ClaimChain: Improving the Security and Privacy of In-band Key Distribution for Messaging

The social demand for email end-to-end encryption is barely supported by mainstream service providers. Autocrypt is a new community-driven open specification for e-mail encryption that attempts to respond to this demand. In Autocrypt the encryption keys are attached directly to messages, and thus the encryption can be implemented by email clients without any collaboration of the providers. The decentralized nature of this in-band key distribution, however, makes it prone to man-in-the-middle attacks and can leak the social graph of users. To address this problem we introduce ClaimChain, a cryptographic construction for privacy-preserving authentication of public keys. Users store claims about their identities and keys, as well as their beliefs about others, in ClaimChains. These chains form authenticated decentralized repositories that enable users to prove the authenticity of both their keys and the keys of their contacts. ClaimChains are encrypted, and therefore protect the stored information, such as keys and contact identities, from prying eyes. At the same time, ClaimChain implements mechanisms to provide strong non-equivocation properties, discouraging malicious actors from distributing conflicting or inauthentic claims. We implemented ClaimChain and we show that it offers reasonable performance, low overhead, and authenticity guarantees.

[1]  Michael J. Freedman,et al.  CONIKS: Bringing Key Transparency to End Users , 2015, USENIX Security Symposium.

[2]  et al.,et al.  Jupyter Notebooks - a publishing format for reproducible computational workflows , 2016, ELPUB.

[3]  Thomas Ristenpart,et al.  Message Franking via Committing Authenticated Encryption , 2017, CRYPTO.

[4]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[5]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[6]  Dan S. Wallach,et al.  Authenticated Dictionaries: Real-World Costs and Trade-Offs , 2011, TSEC.

[7]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[8]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[9]  Matthew K. Franklin,et al.  Unique Ring Signatures: A Practical Construction , 2013, Financial Cryptography.

[10]  Jure Leskovec,et al.  Community Structure in Large Networks: Natural Cluster Sizes and the Absence of Large Well-Defined Clusters , 2008, Internet Math..

[11]  Viktor Dukhovni,et al.  Opportunistic Security: Some Protection Most of the Time , 2014, RFC.

[12]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[13]  Ole Tange,et al.  GNU Parallel: The Command-Line Power Tool , 2011, login Usenix Mag..

[14]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[15]  J. Ian Munro,et al.  Deterministic skip lists , 1992, SODA '92.

[16]  Ben Laurie Certificate Transparency , 2014, ACM Queue.

[17]  Moni Naor,et al.  Can NSEC5 be practical for DNSSEC deployments? , 2017, IACR Cryptol. ePrint Arch..

[18]  Yiming Yang,et al.  Introducing the Enron Corpus , 2004, CEAS.

[19]  Muneeb Ali,et al.  Blockstack: A Global Naming and Storage System Secured by Blockchains , 2016, USENIX Annual Technical Conference.

[20]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[21]  George Danezis,et al.  Lower-Cost ∈-Private Information Retrieval , 2016, Proc. Priv. Enhancing Technol..

[22]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).