Paper 2017/777
Encrypting Messages for Incomplete Chains of Certificates
Sanjit Chatterjee, Deepak Garg, Aniket Kate, and Tobias Theobald
Abstract
A public key infrastructure (PKI) binds public keys to the identities of their respective owners. It employs certificate authorities or a web of trust over social links to transitively build cryptographic trust across parties in the form of chains of certificates. In existing PKIs, Alice cannot send a message to Bob confidentially until a complete chain of trust from Alice to Bob exists. We observe that this temporal restriction---which may be severely limiting in some contexts like whistleblowing---can be eliminated by combining webs of trust with concepts from hierarchical identity-based encryption. Specifically, we present a novel protocol that allows Alice to securely send a message to Bob, binding to any chain of social links, with the property that Bob can decrypt the message only after trust has been established on all links in the chain. This trust may be established either before or after Alice has sent the message, and it may be established in any order on the links. We prove the protocol's security relative to an ideal functionality, develop a prototypical implementation and evaluate the implementation's performance for a realistic environment obtained by harvesting data from an existing web of trust. We observe that our protocol is fast enough to be used in practice.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- key managementPKIweb of trustend-to-end securityidentity-based cryptography
- Contact author(s)
- aniket @ purdue edu
- History
- 2017-08-16: received
- Short URL
- https://ia.cr/2017/777
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/777, author = {Sanjit Chatterjee and Deepak Garg and Aniket Kate and Tobias Theobald}, title = {Encrypting Messages for Incomplete Chains of Certificates}, howpublished = {Cryptology {ePrint} Archive, Paper 2017/777}, year = {2017}, url = {https://eprint.iacr.org/2017/777} }