Research

Decentralized Proofs of Encrypted Web Facts without Revealing Underlying Data

DiStefano uses Two-Party Computation within TLS 1.3 to secret-share session keys, enabling zero-knowledge proofs over encrypted web data for private verification.
November 19, 20254 min

A striking visual displays a translucent, angular blue structure, partially covered by white, effervescent foam, set against a soft gray background. The composition features a metallic, electronic component visible beneath the blue form on the right, suggesting underlying infrastructure
A close-up view displays a complex, high-tech mechanical component. It features translucent blue outer elements surrounding a metallic silver inner core with intricate interlocking parts and layered rings

Briefing

The research addresses the fundamental conflict between data utility and user privacy, specifically the challenge of exporting trusted facts from an encrypted Transport-Layer Security (TLS) channel without exposing the underlying data or browsing history. The foundational breakthrough is DiStefano, an efficient, maliciously-secure framework that integrates Two-Party Computation (2PC) directly into the TLS 1.3 handshake to secret-share session keys between the client and a designated verifier. This novel mechanism allows the client to generate private commitments over the encrypted web traffic, which can then be used to construct arbitrary zero-knowledge proofs over the committed data, ensuring data integrity and user privacy simultaneously. The most important implication is the creation of a trustless cryptographic primitive for compliant, privacy-preserving credentialing and data attestation, fundamentally enabling verifiable identity and facts derived from sensitive web interactions to be used on-chain or in regulated environments.

A transparent, intricately designed casing encloses a dynamic blue liquid filled with numerous small, sparkling bubbles. Within this active fluid, a precise metallic and dark mechanical component is visible, suggesting a sophisticated internal operation

Context

Before this research, exporting trusted information, such as proof of age or accepted purchase details, from an authenticated and encrypted channel secured by TLS was non-trivial and often required compromising user privacy. Prevailing solutions, such as Designated-Commitment TLS (DCTLS) protocols, were often complex, lacked modularity for arbitrary claims, and introduced significant trust assumptions or performance overhead, forcing a difficult trade-off between data utility for third-party verification and the client’s fundamental right to browsing history privacy. This limitation constrained the development of decentralized identity systems that rely on real-world, verified credentials.

A sophisticated abstract 3D render displays a central blue, amorphous form partially encased by a white, highly porous, web-like material. Various metallic cylindrical elements and distinct blue rectangular processing units are visibly integrated within this intricate structure

Analysis

DiStefano’s core mechanism re-architects the TLS 1.3 handshake into a three-party protocol involving the client, the server, and a designated verifier. The new primitive is a modified TLS handshake where the client and verifier use Two-Party Computation (2PC) to jointly compute and secret-share the cryptographic session keys. This ensures neither the client nor the verifier ever possesses the complete key material, preserving confidentiality. The client then authenticates the server using a Zero-Knowledge Proof of Valid Signatures (ZKPVS) and commits the encrypted server response to the verifier.

By subsequently receiving the verifier’s key share, the client can decrypt the message and generate a zero-knowledge proof (ZKP) over a specific data point within the message (e.g. proving ‘age > 18’), which the verifier can confirm without ever seeing the full encrypted content or the client’s browsing history. This method fundamentally differs by moving the commitment and proof generation inside the encrypted channel flow, rather than attempting to prove facts after decryption.

A high-resolution, abstract digital rendering showcases a brilliant, faceted diamond lens positioned at the forefront of a spherical, intricate network of blue printed circuit boards. This device is laden with visible microchips, processors, and crystalline blue components, symbolizing the profound intersection of cutting-edge cryptography, including quantum-resistant solutions, and the foundational infrastructure of blockchain and decentralized ledger technologies

Parameters

  • Online Phase Execution Time → < 1 s (less than one second). This is the time required for the client and verifier to execute the complete online phase of the protocol, demonstrating practicality for real-time web use.
  • Online Phase Communication Overhead → ≤ 80 KiB (kilobytes). This is the maximum data transfer required for the client and verifier to complete the online phase, indicating a low bandwidth cost.
  • Underlying Cryptographic Primitive → Two-Party Computation (2PC). This technique is used to secret-share the TLS session keys between the client and the verifier, ensuring no single party has the complete decryption key.

The image showcases multiple translucent blue hexagonal modules, linked by a fine, white, web-like material. Inside each blue module, metallic cylindrical mechanisms are visible, suggesting intricate internal operations

Outlook

This framework opens a new avenue for decentralized identity and regulatory compliance by providing a mechanism to bridge trusted off-chain data sources with on-chain verifiable computation. Future research will focus on optimizing the generation of the final zero-knowledge proofs over the committed data, potentially enabling non-interactive, succinct proofs of arbitrary data structures like JSON. In the next 3-5 years, this primitive could be integrated into decentralized identity systems and zero-knowledge rollups, allowing users to privately attest to real-world financial or legal status for on-chain interactions, effectively creating a “private oracle” for web data.

Polished metallic components, resembling interconnected gears and cylinders, are suspended within a translucent, web-like substance that forms a matrix. This intricate structure is set against a vibrant blue, textured background

Verdict

DiStefano provides the foundational cryptographic primitive required to securely bridge the private web with verifiable decentralized systems, resolving the core conflict between data utility and user privacy.

private commitments, verifiable claims, encrypted data, zero-knowledge proof, TLS 1.3, two-party computation, designated verifier, client privacy, session keys, web traffic, decentralized infrastructure, cryptographic protocol, ring signature, data integrity, secure authentication Signal Acquired from → ndss-symposium.org

Micro Crypto News Feeds

cryptographic primitive

Definition ∞ A cryptographic primitive is a fundamental building block of cryptographic systems, such as encryption algorithms or hash functions.

decentralized identity

Definition ∞ Decentralized identity is a digital identity system where individuals control their own identity data without relying on a central provider.

zero-knowledge proof

Definition ∞ A zero-knowledge proof is a cryptographic method where one party, the prover, can confirm to another party, the verifier, that a statement is true without disclosing any specific details about the statement itself.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

data

Definition ∞ 'Data' in the context of digital assets refers to raw facts, figures, or information that can be processed and analyzed.

computation

Definition ∞ Computation refers to the process of performing calculations and executing algorithms, often utilizing specialized hardware or software.

zero-knowledge proofs

Definition ∞ Zero-knowledge proofs are cryptographic methods that allow one party to prove to another that a statement is true, without revealing any information beyond the validity of the statement itself.

decentralized

Definition ∞ Decentralized describes a system or organization that is not controlled by a single central authority.

Tags:

Tags: