Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Asynchronous Accumulators for Distributed PKI

Published byGervase Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "Efficient Asynchronous Accumulators for Distributed PKI"— Presentation transcript:

1 Efficient Asynchronous Accumulators for Distributed PKI
Sophia Yakoubov Joint work with Leo Reyzin

2 Outline Motivation: Distributed PKI Background: Accumulators
Our Contributions: Asynchronous Accumulators Definition: verification works even if the accumulator and witness are out of synch Construction

3 Application: PKI PKI goals: Accurate Registration Identity Retention
Enable Alice to associate Bob’s identity with Bob’s public key PKB (We do not consider revocation here.) PKCA “I’m Bob” PKB Bob, CA SKCA PKB PKB “I’m Bob” PKCA SKB PKB Bob, CA PKCA

4 Certificate Authorities are a single point of failure!
Application: PKI Problem: Certificate Authorities are a single point of failure! PKE PKCA “I’m Bob” PKE Bob, CA SKCA Eve PKE PKE “I’m Bob” PKCA SKE PKE Bob, CA PKCA

5 Problem: Certificate Authorities are a Single Point of Failure!
Trusting central authorities is a risk. Verisign (2010) Was repeatedly infiltrated, potential compromised information includes secret signing keys Comodo (2011) Issued erroneous certificates DigiNotar (2011) Issued certificate for Google to someone who wasn’t Google TrustWave (2012) Issued root certificate to customers, enabling them to issue other certificates Symantec (2015) Issued certificates for Google without it’s knowledge

6 Ensuring Identity Retention: Decentralization via a Public Bulletin Board
Append-only Consensus protocol ensures that posts are “valid” Implemented via blockchains formalized by [PSs16, GKL16] Validity check performed by miners

7 Decentralized PKI PKB Bob, Bob Look up “Bob” at locationB
Validation: the identity “Bob” has not already been registered (ensures identity retention) PKB “I’m Bob” locationB SKB Problem: expensive storage / access! Alice needs to maintain online access to the entire bulletin board. Problem: expensive lookup! Alice needs to search through the entire bulletin board.

8 Outline Motivation: Distributed PKI Background: Accumulators
[BdM94,CL02,LLX07,Ngu05,DT08,ATSM09,CHKO08…] Our Contributions: Asynchronous Accumulators Definitions Construction

9 Solution: accumulators
Accumulator: compact commitment to set S S membership witness wB (Bob, PKB) T = S + {(Bob, PKB)} T can be used together with wB to verify that (Bob, PKB) is in set T

10 Accumulator Example: Merkle Hash Tree
(Charlie, PKC) (Daniela, PKD) (Frank, PKF) (Bob, PKB)

11 Accumulator Example: Merkle Hash Tree
(Charlie, PKC) (Daniela, PKD) (Frank, PKF) (Bob, PKB)

12 Accumulator Example: Merkle Hash Tree
(Charlie, PKC) (Daniela, PKD) (Frank, PKF) (Bob, PKB)

13 Using Accumulators in the Bulletin Board
Charlie, , Daniela, , Frank, , Bob, , PKC PKD PKF PKB Maintain an accumulator containing all (Name, PK) pairs

14 Accumulators in Decentralized PKI
Look up latest PKB Bob, Bob Look up latest Validation (e.g. by miners): Check that the identity “Bob” has not already been registered Compute the new accumulator value (Bob, PKB) wB PKB SKB PKB “I’m Bob”, , wB wB

15 Accumulator Example: Merkle Hash Tree
(Frank, PKF) (Charlie, PKC) (Daniela, PKD)

16 Accumulator Example: Merkle Hash Tree
Charlie’s witness changed! h(,) h(,) h() h() h() h() (Charlie, PKC) (Daniela, PKD) (Frank, PKF) (Bob, PKB)

17 Problem: Synchrony Using existing notion of accumulators…
wB wB wB wB wB wB wB wB wB wB time Using existing notion of accumulators… Bob needs to update his membership witness with every key registration! Alice needs to download a new accumulator value with every key registration!

18 Outline Motivation: Distributed PKI Background: Accumulators
Our Contributions: Asynchronous Accumulators Definitions Low witness update frequency Old-accumulator compatibility Construction: Merkle Hash Forrest

19 Solution: Asynchronous Accumulators - Low Witness Update Frequency
wB wB wB wB wB wB wB wB wB wB time Low witness update frequency wB wB wB wB time

20 Solution: Asynchronous Accumulators - Old Accumulator Compatibility
wB wB wB wB wB wB wB wB wB wB time wB wB wB wB wB wB wB wB wB wB time Old-accumulator compatibility

21 Outline Motivation: Distributed PKI Background: Accumulators
Our Contributions: Asynchronous Accumulators Definitions Low witness update frequency (helping Bob) Old-accumulator compatibility (helping Alice) Construction: Merkle Hash Forrest

22 Asynchronous Accumulator: Merkle Hash Forest
Depth 3 Depth 2 Depth 1 At most log(n) complete Merkle trees Each element is a leaf in one of the trees As new elements get added, older elements move to bigger trees

23 Asynchronous Accumulator: Merkle Hash Forest
D = 1 1 This is similar to a binary counter… 1 element

24 Asynchronous Accumulator: Merkle Hash Forest
D = 2 1 This is similar to a binary counter… 2 elements

25 Asynchronous Accumulator: Merkle Hash Forest
D = 2 D = 1 1 1 This is similar to a binary counter… 3 elements

26 Asynchronous Accumulator: Merkle Hash Forest
D = 3 1 This is similar to a binary counter… 4 elements

27 Asynchronous Accumulator: Merkle Hash Forest
D = 3 D = 1 1 1 This is similar to a binary counter… 5 elements

28 Asynchronous Accumulator: Merkle Hash Forest
D = 3 D = 2 1 1 This is similar to a binary counter… 6 elements

29 Asynchronous Accumulator: Merkle Hash Forest
D = 3 D = 2 D = 1 1 1 1 This is similar to a binary counter… 7 elements

30 Asynchronous Accumulator: Merkle Hash Forest
1 This is similar to a binary counter… 8 elements

31 Asynchronous Accumulator: Merkle Hash Forest
D = 1 1 1 This is similar to a binary counter… 9 elements

32 Asynchronous Accumulator: Merkle Hash Forest
D = 2 1 1 This is similar to a binary counter… 10 elements

33 Asynchronous Accumulator: Merkle Hash Forest
D = 2 D = 1 1 1 1 This is similar to a binary counter… 11 elements

34 Asynchronous Accumulator: Merkle Hash Forest
D = 3 1 1 This is similar to a binary counter… 12 elements

35 Asynchronous Accumulator: Merkle Hash Forest
D = 3 D = 1 1 1 1 This is similar to a binary counter… 13 elements

36 Asynchronous Accumulator: Merkle Hash Forest
D = 3 D = 2 1 1 1 This is similar to a binary counter… 14 elements

37 Asynchronous Accumulator: Merkle Hash Forest
D = 3 D = 2 D = 1 1 1 1 1 This is similar to a binary counter… 15 elements

38 Asynchronous Accumulator: Merkle Hash Forest
1 This is similar to a binary counter… 16 elements

39 Merkle Hash Forest Asynchrony
Low update frequency A witness only needs to be updated when the tree in question is “carried”! Old-accumulator compatibility A witness is append-only; it contains all prior states D = 3 D = 2 D = 1

40 Conclusion Bulletin boards are good for distributed dictionaries
Namecoin PKI Accumulators improve efficiency no need to have access to the whole board Asynchronous accumulators reduce the witness maintenance cost A forest is better than a tree! More flexibility

Download ppt "Efficient Asynchronous Accumulators for Distributed PKI"

Similar presentations

A Framework for Distributed OCSP without Responders Certificate

A Framework for Distributed OCSP without Responders Certificate
3SKey 3SKey.

3SKey 3SKey.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.

A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Security Management.

Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
By Jyh-haw Yeh Boise State University ICIKM 2013.

By Jyh-haw Yeh Boise State University ICIKM 2013.
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Similar presentations

Ads by Google