Blind certificate authorities

Liang Wang, Gilad Asharov, Rafael Pass, Thomas Ristenpart, Abhi Shelat

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

10 Scopus citations

Abstract

We explore how to build a blind certificate authority (CA). Unlike conventional CAs, which learn the exact identity of those registering a public key, a blind CA can simultaneously validate an identity and provide a certificate binding a public key to it, without ever learning the identity. Blind CAs would therefore allow bootstrapping truly anonymous systems in which no party ever learns who participates. In this work we focus on constructing blind CAs that can bind an email address to a public key. To do so, we first introduce secure channel injection (SCI) protocols. These allow one party (in our setting, the blind CA) to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. Combined with a zero-knowledge certificate signing protocol, we build the first blind CA that allows Alice to obtain a X.509 certificate binding her email address [email protected] to a public key of her choosing without ever revealing ''alice'' to the CA. We show experimentally that our system works with standard email server implementations as well as Gmail.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1015-1032
Number of pages18
ISBN (Electronic)9781538666609
DOIs
StatePublished - May 2019
Externally publishedYes
Event40th IEEE Symposium on Security and Privacy, SP 2019 - San Francisco, United States
Duration: 19 May 201923 May 2019

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
Volume2019-May
ISSN (Print)1081-6011

Conference

Conference40th IEEE Symposium on Security and Privacy, SP 2019
Country/TerritoryUnited States
CitySan Francisco
Period19/05/1923/05/19

Funding

FundersFunder number
National Science Foundation1704788
Air Force Office of Scientific ResearchFA9550-15-1-0262
Simons Foundation
National Sleep FoundationCNS-1704788, CNS-1704527, TWC-1664445, CNS-1561209, TWC-1646671, CNS-1330308, CNS-1217821, CNS-1558500
Microsoft
Google

    Keywords

    • Anonymity
    • MPC
    • Privacy
    • Secure-Multiparty-Computation
    • TLS
    • Zero-knowledge-Proof

    Fingerprint

    Dive into the research topics of 'Blind certificate authorities'. Together they form a unique fingerprint.

    Cite this