NOPE: Strengthening domain authentication with succinct proofs
Pages 673 - 692
Abstract
Server authentication assures users that they are communicating with a server that genuinely represents a claimed domain. Today, server authentication relies on certification authorities (CAs), third parties who sign statements binding public keys to domains. CAs remain a weak spot in Internet security, as any faulty CA can issue a certificate for any domain.
This paper describes the design, implementation, and experimental evaluation of nope, a new mechanism for server authentication that uses succinct proofs (for example, zero-knowledge proofs) to prove that a DNSSEC chain exists that links a public key to a specified domain. The use of DNSSEC dramatically reduces reliance on CAs, and the small size of the proofs enables compatibility with legacy infrastructure, including TLS servers, certificate formats, and certificate transparency. nope proofs add minimal performance overhead to clients, increasing the size of a typical certificate chain by about 10% and requiring just over 1 ms to verify. nope's core technical contributions (which generalize beyond nope) include efficient techniques for representing parsing and cryptographic operations within succinct proofs, which reduce proof generation time and memory requirements by nearly an order of magnitude.
Supplemental Material
External - Artifact for "NOPE: Strengthening Domain Authentication with Succinct Proofs"
This is a repository containing source files for benchmarking and deploying NOPE (SOSP '24). Instructions for using this artifact and a full description are contained in the README.
Download from: https://doi.org/10.5281/zenodo.13766154
References
[1]
0xPARC. circom-ecdsa. https://github.com/0xPARC/circom-ecdsa, 2022.
[2]
Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-López, J Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, Seth Schoen, and Brad Warren. Let's Encrypt: an automated certificate authority to encrypt the entire web. In ACM CCS, 2019.
[3]
Josh Aas, Daniel McCarney, and Roland Shoemaker. Multi-Perspective Validation Improves Domain Validation Security. Let's Encrypt Blog, Feb 2020. https://letsencrypt.org/2020/02/19/multi-perspective-validation.html.
[4]
Ross Anderson and Tyler Moore. The Economics of Information Security. Science, 314(5799), 2006.
[5]
Adrian Antipa, Daniel Brown, Robert Gallant, Rob Lambert, René Struik, and Scott Vanstone. Accelerated verification of ECDSA signatures. In Selected Areas in Cryptography, pages 307--318, 02 2005.
[6]
Aptos Keyless. Aptos Labs, 2024. https://aptos.dev/guides/keyless-accounts/.
[7]
Hadi Asghari, Michel Van Eeten, Axel Arnbak, and Nico ANM van Eijk. Security economics in the HTTPS value chain. In WEIS, 2013.
[8]
Andrew Ayer. Duplicate Signature Key Selection Attack in Let's Encrypt. https://www.agwa.name/blog/post/duplicate_signature_key_selection_attack_in_lets_encrypt, December 2015.
[9]
Andrew Ayer. How Certificate Transparency Logs Fail and Why It's OK. https://www.agwa.name/blog/post/how_ct_logs_fail, July 2021.
[10]
Andrew Ayer. Timeline of Certificate Authority Failures. https://sslmate.com/resources/certificate_authority_failures, 2024.
[11]
László Babai, Lance Fortnow, Leonid A Levin, and Mario Szegedy. Checking Computations in Polylogarithmic Time. In ACM STOC, 1991.
[12]
Karim Baghery, Markulf Kohlweiss, Janno Siim, and Mikhail Volkhov. Another look at extraction and randomization of Groth's zk-SNARK. In Financial Crypto (FC), 2021.
[13]
Foteini Baldimtsi, Konstantinos Kryptos Chalkias, Yan Ji, Jonas Lindstrøm, Deepak Maram, Ben Riva, Arnab Roy, Mahdi Sedaghat, and Joy Wang. zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials. arXiv preprint arXiv:2401.11735, 2024.
[14]
Richard Barnes. Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE). RFC 6394, October 2011.
[15]
Richard Barnes, Jacob Hoffman-Andrews, Daniel McCarney, and James Kasten. Automatic Certificate Management Environment (ACME). RFC 8555, March 2019.
[16]
Paul Barrett. Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In Annual International Cryptology Conference, 1986.
[17]
David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. ARPKI: Attack resilient public-key infrastructure. In ACM CCS, 2014.
[18]
Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, and Kevin RB Butler. Forced perspectives: Evaluating an SSL trust enhancement at scale. In IMC, 2014.
[19]
Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. Succinct non-interactive zero knowledge for a von Neumann architecture. In USENIX Security, 2014.
[20]
Daniel J. Bernstein. Pippenger's exponentiation algorithm. 2002.
[21]
Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In ITCS, 2012.
[22]
Manuel Blum, Paul Feldman, and Silvio Micali. Non-Interactive Zero-Knowledge and its Applications. In ACM STOC, 1988.
[23]
Sharon Boeyen, Stefan Santesson, Tim Polk, Russ Housley, Stephen Farrell, and David Cooper. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, May 2008.
[24]
Gautam Botrel, Thomas Piellard, Youssef El Housni, Ivo Kubjas, and Arya Tabaie. Consensys/gnark: v0.11.0, September 2024.
[25]
Benjamin Braun. Compiling computations to constraints for verified computation. UT Austin Honors thesis HR-12-10, December 2012.
[26]
Benjamin Braun, Ariel J. Feldman, Zuocheng Ren, Srinath Setty, Andrew J. Blumberg, and Michael Walfish. Verifying computations with state. In ACM SOSP, 2013.
[27]
Matthew Bryant. Keeping Positive - Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection. The Hacker Blog, July 2016. https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/.
[28]
Sofía Celi, Alex Davidson, Hamed Haddadi, Gonçalo Pestana, and Joe Rowell. Distefano: Decentralized infrastructure for sharing trusted encrypted facts and nothing more. Cryptology ePrint Archive, Paper 2023/1063, 2023. https://eprint.iacr.org/2023/1063.
[29]
Kwan Yin Chan, Handong Cui, and Tsz Hon Yuen. DIDO: Data Provenance from Restricted TLS 1.3 Websites. In IPSEC, 2023.
[30]
Melissa Chase and Anna Lysyanskaya. On Signatures of Knowledge. In CRYPTO, 2006.
[31]
Jeremy Clark and Paul C Van Oorschot. SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. In IEEE Security and Privacy, 2013.
[32]
Cloudflare. ECDSA: The missing piece of DNSSEC. https://www.cloudflare.com/dns/dnssec/ecdsa-and-dnssec/.
[33]
Tianxiang Dai, Haya Shulman, and Michael Waidner. Let's Downgrade Let's Encrypt. In ACM CCS, 2021.
[34]
Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, and Bryan Parno. Cinderella: Turning shabby X. 509 certificates into elegant anonymous credentials with the magic of verifiable computation. In IEEE Security and Privacy, 2016.
[35]
Benjamin E. Diamond and Jim Posen. Succinct arguments over towers of binary fields. Cryptology ePrint Archive, Paper 2023/1784, 2023.
[36]
Benjamin E. Diamond and Jim Posen. Polylogarithmic proofs for multilinears over binary towers. Cryptology ePrint Archive, Paper 2024/504, 2024.
[37]
DNSSEC and DANE Deployment Statistics. https://stats.dnssectools.org/, 2024.
[38]
Domain name registrations in Generic TLDs. https://domainnamestat.com/statistics/tldtype/generic, 2024.
[39]
Huayi Duan, Rubén Fischer, Jie Lou, Si Liu, David Basin, and Adrian Perrig. RHINE: Robust and High-performance Internet Naming with E2E Authenticity. In NSDI, 2023.
[40]
Viktor Dukhovni, Shumon Huque, Willem Toorop, Paul Wouters, and Melinda Shore. TLS DNSSEC Chain Extension. RFC 9102, August 2021.
[41]
Zakir Durumeric, James Kasten, Michael Bailey, and J Alex Halderman. Analysis of the HTTPS certificate ecosystem. In IMC, 2013.
[42]
Donald E. Eastlake. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). RFC 3110, May 2001.
[43]
Peter Eckersley. Sovereign Keys: A proposal to make HTTPS and email more secure. www.eff.org/sovereign-keys, 2011.
[44]
Peter Eckersley and Jesse Burns. An Observatory for the SSLiverse. DEFCON, 2010.
[45]
Electronic Frontier Foundation. Certbot. https://github.com/certbot/certbot, 2024.
[46]
ElGamal, Taher. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In CRYPTO, 1985.
[47]
Carl Ellison and Bruce Schneier. Ten risks of PKI: What you're not being told about public key infrastructure. Computer Security Journal, 16(1), 2000.
[48]
Jens Ernstberger, Stefanos Chaliasos, George Kadianakis, Sebastian Steinhorst, Philipp Jovanovic, Arthur Gervais, Benjamin Livshits, and Michele Orrù. zk-Bench: A Toolset for Comparative Evaluation and Performance Benchmarking of SNARKs. Cryptology ePrint Archive, Paper 2023/1503, 2023. https://eprint.iacr.org/2023/1503.
[49]
Chris Evans, Chris Palmer, and Ryan Sleevi. Public Key Pinning Extension for HTTP. RFC 7469, April 2015.
[50]
Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO, 1986.
[51]
Robert P. Gallant, Robert J. Lambert, and Scott A. Vanstone. Faster point multiplication on elliptic curves with efficient endomorphisms. In CRYPTO, 2001.
[52]
Eva Galperin, Seth Schoen, and Peter Eckersley. A Post Mortem on the Iranian DigiNotar Attack. EFF DeepLinks Blog, 2011. https://www.eff.org/deeplinks/2011/09/post-mortem-iranian-diginotar-attack.
[53]
Slava Galperin, Dr. Carlisle Adams, Michael Myers, Rich Ankney, and Ambarish N. Malpani. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 2560, June 1999.
[54]
Rosario Gennaro, Craig Gentry, and Bryan Parno. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In CRYPTO, 2010.
[55]
Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova. Quadratic span programs and succinct NIZKs without PCPs. In IACR Eurocrypt, 2013.
[56]
Oded Goldreich. Probabilistic proof systems - a primer. Foundations and Trends in Theoretical Computer Science, 3(1), 2008.
[57]
Shafi Goldwasser, Yael Tauman Kalai, and Guy N Rothblum. Delegating computation: interactive proofs for muggles. J. ACM, 62(4), 2015.
[58]
Alexander Golovnev, Jonathan Lee, Srinath Setty, Justin Thaler, and Riad S. Wahby. Brakedown: Linear-time and field-agnostic SNARKs for R1CS. In CRYPTO, 2023.
[59]
Google. Google cloud. https://cloud.google.com/compute/docs/general-purpose-machines, 2024.
[60]
Jens Groth. On the size of pairing-based non-interactive arguments. In IACR Eurocrypt, 2016.
[61]
Jens Groth and Mary Maller. Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs. In CRYPTO, pages 581--612. Springer International Publishing, 2017.
[62]
Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, and Michael Walfish. Zero-Knowledge Middleboxes. In USENIX Security, 2022.
[63]
Aayush Gupta. ZK Email, 2024. https://blog.aayushg.com/zkemail/.
[64]
Scott Helme. I'm giving up on HPKP. https://scotthelme.co.uk/im-giving-up-on-hpkp/, 2017.
[65]
Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service. https://notes.valdikss.org.ru/jabber.ru-mitm/, November 2023.
[66]
Nguyen Phong Hoang, Arian Akhavan Niaki, Jakub Dalek, Jeffrey Knockel, Pellaeon Lin, Bill Marczak, Masashi Crete-Nishihata, Phillipa Gill, and Michalis Polychronakis. How Great is the Great Firewall? Measuring China's DNS Censorship. In USENIX Security, 2021.
[67]
Jeff Hodges, Collin Jackson, and Adam Barth. HTTP Strict Transport Security (HSTS). RFC 6797, November 2012.
[68]
Paul E. Hoffman. DNS Security Extensions (DNSSEC). RFC 9364, February 2023.
[69]
Paul E. Hoffman and Patrick McManus. DNS Queries over HTTPS (DoH). RFC 8484, 2018.
[70]
Paul E. Hoffman and Wouter Wijngaards. Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC. RFC 6605, April 2012.
[71]
Russ Housley, Tim Polk, Dr. Warwick S. Ford, and Dave Solo. Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RFC 2459, January 1999.
[72]
Zi Hu, Liang Zhu, John Heidemann, Allison Mankin, Duane Wessels, and Paul E. Hoffman. Specification for DNS over Transport Layer Security (TLS). RFC 7858, 2016.
[73]
Major DNSSEC Outages and Validation Failures. IANIX, March 2024. https://ianix.com/pub/dnssec-outages.html.
[74]
iden3. Circom, Circuit Compiler. https://github.com/iden3/circom, 2024.
[75]
iden3. snarkjs. https://github.com/iden3/snarkjs, 2024.
[76]
Y. Ishai, E. Kushilevitz, and R. Ostrovsky. Efficient arguments without short PCPs. In IEE Conference on Computational Complexity (CCC), 2007.
[77]
Jelte Jansen. Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC. RFC 5702, October 2009.
[78]
James Kasten, Eric Wustrow, and J Alex Halderman. CAge: Taming certificate authorities by inferring restricted scopes. In Financial Crypto (FC), 2013.
[79]
J. Kilian. A note on efficient zero-knowledge proofs and arguments (extended abstract). May 1992.
[80]
Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil Gligor. Accountable key infrastructure (AKI) a proposal for a public-key validation infrastructure. In WWW, 2013.
[81]
Eric Kinnear, Patrick McManus, Tommy Pauly, Tanya Verma, and Christopher A. Wood. Oblivious DNS Over HTTPS. Internet-Draft draft-pauly-dprive-oblivious-doh-06, Internet Engineering Task Force, 2021.
[82]
Ahmed Kosba, Charalampos Papamanthou, and Elaine Shi. xJsnark: a framework for efficient verifiable computation. In IEEE Symposium on Security and Privacy, 2018.
[83]
Michael Kranch and Joseph Bonneau. Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning. In NDSS, 2015.
[84]
Murat Yasin Kubilay, Mehmet Sabir Kiraz, and Hacı Ali Mantar. CertLedger: A new PKI model with Certificate Transparency based on blockchain. Computers & Security, 85, 2019.
[85]
Adam Langley. DNSSEC authenticated HTTPS in Chrome. Imperial Violet, June 2011. https://www.imperialviolet.org/2011/06/16/dnssecchrome.html.
[86]
Adam Langley. Enhancing digital certificate security. Google Security Blog, April 2013. https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html.
[87]
Adam Langley. Maintaining digital certificate security. Google Security Blog, July 2014. https://security.googleblog.com/2015/03/maintaining-digital-certificate-security.html.
[88]
Adam Langley. Why not DANE in browsers. Imperial Violet, January 2015. https://www.imperialviolet.org/2015/01/17/notdane.html.
[89]
Robin Larrieu. Fast finite field arithmetic. PhD thesis, Université Paris-Saclay, 2019.
[90]
Jan Lauinger, Jens Ernstberger, Andreas Finkenzeller, and Sebastian Steinhorst. Janus: Fast privacy-preserving data provenance for tls 1.3. Cryptology ePrint Archive, Paper 2023/1377, 2023.
[91]
Ben Laurie and Emilia Kasper. Revocation transparency. Google Research, September, 33, 2012.
[92]
Ben Laurie, Adam Langley, and Emilia Kasper. Certificate Transparency. RFC 6962, June 2013.
[93]
Ben Laurie, Adam Langley, Emilia Kasper, Eran Messeri, and Rob Stradling. Certificate Transparency Version 2.0. RFC 9162, December 2021.
[94]
Yabing Liu, Will Tome, Liang Zhang, David Choffnes, Dave Levin, Bruce Maggs, Alan Mislove, Aaron Schulman, and Christo Wilson. An end-to-end measurement of certificate revocation in the web's PKI. In IMC, 2015.
[95]
Ning Luo, Chenkai Weng, Jaspal Singh, Gefei Tan, Ruzica Piskac, and Mariana Raykova. Privacy-preserving regular expression matching using nondeterministic finite automata. Cryptology ePrint Archive, Paper 2023/643, 2023.
[96]
Moxie Marlinspike. Convergence. convergence.io, 2011.
[97]
Moxie Marlinspike. Trust Assertions for Certificate Keys. Internet-Draft draft-perrin-tls-tack-02, Internet Engineering Task Force, January 2013. Work in Progress.
[98]
Matter Labs. bellman_ce. https://github.com/matter-labs/bellman, 2023.
[99]
Sarah Meiklejohn, Joe DeBlasio, Devon O'Brien, Chris Thompson, Kevin Yeo, and Emily Stark. SoK: SCT auditing in Certificate Transparency. PETS, 2022.
[100]
Silvio Micali. Computationally sound proofs. SIAM Journal on Computing, 30(4):1253--1298, 2000.
[101]
Peter L. Montgomery. Modular multiplication without trial division. Mathematics of Computation, 44:519--521, 1985.
[102]
National Institute of Standards and Technology. Digital Signature Standard (DSS), feb 2023.
[103]
Zachary Newman. Reducing Trust in Automated Certificate Authorities via Proofs-of-Authentication. arXiv preprint arXiv:2307.08201, 2023.
[104]
Andrija Novakovic and Kobi Gurkan. Groth16 malleability. https://geometry.xyz/notebook/groth16-malleability, 2022.
[105]
Magnus Nyström and Burt Kaliski. PKCS #10: Certification Request Syntax Specification Version 1.7. RFC 2986, November 2000.
[106]
Marten Oltrogge, Yasemin Acar, Sergej Dechand, Matthew Smith, and Sascha Fahl. To Pin or Not to Pin---Helping App Developers Bullet Proof Their TLS Connections. In USENIX Security, 2015.
[107]
OpenSSL. OpenSSL. https://github.com/openssl/openssl, 2024.
[108]
OpenSSL. OpenSSL asn1parse. https://docs.openssl.org/1.1.1/man1/asn1parse/, 2024.
[109]
Alex Ozdemir, Riad Wahby, Barry Whitehat, and Dan Boneh. Scaling verifiable computation using efficient set accumulators. In USENIX Security, 2020.
[110]
Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova. Pinocchio: Nearly practical verifiable computation. In IEEE Symposium on Security and Privacy, 2013.
[111]
Riva Richmond. An Attack Sheds Light on Internet Security Holes. The New York Times, April 2011.
[112]
Roman Semenov. zkUtil. https://github.com/poma/zkutil, 2021.
[113]
Scott Rose, Matt Larson, Dan Massey, Rob Austein, and Roy Arends. Resource Records for the DNS Security Extensions. RFC 4034, March 2005.
[114]
Michael Rosenberg, Jacob White, Christina Garman, and Ian Miers. zkcreds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure. In IEEE Security and Privacy, 2023.
[115]
Lorenz Schwittmann, Matthäus Wander, and Torben Weis. Domain impersonation is feasible: a study of CA domain validation vulnerabilities. In IEEE EuroS&P, 2019.
[116]
Srinath Setty. Spartan: Efficient and general-purpose zkSNARKs without trusted setup. In CRYPTO, 2020.
[117]
Srinath Setty, Benjamin Braun, Victor Vu, Andrew J. Blumberg, Bryan Parno, and Michael Walfish. Resolving the conflict between generality and plausibility in verified computation. In Eurosys, 2013.
[118]
Srinath Setty, Justin Thaler, and Riad Wahby. Unlocking the lookup singularity with Lasso. Cryptology ePrint Archive, Paper 2023/1216, 2023.
[119]
Srinath Setty, Victor Vu, Nikhil Panpalia, Benjamin Braun, Andrew J. Blumberg, and Michael Walfish. Taking proof-based verified computation a few steps closer to practicality. In USENIX Security, 2012.
[120]
Haya Shulman and Michael Waidner. One key to sign them all considered vulnerable: Evaluation of DNSSEC in the internet. In NSDI, 2017.
[121]
Ryan Sleevi. Sustaining Digital Certificate Security. Google Security Blog, October 2015. https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html.
[122]
Trevor Smith, Luke Dickinson, and Kent Seamons. Let's revoke: Scalable global certificate revocation. In NDSS, 2020.
[123]
Sooel Son and Vitaly Shmatikov. The hitchhiker's guide to DNS cache poisoning. In ICST, 2010.
[124]
Emily Stark, Joe DeBlasio, and Devon O'Brien. Certificate transparency in Google Chrome: Past, present, and future. IEEE Security & Privacy, 19(6), 2021.
[125]
Michael StJohns. Automated Updates of DNS Security (DNSSEC) Trust Anchors. RFC 5011, September 2007.
[126]
Ernst G. Straus. Addition chains of vectors (problem 5125). American Mathematical Monthly, 71:806--808, 1964.
[127]
Andrew Sutherland. Elliptic curves. https://ocw.mit.edu/courses/18-783-elliptic-curves-spring-2021, 2021.
[128]
Justin Thaler. Proofs, Arguments, and Zero-Knowledge. http://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.html, 2020.
[129]
Mikhail Volkhov. Malleable Zero-Knowledge Proofs and Applications. PhD thesis, University of Edinburgh, 2023.
[130]
Riad S. Wahby, Srinath Setty, Zuocheng Ren, Andrew J. Blumberg, and Michael Walfish. Efficient RAM and control flow in verifiable outsourced computation. In NDSS, 2015.
[131]
Michael Walfish and Andrew J. Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. Communications of the ACM, 58(2), 2015.
[132]
Dan Wendlandt and Adrian Perrig. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In USENIX Annual Technical Conference, 2008.
[133]
Pengcheng Xia, Haoyu Wang, Zhou Yu, Xinyu Liu, Xiapu Luo, and Guoai Xu. Ethereum Name Service: the Good, the Bad, and the Ugly. arXiv preprint arXiv:2104.05185, 2021.
[134]
Collin Zhang, Zachary DeStefano, Arasu Arun, Joseph Bonneau, Paul Grubbs, and Michael Walfish. Zombie: Middleboxes that don't snoop. In NSDI, 2024.
[135]
Fan Zhang, Deepak Maram, Harjasleen Malvai, Steven Goldfeder, and Ari Juels. DECO: Liberating web data using decentralized oracles for TLS. In ACM CCS, 2020.
[136]
Yupeng Zhang, Daniel Genkin, Jonathan Katz, Dimitrios Papadopoulos, and Charalampos Papamanthou. vSQL: Verifying arbitrary SQL queries over dynamic outsourced databases. In IEEE Symposium on Security and Privacy, 2017.
[137]
Shuhao Zheng, Zonglun Li, Junliang Luo, Ziyue Xin, and Xue Liu. IDEA-DAC: Integrity-Driven Editing for Accountable Decentralized Anonymous Credentials via ZK-JSON. Cryptology ePrint Archive, Paper 2024/292, 2024.
Index Terms
- NOPE: Strengthening domain authentication with succinct proofs
Recommendations
Adaptive Zero-Knowledge Proofs and Adaptively Secure Oblivious Transfer
In the setting of secure computation, a set of parties wish to securely compute some function of their inputs, in the presence of an adversary. The adversary in question may be static (meaning that it controls a predetermined subset of the parties) or ...
Understanding the role of registrars in DNSSEC deployment
IMC '17: Proceedings of the 2017 Internet Measurement ConferenceThe Domain Name System (DNS) provides a scalable, flexible name resolution service. Unfortunately, its unauthenticated architecture has become the basis for many security attacks. To address this, DNS Security Extensions (DNSSEC) were introduced in ...
Comments
Information & Contributors
Information
Published In
November 2024
765 pages
ISBN:9798400712517
DOI:10.1145/3694715
- Chair:
- Emmett Witchel,
- Co-chair:
- Christopher J Rossbach,
- Program Chair:
- Andrea Arpaci-Dusseau,
- Program Co-chair:
- Kimberly Keeton
Copyright © 2024 Copyright held by the owner/author(s).
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s).
Sponsors
In-Cooperation
- USENIX
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 15 November 2024
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
SOSP '24
Sponsor:
SOSP '24: ACM SIGOPS 30th Symposium on Operating Systems Principles
November 4 - 6, 2024
TX, Austin, USA
Acceptance Rates
SOSP '24 Paper Acceptance Rate 43 of 245 submissions, 18%;
Overall Acceptance Rate 174 of 961 submissions, 18%
Upcoming Conference
SOSP '25
- Sponsor:
- sigops
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 200Total Downloads
- Downloads (Last 12 months)200
- Downloads (Last 6 weeks)55
Reflects downloads up to 27 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in