Collaborative Research: SaTC: CORE: Medium: Cryptographic accumulators and revocation of credentials

协作研究：SaTC：核心：中：加密累加器和凭证撤销

• 批准号: 2247308
• 负责人: Charalampos Papamanthou
• 金额: $ 24万
• 依托单位: Yale University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-05-15 至 2026-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247308&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

As we increasingly conduct so much of our daily lives online, user authentication becomes a vital part for numerous everyday tasks such as shopping, banking and communicating. A common mechanism for digital authentication is the use of authentication tokens, credentials or certificates. Extra care needs to be taken, however, when authentication tokens are compromised, lost or held by an owner who goes rogue. In such cases, it is crucial that there exist an effective mechanism to securely and efficiently revoke such tokens. The goal of this project is to design efficient revocation mechanisms for the Web Public Key Infrastructure (PKI) and potentially transform the future of certificate revocation on the web and beyond; our key innovation is the use of cryptographic accumulators. This project will focus on deploying cryptographic accumulators to improve practicality and reach of revocation mechanisms for Transport Layer Security (TLS) certificates in the Web PKI. Beyond TLS, the project will also concern itself with revocation in code-signing PKI by deploying batching and aggregation techniques on cryptographic accumulators for efficient software validity checks. Finally, the project will address privacy issues when checking revocation and will design solutions that can safeguard the privacy of users in Internet-of-Things (IoT) connected communities. The project vision also includes constructions that satisfy post-quantum security. The intellectual merits of this project are twofold: First, it will provide numerous results on fundamental cryptographic building blocks, such as cryptographic accumulators and (zero-knowledge) proof batch computation/verification and aggregation. The results of this part, while tailored to serve the functionality needs of revocation systems, can be of much broader interest (e.g., also apply in the areas of blockchain scalability, secure computation on the cloud, etc.). Then, this project will also have a strong implementation and evaluation component. All proposed protocols will be implemented, evaluated and compared with existing techniques. The prototype implementations will be integrated in real systems to test how the proposed accumulator protocols perform in real-world settings.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着我们越来越多地在网上进行日常生活，用户身份验证成为购物，银行和通信等许多日常任务的重要组成部分。数字认证的一种常见机制是使用认证令牌、凭证或证书。但是，当身份验证令牌被泄露、丢失或被流氓所有者持有时，需要格外小心。在这种情况下，关键是要有一个有效的机制来安全有效地撤销这些令牌。该项目的目标是为Web公钥基础设施（PKI）设计有效的撤销机制，并可能改变Web及其他领域的证书撤销的未来;我们的关键创新是使用加密证书。这个项目将集中于部署加密证书，以提高Web PKI中传输层安全（TLS）证书撤销机制的实用性和可达性。除了TLS之外，该项目还将关注代码签名PKI中的撤销，方法是在加密证书上部署验证和聚合技术，以进行有效的软件有效性检查。最后，该项目将在检查撤销时解决隐私问题，并将设计可以保护物联网（IoT）连接社区中用户隐私的解决方案。该项目的愿景还包括满足后量子安全的建设。该项目的智力优势有两个方面：首先，它将提供关于基本密码构建块的许多结果，例如密码验证和（零知识）证明批量计算/验证和聚合。这一部分的结果虽然是为满足撤销系统的功能需求而定制的，但可能具有更广泛的意义（例如，也适用于区块链可扩展性，云上的安全计算等领域）。然后，该项目还将有一个强有力的执行和评估组成部分。所有拟议的协议将被执行，评估和与现有技术进行比较。原型实现将被集成到真实的系统中，以测试拟议的蓄能器协议在现实世界中的表现。该奖项反映了NSF的法定使命，并被认为是值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估的支持。