Certificate transparency with enhancements and short proofs

Authors

Abhishek Singh, IBM Research - India
Binanda Sengupta, Indian Statistical Institute, Kolkata
Sushmita Ruj, Indian Statistical Institute, Kolkata

Document Type

Conference Article

Publication Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Abstract

Browsers can detect malicious websites that are provisioned with forged or fake TLS/SSL certificates. However, they are not so good at detecting these websites if they are provisioned with mistakenly (or maliciously) issued certificates. Google proposed certificate transparency which is an open framework to monitor and audit certificates in real time. Thereafter, a few other certificate transparency schemes have been proposed which can even handle revocation. All currently known constructions use Merkle hash trees and have proof size logarithmic in the number of certificates/domain owners. We present a new certificate transparency scheme with short (constant size) proofs. Our construction makes use of dynamic bilinear-map accumulators. The scheme has many desirable properties like efficient revocation, low verification cost and update costs comparable to the existing schemes. We provide proofs of security and evaluate the performance of our scheme.

First Page

381

Last Page

389

DOI

10.1007/978-3-319-59870-3_22

Publication Date

1-1-2017

Comments

Open Access, Green

Recommended Citation

Singh, Abhishek; Sengupta, Binanda; and Ruj, Sushmita, "Certificate transparency with enhancements and short proofs" (2017). Conference Articles. 333.
https://digitalcommons.isical.ac.in/conf-articles/333