Cryptology ePrint Archive: Report 2013/834

Keyless Signatures' Infrastructure: How to Build Global Distributed Hash-Trees

Ahto Buldas and Andres Kroonmaa and Risto Laanoja

Abstract: Keyless Signatures Infrastructure (KSI) is a globally distributed system for providing time-stamping and server-supported digital signature services. Global per-second hash trees are created and their root hash values published. We discuss some service quality issues that arise in practical implementation of the service and present solutions for avoiding single points of failure and guaranteeing a service with reasonable and stable delay. Guardtime AS has been operating a KSI Infrastructure for 5 years. We summarize how the KSI Infrastructure is built, and the lessons learned during the operational period of the service.

Category / Keywords: applications / distributed system, applications of hash functions, public-key infrastructure, high availability

Original Publication (with major differences): Hanne Riis Nielson, Dieter Gollmann (Eds.): Secure IT Systems - 18th Nordic Conference, NordSec 2013, Ilulissat, Greenland, October 18-21, 2013, Proceedings. Springer 2013 Lecture Notes in Computer Science ISBN 978-3-642-41487-9

Date: received 9 Dec 2013, last revised 15 Dec 2013

Contact author: ristik at gmail com

Available format(s): PDF | BibTeX Citation

Note: Proofreading.

Version: 20131216:190753 (All versions of this report)

Short URL: ia.cr/2013/834

Discussion forum: Show discussion | Start new discussion