Table Of Content

Rethinking PublicKeyInfrastructures andDigitalCertificates Rethinking PublicKeyInfrastructures andDigitalCertificates BuildinginPrivacy StefanA.Brands TheMITPress Cambridge,Massachusetts London,England (cid:1)c2000StefanA.Brands All rights reserved. No part of this book may be reproduced in any form by any electronicormechanicalmeans(includingphotocopying,recording,orinformation storageandretrieval)withoutpermissioninwritingfromthepublisher. LibraryofCongressCataloging-in-PublicationData Brands,StefanA. Rethinkingpublickeyinfrastructuresanddigitalcertificates:buildinginprivacy/ StefanA.Brands. p.cm. Includesbibliographicalreferencesandindex. ISBN0-262-02491-8(alk.hc) 1.Computernetworks—Securitymeasures.2.Computernetworkprotocols.3. Dataencryption(Computerscience).4.Computersecurity.I.Title. TK5105.59B732000 005.8—dc21 00-032866 DedicatedtothememoryofPetr Sˇvestka Contents Foreword xi Preface xiii Summary xvii ListofFigures xxiii 1 Introduction 1 1.1 DigitalcertificatesandPKIs . . . . . . . . . . . . . . . . . . . . . 1 1.1.1 Frompaper-basedtodigitalcertificates . . . . . . . . . . . 1 1.1.2 Identitycertificates . . . . . . . . . . . . . . . . . . . . . . 3 1.1.3 Centraldatabaseparadigm . . . . . . . . . . . . . . . . . . 6 1.1.4 Attributecertificates . . . . . . . . . . . . . . . . . . . . . 9 1.1.5 Certificaterevocationandvalidation . . . . . . . . . . . . . 13 1.1.6 Smartcardintegration. . . . . . . . . . . . . . . . . . . . . 15 1.2 Privacyissues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 1.2.1 Privacydangers . . . . . . . . . . . . . . . . . . . . . . . . 20 1.2.2 Previousprivacy-protectioneffortsandtheirshortcomings . 25 1.2.3 Desirableprivacyproperties . . . . . . . . . . . . . . . . . 30 1.3 Outlook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 1.3.1 Basicbuildingblocks . . . . . . . . . . . . . . . . . . . . . 32 1.3.2 Additionalprivacytechniques . . . . . . . . . . . . . . . . 34 1.3.3 Securitytechniques . . . . . . . . . . . . . . . . . . . . . . 35 1.3.4 Smartcardintegration. . . . . . . . . . . . . . . . . . . . . 37 1.3.5 Securityandprivacyguarantees . . . . . . . . . . . . . . . 39 1.3.6 Applicability . . . . . . . . . . . . . . . . . . . . . . . . . 40 2 CryptographicPreliminaries 41 2.1 Notation,terminology,andconventions . . . . . . . . . . . . . . . 41 2.1.1 Basicnotation . . . . . . . . . . . . . . . . . . . . . . . . 41 viii CONTENTS 2.1.2 Algorithms,securityparameters,andprobability . . . . . . 42 2.1.3 Interactivealgorithmsandprotocols . . . . . . . . . . . . . 44 2.1.4 Attackmodels . . . . . . . . . . . . . . . . . . . . . . . . 45 2.1.5 Securityreductionsandtherandomoraclemodel . . . . . . 48 2.2 One-wayfunctions . . . . . . . . . . . . . . . . . . . . . . . . . . 49 2.2.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 2.2.2 TheDLfunction . . . . . . . . . . . . . . . . . . . . . . . 51 2.2.3 TheRSAfunction . . . . . . . . . . . . . . . . . . . . . . 56 2.3 Collision-intractablefunctions . . . . . . . . . . . . . . . . . . . . 58 2.3.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 2.3.2 TheDLREPfunction . . . . . . . . . . . . . . . . . . . . . 59 2.3.3 TheRSAREPfunction . . . . . . . . . . . . . . . . . . . . 62 2.3.4 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . 65 2.4 Proofsofknowledge . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.4.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.4.2 Securityfortheprover . . . . . . . . . . . . . . . . . . . . 67 2.4.3 ProvingknowledgeofaDL-representation . . . . . . . . . 71 2.4.4 ProvingknowledgeofanRSA-representation . . . . . . . . 75 2.5 Digitalsignatures . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 2.5.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 2.5.2 Fromproofsofknowledgetodigitalsignatureschemes . . . 79 2.5.3 DigitalsignaturesbasedontheDLREPfunction . . . . . . 81 2.5.4 DigitalsignaturesbasedontheRSAREPfunction. . . . . . 84 2.6 Digitalcertificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 2.6.1 Definitionofpublic-keycertificates . . . . . . . . . . . . . 86 2.6.2 Definitionofsecret-keycertificates . . . . . . . . . . . . . 87 2.6.3 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . 89 2.7 Bibliographicnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 90 3 ShowingProtocolswithSelectiveDisclosure 91 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 3.2 Howtocommit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 3.3 Formulaewithzeroormore“AND”connectives . . . . . . . . . . . 93 3.3.1 TechniquebasedontheDLREPfunction . . . . . . . . . . 93 3.3.2 TechniquebasedontheRSAREPfunction . . . . . . . . . 105 3.4 Formulaewithone“NOT”connective . . . . . . . . . . . . . . . . 108 3.4.1 TechniquebasedontheDLREPfunction . . . . . . . . . . 108 3.4.2 TechniquebasedontheRSAREPfunction . . . . . . . . . 118 3.5 Atomicformulaeconnectedby“OR”connectives . . . . . . . . . . 119 3.5.1 TechniquebasedontheDLREPfunction . . . . . . . . . . 119 3.5.2 TechniquebasedontheRSAREPfunction . . . . . . . . . 123 3.6 DemonstratingarbitraryBooleanformulae . . . . . . . . . . . . . . 123 CONTENTS ix 3.6.1 TechniquebasedontheDLREPfunction . . . . . . . . . . 123 3.6.2 TechniquebasedontheRSAREPfunction . . . . . . . . . 126 3.7 Optimizationsandextensions . . . . . . . . . . . . . . . . . . . . . 128 3.8 Bibliographicnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 130 4 RestrictiveBlindIssuingProtocols 131 4.1 Restrictiveblinding . . . . . . . . . . . . . . . . . . . . . . . . . . 131 4.2 Practicalconstructions . . . . . . . . . . . . . . . . . . . . . . . . 134 4.2.1 RestrictiveblindingbasedontheDLREPfunction . . . . . 135 4.2.2 RestrictiveblindingbasedontheRSAREPfunction. . . . . 139 4.2.3 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . 140 4.3 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 4.3.1 Completeness . . . . . . . . . . . . . . . . . . . . . . . . . 146 4.3.2 Privacyforthereceiver . . . . . . . . . . . . . . . . . . . . 147 4.3.3 SecurityfortheCertificateAuthority . . . . . . . . . . . . 149 4.3.4 Additionalproperties . . . . . . . . . . . . . . . . . . . . . 160 4.4 Parallelizationofprotocolexecutions. . . . . . . . . . . . . . . . . 162 4.4.1 Maskingtheinitialwitness . . . . . . . . . . . . . . . . . . 163 4.4.2 Swappingexponentsintheverificationrelation . . . . . . . 166 4.5 Othercertificateschemes . . . . . . . . . . . . . . . . . . . . . . . 171 4.5.1 DSA-likecertificates . . . . . . . . . . . . . . . . . . . . . 171 4.5.2 CertificatesbasedonChaum-Pedersensignatures . . . . . . 175 4.6 Bibliographicnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 178 5 CombiningIssuingandShowingProtocols 181 5.1 Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 5.1.1 Makingthematch . . . . . . . . . . . . . . . . . . . . . . 181 5.1.2 Copingwithdelegation . . . . . . . . . . . . . . . . . . . . 185 5.2 Privacyimprovementsforcertificateholders . . . . . . . . . . . . . 189 5.2.1 Issuingprotocoltechniques. . . . . . . . . . . . . . . . . . 189 5.2.2 Showingprotocoltechniques . . . . . . . . . . . . . . . . . 191 5.3 Privacyimprovementsforcertificateverifiers . . . . . . . . . . . . 193 5.4 Limited-showcertificates . . . . . . . . . . . . . . . . . . . . . . . 197 5.4.1 Staticone-showcertificates. . . . . . . . . . . . . . . . . . 197 5.4.2 Dynamicone-showcertificates . . . . . . . . . . . . . . . . 201 5.4.3 Increasingthethreshold . . . . . . . . . . . . . . . . . . . 207 5.5 Securityimprovements . . . . . . . . . . . . . . . . . . . . . . . . 208 5.5.1 Benefitsofencodingidentifiers . . . . . . . . . . . . . . . 208 5.5.2 Howtodiscouragelending . . . . . . . . . . . . . . . . . . 211 5.5.3 Non-repudiation . . . . . . . . . . . . . . . . . . . . . . . 212 5.5.4 Howtodiscouragediscarding . . . . . . . . . . . . . . . . 213 5.5.5 GuardingthesecretkeyoftheCertificateAuthority . . . . . 213 x CONTENTS 5.6 Bibliographicnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 216 6 SmartcardIntegration 219 6.1 Shortcomingsofthesmartcard-onlyparadigm . . . . . . . . . . . . 219 6.1.1 Privacydangers . . . . . . . . . . . . . . . . . . . . . . . . 219 6.1.2 Othershortcomings. . . . . . . . . . . . . . . . . . . . . . 223 6.2 Combiningsmartcardsandsoftware-onlydevices . . . . . . . . . . 224 6.2.1 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 6.2.2 Hownottocopewithsubliminalchannels . . . . . . . . . . 227 6.3 Securesmartcardintegration . . . . . . . . . . . . . . . . . . . . . 230 6.3.1 TechniquebasedontheDLREPfunction . . . . . . . . . . 230 6.3.2 TechniquebasedontheRSAREPfunction . . . . . . . . . 236 6.4 Privacyprotection . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 6.4.1 Inflowprevention . . . . . . . . . . . . . . . . . . . . . . . 239 6.4.2 Outflowprevention . . . . . . . . . . . . . . . . . . . . . . 240 6.4.3 Preventionofotherdataleakagechannels . . . . . . . . . . 242 6.4.4 Restrictingthelevelofprivacyprotection . . . . . . . . . . 245 6.5 Othertechniques . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 6.5.1 Implementationinlow-costsmartcards . . . . . . . . . . . 248 6.5.2 Returningcertificates . . . . . . . . . . . . . . . . . . . . . 250 6.5.3 Howtodiscourageremotelending . . . . . . . . . . . . . . 251 6.5.4 Bearercertificates. . . . . . . . . . . . . . . . . . . . . . . 252 6.5.5 Looseends . . . . . . . . . . . . . . . . . . . . . . . . . . 253 6.6 Bibliographicnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Epilogue:TheBroaderPerspective 257 References 273 CurriculumVitae 307 Index 307

ebook img

Rethinking public key infrastructures and digital certificates PDF

338 Pages·2000·1.099 MB·English
by  Brands S.A.
#
Save to my drive
Quick download
Download

Download Rethinking public key infrastructures and digital certificates PDF Free - Full Version

by Brands S.A.| 2000| 338 pages| 1.099| English

Download Rethinking public key infrastructures and digital certificates by Brands S.A. in PDF format completely FREE. No registration required, no payment needed. Get instant access to this valuable resource on PDFdrive.to!

Free Download PDF

About Rethinking public key infrastructures and digital certificates

No description available for this book.

Detailed Information

Author:Brands S.A.
Publication Year:2000
ISBN:262024918
Pages:338
Language:English
File Size:1.099
Format:PDF
Price:FREE
Download Free PDF

Safe & Secure Download - No registration required

Why Choose PDFdrive for Your Free Rethinking public key infrastructures and digital certificates Download?

  • 100% Free: No hidden fees or subscriptions required for one book every day.
  • No Registration: Immediate access is available without creating accounts for one book every day.
  • Safe and Secure: Clean downloads without malware or viruses
  • Multiple Formats: PDF, MOBI, Mpub,... optimized for all devices
  • Educational Resource: Supporting knowledge sharing and learning

Free Books Similar to Rethinking public key infrastructures and digital certificates

Frequently Asked Questions

Is it really free to download Rethinking public key infrastructures and digital certificates PDF?

Yes, on https://PDFdrive.to you can download Rethinking public key infrastructures and digital certificates by Brands S.A. completely free. We don't require any payment, subscription, or registration to access this PDF file. For 3 books every day.

How can I read Rethinking public key infrastructures and digital certificates on my mobile device?

After downloading Rethinking public key infrastructures and digital certificates PDF, you can open it with any PDF reader app on your phone or tablet. We recommend using Adobe Acrobat Reader, Apple Books, or Google Play Books for the best reading experience.

Is this the full version of Rethinking public key infrastructures and digital certificates?

Yes, this is the complete PDF version of Rethinking public key infrastructures and digital certificates by Brands S.A.. You will be able to read the entire content as in the printed version without missing any pages.

Is it legal to download Rethinking public key infrastructures and digital certificates PDF for free?

https://PDFdrive.to provides links to free educational resources available online. We do not store any files on our servers. Please be aware of copyright laws in your country before downloading.

The materials shared are intended for research, educational, and personal use in accordance with fair use principles.

We use cookies

We use cookies to ensure you get the best browsing experience on our website. By clicking "Accept Cookies", you agree that we can store cookies on your device in accordance with our Terms and Privacy.