Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
COLLUSION-RESISTANT TLS ATTESTATION PROTOCOLS: A VERIFIABLE, MODULAR FRAMEWORK FOR DECENTRALIZED APPLICATIONS
Download
Collusion-Resistant TLS Attestation Protocols A Verifiable, Modular Framework for Decentralized Applications.pdf
Uğur Şen Tez Belgeleri.pdf
Date
2026-2-10
Author
Şen, Uğur
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
165
views
0
downloads
Cite This
A significant portion of today’s accessible data is stored on centralized servers and is typically accessed through the Transport Layer Security (TLS) protocol, which provides confidentiality and integration guarantees. However, blockchain-based systems cannot natively consume such off-chain data, as TLS was not designed to produce publicly verifiable evidence that can be validated by smart contracts. To address this limitation, a class of protocols commonly referred to as Designed Commitment TLS (DCTLS) or zkTLS has emerged, enabling privacy-preserving attestations derived from TLS sessions without requiring any modification to server-side deployments. Despite their practicality, existing DCTLS constructions rely on designated verifiers, which fundamentally limit public verifiability and introduce vulnerability to prover-verifier collusion. In such settings, a malicious prover and verifier can jointly deviate from the protocol to produce fraudulent attestations that remain indistinguishable from honest executions. Prior attempts to mitigate this issue, including trusted execution environments (TEEs), decentralized oracle networks (DONs), and blind-signature-based approaches, either impose strong trust assumptions, introduce high prover-side complexity, or incur significant scalability and efficiency costs. In this thesis, we develop a modular framework for collusion-resistant TLS attestations that generalizes existing DCTLS constructions. We minimize the designated and trusted verifier assumption by multiplying the number of verifiers without compromising efficiency, achieved through joint randomness via Distributed Verifiable Random Functions (DVRF). We first demonstrate how Distributed Verifiable Random Functions (DVRF) can be integrated with DECO to enable decentralized storage-based attestation protocol. By generating joint randomness via DVRF, each verifier can bind itself to the session and independently reason about the correctness of the execution, thereby reducing reliance on a single trusted party. To address the scalability challenges of decentralized verification, we then refine this construction by replacing decentralized storage with Threshold Signature Schemes (TSS), thereby rendering attestations compact and efficient. Although the literature contains concrete instances such as DECO and Distefano, it lacks a generalized construction that characterizes DCTLS protocols as a unified class. Therefore, we first provide a general formalization of DCTLS protocols. Based on this formalization, we then derive an exportable abstraction, denoted as dx-DCTLS, and show how DECO and Distefano can be transformed into dx-DCTLS by replacing non-verifiable components with verifiable cryptographic counterparts. This abstraction serves as a unifying layer that allows existing DCTLS protocols to be extended without altering the underlying TLS server infrastructure. On top of dx-DCTLS, we present a collusion-minimized attestation framework in which the verifier role is distributed across a configurable set of auxiliary verifiers. Following the previous construction, we integrate the proposed dx-DCTLS with Distributed Verifiable Random Functions (DVRFs) and Threshold Signature Schemes (TSS), yielding a framework that supports t-out-of-n consensus. Crucially, the number of auxiliary verifiers is decoupled from the core TLS interaction, ensuring that prover complexity remains O(1) while collusion resistance scales with the threshold parameter t. We give a game-based formalization of threshold attestation unforgeability that captures adversarial behaviors specific to multi-verifier environments. Under this definition, we provide a game-based security proof under standard cryptographic assumptions. We evaluate practicality through our prototype implementation of the DVRF-TSS layer and a performance analysis of dx-DCTLS, showing that the additional overhead remains modest even at large threshold sizes. Finally, through a realistic TLS attestation use case, we demonstrate that the proposed framework enables privacy-preserving and scalable blockchain applications without relying on trusted hardware, a single authority, or blind-signature mechanisms.
Subject Keywords
zkTLS
,
DCTLS
,
TLS
,
Attestation
,
Smart Contracts
,
Collusion
URI
https://hdl.handle.net/11511/118494
Collections
Graduate School of Applied Mathematics, Thesis
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
U. Şen, “COLLUSION-RESISTANT TLS ATTESTATION PROTOCOLS: A VERIFIABLE, MODULAR FRAMEWORK FOR DECENTRALIZED APPLICATIONS,” Ph.D. - Doctoral Program, Middle East Technical University, 2026.
