skip to main content
10.1145/1455770.1455816acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Type-checking zero-knowledge

Published: 27 October 2008 Publication History

Abstract

This paper presents the first type system for statically analyzing security protocols that are based on zero-knowledge proofs. We show how certain properties offered by zero-knowledge proofs can be characterized in terms of authorization policies and statically enforced by a type system. The analysis is modular and compositional, and provides security proofs for an unbounded number of protocol executions. We develop a new type-checker that conducts the analysis in a fully automated manner. We exemplify the applicability of our technique to real-world protocols by verifying the authenticity and secrecy properties of the Direct Anonymous Attestation (DAA) protocol. The analysis of DAA takes less than three seconds.

References

[1]
M. Abadi. Secrecy by typing in security protocols. Journal of the ACM, 46(5):749--786, 1999.
[2]
M. Abadi. Logic in access control. In Proc. 18th IEEE Symposium on Logic in Computer Science (LICS), pages 228--233. IEEE Computer Society Press, 2003.
[3]
M. Abadi and B. Blanchet. Secrecy types for asymmetric communication. In Proc. 4th International Conference on Foundations of Software Science and Computation Structures (FOSSACS), volume 2030 of Lecture Notes in Computer Science, pages 25--41. Springer-Verlag, 2001.
[4]
M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. Journal of the ACM, 52(1):102--146, 2005.
[5]
M. Abadi, B. Blanchet, and C. Fournet. Automated verification of selected equivalences for security protocols. In Proc. 20th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 331--340. IEEE Computer Society Press, 2005.
[6]
A. Acquisti. Receipt-free homomorphic elections and write-in ballots. Cryptology ePrint Archive, Report 2004/105, 2004. http://eprint.iacr.org/.
[7]
L. Bachmair and H. Ganzinger. Rewrite-based equational theorem proving with selection and simplification. Journal of Logic and Computation, 4(3):217--247, 1994.
[8]
M. Backes, A. Cortesi, R. Focardi, and M. Maffei. A calculus of challenges and responses. In Proc. 5th ACM Workshop on Formal Methods in Security Engineering (FMSE), pages 101--116. ACM Press, 2007.
[9]
M. Backes, C. Hritcu, and M. Maffei. Automated verification of remote electronic voting protocols in the applied pi-calculus. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 195--209. IEEE Computer Society Press, 2008.
[10]
M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. Long version available at http://www.infsec.cs.uni-sb.de/~hritcu/publications/zk-types-full.pdf, 2008.
[11]
M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. Implementation available at http://www.infsec.cs.uni-sb.de/projects/zk-typechecker, 2008.
[12]
M. Backes, M. Maffei, and D. Unruh. Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In Proc. 29th IEEE Symposium on Security and Privacy, pages 202--215. IEEE Computer Society Press, 2008.
[13]
M. Backes and D. Unruh. Computational soundness of symbolic zero-knowledge proofs against active attackers. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 255--269. IEEE Computer Society Press, 2008.
[14]
J. Bengtson, K. Bhargavan, C. Fournet, A.D. Gordon, and S. Maffeis. Refinement types for secure implementations. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 17--32. IEEE Computer Society Press, 2008.
[15]
B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pages 82--96. IEEE Computer Society Press, 2001.
[16]
D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS. In Advances in Cryptology: CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, pages 1--12. Springer-Verlag, 1998.
[17]
E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proc. 11th ACM Conference on Computer and Communications Security, pages 132--145. ACM Press, 2004.
[18]
M. Bugliesi, R. Focardi, and M. Maffei. Dynamic types for authentication. Journal of Computer Security, 15(6):563--617, 2007.
[19]
F. Butler, I. Cervesato, A.D. Jaggard, A. Scedrov, and C. Walstad. Formal analysis of Kerberos 5. Theoretical Computer Science, 367(1):57--87, 2006.
[20]
D. Chaum. Blind signatures for untraceable payments. In Advances in Cryptology: CRYPTO'82, pages 199--203, 1983.
[21]
M.R. Clarkson, S. Chong, and A.C. Myers. Civitas: A secure voting system. In Proc. 29th IEEE Symposium on Security and Privacy, pages 354--368. IEEE Computer Society Press, 2008.
[22]
R. Corin, P. Denielou, C. Fournet, K. Bhargavan, and J. Leifer. Secure implementations for typed session abstractions. In Proc. 20th IEEE Symposium on Computer Security Foundations (CSF), pages 170--186. IEEE Computer Society Press, 2007.
[23]
S. Delaune, S. Kremer, and M. Ryan. Coercion-resistance and receipt-freeness in electronic voting. In Proc. 19th IEEE Computer Security Foundations Workshop (CSFW), pages 28--42. IEEE Computer Society Press, 2006.
[24]
S. Delaune, M. Ryan, and B. Smyth. Automatic verification of privacy properties in the applied pi calculus. To appear in 2nd Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM'08), 2008.
[25]
B. Dragovic, E. Kotsovinos, S. Hand, and P.R. Pietzuch. Xenotrust: Event-based distributed trust management. In Proc. 14th International Workshop on Database and Expert Systems Applications (DEXA'03), pages 410--414. IEEE Computer Society Press, 2003.
[26]
D. Fisher. Millions of .Net Passport accounts put at risk. eWeek, May 2003. (Flaw detected by Muhammad Faisal Rauf Danka).
[27]
C. Fournet, A.D. Gordon, and S. Maffeis. A type discipline for authorization policies. In Proc. 14th European Symposium on Programming (ESOP), Lecture Notes in Computer Science, pages 141--156. Springer-Verlag, 2005.
[28]
C. Fournet, A.D. Gordon, and S. Maffeis. A type discipline for authorization in distributed systems. In Proc. 20th IEEE Symposium on Computer Security Foundations (CSF), pages 31--45. IEEE Computer Society Press, 2007.
[29]
O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001.
[30]
A.D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 4(11):451--521, 2003.
[31]
A.D. Gordon and A. Jeffrey. Types and effects for asymmetric cryptographic protocols. Journal of Computer Security, 12(3):435--484, 2004.
[32]
A.D. Gordon and A. Jeffrey. Secrecy despite compromise: Types, cryptography, and the pi-calculus. In Proc. 16th International Conference on Concurrency Theory (CONCUR), volume 3653, pages 186--201. Springer-Verlag, 2005.
[33]
C. Haack and A. Jeffrey. Timed spi-calculus with types for secrecy and authenticity. In Proc. 16th International Conference on Concurrency Theory (CONCUR), volume 3653, pages 202--216. Springer-Verlag, 2005.
[34]
C. Haack and A. Jeffrey. Pattern-matching spi-calculus. Information and Computation, 204(8):1195--1263, 2006.
[35]
A. Juels, D. Catalano, and M. Jakobsson. Coercion-resistant electronic elections. In Proc. 4nd ACM Workshop on Privacy in the Electronic Society (WPES), pages 61--70. ACM Press, 2005.
[36]
S.D. Kamvar, M. Schlosser, and H. Garcia-Molina. The eigentrust algorithm for reputation management in p2p networks. In In Proc. 12th International World Wide Web Conference (WWW), pages 640--651. ACM Press, 2003.
[37]
L. Lu, J. Han, L. Hu, J. Huai, Y. Liu, and L.M. Ni. Pseudo trust: Zero-knowledge based authentication in anonymous peer-to-peer protocols. In Proc. 2007 IEEE International Parallel and Distributed Processing Symposium, page 94. IEEE Computer Society Press, 2007.
[38]
D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proc. 2nd USENIX Workshop on Electronic Commerce, pages 29--40, 1996.
[39]
C. Weidenbach, R. Schmidt, T. Hillenbrand, R. Rusev, and D. Topic. System description: SPASS version 3.0. In Automated Deduction -- CADE-21 : 21st International Conference on Automated Deduction, volume 4603 of Lecture Notes in Artificial Intelligence, pages 514--520. Springer, 2007.

Cited By

View all
  • (2020)Towards GDPR Compliant Software Design: A Formal Framework for Analyzing System ModelsEvaluation of Novel Approaches to Software Engineering10.1007/978-3-030-40223-5_7(135-162)Online publication date: 9-Feb-2020
  • (2017)Existential Assertions for Voting ProtocolsFinancial Cryptography and Data Security10.1007/978-3-319-70278-0_21(337-352)Online publication date: 19-Nov-2017
  • (2015)Affine Refinement Types for Secure Distributed ProgrammingACM Transactions on Programming Languages and Systems10.1145/274301837:4(1-66)Online publication date: 13-Aug-2015
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '08: Proceedings of the 15th ACM conference on Computer and communications security
October 2008
590 pages
ISBN:9781595938107
DOI:10.1145/1455770
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. authorization policies
  2. language-based security
  3. type systems
  4. zero-knowledge protocols

Qualifiers

  • Research-article

Conference

CCS08
Sponsor:

Acceptance Rates

CCS '08 Paper Acceptance Rate 51 of 280 submissions, 18%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)4
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2020)Towards GDPR Compliant Software Design: A Formal Framework for Analyzing System ModelsEvaluation of Novel Approaches to Software Engineering10.1007/978-3-030-40223-5_7(135-162)Online publication date: 9-Feb-2020
  • (2017)Existential Assertions for Voting ProtocolsFinancial Cryptography and Data Security10.1007/978-3-319-70278-0_21(337-352)Online publication date: 19-Nov-2017
  • (2015)Affine Refinement Types for Secure Distributed ProgrammingACM Transactions on Programming Languages and Systems10.1145/274301837:4(1-66)Online publication date: 13-Aug-2015
  • (2015)Symbolic Malleable Zero-Knowledge ProofsProceedings of the 2015 IEEE 28th Computer Security Foundations Symposium10.1109/CSF.2015.35(412-426)Online publication date: 13-Jul-2015
  • (2015)Type Checking Privacy Policies in the π-calculusFormal Techniques for Distributed Objects, Components, and Systems10.1007/978-3-319-19195-9_12(181-195)Online publication date: 2015
  • (2014)Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementationsJournal of Computer Security10.5555/2595841.259584522:2(301-353)Online publication date: 1-Mar-2014
  • (2014)Extending Dolev-Yao with AssertionsInformation Systems Security10.1007/978-3-319-13841-1_4(50-68)Online publication date: 2014
  • (2013)Fine-Grained Refinement on TPM-Based Protocol ApplicationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2013.22589158:6(1013-1026)Online publication date: 1-Jun-2013
  • (2013)Differential Privacy by Typing in Security ProtocolsProceedings of the 2013 IEEE 26th Computer Security Foundations Symposium10.1109/CSF.2013.25(272-286)Online publication date: 26-Jun-2013
  • (2013)Security and Privacy by Declarative DesignProceedings of the 2013 IEEE 26th Computer Security Foundations Symposium10.1109/CSF.2013.13(81-96)Online publication date: 26-Jun-2013
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media