Client-Auditable Verifiable Registries

Verifiable registries allow clients to securely access a key-value mapping maintained by an untrusted server. Applications include distribution of public keys, routing information or software binaries. Existing proposals for verifiable registries rely on global invariants being audited whenever the registry is updated. Clients typically rely on trusted third-party auditors, as large registries become expensive to audit. We propose several new protocols for client-auditable registries that enable efficient verification of many updates to the registry, removing the need for third-party auditors. Our solutions use incrementally-verifiable computation (IVC) and/or RSA accumulators. Our evaluation shows that our constructions meet practical throughput requirements (60 updates / second), which is 100× faster than naive solutions using IVC. Clients save 100–10× bandwidth and computation costs over prior solutions requiring auditing every update.

[1]  Dan Boneh,et al.  Certificate Transparency with Privacy , 2017, Proc. Priv. Enhancing Technol..

[2]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.

[3]  Matthew Smith,et al.  Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers , 2014, CCS.

[4]  Yu Xia,et al.  Authenticated Dictionaries with Cross-Incremental Proof (Dis)aggregation , 2020, IACR Cryptol. ePrint Arch..

[5]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[6]  David Wolinsky,et al.  Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[7]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[8]  Mark Ryan,et al.  How to detect unauthorised usage of a key , 2015, IACR Cryptol. ePrint Arch..

[9]  Justin Cappos,et al.  CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds , 2017, USENIX Security Symposium.

[10]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[11]  Matthew Smith,et al.  An Empirical Study of Textual Key-Fingerprint Representations , 2016, USENIX Security Symposium.

[12]  Mark Ryan,et al.  Enhanced Certificate Transparency and End-to-End Encrypted Mail , 2014, NDSS.

[13]  Nickolai Zeldovich,et al.  Aardvark: A Concurrent Authenticated Dictionary with Short Proofs , 2020, IACR Cryptol. ePrint Arch..

[14]  Michael J. Freedman,et al.  CONIKS: Bringing Key Transparency to End Users , 2015, USENIX Security Symposium.

[15]  Raluca A. Popa,et al.  Merkle2: A Low-Latency Transparency Log System , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[16]  Srinath T. V. Setty,et al.  Spartan: Efficient and general-purpose zkSNARKs without trusted setup , 2020, IACR Cryptol. ePrint Arch..

[17]  Daniel Kales,et al.  Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof Systems , 2019, IACR Cryptol. ePrint Arch..

[18]  Collin Jackson,et al.  Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure , 2013, WWW.

[19]  Srinivasan Raghuraman,et al.  KVaC: Key-Value Commitments for Blockchains and Beyond , 2020, IACR Cryptol. ePrint Arch..

[20]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[21]  Chris Palmer,et al.  Public Key Pinning Extension for HTTP , 2015, RFC.

[22]  Nicholas Spooner,et al.  Recursive Proof Composition from Accumulation Schemes , 2020, TCC.

[23]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[24]  Elaine Shi,et al.  xJsnark: A Framework for Efficient Verifiable Computation , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[25]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[26]  Mary Baker,et al.  Secure History Preservation Through Timeline Entanglement , 2002, USENIX Security Symposium.

[27]  Mark H. Overmars,et al.  The Design of Dynamic Data Structures , 1987, Lecture Notes in Computer Science.

[28]  Ralf Sasse,et al.  ARPKI: Attack Resilient Public-Key Infrastructure , 2014, CCS.

[29]  Ariel Gabizon,et al.  PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge , 2019, IACR Cryptol. ePrint Arch..

[30]  Daniel Zappala,et al.  Is that you, Alice? A Usability Study of the Authentication Ceremony of Secure Messaging Applications , 2017, SOUPS.

[31]  Dan Boneh,et al.  Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains , 2019, IACR Cryptol. ePrint Arch..

[32]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2014, Algorithmica.

[33]  Sarah Meiklejohn,et al.  Contour: A Practical System for Binary Transparency , 2017, DPM/CBT@ESORICS.

[34]  Blase Ur,et al.  Can Unicorns Help Users Compare Crypto Key Fingerprints? , 2017, CHI.

[35]  Paul Valiant,et al.  Incrementally Verifiable Computation or Proofs of Knowledge Imply Time/Space Efficiency , 2008, TCC.

[36]  Emma Dauterman,et al.  Reducing Participation Costs via Incremental Verification for Ledger Systems , 2020, IACR Cryptol. ePrint Arch..

[37]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge with No Trusted Setup , 2019, CRYPTO.

[38]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[39]  Dan Boneh,et al.  Scaling Verifiable Computation Using Efficient Set Accumulators , 2019, IACR Cryptol. ePrint Arch..

[40]  M. Angela Sasse,et al.  Obstacles to the Adoption of Secure Communication Tools , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[41]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[42]  Srinivas Devadas,et al.  Transparency Logs via Append-Only Authenticated Dictionaries , 2019, IACR Cryptol. ePrint Arch..

[43]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[44]  Mary Maller,et al.  Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS , 2020, IACR Cryptol. ePrint Arch..

[45]  Dan S. Wallach,et al.  Efficient Data Structures For Tamper-Evident Logging , 2009, USENIX Security Symposium.

[46]  Joseph Bonneau,et al.  EthIKS: Using Ethereum to Audit a CONIKS Key Transparency Log , 2016, Financial Cryptography Workshops.

[47]  Apoorvaa Deshpande,et al.  SEEMless: Secure End-to-End Encrypted Messaging with less Trust , 2019, CCS.

[48]  Sean Bowe,et al.  Halo: Recursive Proof Composition without a Trusted Setup , 2019, IACR Cryptol. ePrint Arch..

[49]  Benedikt Bünz,et al.  Proofs for Inner Pairing Products and Applications , 2021, ASIACRYPT.

[50]  Ion Stoica,et al.  DIZK: A Distributed Zero Knowledge Proof System , 2018, IACR Cryptol. ePrint Arch..

[51]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[52]  Matthew Green,et al.  Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards , 2017, CCS.

[53]  Ben Fisch,et al.  Transparent SNARKs from DARK Compilers , 2020, IACR Cryptol. ePrint Arch..

[54]  Arno Fiedler,et al.  Certificate transparency , 2014, Commun. ACM.

[55]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[56]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.