Collaborative Research: SaTC: CORE: Medium: Cryptographic accumulators and revocation of credentials

协作研究：SaTC：核心：中：加密累加器和凭证撤销

• 批准号: 2247305
• 负责人: Anna Lysyanskaya
• 金额: $ 24万
• 依托单位: Brown University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-05-15 至 2026-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247305&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

As we increasingly conduct so much of our daily lives online, user authentication becomes a vital part for numerous everyday tasks such as shopping, banking and communicating. A common mechanism for digital authentication is the use of authentication tokens, credentials or certificates. Extra care needs to be taken, however, when authentication tokens are compromised, lost or held by an owner who goes rogue. In such cases, it is crucial that there exist an effective mechanism to securely and efficiently revoke such tokens. The goal of this project is to design efficient revocation mechanisms for the Web Public Key Infrastructure (PKI) and potentially transform the future of certificate revocation on the web and beyond; our key innovation is the use of cryptographic accumulators. This project will focus on deploying cryptographic accumulators to improve practicality and reach of revocation mechanisms for Transport Layer Security (TLS) certificates in the Web PKI. Beyond TLS, the project will also concern itself with revocation in code-signing PKI by deploying batching and aggregation techniques on cryptographic accumulators for efficient software validity checks. Finally, the project will address privacy issues when checking revocation and will design solutions that can safeguard the privacy of users in Internet-of-Things (IoT) connected communities. The project vision also includes constructions that satisfy post-quantum security. The intellectual merits of this project are twofold: First, it will provide numerous results on fundamental cryptographic building blocks, such as cryptographic accumulators and (zero-knowledge) proof batch computation/verification and aggregation. The results of this part, while tailored to serve the functionality needs of revocation systems, can be of much broader interest (e.g., also apply in the areas of blockchain scalability, secure computation on the cloud, etc.). Then, this project will also have a strong implementation and evaluation component. All proposed protocols will be implemented, evaluated and compared with existing techniques. The prototype implementations will be integrated in real systems to test how the proposed accumulator protocols perform in real-world settings.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着我们越来越多地在网上进行日常生活，用户身份验证成为购物、银行业务和通信等众多日常任务的重要组成部分。数字身份验证的常见机制是使用身份验证令牌、凭证或证书。然而，当身份验证令牌被泄露、丢失或被不法所有者持有时，需要格外小心。在这种情况下，存在一种有效的机制来安全有效地撤销此类令牌至关重要。该项目的目标是为 Web 公钥基础设施 (PKI) 设计有效的撤销机制，并有可能改变 Web 及其他领域证书撤销的未来；我们的关键创新是使用加密累加器。该项目将重点部署加密累加器，以提高 Web PKI 中传输层安全 (TLS) 证书撤销机制的实用性和范围。除了 TLS 之外，该项目还将通过在加密累加器上部署批处理和聚合技术来实现有效的软件有效性检查，从而关注代码签名 PKI 的撤销。最后，该项目将解决检查撤销时的隐私问题，并将设计能够保护物联网 (IoT) 连接社区中用户隐私的解决方案。该项目愿景还包括满足后量子安全性的结构。该项目的智力优点有两个：首先，它将提供有关基本密码构建块的大量结果，例如密码累加器和（零知识）证明批量计算/验证和聚合。这部分的结果虽然是为满足撤销系统的功能需求而定制的，但可以引起更广泛的兴趣（例如，也适用于区块链可扩展性、云上的安全计算等领域）。然后，这个项目还将有一个强有力的实施和评估部分。所有提出的协议都将被实施、评估并与现有技术进行比较。原型实现将集成到实际系统中，以测试拟议的累加器协议在现实环境中的执行情况。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。