Blind Certificate Authorities

We explore how to build a blind certificate authority (CA). Unlike conventional CAs, which learn the exact identity of those registering a public key, a blind CA can simultaneously validate an identity and provide a certificate binding a public key to it, without ever learning the identity. Blind CAs would therefore allow bootstrapping truly anonymous systems in which no party ever learns who participates. In this work we focus on constructing blind CAs that can bind an email address to a public key. To do so, we first introduce secure channel injection (SCI) protocols. These allow one party (in our setting, the blind CA) to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. Combined with a zero-knowledge certificate signing protocol, we build the first blind CA that allows Alice to obtain a X.509 certificate binding her email address alice@domain.com to a public key of her choosing without ever revealing ``alice'' to the CA. We show experimentally that our system works with standard email server implementations as well as Gmail.

[1]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[2]  Yuval Ishai,et al.  Ligero: Lightweight Sublinear Arguments Without a Trusted Setup , 2017, Designs, Codes and Cryptography.

[3]  David A. McGrew,et al.  AES-CCM Cipher Suites for Transport Layer Security (TLS) , 2012, RFC.

[4]  Christian Paquin,et al.  U-Prove Cryptographic Specification V1.1 (Revision 3) , 2013 .

[5]  Goichiro Hanaoka,et al.  Information-theoretically secure oblivious polynomial evaluation in the commodity-based model , 2014, International Journal of Information Security.

[6]  Michael Zohner,et al.  ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation , 2015, NDSS.

[7]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[8]  Carmit Hazay,et al.  Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs , 2015, Journal of Cryptology.

[9]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[10]  Mohamed Ali Kâafar,et al.  TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication , 2015, NDSS.

[11]  Peter Rindal,et al.  Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution , 2016, USENIX Security Symposium.

[12]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[13]  Michael J. Freedman,et al.  CONIKS: Bringing Key Transparency to End Users , 2015, USENIX Security Symposium.

[14]  Yehuda Lindell,et al.  Efficient Oblivious Polynomial Evaluation with Simulation-Based Security , 2009, IACR Cryptol. ePrint Arch..

[15]  Adam Langley,et al.  ChaCha20 and Poly1305 for IETF Protocols , 2018, RFC.

[16]  Shuai Li,et al.  Mailet: Instant Social Networking under Censorship , 2016, Proc. Priv. Enhancing Technol..

[17]  Cédric Fournet,et al.  Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[18]  Stephen T. Kent,et al.  Traceable Anonymous Certificate , 2009, RFC.

[19]  Tobias Nilges,et al.  Maliciously Secure Oblivious Linear Function Evaluation with Constant Overhead , 2017, ASIACRYPT.

[20]  Thomas Schneider,et al.  Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO , 2017, NDSS.

[21]  Gunnar Lindberg,et al.  Anti-Spam Recommendations for SMTP MTAs , 1999, RFC.

[22]  Pablo Rodriguez,et al.  Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS , 2015, Comput. Commun. Rev..

[23]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[24]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[25]  José M. Troya,et al.  A First Approach to Provide Anonymity in Attribute Certificates , 2004, Public Key Cryptography.

[26]  Thomas Ristenpart,et al.  Message Franking via Committing Authenticated Encryption , 2017, CRYPTO.

[27]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.

[28]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[29]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[30]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[31]  J. Alex Halderman,et al.  Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security , 2015, Internet Measurement Conference.

[32]  Adam Langley,et al.  ChaCha20 and Poly1305 for IETF Protocols , 2018, RFC.

[33]  Feng Bao,et al.  Augmented Oblivious Polynomial Evaluation Protocol and Its Applications , 2005, ESORICS.

[34]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[35]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[36]  Joan Boyar,et al.  A depth-16 circuit for the AES S-box , 2011, IACR Cryptol. ePrint Arch..

[37]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[38]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[39]  Steven Myers,et al.  ANONIZE: A Large-Scale Anonymous Survey System , 2014, 2014 IEEE Symposium on Security and Privacy.

[40]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[41]  Chi-Jen Lu,et al.  Oblivious polynomial evaluation and oblivious neural learning , 2005, Theor. Comput. Sci..

[42]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[43]  Moni Naor,et al.  Oblivious Polynomial Evaluation , 2006, SIAM J. Comput..

[44]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[45]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[46]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[47]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.

[48]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[49]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[50]  Aggelos Kiayias,et al.  Cryptographic Hardness Based on the Decoding of Reed–Solomon Codes , 2002, IEEE Transactions on Information Theory.