Efficient Cyber-Evidence Sharing Using Zero-Knowledge Proofs

A common challenge for organisations managing confidential customer information is to respect obligations due to legal requirements while advocating the privacy of their users' data. In the context of digital forensics and cyber security scenarios, we define cyber evidence sharing as the task of verifying that mutual knowledge exists about confidential information or digital evidence, without revealing or disclosing the information itself. An attractive cryptographic solution to this problem is the concept of Zero-Knowledge Proofs (ZKPs). In this paper, we propose a flexible and efficient approach for sharing cyber evidence based on using ZKPs. We present a protocol that allows a verifier to establish the proof of knowledge of hash digest information. This provides computational security and can be implemented efficiently using a Merkle-tree data structure. The protocol has been implemented, the resulting proof-of-concept system is evaluated, and its efficiency is demonstrated. We believe that it could be a valuable tool for use in practical real-world applications.