Paper 2018/1022

Blind Certificate Authorities

Liang Wang, Gilad Asharov, Rafael Pass, Thomas Ristenpart, and abhi shelat


We explore how to build a blind certificate authority (CA). Unlike conventional CAs, which learn the exact identity of those registering a public key, a blind CA can simultaneously validate an identity and provide a certificate binding a public key to it, without ever learning the identity. Blind CAs would therefore allow bootstrapping truly anonymous systems in which no party ever learns who participates. In this work we focus on constructing blind CAs that can bind an email address to a public key. To do so, we first introduce secure channel injection (SCI) protocols. These allow one party (in our setting, the blind CA) to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. Combined with a zero-knowledge certificate signing protocol, we build the first blind CA that allows Alice to obtain a X.509 certificate binding her email address to a public key of her choosing without ever revealing ``alice'' to the CA. We show experimentally that our system works with standard email server implementations as well as Gmail.

Note: Change the paper to single-column

Available format(s)
Publication info
Published elsewhere. Major revision. IEEE Symposium on Security and Privacy 2019
anonymityMPCTLSzero-knowledge proofcertificate authority
Contact author(s)
liangw @ cs wisc edu
2018-10-26: received
Short URL
Creative Commons Attribution


      author = {Liang Wang and Gilad Asharov and Rafael Pass and Thomas Ristenpart and abhi shelat},
      title = {Blind Certificate Authorities},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1022},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.