Paper 2021/818

CTng: Secure Certificate and Revocation Transparency

Jie Kong, University of Connecticut
Damon James, University of Connecticut
Hemi Leibowitz, The College of Management Academic Studies, Rishon LeZion, Israel
Ewa Syta, Trinity College
Amir Herzberg, University of Connecticut
Abstract

We present CTng, an evolutionary and practical PKI design that efficiently addresses multiple key challenges faced by deployed PKI systems. CTng ensures strong security properties, including guaranteed transparency of certificates and guaranteed, unequivocal revocation, achieved under NTTP-security, i.e., without requiring trust in any single CA, logger, or relying party. These guarantees hold even in the presence of arbitrary corruptions of these entities, assuming only a known bound (f) of corrupt monitors (e.g., f=8), with minimal performance impact. CTng also enables offline certificate validation and preserves relying-party privacy, while providing scalable and efficient distribution of revocation updates. Furthermore, CTng is post-quantum ready, maintaining efficiency even with high-overhead quantum-secure signature schemes. These properties significantly improve upon current PKI designs. In particular, while Certificate Transparency (CT) aims to eliminate single points of trust, the existing specification still assumes benign loggers. Addressing this through log redundancy is possible, but rather inefficient, limiting deployed configurations to f ≤ 2. We present a security analysis and an evaluation of our open-source CTng prototype, showing that it is efficient and scalable under realistic deployment conditions.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
public key infrastructurecertificate transparency
Contact author(s)
jie kong @ uconn edu
damon james @ uconn edu
leibo hemi @ gmail com
ewa syta @ trincoll edu
amir herzberg @ uconn edu
History
2025-05-22: last of 4 revisions
2021-06-16: received
See all versions
Short URL
https://ia.cr/2021/818
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/818,
      author = {Jie Kong and Damon James and Hemi Leibowitz and Ewa Syta and Amir Herzberg},
      title = {{CTng}: Secure Certificate and Revocation Transparency},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/818},
      year = {2021},
      url = {https://eprint.iacr.org/2021/818}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.