Cryptology ePrint Archive: Report 2017/777

Encrypting Messages for Incomplete Chains of Certificates

Sanjit Chatterjee and Deepak Garg and Aniket Kate and Tobias Theobald

Abstract: A public key infrastructure (PKI) binds public keys to the identities of their respective owners. It employs certificate authorities or a web of trust over social links to transitively build cryptographic trust across parties in the form of chains of certificates. In existing PKIs, Alice cannot send a message to Bob confidentially until a complete chain of trust from Alice to Bob exists. We observe that this temporal restriction---which may be severely limiting in some contexts like whistleblowing---can be eliminated by combining webs of trust with concepts from hierarchical identity-based encryption.

Specifically, we present a novel protocol that allows Alice to securely send a message to Bob, binding to any chain of social links, with the property that Bob can decrypt the message only after trust has been established on all links in the chain. This trust may be established either before or after Alice has sent the message, and it may be established in any order on the links. We prove the protocol's security relative to an ideal functionality, develop a prototypical implementation and evaluate the implementation's performance for a realistic environment obtained by harvesting data from an existing web of trust. We observe that our protocol is fast enough to be used in practice.

Category / Keywords: cryptographic protocols / key management, PKI, web of trust, end-to-end security, identity-based cryptography

Date: received 15 Aug 2017

Contact author: aniket at purdue edu

Available format(s): PDF | BibTeX Citation

Version: 20170816:122656 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]