research-article

Transparency Overlays and Applications

Authors:

Sarah MeiklejohnAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 168 - 179

https://doi.org/10.1145/2976749.2978404

Published: 24 October 2016 Publication History

Abstract

In this paper, we initiate a formal study of transparency, which in recent years has become an increasingly critical requirement for the systems in which people place trust. We present the abstract concept of a transparency overlay, which can be used in conjunction with any system to give it provable transparency guarantees, and then apply the overlay to two settings: Certificate Transparency and Bitcoin. In the latter setting, we show that the usage of our transparency overlay eliminates the need to engage in mining and allows users to store a single small value rather than the entire blockchain. Our transparency overlay is generically constructed from a signature scheme and a new primitive we call a dynamic list commitment, which in practice can be instantiated using a collision-resistant hash function.

References

[1]

A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia. Persistent authenticated dictionaries and their applications. In G. I. Davida and Y. Frankel, editors, ISC 2001, volume 2200 of LNCS, pages 379--393, Malaga, Spain, Oct. 1--3, 2001. Springer, Berlin, Germany.

Digital Library

[2]

M. Andrychowicz and S. Dziembowski. Pow-based distributed cryptography with no trusted setup. In Proceedings of Crypto 2015, 2015.

[3]

M. Andrychowicz, S. Dziembowski, D. Malinowski, and L. Mazurek. Secure multiparty computations on Bitcoin. In Proceedings of the IEEE Symposium on Security and Privacy, 2014.

Digital Library

[4]

D. Basin, C. Cremers, T. H.-J. Kim, A. Perrig, R. Sasse, and P. Szalachowski. ARPKI: Attack Resilient Public-Key Infrastructure. In Proceedings of ACM CCS 2014, pages 382--393, 2014.

Digital Library

[5]

M. Bellare and S. Keelveedhi. Interactive message-locked encryption and secure deduplication. In Proceedings of PKC 2015, volume 9020 of LNCS, pages 516--538, 2015.

[6]

E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Decentralized anonymous payments from Bitcoin. In Proceedings of the IEEE Symposium on Security and Privacy, 2014.

Digital Library

[7]

J. C. Benaloh and M. de Mare. One-way accumulators: A decentralized alternative to digital sinatures (extended abstract). In T. Helleseth, editor, EUROCRYPT'93, volume 765 of LNCS, pages 274--285, Lofthus, Norway, May 23--27, 1993. Springer, Berlin, Germany.

Digital Library

[8]

I. Bentov and R. Kumaresan. How to use bitcoin to design fair protocols. In J. A. Garay and R. Gennaro, editors, CRYPTO 2014, Part II, volume 8617 of LNCS, pages 421--439, Santa Barbara, CA, USA, Aug. 17--21, 2014. Springer, Berlin, Germany.

[9]

J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten. Research perspectives and challenges for Bitcoin and cryptocurrencies. In Proceedings of the IEEE Symposium on Security and Privacy, 2015.

Digital Library

[10]

P. Bright. Independent Iranian hacker claims responsibility for Comodo hack, Mar. 2011.

[11]

J. Camenisch, M. Kohlweiss, and C. Soriente. An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In S. Jarecki and G. Tsudik, editors, PKC 2009, volume 5443 of LNCS, pages 481--500, Irvine, CA, USA, Mar. 18--20, 2009. Springer, Berlin, Germany.

Digital Library

[12]

J. Camenisch and A. Lysyanskaya. Dynamic accumulators and application to efficient revocation of anonymous credentials. In M. Yung, editor, CRYPTO 2002, volume 2442 of LNCS, pages 61--76, Santa Barbara, CA, USA, Aug. 18--22, 2002. Springer, Berlin, Germany.

Digital Library

[13]

S. Crosby and D. Wallach. Efficient data structures for tamper-evident logging. In Proceedings of the 18th USENIX Security Symposium, 2009.

Digital Library

[14]

G. Danezis and S. Meiklejohn. Centrally banked cryptocurrencies. In Proceedings of NDSS 2016, 2016.

[15]

B. Dowling, F. Günther, U. Herath, and D. Stebila. Secure logging schemes and Certificate Transparency. In Proceedings of ESORICS 2016, 2016. To appear.

[16]

C. Fromknecht, D. Velicanu, and S. Yakoubov. A decentralized public key infrastructure with identity retention. IACR Cryptology ePrint Archive, Report 2014/803, 2014. http://eprint.iacr.org/2014/803.pdf.

[17]

J. Garay, A. Kiayias, and N. Leonardos. The Bitcoin backbone protocol: Analysis and applications. In Proceedings of Eurocrypt 2015, 2015.

[18]

C. Garman, M. Green, and I. Miers. Decentralized anonymous credentials. In Proceedings of the NDSS Symposium 2014, 2014.

[19]

D. Goodin. Fraudulent Google credential found in the wild, Aug. 2011.

[20]

T. H.-J. Kim, L.-S. Huang, A. Perrig, C. Jackson, and V. Gligor. Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In Proceedings of WWW 2013, pages 679--690, 2013.

Digital Library

[21]

B. Laurie, A. Langley, and E. Kasper. Certificate transparency, 2013.

Digital Library

[22]

J. Leyden. Inside 'Operation Black Tulip': DigiNotar hack analysed, Sept. 2011.

[23]

H. Lipmaa. Secure accumulators from euclidean rings without trusted setup. In F. Bao, P. Samarati, and J. Zhou, editors, ACNS 12, volume 7341 of LNCS, pages 224--240, Singapore, June 26--29, 2012. Springer, Berlin, Germany.

Digital Library

[24]

M. S. Melara, A. Blankstein, J. Bonneau, E. W. Felten, and M. J. Freedman. CONIKS: Bringing key transparency to end users. In Proceedings of USENIX Security 2015, 2015.

Digital Library

[25]

J. Menn. Key Internet operator VeriSign hit by hackers, Feb. 2012.

[26]

R. C. Merkle. A certified digital signature. In G. Brassard, editor, CRYPTO'89, volume 435 of LNCS, pages 218--238, Santa Barbara, CA, USA, Aug. 20--24, 1989. Springer, Berlin, Germany.

Digital Library

[27]

A. Miller, M. Hicks, J. Katz, and E. Shi. Authenticated data structures, generically. In Proceedings of POPL 2014, 2014.

Digital Library

[28]

S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System, 2008. bitcoin.org/bitcoin.pdf.

[29]

Nasdaq. Nasdaq launches enterprise-wide blockchain technology initiative, May 2015.

[30]

D. O'Leary, V. D'Agostino, S. R. Re, J. Burney, and A. Hoffman. Method and system for processing Internet payments using the electronic funds transfer network, Nov. 2013.

[31]

C. Papamanthou, E. Shi, R. Tamassia, and K. Yi. Streaming authenticated data structures. In T. Johansson and P. Q. Nguyen, editors, EUROCRYPT 2013, volume 7881 of LNCS, pages 353--370, Athens, Greece, May 26--30, 2013. Springer, Berlin, Germany.

[32]

C. Papamanthou, R. Tamassia, and N. Triandopoulos. Authenticated hash tables. In P. Ning, P. F. Syverson, and S. Jha, editors, ACM CCS 08, pages 437--448, Alexandria, Virginia, USA, Oct. 27--31, 2008. ACM Press.

Digital Library

[33]

M. D. Ryan. Enhanced certificate transparency and end-to-end encrypted mail. In Proceedings of NDSS 2014, 2014.

Cited By

Francis EMonroe ASidnam-Mauch EIvancsics BWashington EMcGregor SBonneau JCaine K(2023)Transparency, Trust, and Security Needs for the Design of Digital News Authentication ToolsProceedings of the ACM on Human-Computer Interaction10.1145/35795347:CSCW1(1-44)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579534
Xiong QZhang YLi JTong F(2023)Enhancing Security of Certificate Authorities by Blockchain-based Domain Transparency2022 IEEE 28th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS56603.2022.00047(304-311)Online publication date: Jan-2023
https://doi.org/10.1109/ICPADS56603.2022.00047
Chen BDodis YGhosh EGoldin EKesavan BMarcedone AMou M(2023)Rotatable Zero Knowledge SetsAdvances in Cryptology – ASIACRYPT 202210.1007/978-3-031-22969-5_19(547-580)Online publication date: 25-Jan-2023
https://doi.org/10.1007/978-3-031-22969-5_19
Show More Cited By

Index Terms

Transparency Overlays and Applications
1. Security and privacy

Recommendations

Transparency and Accountability After 2015: e-Parliament for Citizens' Engagement in the Ghanaian Environment
ICEGOV '15-16: Proceedings of the 9th International Conference on Theory and Practice of Electronic Governance

Beyond providing information, Information and Communication Technology (ICT) really contributes to citizens' participation to public debate. With the use of ICT, Civil societies have played a big role especially in the areas of training, research, ...
A Step Towards Empowerment and Digital Inclusion of Rural Public in India
ICEGOV '17: Proceedings of the 10th International Conference on Theory and Practice of Electronic Governance

The emergence of Information and Communication Technology (ICT) has provided an easy, effective, economic and efficient way to provide various government services and welfare schemes at grass root level. Indian government is also moving towards e-...
Combating corruption through transparency: how have e-government investments affected levels of accountability in Brazil?
ICEGOV '14: Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance

Transparency has often been hailed as one of the main mechanisms through which corruption can be combated due to the fact that it supposedly increases levels of accountability. In this sense, e-government would be the platform through which this can be ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Engineering and Physical Sciences Research Council

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
1,266
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)4

Reflects downloads up to 09 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Francis EMonroe ASidnam-Mauch EIvancsics BWashington EMcGregor SBonneau JCaine K(2023)Transparency, Trust, and Security Needs for the Design of Digital News Authentication ToolsProceedings of the ACM on Human-Computer Interaction10.1145/35795347:CSCW1(1-44)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579534
Xiong QZhang YLi JTong F(2023)Enhancing Security of Certificate Authorities by Blockchain-based Domain Transparency2022 IEEE 28th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS56603.2022.00047(304-311)Online publication date: Jan-2023
https://doi.org/10.1109/ICPADS56603.2022.00047
Chen BDodis YGhosh EGoldin EKesavan BMarcedone AMou M(2023)Rotatable Zero Knowledge SetsAdvances in Cryptology – ASIACRYPT 202210.1007/978-3-031-22969-5_19(547-580)Online publication date: 25-Jan-2023
https://doi.org/10.1007/978-3-031-22969-5_19
Hicks A(2022)Transparency, Compliance, And Contestability When Code Is(n’t) LawProceedings of the 2022 New Security Paradigms Workshop10.1145/3584318.3584854(130-142)Online publication date: 24-Oct-2022
https://dl.acm.org/doi/10.1145/3584318.3584854
Li BLin JLi FWang QWang WLi QCheng GJing JWang C(2022)The Invisible Side of Certificate Transparency: Exploring the Reliability of Monitors in the WildIEEE/ACM Transactions on Networking10.1109/TNET.2021.312350730:2(749-765)Online publication date: Apr-2022
https://doi.org/10.1109/TNET.2021.3123507
Xu RLi CJoshi J(2022)Blockchain-based Transparency Framework for Privacy Preserving Third-party ServicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.3179698(1-1)Online publication date: 2022
https://doi.org/10.1109/TDSC.2022.3179698
Sanjoyo DMambo M(2022)Accountable Bootstrapping Based on Attack Resilient Public Key Infrastructure and Secure Zero Touch ProvisioningIEEE Access10.1109/ACCESS.2022.323101510(134086-134112)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3231015
Dahlberg RPulls TRitter TSyverson P(2021)Privacy-Preserving & Incrementally-Deployable Support for Certificate Transparency in TorProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00242021:2(194-213)Online publication date: 29-Jan-2021
https://doi.org/10.2478/popets-2021-0024
Matzutt RKalde BPennekamp JDrichel AHenze MWehrle K(2021)CoinPrune: Shrinking Bitcoin’s Blockchain RetrospectivelyIEEE Transactions on Network and Service Management10.1109/TNSM.2021.307327018:3(3064-3078)Online publication date: Sep-2021
https://doi.org/10.1109/TNSM.2021.3073270
Hu YHooshmand KKalidhindi HYang SPopa R(2021) Merkle 2 : A Low-Latency Transparency Log System 2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00088(285-303)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00088
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents