Blind Certificate Authorities

2019 IEEE Symposium on Security and Privacy (SP) Pub Date : 2019-04-01 DOI:10.1109/SP.2019.00007

Liang Wang, Gilad Asharov, R. Pass, T. Ristenpart, Abhi Shelat

{"title":"Blind Certificate Authorities","authors":"Liang Wang, Gilad Asharov, R. Pass, T. Ristenpart, Abhi Shelat","doi":"10.1109/SP.2019.00007","DOIUrl":null,"url":null,"abstract":"We explore how to build a blind certificate authority (CA). Unlike conventional CAs, which learn the exact identity of those registering a public key, a blind CA can simultaneously validate an identity and provide a certificate binding a public key to it, without ever learning the identity. Blind CAs would therefore allow bootstrapping truly anonymous systems in which no party ever learns who participates. In this work we focus on constructing blind CAs that can bind an email address to a public key. To do so, we first introduce secure channel injection (SCI) protocols. These allow one party (in our setting, the blind CA) to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. Combined with a zero-knowledge certificate signing protocol, we build the first blind CA that allows Alice to obtain a X.509 certificate binding her email address alice@domain.com to a public key of her choosing without ever revealing ``alice'' to the CA. We show experimentally that our system works with standard email server implementations as well as Gmail.","PeriodicalId":272713,"journal":{"name":"2019 IEEE Symposium on Security and Privacy (SP)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2019.00007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

We explore how to build a blind certificate authority (CA). Unlike conventional CAs, which learn the exact identity of those registering a public key, a blind CA can simultaneously validate an identity and provide a certificate binding a public key to it, without ever learning the identity. Blind CAs would therefore allow bootstrapping truly anonymous systems in which no party ever learns who participates. In this work we focus on constructing blind CAs that can bind an email address to a public key. To do so, we first introduce secure channel injection (SCI) protocols. These allow one party (in our setting, the blind CA) to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. Combined with a zero-knowledge certificate signing protocol, we build the first blind CA that allows Alice to obtain a X.509 certificate binding her email address alice@domain.com to a public key of her choosing without ever revealing ``alice'' to the CA. We show experimentally that our system works with standard email server implementations as well as Gmail.

查看原文本刊更多论文

盲证书颁发机构

我们将探讨如何构建盲证书颁发机构(CA)。与传统CA不同的是，传统CA可以了解注册公钥的人的确切身份，而盲CA可以同时验证身份并提供将公钥绑定到其上的证书，而无需了解身份。因此，盲ca将允许引导真正的匿名系统，其中任何一方都不会知道谁参与了。在这项工作中，我们专注于构建可以将电子邮件地址绑定到公钥的盲ca。为此，我们首先介绍安全通道注入(SCI)协议。这些允许一方(在我们的设置中，盲CA)将私人消息插入另一方的加密通信中。我们构建了一个高效的SCI协议，用于TLS通信，并利用它实现了SMTP服务器账户所有权的匿名证明。结合零知识证书签名协议，我们构建了第一个盲CA，允许Alice获得X.509证书，将她的电子邮件地址alice@domain.com绑定到她选择的公钥，而不会向CA透露“Alice”。我们通过实验证明，我们的系统可以与标准电子邮件服务器实现以及Gmail一起工作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量