Collaborative Research: SaTC: CORE: Medium: Cryptographic accumulators and revocation of credentials

协作研究：SaTC：核心：中：加密累加器和凭证撤销

• 批准号: 2247306
• 负责人: Taejoong Chung
• 金额: $ 24万
• 依托单位: Virginia Polytechnic Institute and State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-05-15 至 2026-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247306&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

As we increasingly conduct so much of our daily lives online, user authentication becomes a vital part for numerous everyday tasks such as shopping, banking and communicating. A common mechanism for digital authentication is the use of authentication tokens, credentials or certificates. Extra care needs to be taken, however, when authentication tokens are compromised, lost or held by an owner who goes rogue. In such cases, it is crucial that there exist an effective mechanism to securely and efficiently revoke such tokens. The goal of this project is to design efficient revocation mechanisms for the Web Public Key Infrastructure (PKI) and potentially transform the future of certificate revocation on the web and beyond; our key innovation is the use of cryptographic accumulators. This project will focus on deploying cryptographic accumulators to improve practicality and reach of revocation mechanisms for Transport Layer Security (TLS) certificates in the Web PKI. Beyond TLS, the project will also concern itself with revocation in code-signing PKI by deploying batching and aggregation techniques on cryptographic accumulators for efficient software validity checks. Finally, the project will address privacy issues when checking revocation and will design solutions that can safeguard the privacy of users in Internet-of-Things (IoT) connected communities. The project vision also includes constructions that satisfy post-quantum security. The intellectual merits of this project are twofold: First, it will provide numerous results on fundamental cryptographic building blocks, such as cryptographic accumulators and (zero-knowledge) proof batch computation/verification and aggregation. The results of this part, while tailored to serve the functionality needs of revocation systems, can be of much broader interest (e.g., also apply in the areas of blockchain scalability, secure computation on the cloud, etc.). Then, this project will also have a strong implementation and evaluation component. All proposed protocols will be implemented, evaluated and compared with existing techniques. The prototype implementations will be integrated in real systems to test how the proposed accumulator protocols perform in real-world settings.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着我们越来越多地在线进行日常生活的大部分时间，用户身份验证成为许多日常任务（例如购物，银行和交流）的重要组成部分。数字身份验证的一种常见机制是使用身份验证令牌，凭据或证书。但是，当身份验证令牌受到流氓的折衷，丢失或持有时，需要格外小心。在这种情况下，至关重要的是，存在有效的机制，可以安全有效地撤销这样的令牌。该项目的目的是为Web公共密钥基础架构（PKI）设计有效的撤销机制，并有可能改变网络及其他方面的证书撤销的未来；我们的关键创新是使用加密蓄能器。该项目将着重于部署加密蓄能器，以提高Web PKI中运输层安全性（TLS）证书的实用性和覆盖范围。除了TLS之外，该项目还将通过在加密蓄能器上部署批处理和聚合技术来关注代码签名PKI中的撤销，以进行有效的软件有效性检查。最后，该项目在检查撤销时将解决隐私问题，并将设计可以保护用户在连接社区（IoT）社区中的隐私的解决方案。项目愿景还包括满足量子后安全性的结构。该项目的智力优点是双重的：首先，它将为基本的加密构件提供许多结果，例如加密累加器和（零知识）证明批处理计算/验证和聚合。该部分的结果虽然针对撤销系统的功能需求进行了量身定制，但可能会引起更大的兴趣（例如，也适用于区块链可伸缩性，云上的安全计算等方面。然后，该项目还将具有强大的实施和评估部分。所有提出的协议将通过现有技术实施，评估和比较。原型实现将集成到实际系统中，以测试拟议的累加器协议在现实世界中的执行方式。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子和更广泛影响的评估评估标准来通过评估来支持的。