Depender Graphs: A Method of Fault-Tolerant Certificate Distribution

We consider scalable certificate revocation in a public-key infrastructure (PKI). We introduce depender graphs, a new class of graphs that support efficient and fault-tolerant revocation. Nodes of a depender graph are participants that agree to forward revocation information to other participants. Our depender graphs are k-redundant, so that revocations are provably guaranteed to be received by all non-failed participants even if up to k1 participants have failed. We present a protocol for constructing k-redundant depender graphs that has two desirable properties. First, it is load-balanced, in that no participant need have too many dependers. Second, it is localized, in that it avoids the need for any participant to maintain the global state of the depender graph. We also give a localized protocol for restructuring the graph in the event of permanent failures.

[1]  Patrick D. McDaniel,et al.  A Response to ''Can We Eliminate Certificate Revocation Lists?'' , 2000, Financial Cryptography.

[2]  Frank Harary,et al.  Graph Theory , 2016 .

[3]  Michael Myers Revocation: Options and Challenges , 1998, Financial Cryptography.

[4]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[5]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, EUROCRYPT.

[6]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[7]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[8]  David A. Cooper,et al.  A model of certificate revocation , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[9]  Patrick D. McDaniel,et al.  Windowed certificate revocation , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[10]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[11]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[12]  Barbara Fox,et al.  Certificate Recocation: Mechanics and Meaning , 1998, Financial Cryptography.

[13]  Shohachiro Nakanishi,et al.  Performance Evaluation of Certificate Revocation Using k-Valued Hash Tree , 1999, ISW.