[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2024/1839

Cryptographically Secure Digital Consent

F. Betül Durak, Microsoft Research
Abdullah Talayhan, École Polytechnique Fédérale de Lausanne
Serge Vaudenay, École Polytechnique Fédérale de Lausanne
Abstract

In the digital age, the concept of consent for online actions executed by third parties is crucial for maintaining trust and security in third-party services. This work introduces the notion of cryptographically secure digital consent, which aims to replicate the traditional consent process in the online world. We provide a flexible digital consent solution that accommodates different use cases and ensures the integrity of the consent process. The proposed framework involves a client (referring to the user or their devices), an identity manager (which authenticates the client), and an agent (which executes the action upon receiving consent). It supports various applications and ensures compatibility with existing identity managers. We require the client to keep no more than a password. The design addresses several security and privacy challenges, including preventing offline dictionary attacks, ensuring non-repudiable consent, and preventing unauthorized actions by the agent. Security is maintained even if either the identity manager or the agent is compromised, but not both. Our notion of an identity manager is broad enough to include combinations of different authentication factors such as a password, a smartphone, a security device, biometrics, or an e-passport. We demonstrate applications for signing PDF documents, e-banking, and key recovery.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Digital SignaturesConsentKey Recovery
Contact author(s)
betuldurak @ microsoft com
abdullah talayhan @ epfl ch
serge vaudenay @ epfl ch
History
2024-11-11: approved
2024-11-08: received
See all versions
Short URL
https://ia.cr/2024/1839
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1839,
      author = {F. Betül Durak and Abdullah Talayhan and Serge Vaudenay},
      title = {Cryptographically Secure Digital Consent},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1839},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1839}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.