certificate transparency saba eskandarian, eran messeri ...saba/slides/ctpriv.pdf · summary ct is...
TRANSCRIPT
![Page 1: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/1.jpg)
Certificate Transparency with Privacy
Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford
![Page 2: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/2.jpg)
Certificate Authorities
Public Key
![Page 3: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/3.jpg)
Certificate Authorities
Public Key
CertificateCertificate
CA
![Page 4: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/4.jpg)
apo-CA-lypse
![Page 5: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/5.jpg)
apo-CA-lypse
![Page 6: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/6.jpg)
Outline
● Certificate Transparency
● Redaction of private subdomains
● Privacy-preserving proof of misbehavior
![Page 7: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/7.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
CertificateCertificate
CA
![Page 8: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/8.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
CertificateCertificate
CA
Log
...
![Page 9: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/9.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
CertificateCertificate
CA
Log
...
![Page 10: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/10.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
Certificate, SCTCertificate, SCT
CA
Log
...
Certificate
SCT
![Page 11: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/11.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
Certificate, SCTCertificate, SCT
CA
Log
...
Certificate
SCT
![Page 12: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/12.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
Certificate, SCTCertificate, SCT
CA
Log
...
Certificate
SCT
CT logging required by chrome for all sites starting October 2017!
![Page 13: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/13.jpg)
Transparency and Privacy?
![Page 14: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/14.jpg)
Outline
● Certificate Transparency
● Redaction of private subdomains
● Privacy-preserving proof of misbehavior
![Page 15: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/15.jpg)
CA
Redaction: keeping secrets on a public log
Request Certificatesecret.facebook.com
Precertificatesecret.facebook.com
SCTsecret.facebook.com
Certificate, SCTsecret.facebook.com
Log
...
Problem: secret.facebook.com is publicly visible on the log!
![Page 16: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/16.jpg)
CA
Redaction: keeping secrets on a public log
Log
...
Request Certificatesecret.facebook.com
Precertificatesecret.facebook.com
SCTsecret.facebook.com
Certificate, SCTsecret.facebook.com
Redacted
Redacted
Problem: secret.facebook.com is publicly visible on the log!
![Page 17: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/17.jpg)
Usage:
c ← Commit(m, r)
Verify(c, m, r)
Security Properties:
Hiding: given commitment Commit(m, r), can’t find m
Binding: given commitment Commit(m, r), can’t decommit to m’ ≠ m
Tools: Commitments
r
val
Commit(m, r)
![Page 18: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/18.jpg)
Usage:
c ← Commit(m, r)
Verify(c, m, r)
Security Properties:
Hiding: given commitment Commit(m, r), can’t find m
Binding: given commitment Commit(m, r), can’t decommit to m’ ≠ m
Tools: Commitments
r
![Page 19: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/19.jpg)
Usage:
c ← Commit(m, r)
Verify(c, m, r)
Security Properties:
Hiding: given commitment Commit(m, r), can’t find m
Binding: given commitment Commit(m, r), can’t decommit to m’ ≠ m
Tools: Commitments
r
valr
Verify( , val, r)
![Page 20: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/20.jpg)
Subdomain Redaction via Commitments
Request Certificate
secret.facebook.comsecret.facebook.com
Log
...
CA
![Page 21: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/21.jpg)
Subdomain Redaction via Commitments
Request Certificate
secret.facebook.comsecret.facebook.com
Log
...
Precertificate
secret.facebook.com
CA
![Page 22: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/22.jpg)
Subdomain Redaction via Commitments
Request Certificate
secret.facebook.comsecret.facebook.com
Log
...
Precertificate
secret.facebook.com
SCT
secret.facebook.com
.com
CA
![Page 23: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/23.jpg)
Subdomain Redaction via Commitments
Request Certificate
secret.facebook.comsecret.facebook.com
Log
...
Precertificate
secret.facebook.com
SCT
secret.facebook.com
Certificatesecret.facebook.com
SCT: secret.facebook.comSCT Opening: .facebook
.com
CA
![Page 24: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/24.jpg)
Subdomain Redaction via Commitments
Page Request: secret.facebook.com
![Page 25: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/25.jpg)
Subdomain Redaction via Commitments
Page Request: secret.facebook.com
Certificatesecret.facebook.com
SCT: secret.facebook.comSCT Opening:
![Page 26: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/26.jpg)
Subdomain Redaction via Commitments
Page Request: secret.facebook.com
Verify( , secret, )
Certificatesecret.facebook.com
SCT: secret.facebook.comSCT Opening:
![Page 27: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/27.jpg)
SecurityHow can a monitor still check the log?
Knowledge of number of entries per domain owner reveals extra certificates
Why can’t a malicious site or CA reuse an existing redacted SCT?
Binding property of commitment
![Page 28: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/28.jpg)
Outline
● Certificate Transparency
● Redaction of private subdomains
● Privacy-preserving proof of misbehavior
![Page 29: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/29.jpg)
Privacy-Compromising Proof of Exclusion
1 2 3 4 5 6 7 8 9 10Log
Excluded SCT
secret.facebook.com
![Page 30: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/30.jpg)
Privacy-Compromising Proof of Exclusion
1 2 3 4 5 6 7 8 9 10Log
Excluded SCT
secret.facebook.com
![Page 31: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/31.jpg)
Goals● Auditor proves to vendor that an SCT is missing from log● Auditor does not reveal domain name, vendor only learns that log is
misbehaving
![Page 32: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/32.jpg)
Goals● Auditor proves to vendor that an SCT is missing from log● Auditor does not reveal domain name, vendor only learns that log is
misbehaving
Then:
● Vendor can investigate log● Vendor can blindly revoke missing certificate (by pushing a revocation value
to all browsers)
![Page 33: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/33.jpg)
Goals● Auditor proves to vendor that an SCT is missing from log● Auditor does not reveal domain name, vendor only learns that log is
misbehaving
Then:
● Vendor can investigate log● Vendor can blindly revoke missing certificate (by pushing a revocation value
to all browsers)
Assumption: timestamps in order
![Page 34: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/34.jpg)
What Does Auditor Prove?
1 2 3 4 5 6 7 8 9 10Log
Excluded SCT
![Page 35: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/35.jpg)
What Does Auditor Prove?
1t=4
2t=18
3t=21
4t=27
5t=30
6t=38
7t=41
8t=42
9t=50
10t=59
Log
t=25Excluded SCT
Assumption: timestamps in order
![Page 36: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/36.jpg)
What Does Auditor Prove?
1t=4
2t=18
3t=21
4t=27
5t=30
6t=38
7t=41
8t=42
9t=50
10t=59
Log
t=25Excluded SCT
Assumption: timestamps in order
![Page 37: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/37.jpg)
What Does Auditor Prove?
1t=4
2t=18
3t=21
4t=27
5t=30
6t=38
7t=41
8t=42
9t=50
10t=59
Log
t=253t=21
4t=27
![Page 38: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/38.jpg)
What Does Auditor Prove?
1t=4
2t=18
3t=21
4t=27
5t=30
6t=38
7t=41
8t=42
9t=50
10t=59
Log
What about privacy?!
t=253t=21
4t=27
![Page 39: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/39.jpg)
Tools: Additively Homomorphic Commitments
val2val1
![Page 40: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/40.jpg)
Tools: Additively Homomorphic Commitments
val2val1 +
![Page 41: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/41.jpg)
Tools: Additively Homomorphic Commitments
val2val1 val1+val2+ =
![Page 42: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/42.jpg)
Tools: Zero-Knowledge Proofs
A
![Page 43: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/43.jpg)
Tools: Zero-Knowledge Proofs
=A B
![Page 44: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/44.jpg)
Tools: Zero-Knowledge Proofs
=
0 < < 5
A B
AA
![Page 45: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/45.jpg)
Tools: Zero-Knowledge Proofs
=
0 < < 5
A B
AA
valvalsk
![Page 46: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/46.jpg)
Tools: Zero-Knowledge Proofs
=
0 < < 5
A B
AA
valvalsk
![Page 47: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/47.jpg)
Tools: Zero-Knowledge Proofs
=
0 < < 5
A B
AA
valvalsk
![Page 48: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/48.jpg)
Proof of Exclusion
1t=4
2t=18
3t=21
4t=27
5t=30
6t=38
7t=41
8t=42
9t=50
10t=59
Log
What about privacy?!
t=253t=21
4t=27
![Page 49: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/49.jpg)
Proof of Exclusion
1t=4
2t=18
3t=21
4t=27
5t=30
6t=38
7t=41
8t=42
9t=50
10t=59
Log
What about privacy?!
X Y Z
Index(X)Time(X)
Index(Z)Time(Z)
Time(Y)
![Page 50: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/50.jpg)
Proof of Exclusion
Y
X
Z
![Page 51: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/51.jpg)
Index(X) Index(Z)
Time(Z)Time(X)
Proof of Exclusion
Time(Y)
+ 1 =
< <Y
X
Z
![Page 52: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/52.jpg)
Index(X) Index(Z)
Time(Z)Time(X)
Proof of Exclusion
Time(Y)
+ 1 =
< <Y
X
Z
![Page 53: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/53.jpg)
Index(X) Index(Z)
Time(Z)Time(X)
Proof of Exclusion
Time(Y)
+ 1 =
< <Y
X
Z
![Page 54: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/54.jpg)
Index(X) Index(Z)
Time(Z)Time(X)
Proof of Exclusion
Time(Y)
+ 1 =
< <Y
X
Z
Are these numbers really from the log?
![Page 55: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/55.jpg)
543
1211
Proof of Exclusion
+ 1 =
< <Y
X
Z
hehehe...
![Page 56: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/56.jpg)
Proof of Exclusion
Needed for proof
X
Index(X) Time(X)
![Page 57: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/57.jpg)
skH
Proof of Exclusion
New signatures from log
Needed for proof
X
Index(X) Time(X)
H(x)+Index(X) H(x) H(x)+Time(X)
skI skT
![Page 58: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/58.jpg)
Proof of Exclusion
New signatures from log
Needed for proof
X
Index(X) Time(X)
H(X)
skH
H(x)+Index(X) H(x) H(x)+Time(X)
skI skT
![Page 59: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/59.jpg)
Proof of Exclusion
New signatures from log
Needed for proof
X
Index(X) Time(X)
H(X)+ +
skH
H(x)+Index(X) H(x) H(x)+Time(X)
skI skT
![Page 60: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/60.jpg)
Proof of Exclusion
New signatures from log
Needed for proof
X
Index(X) Time(X)
H(X)H(x)+Index(X) H(x)+Time(X)+ +
skH
H(x)+Index(X) H(x) H(x)+Time(X)
skI skT
![Page 61: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/61.jpg)
Proof of Exclusion
New signatures from log
Needed for proof
X
Index(X) Time(X)
H(X)H(x)+Index(X) H(x)+Time(X)+ +
skH
H(x)+Index(X) H(x) H(x)+Time(X)
skI skT
![Page 62: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/62.jpg)
Performance Numbers
Online Costs
Proof Size: 333 kB
Time to generate: 5.0 seconds
Time to verify: 2.3 seconds
Offline Costs (storage)
Growth of log entry: 480 bytes
Growth of SCT: 160 bytes
Revocation notice size: 32 bytes
![Page 63: Certificate Transparency Saba Eskandarian, Eran Messeri ...saba/slides/ctpriv.pdf · Summary CT is an exciting new feature of our web infrastructure Transparency raises new privacy](https://reader036.vdocuments.site/reader036/viewer/2022081615/5fd4cefad656ff41ff7810df/html5/thumbnails/63.jpg)
Summary● CT is an exciting new feature of our web infrastructure
● Transparency raises new privacy concerns
● Work on privacy-preserving solutions to two issues:
○ Compatibility between CT and need for private domain names
○ Reporting CT log misbehavior without revealing private information
See paper for details and security proofs: https://arxiv.org/pdf/1703.02209.pdf