Search-Bound Proximity Proofs: Binding Encrypted Geographic Search to Zero-Knowledge Verification

TL;DR

This paper introduces Search-Bound Proximity Proofs (SBPP), a zero-knowledge verification method for encrypted geographic searches that improves forensic attribution without significant performance overhead.

Contribution

SBPP formalizes the search-authorized proof security notion and enables auditability without modifying ZKP circuits, addressing forensic attribution gaps in location-based systems.

Findings

SBPP achieves sub-millisecond overhead on real-world data

It enables property-level fault isolation in offline audits

Experiments on 110,776 POIs demonstrate efficiency and effectiveness

Abstract

Location-based systems that combine encrypted geographic search with zero-knowledge proximity proofs typically treat the two phases as independent. Under an honest-but-curious server, this leaves an authorization provenance gap: once session state is purged, no forensic procedure can attribute a proof to its originating search session, because the proof's public inputs encode no session-identifying information. We formalize this gap as the search-authorized proof (SAP) security notion and show via a concrete audit re-association attack that proof-external mechanisms, where authorization evidence remains outside the proof, cannot prevent forensic misattribution when the same drop parameters recur across sessions. Search-Bound Proximity Proofs (SBPP) realize the SAP requirements without modifying the ZKP circuit: session nonce, Merkle-root result-set commitment, and signed receipt are decomposed into independently auditable components, enabling property-level fault isolation in offline audit. Experiments on synthetic and real-world data (110,776 OpenStreetMap POIs) show sub-millisecond absolute overhead on a 125 ms Groth16 baseline.