Janus: Fast Privacy-Preserving Data Provenance For TLS
Authors: Jan Lauinger (Technical University of Munich), Jens Ernstberger (Technical University of Munich), Andreas Finkenzeller (Technical University of Munich), Sebastian Steinhorst (Technical University of Munich)
Volume: 2025
Issue: 1
Pages: 511–530
DOI: https://doi.org/10.56553/popets-2025-0028
Abstract: Web users can gather data from secure endpoints and demonstrate the provenance of sensitive data to any third party by using privacy-preserving TLS oracles. In practice, privacy-preserving TLS oracles remain limited and cannot verify larger, sensitive data sets. In this work, we introduce new optimizations for TLS oracles, which enhance the efficiency of selectively verifying the provenance of confidential web data. The novelty of our work is a construction which secures an honest verifier zero-knowledge proof system in the asymmetric privacy setting while retaining security against malicious adversaries. Concerning TLS 1.3 in the one round-trip time (1-RTT) mode, we propose a new, optimized garble-then-prove paradigm in a security setting with malicious adversaries. Our improvements reach new performance benchmarks and facilitate a practical deployment of privacy-preserving TLS oracles in web browsers.
Keywords: Data Provenance, Transport Layer Security, Zero-knowledge Proof, Secure Two-party Computation, TLS Oracle
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
