QuasiModo: Efficient Certificate Validation and Revocation

We present two new schemes for efficient certificate revocation. Our first scheme is a direct improvement on a well-known tree-based variant of the NOVOMODO system of Micali [11]. Our second scheme is a direct improvement on a tree-based variant of a multi-certificate revocation system by Aiello, Lodha, and Ostrovsky [1]. At the core of our schemes is a novel construct termed a QuasiModo tree, which is like a Merkle tree but contains a length-2 chain at the leaves and also directly utilizes interior nodes. This concept is of independent interest, and we believe such trees will have numerous other applications. The idea, while simple, immediately provides a strict improvement in the relevant time and communication complexities over previously published schemes.

[1]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[2]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[3]  Bruce Schneier One-way hash functions , 1991 .

[4]  Peter Gemmell,et al.  Efficient and Fresh Cerification , 2000, Public Key Cryptography.

[5]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[6]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[7]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[8]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[9]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[10]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[11]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[12]  Rafail Ostrovsky,et al.  Fast digital identity revocation , 1998 .

[13]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[14]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[15]  Craig Gentry,et al.  Microcredits for Verifiable Foreign Service Provider Metering , 2004, Financial Cryptography.

[16]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..