Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning
Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky,
Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, and Bryan Ford
37th IEEE Symposium on
Security and Privacy
San Jose, CA, May 2016
Abstract
The secret keys of critical network authorities – such as time, name,
certificate, and software update services – represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement
S collectively signed by
W witnesses assures
clients that
S has been seen, and not immediately found erroneous, by
those
W observers. Even if
S is compromised in a fashion not
readily detectable by the witnesses, CoSi still guarantees
S’s exposure
to public scrutiny, forcing secrecy-minded attackers to risk that the
compromise will soon be detected by one of the
W witnesses. Because
clients can verify collective signatures efficiently without communication,
CoSi protects clients’ privacy, and offers the first transparency mechanism
effective against persistent man-in-the-middle attackers who control a
victim’s Internet access, the authority’s secret key, and several witnesses’
secret keys. CoSi builds on existing cryptographic multisignature methods,
scaling them to support thousands of witnesses via signature aggregation over
efficient communication trees. A working prototype demonstrates CoSi in the
context of timestamping and logging authorities, enabling groups of over 8,000
distributed witnesses to cosign authoritative statements in under two seconds.
Paper: PDF
Source Code: GitHub
Press Coverage:
- Cothority to Apple: Let’s make secret backdoors impossible,
J.M. Porup,
arstechnica UK.
- Using distributed code-signatures to make it much harder to order secret backdoors,
Cory Doctorow,
BoingBoing.
- Cothority offers to help Apple security with distributed cosigning,
staff,
MacNN.
- Apple fears gov't overreach, Cothority offers co. help,
Teri Robinson,
SC Magazine.
- How Apple Could Fed-Proof Its Software Update System,
Tom Simonite,
MIT Technology Review.
- Justice Radio with Steven Rambam,
Steven Rambam,
KERV 1230AM.