Privacy-preserving VPN handshakes with Schnorr-based zero-knowledge proofs
| dc.contributor.author | Yüce, Mehmet Fatih | |
| dc.contributor.author | Ertürk, Mehmet Ali | |
| dc.contributor.author | Aydın, Muhammed Ali | |
| dc.date.accessioned | 2026-03-23T05:57:39Z | |
| dc.date.available | 2026-03-23T05:57:39Z | |
| dc.date.issued | 2026 | |
| dc.department | Fakülteler, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümü | |
| dc.description.abstract | Modern Virtual Private Network (VPN) protocols rely on public-key-based handshakes that authenticate peers but can inadvertently reveal identifying or linkable information across sessions or network observers. This paper presents a privacy-preserving handshake framework that integrates Schnorr-based zero-knowledge proofs into existing VPN key-exchange mechanisms, allowing each party to prove key ownership without disclosing longterm identifiers such as static public keys. The framework is expressed as a generic extension layer applicable to a wide class of VPN protocols employing Diffie-Hellman-based mutual authentication (e.g., IKEv2/IPsec, OpenVPN, and WireGuard). To demonstrate feasibility, we integrate the scheme into WireGuard as a case study, yielding WireGuard-ZK. Implementation results show that the added privacy protection incurs modest computational and latency overhead while maintaining WireGuard's lightweight performance characteristics. The proposed design thus provides a generalizable cryptographic handshake model for privacy-preserving VPNs, combining theoretical soundness with practical deployability across modern tunneling frameworks. | |
| dc.description.sponsorship | Istanbul University ; 36754 | |
| dc.identifier.doi | 10.1016/j.cose.2026.104887 | |
| dc.identifier.issn | 0167-4048 | |
| dc.identifier.issn | 1872-6208 | |
| dc.identifier.scopus | 2-s2.0-105032353596 | |
| dc.identifier.scopusquality | Q1 | |
| dc.identifier.uri | https://doi.org/10.1016/j.cose.2026.104887 | |
| dc.identifier.uri | https://hdl.handle.net/11501/2663 | |
| dc.identifier.volume | 166 | |
| dc.identifier.wos | WOS:001716996900001 | |
| dc.identifier.wosquality | Q1 | |
| dc.indekslendigikaynak | Web of Science | |
| dc.indekslendigikaynak | Scopus | |
| dc.institutionauthor | Yüce, Mehmet Fatih | |
| dc.institutionauthorid | 0000-0001-7698-274X | |
| dc.language.iso | en | |
| dc.publisher | Elsevier Ltd | |
| dc.relation.ispartof | Computers and Security | |
| dc.relation.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | |
| dc.rights | info:eu-repo/semantics/closedAccess | |
| dc.subject | NIZK | |
| dc.subject | Privacy-Preserving Authentication | |
| dc.subject | VPN Handshake | |
| dc.subject | WireGuard | |
| dc.title | Privacy-preserving VPN handshakes with Schnorr-based zero-knowledge proofs | |
| dc.type | Article |
