top | item 47102134

(no title)

Actually you can! After all, TLS lacks the deniability features of more advanced cryptosystems (like OTR or Signal).

The technology for doing this is called a Zero Knowledge Proof TLS Oracle:

https://eprint.iacr.org/2024/447.pdf

The 10k-foot view is that you pick the random numbers involved in the TLS handshake in a deterministic way, much like how zk proofs use the Fiat-Shamir transform. In other words, instead of using true randomness, you use some hash of the transcript of the handshake so far (sort of). Since TLS doesn't do client authentication the DH exchange involves randomness from the client.

For all the blockchain haters out there: cryptocurrency is the reason this technology exists. Be thankful.

discuss

No comments yet.