Skip to main content
Research

Decentralized Proofs of Encrypted Web Facts without Revealing Underlying Data

DiStefano uses Two-Party Computation within TLS 1.3 to secret-share session keys, enabling zero-knowledge proofs over encrypted web data for private verification.
November 19, 20254 min

A clear, multifaceted crystal, exhibiting internal fissures and sharp geometric planes, is positioned centrally on a dark surface adorned with glowing blue circuitry. The crystal's transparency allows light to refract, highlighting its complex structure, reminiscent of a perfectly cut gem or a frozen entity
A precisely faceted glass cube, divided into smaller geometric segments, is centrally positioned within a sophisticated, hexagonal framework. This framework exhibits a complex assembly of white and deep blue structural elements, indicative of cutting-edge technology and secure digital architecture

Briefing

The research addresses the fundamental conflict between data utility and user privacy, specifically the challenge of exporting trusted facts from an encrypted Transport-Layer Security (TLS) channel without exposing the underlying data or browsing history. The foundational breakthrough is DiStefano, an efficient, maliciously-secure framework that integrates Two-Party Computation (2PC) directly into the TLS 1.3 handshake to secret-share session keys between the client and a designated verifier. This novel mechanism allows the client to generate private commitments over the encrypted web traffic, which can then be used to construct arbitrary zero-knowledge proofs over the committed data, ensuring data integrity and user privacy simultaneously. The most important implication is the creation of a trustless cryptographic primitive for compliant, privacy-preserving credentialing and data attestation, fundamentally enabling verifiable identity and facts derived from sensitive web interactions to be used on-chain or in regulated environments.

Blue faceted crystals, resembling intricate ice formations, are partially covered in white, powdery frost. The intricate blockchain architecture is visually represented by these crystalline structures, each facet symbolizing a validated block within a distributed ledger technology

Context

Before this research, exporting trusted information, such as proof of age or accepted purchase details, from an authenticated and encrypted channel secured by TLS was non-trivial and often required compromising user privacy. Prevailing solutions, such as Designated-Commitment TLS (DCTLS) protocols, were often complex, lacked modularity for arbitrary claims, and introduced significant trust assumptions or performance overhead, forcing a difficult trade-off between data utility for third-party verification and the client’s fundamental right to browsing history privacy. This limitation constrained the development of decentralized identity systems that rely on real-world, verified credentials.

A highly detailed, abstract rendering showcases a transparent, angular crystal element emerging from a sophisticated, modular white device. This central unit is studded with vibrant, glowing blue cubes and reveals complex metallic gears and a central blue lens or sensor

Analysis

DiStefano’s core mechanism re-architects the TLS 1.3 handshake into a three-party protocol involving the client, the server, and a designated verifier. The new primitive is a modified TLS handshake where the client and verifier use Two-Party Computation (2PC) to jointly compute and secret-share the cryptographic session keys. This ensures neither the client nor the verifier ever possesses the complete key material, preserving confidentiality. The client then authenticates the server using a Zero-Knowledge Proof of Valid Signatures (ZKPVS) and commits the encrypted server response to the verifier.

By subsequently receiving the verifier’s key share, the client can decrypt the message and generate a zero-knowledge proof (ZKP) over a specific data point within the message (e.g. proving ‘age > 18’), which the verifier can confirm without ever seeing the full encrypted content or the client’s browsing history. This method fundamentally differs by moving the commitment and proof generation inside the encrypted channel flow, rather than attempting to prove facts after decryption.

The image displays a detailed view of a sophisticated, futuristic mechanism, predominantly featuring metallic silver components and translucent blue elements with intricate, bubbly textures. A prominent central lens and a smaller secondary lens are visible, alongside other circular structures and a slotted white panel on the left, suggesting advanced data capture and processing capabilities

Parameters

  • Online Phase Execution Time ∞ < 1 s (less than one second). This is the time required for the client and verifier to execute the complete online phase of the protocol, demonstrating practicality for real-time web use.
  • Online Phase Communication Overhead ∞ ≤ 80 KiB (kilobytes). This is the maximum data transfer required for the client and verifier to complete the online phase, indicating a low bandwidth cost.
  • Underlying Cryptographic Primitive ∞ Two-Party Computation (2PC). This technique is used to secret-share the TLS session keys between the client and the verifier, ensuring no single party has the complete decryption key.

Two modular white electronic components securely connect, revealing intricate internal wiring and metallic conduits. The image depicts a close-up of this sophisticated blockchain architecture, symbolizing critical infrastructure for digital asset ecosystems

Outlook

This framework opens a new avenue for decentralized identity and regulatory compliance by providing a mechanism to bridge trusted off-chain data sources with on-chain verifiable computation. Future research will focus on optimizing the generation of the final zero-knowledge proofs over the committed data, potentially enabling non-interactive, succinct proofs of arbitrary data structures like JSON. In the next 3-5 years, this primitive could be integrated into decentralized identity systems and zero-knowledge rollups, allowing users to privately attest to real-world financial or legal status for on-chain interactions, effectively creating a “private oracle” for web data.

The image presents two segmented, white metallic cylindrical structures, partially encased in a translucent, light blue, ice-like substance. A brilliant, starburst-like blue energy discharge emanates from the gap between these two components, surrounded by small radiating particles

Verdict

DiStefano provides the foundational cryptographic primitive required to securely bridge the private web with verifiable decentralized systems, resolving the core conflict between data utility and user privacy.

private commitments, verifiable claims, encrypted data, zero-knowledge proof, TLS 1.3, two-party computation, designated verifier, client privacy, session keys, web traffic, decentralized infrastructure, cryptographic protocol, ring signature, data integrity, secure authentication Signal Acquired from ∞ ndss-symposium.org

Micro Crypto News Feeds

cryptographic primitive

Definition ∞ A cryptographic primitive is a fundamental building block of cryptographic systems, such as encryption algorithms or hash functions.

decentralized identity

Definition ∞ Decentralized identity is a digital identity system where individuals control their own identity data without relying on a central provider.

zero-knowledge proof

Definition ∞ A zero-knowledge proof is a cryptographic method where one party, the prover, can confirm to another party, the verifier, that a statement is true without disclosing any specific details about the statement itself.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

data

Definition ∞ 'Data' in the context of digital assets refers to raw facts, figures, or information that can be processed and analyzed.

computation

Definition ∞ Computation refers to the process of performing calculations and executing algorithms, often utilizing specialized hardware or software.

zero-knowledge proofs

Definition ∞ Zero-knowledge proofs are cryptographic methods that allow one party to prove to another that a statement is true, without revealing any information beyond the validity of the statement itself.

decentralized

Definition ∞ Decentralized describes a system or organization that is not controlled by a single central authority.

Tags:

Tags: