NSEC5: Provably Preventing DNSSEC Zone Enumeration

Goldberg, Sharon; Naor, Moni; Papadopoulos, Dimitrios; Reyzin, Leonid; Vasant, Sachin; Ziv, Asaf

doi:10.14722/ndss.2015.23211

Cited by 32 publications

(22 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our companion paper [36], we prove two very important facts about non-interactive PSR systems. The first is that f -ZK, where f (R) is the cardinality of the set R, implies prevention of zone enumeration, i.e.…”

Section: Zero-knowledgementioning

confidence: 90%

“…UOWHFs in turn can be constructed from one-way functions [68]. PSR systems imply identification schemes, as shown in our companion paper [36], which in turn imply the existence of one-way functions, as shown by Impagliazzo and Luby [45] (see also [44]). …”

Section: Psr Systems Based On One-time Signaturesmentioning

confidence: 95%

“…In a companion paper to this work [36] the notion of PSR systems was introduced (albeit it was defined as a one-round proof protocol), as well as an efficient construction named NSEC5 was suggested. NSEC5 is based on RSA and analyzed in the random oracle model.…”

Section: Our Contributionsmentioning

confidence: 99%

“…We consider PSR Systems that are more general than those of [36] and define PSR systems with interactive proofs as well as systems that are perfect zero-knowledge.…”

Section: Our Contributionsmentioning

confidence: 99%

“…In order to construct the function F we use variants of Verifiable Random Functions (VRF) and Verifiable Unpredictable Functions (VUF) [55], the Naor-Reingold PRF [59] with zero knowledge interactive proofs, the GHR signature scheme [33] and a random oracle construction which uses the famous BLS signature scheme [18]. The scheme NSEC5 presented in [36] (which resides in the random oracle model) falls into this category as well.…”

Section: Our Contributionsmentioning

confidence: 99%

See 4 more Smart Citations

Primary-Secondary-Resolver Membership Proof Systems

Naor

Ziv

2015

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

Abstract. We consider Primary-Secondary-Resolver Membership Proof Systems (PSR for short) and show different constructions of that primitive. A PSR system is a 3-party protocol, where we have a primary, which is a trusted party which commits to a set of members and their values, then generates public and secret keys in order for secondaries (provers with knowledge of both keys) and resolvers (verifiers who only know the public key) to engage in interactive proof sessions regarding elements in the universe and their values. The motivation for such systems is for constructing a secure Domain Name System (DNSSEC) that does not reveal any unnecessary information to its clients. We require our systems to be complete, so honest executions will result in correct conclusions by the resolvers, sound, so malicious secondaries cannot cheat resolvers, and zero-knowledge, so resolvers will not learn additional information about elements they did not query explicitly. Providing proofs of membership is easy, as the primary can simply precompute signatures over all the members of the set. Providing proofs of non-membership, i.e. a denial-of-existence mechanism, is trickier and is the main issue in constructing PSR systems. We provide three different strategies to construct a denial of existence mechanism. The first uses a set of cryptographic keys for all elements of the universe which are not members, which we implement using hierarchical identity based encryption and a tree based signature scheme. The second construction uses cuckoo hashing with a stash, where in order to prove non-membership, a secondary must prove that a search for it will fail, i.e. that it is not in the tables or the stash of the cuckoo hashing scheme. The third uses a verifiable "random looking" function which the primary evaluates over the set of members, then signs the values lexicographically and secondaries then use those signatures to prove to resolvers that the value of the non-member was not signed by the primary. We implement this function using a weaker variant of verifiable random/unpredictable functions and pseudorandom functions with interactive zero knowledge proofs. For all three constructions we suggest fairly efficient implementations, of order comparable to other public-key operations such as signatures and encryption. The first approach offers perfect ZK and does not reveal the size of the set in question, the second can be implemented based on very solid cryptographic assumptions and uses the unique structure of cuckoo hashing, while the last technique has the potential to be highly efficient, if one could construct an efficient and secure VRF/VUF or if one is willing to live in the random oracle model.

show abstract

Section: Zero-knowledgementioning

confidence: 90%

Section: Psr Systems Based On One-time Signaturesmentioning

confidence: 95%

Section: Our Contributionsmentioning

confidence: 99%

“…We consider PSR Systems that are more general than those of [36] and define PSR systems with interactive proofs as well as systems that are perfect zero-knowledge.…”

Section: Our Contributionsmentioning

confidence: 99%

Section: Our Contributionsmentioning

confidence: 99%

See 3 more Smart Citations

Primary-Secondary-Resolver Membership Proof Systems

Naor

Ziv

2015

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

Adaptive-Secure VRFs with Shorter Keys from Static Assumptions

Roşie

2018

Cryptology and Network Security

View full text Add to dashboard Cite

Verifiable random functions are pseudorandom functions producing publicly verifiable proofs for their outputs, allowing for efficient checks of the correctness of their computation. In this work, we introduce a new computational hypothesis, the n-Eigen-Value assumption, which can be seen as a relaxation of the U n-MDDH assumption, and prove its equivalence with the n-Rank assumption. Based on the newly introduced computational hypothesis, we build the core of a verifiable random function having an exponentially large input space and reaching adaptive security under a static assumption. The final construction achieves shorter public and secret keys compared to the existing schemes reaching the same properties.

show abstract

On DNSSEC Negative Responses, Lies, and Zone Size Detection

Demke

Deccio

2019

Passive and Active Measurement

View full text Add to dashboard Cite

NSEC5: Provably Preventing DNSSEC Zone Enumeration

Cited by 32 publications

References 40 publications

Primary-Secondary-Resolver Membership Proof Systems

Primary-Secondary-Resolver Membership Proof Systems

Adaptive-Secure VRFs with Shorter Keys from Static Assumptions

On DNSSEC Negative Responses, Lies, and Zone Size Detection

Contact Info

Product

Resources

About