Privacy-Preserving Verifiability - A Case for an Electronic Exam Protocol

We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal to the verifier about the protocol’s execution more than it needs to know to run the test. Our definition of privacy-preserving verifiability is general and applies to cryptographic protocols as well as human security protocols; however, in this paper we exemplify it in the domain of e-exam systems. We prove that the notion is meaningful: we study an existing exam protocol that is verifiable but lacking verifiability tests which are privacypreserving. We prove that the notion is applicable: we extend the same protocol using functional encryption so that it admits a verifiability test that preserves privacy according to our definition. We further verify in ProVerif that the verifiability holds despite malicious parties and that the new protocol maintains all the security properties that the original protocol enjoyed, so proving that our privacy-preserving verifiability can be achieved from existing security.