Decentralizing Public Key Infrastructures with ClaimChains

arXiv: Cryptography and Security Pub Date : 2017-07-19 DOI:10.1145/3267323.3268947

B. Kulynych, Marios Isaakidis, C. Troncoso, G. Danezis

{"title":"Decentralizing Public Key Infrastructures with ClaimChains","authors":"B. Kulynych, Marios Isaakidis, C. Troncoso, G. Danezis","doi":"10.1145/3267323.3268947","DOIUrl":null,"url":null,"abstract":"We present ClaimChains, a cryptographic construction useful for storing claims regarding users' key material and beliefs about the state of other users in a decentralized system. We use ClaimChains to build a decentralized public key infrastructure (PKI). ClaimChains maintain high integrity through the use of authenticated data structures, namely hash chains and Merkle trees, and ensure authenticity and non-repudiation through the use of digital signatures. We introduce the concept of cross-referencing of ClaimChains to efficiently and verifiably vouch for the state of other users in a decentralized system. ClaimChains use cryptographic protections to ensure the privacy of claims, i.e., to guarantee that they can only be read by the authorized users, and that ClaimChain owners can not equivocate about the state of other users. We discuss how ClaimChains support different degrees of PKI decentralization, to trade off key availability for privacy. We show that ClaimChains provide the sought security and privacy properties, and demonstrate that they have very reasonable computation and memory requirements using a prototype implementation. We evaluate the effectiveness of key propagation using a real email dataset in a fully decentralized setting, which offers the best privacy properties. Our results suggest that a high level of privacy comes at the cost of small coverage in terms of key distribution.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv: Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3267323.3268947","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

We present ClaimChains, a cryptographic construction useful for storing claims regarding users' key material and beliefs about the state of other users in a decentralized system. We use ClaimChains to build a decentralized public key infrastructure (PKI). ClaimChains maintain high integrity through the use of authenticated data structures, namely hash chains and Merkle trees, and ensure authenticity and non-repudiation through the use of digital signatures. We introduce the concept of cross-referencing of ClaimChains to efficiently and verifiably vouch for the state of other users in a decentralized system. ClaimChains use cryptographic protections to ensure the privacy of claims, i.e., to guarantee that they can only be read by the authorized users, and that ClaimChain owners can not equivocate about the state of other users. We discuss how ClaimChains support different degrees of PKI decentralization, to trade off key availability for privacy. We show that ClaimChains provide the sought security and privacy properties, and demonstrate that they have very reasonable computation and memory requirements using a prototype implementation. We evaluate the effectiveness of key propagation using a real email dataset in a fully decentralized setting, which offers the best privacy properties. Our results suggest that a high level of privacy comes at the cost of small coverage in terms of key distribution.

查看原文本刊更多论文

使用ClaimChains去中心化公钥基础设施

我们提出了ClaimChains，这是一种加密结构，可用于存储关于分散系统中用户的密钥材料和关于其他用户状态的信念的声明。我们使用ClaimChains来构建一个分散的公钥基础设施(PKI)。ClaimChains通过使用经过认证的数据结构(即哈希链和默克尔树)保持高完整性，并通过使用数字签名确保真实性和不可否认性。我们引入了ClaimChains的交叉引用概念，以有效和可验证地担保分散系统中其他用户的状态。ClaimChains使用加密保护来确保声明的隐私，即保证它们只能被授权用户读取，并且ClaimChain的所有者不能对其他用户的状态模棱两可。我们讨论了ClaimChains如何支持不同程度的PKI去中心化，以交换密钥可用性和隐私。我们展示了ClaimChains提供了所寻求的安全和隐私属性，并使用原型实现演示了它们具有非常合理的计算和内存需求。我们在完全分散的设置中使用真实的电子邮件数据集评估密钥传播的有效性，该数据集提供了最佳的隐私属性。我们的研究结果表明，就密钥分发而言，高水平的隐私是以覆盖面小为代价的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv: Cryptography and Security

自引率

0.00%

发文量