Attestations over TLS 1.3 and ZKP

The Transport Layer Security (TLS) protocol is fundamental for securing data transmission over the Internet, providing encrypted and authenticated channels that protect users’ data. However, certain scenarios require not only secure transmission but also the ability to prove specific properties about transmitted data without revealing any other detail. For instance, a user might need to prove they are over 18 to access a service, but traditional methods often compromise privacy by exposing sensitive information, such as the user’s exact birth date. Zero-knowledge proofs (ZKPs) present a promising solution, enabling users to prove statements about their data without disclosing the underlying details, thus ensuring both privacy and trust.

In this talk, we introduce DiStefano, a protocol designed to enhance privacy over TLS 1.3. DiStefano leverages AES-GCM, the primary encryption algorithm used in TLS, and incorporates ZKPs to maintain privacy. This approach enables users to prove specific properties about TLS-encrypted data efficiently, even in high-latency environments.

We will present the design of the DiStefano protocol, discuss its potential applications for the web, and explore future work on extending ZKP capabilities to include proving properties of AES and JSON. We will also critically examine the limitations of such protocols, addressing why they are not a one-size-fits-all solution and highlighting potential risks associated with their adoption.

Speaker Details

Sofía Celi is a senior cryptography researcher at Brave specializing in privacy-enhancing technologies, post-quantum cryptography, and zero-knowledge proofs. She co-authored the “MAYO” PQC signature scheme and contributed to the Off-the-Record (OTR) messaging protocol. She is part of the Advisory Council of the Open Technology Fund, and holds roles in IETF/IRTF/W3C. As a co-founder of Criptolatinos and WinC, she promote diversity in cryptography and advocates for human rights in technical standards. Additionally, she is a member of the steering committee of Latincrypt, and the IACR co-editor.