Go to DBLP homepageSemi-CT: Certificates Transparent to Identity Owners but Opaque to Snoopers
Abstract: Certificate Transparency (CT) enables timely detection of problematic certification authorities (CAs) by publicly recording all CA-issued certificates. This transparency inevitably leaks the privacy of identity owners (IdOs) through the identity information bound in certificates. In response to the privacy leakage, several privacy-preserving schemes have been proposed that transform/hash/encrypt the privacy-carrying part in certificates. However, these certificates conceal identity while also making it opaque to the IdO, which defeats the purpose of CT. To address the contradiction between transparency and privacy, we propose Semi-CT, a semi-transparency mechanism that makes the certificates transparent to IdOs but opaque to snoopers. Inspired by public-key encryption with keyword search (PEKS), Semi-CT based on bilinear pairing enables trapdoor-holding IdOs to retrieve certificates associated with their identity. Semi-CT also addresses protocol deviation detection and trapdoor protection in the malicious model. Finally, through theoretical and experimental analysis, we prove the security and feasibility of Semi-CT for practical applications.
Loading