{"id":"https://openalex.org/W7160155933","doi":"https://doi.org/10.48550/arxiv.2605.00076","title":"zkSBOM: Privacy-Preserving SBOM Sharing with Zero-Knowledge Sets","display_name":"zkSBOM: Privacy-Preserving SBOM Sharing with Zero-Knowledge Sets","publication_year":2026,"publication_date":"2026-04-30","ids":{"openalex":"https://openalex.org/W7160155933","doi":"https://doi.org/10.48550/arxiv.2605.00076"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.00076","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.00076","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.00076","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5064453414","display_name":"Tom Sorger","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sorger, Tom","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114192480","display_name":"Eric Cornelissen","orcid":"https://orcid.org/0009-0000-8376-6287"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cornelissen, Eric","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135161687","display_name":"Aman Kumar Sharma","orcid":"https://orcid.org/0009-0005-5107-4485"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sharma, Aman","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069255244","display_name":"Javier Ron","orcid":"https://orcid.org/0000-0001-6988-3102"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ron, Javier","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073362414","display_name":"Musard Balliu","orcid":"https://orcid.org/0000-0001-6005-5992"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Balliu, Musard","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5135246291","display_name":"Martin Monperrus","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Monperrus, Martin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4521999955177307,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4521999955177307,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.18479999899864197,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.11349999904632568,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.7149999737739563},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6169000267982483},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.3695000112056732},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.3691999912261963},{"id":"https://openalex.org/keywords/mechanism","display_name":"Mechanism (biology)","score":0.3427000045776367},{"id":"https://openalex.org/keywords/backporting","display_name":"Backporting","score":0.32899999618530273},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.3116999864578247},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.31040000915527344}],"concepts":[{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.7149999737739563},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6941999793052673},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6313999891281128},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6169000267982483},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3695000112056732},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3691999912261963},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.3427000045776367},{"id":"https://openalex.org/C21491501","wikidata":"https://www.wikidata.org/wiki/Q430253","display_name":"Backporting","level":5,"score":0.32899999618530273},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.3116999864578247},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.31040000915527344},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.30799999833106995},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.30630001425743103},{"id":"https://openalex.org/C123551368","wikidata":"https://www.wikidata.org/wiki/Q7122888","display_name":"Package development process","level":5,"score":0.2912999987602234},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.28439998626708984},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.275299996137619},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.27459999918937683},{"id":"https://openalex.org/C82214349","wikidata":"https://www.wikidata.org/wiki/Q657339","display_name":"Software metric","level":5,"score":0.2741999924182892},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2565999925136566},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.2522999942302704},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.2508000135421753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.00076","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.00076","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.00076","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.00076","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities","score":0.8210054039955139}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Software":[0,87],"Bills":[1],"of":[2,42,120],"Materials":[3],"(SBOMs)":[4],"are":[5],"increasingly":[6],"mandated":[7],"by":[8,52,104,122,135],"regulators,":[9],"yet":[10],"existing":[11],"sharing":[12,67],"mechanisms":[13],"impose":[14],"a":[15,43,64,96,117,152],"binary":[16],"choice":[17],"between":[18],"full":[19,22],"disclosure":[20],"and":[21,94,128,141,155,164],"opacity.":[23],"This":[24],"exposes":[25],"software":[26,47,53,162,165],"suppliers":[27,54,163],"to":[28,70,78,81,138],"attacks":[29],"that":[30,149],"can":[31,49,89],"be":[32,50],"deduced":[33],"from":[34,126,167],"the":[35,40,82,101,105],"SBOM":[36,66,106,113,159],"only,":[37],"such":[38],"as":[39],"presence":[41],"vulnerable":[44],"dependency.":[45],"Conversely,":[46],"consumers":[48,88,166],"fooled":[51],"who":[55],"modify":[56],"or":[57],"misrepresent":[58],"published":[59],"SBOMs.":[60],"We":[61,115,131],"present":[62],"zkSBOM,":[63],"privacy-preserving":[65,156],"mechanism":[68,157],"designed":[69],"address":[71],"these":[72],"threats.":[73],"zkSBOM":[74,121,150],"uses":[75],"zero-knowledge":[76],"sets":[77],"cryptographically":[79],"commit":[80],"components":[83],"within":[84],"an":[85],"SBOM.":[86],"query":[90],"for":[91,158],"known":[92],"vulnerabilities":[93],"receive":[95],"cryptographic":[97],"proof":[98],"confirming":[99],"whether":[100],"artifact":[102],"described":[103],"is":[107,151],"affected,":[108],"without":[109],"revealing":[110],"any":[111],"additional":[112],"content.":[114],"conduct":[116],"security":[118],"analysis":[119],"quantifying":[123],"expected":[124],"leakage":[125],"inclusion":[127],"exclusion":[129],"proofs.":[130],"demonstrate":[132],"real-world":[133],"feasibility":[134],"applying":[136],"it":[137],"realistic":[139],"scenarios":[140],"evaluating":[142],"its":[143],"operation":[144],"requirements.":[145],"Our":[146],"evaluation":[147],"demonstrates":[148],"strong,":[153],"secure,":[154],"sharing,":[160],"protecting":[161],"one":[168],"another.":[169]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-05-05T00:00:00"}
