Affiliations: [a] Tallinn Technical University/University of Tartu/Cybernetica AS, Akadeemia tee 21, 12618 Tallinn, Estonia. E-mail: [email protected] | [b] FB 14 Informatik, Universität des Saarlandes, Im Stadtwald – Bau 45, Postfach 15 11 50, 66041 Saarbrücken, Germany. E-mail: [email protected] | [c] Laboratory for Theoretical Computer Science, Department of Computer Science and Engineering, Helsinki University of Technology, FIN-02015 HUT, Espoo, Finland. E-mail: [email protected]
Correspondence:
[*]
Corresponding author.
Note: [1] A preliminary version of this paper [6] appeared in the ACM CCS ’2000 Conference. The current version is the final submission to the Journal of Computer Security.
Abstract: This paper presents a method to increase the accountability of certificate management by making it intractable for the certification authority (CA) to create contradictory statements about the validity of a certificate. The core of the method is a new primitive, undeniable attester, that allows someone to commit to some set S of bitstrings by publishing a short digest of S and to give attestations for any x that it is or is not a member of S. Such an attestation can be verified by obtaining in authenticated way the published digest and applying a verification algorithm to the triple of the bitstring, the attestation and the digest. The most important feature of this primitive is intractability of creating two contradictory proofs for the same candidate element x and digest. We give an efficient construction for undeniable attesters based on authenticated search trees. We show that the construction also applies to sets of more structured elements. We also show that undeniable attesters exist iff collision-resistant hash functions exist.
