Efficient fault-tolerant certificate revocation

We consider scalable certi cate revocation in a public-key infrastructure (PKI). We introduce depender graphs, a new class of graphs that support e cient and fault-tolerant revocation. Nodes of a depender graph are participants that agree to forward revocation information to other participants. Our depender graphs are k-redundant, so that revocations are provably guaranteed to be received by all nonfailed participants even if up to k 1 participants have failed. We present a protocol for constructing k-redundant depender graphs that has two desirable properties. First, it is load-balanced, in that no participant need have too many dependers. Second, it is localized, in that it avoids the need for any participant to maintain the global state of the depender graph. We also give a localized protocol for restructuring the graph in the event of permanent failures.

[1]  Frank Harary,et al.  Graph Theory , 2016 .

[2]  Michael Myers Revocation: Options and Challenges , 1998, Financial Cryptography.

[3]  M. Naor,et al.  Certiicate Revocation and Certiicate Update , 1998 .

[4]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[5]  Patrick D. McDaniel,et al.  A Response to ''Can We Eliminate Certificate Revocation Lists?'' , 2000, Financial Cryptography.

[6]  Rebecca N. Wright,et al.  Certificate revocation the responsible way , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[7]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[8]  Patrick D. McDaniel,et al.  Windowed certificate revocation , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[9]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[10]  David A. Cooper,et al.  A model of certificate revocation , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[11]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[12]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[13]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[14]  Barbara Fox,et al.  Certificate Recocation: Mechanics and Meaning , 1998, Financial Cryptography.

[15]  Shohachiro Nakanishi,et al.  Performance Evaluation of Certificate Revocation Using k-Valued Hash Tree , 1999, ISW.

[16]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, EUROCRYPT.