the presence of compromised participants. This paper presents a general technique for strengthening cryptographic protocols ...
Read More
Minimum resource zero knowledge proofs
SFCS '89: Proceedings of the 30th Annual Symposium on Foundations of Computer Science

Several resources relating to zero-knowledge protocols are considered. They are the number of envelopes used in the protocol, the number of oblivious transfer protocols executed during the protocol, and the total amount of communication required by the ...
Read More
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Zero Knowledge Contingent Payment (ZKCP) protocols allow fair exchange of sold goods and payments over the Bitcoin network. In this paper we point out two main shortcomings of current proposals for ZKCP, and propose ways to address them.

First we show ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '08: Proceedings of the 15th ACM conference on Computer and communications security
October 2008
590 pages
ISBN:9781595938107
DOI:10.1145/1455770
General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chairs:
Paul Syverson
Naval Research Laboratory, USA
,
Somesh Jha
University of Wisconsin, USA
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 27 October 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
authorization policies
language-based security
type systems
zero-knowledge protocols
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '08 Paper Acceptance Rate51of280submissions,18%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 30
  Total Citations
  View Citations
- 615
  Total Downloads
- Downloads (Last 12 months)18
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Type-checking zero-knowledge

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Achieving Security Despite Compromise Using Zero-knowledge

Minimum resource zero knowledge proofs

Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services