Certificate Transparency with Enhancements and Short Proofs

TL;DR

This paper introduces a new certificate transparency scheme that uses dynamic bilinear-map accumulators to produce constant-size proofs, enhancing efficiency and security in monitoring TLS/SSL certificates.

Contribution

The paper presents a novel certificate transparency scheme with short, constant-size proofs using bilinear-map accumulators, improving upon existing logarithmic proof size schemes.

Findings

Scheme achieves constant proof size

Efficient revocation and low verification costs

Security proofs and performance evaluation provided

Abstract

Browsers can detect malicious websites that are provisioned with forged or fake TLS/SSL certificates. However, they are not so good at detecting malicious websites if they are provisioned with mistakenly issued certificates or certificates that have been issued by a compromised certificate authority. Google proposed certificate transparency which is an open framework to monitor and audit certificates in real time. Thereafter, a few other certificate transparency schemes have been proposed which can even handle revocation. All currently known constructions use Merkle hash trees and have proof size logarithmic in the number of certificates/domain owners. We present a new certificate transparency scheme with short (constant size) proofs. Our construction makes use of dynamic bilinear-map accumulators. The scheme has many desirable properties like efficient revocation, low verification cost and update costs comparable to the existing schemes. We provide proofs of security and evaluate the performance of our scheme.