ABSTRACT

As we increasingly conduct so much of our daily lives online, user authentication becomes a vital part for numerous everyday tasks such as shopping, banking and communicating. A common mechanism for digital authentication is the use of authentication tokens, credentials or certificates. Extra care needs to be taken, however, when authentication tokens are compromised, lost or held by an owner who goes rogue. In such cases, it is crucial that there exist an effective mechanism to securely and efficiently revoke such tokens. The goal of this project is to design efficient revocation mechanisms for the Web Public Key Infrastructure (PKI) and potentially transform the future of certificate revocation on the web and beyond; our key innovation is the use of cryptographic accumulators.

This project will focus on deploying cryptographic accumulators to improve practicality and reach of revocation mechanisms for Transport Layer Security (TLS) certificates in the Web PKI. Beyond TLS, the project will also concern itself with revocation in code-signing PKI by deploying batching and aggregation techniques on cryptographic accumulators for efficient software validity checks. Finally, the project will address privacy issues when checking revocation and will design solutions that can safeguard the privacy of users in Internet-of-Things (IoT) connected communities. The project vision also includes constructions that satisfy post-quantum security. The intellectual merits of this project are twofold: First, it will provide numerous results on fundamental cryptographic building blocks, such as cryptographic accumulators and (zero-knowledge) proof batch computation/verification and aggregation. The results of this part, while tailored to serve the functionality needs of revocation systems, can be of much broader interest (e.g., also apply in the areas of blockchain scalability, secure computation on the cloud, etc.). Then, this project will also have a strong implementation and evaluation component. All proposed protocols will be implemented, evaluated and compared with existing techniques. The prototype implementations will be integrated in real systems to test how the proposed accumulator protocols perform in real-world settings.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Please report errors in award information by writing to: awardsearch@nsf.gov.