Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning (1503.08768v4)

Abstract: The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.

• The paper introduces a novel decentralized witness cosigning protocol (CoSi) that strengthens network authorities against key compromise attacks.
• CoSi employs a scalable tree-based architecture that aggregates thousands of cosignatures in under two seconds, ensuring collective verification of authoritative actions.
• The protocol’s adaptable witness thresholds and fault tolerance offer robust security improvements for certificate authorities, blockchain, and software update services.

Decentralized Witness Cosigning for Enhancing Authority Trustworthiness

The paper "Keeping Authorities Honest or Bust with Decentralized Witness Cosigning" explores a novel cryptographic protocol named CoSi, designed to bolster the security of critical network authorities by instituting a scalable witness cosigning system. The research discussed in this paper addresses significant vulnerabilities in the current centralized systems that manage key network services, such as certificate authorities, time and software update services, and digital notaries. These centralized authorities are prime targets for attacks aiming to compromise their secret keys, which could lead to widespread security breaches.

Core Proposal

The central innovation of CoSi is its decentralized witness cosigning protocol. The protocol requires that any authoritative statement made by a network service is collectively signed by a group of independent witnesses prior to client acceptance. This mechanism ensures that any authoritative action, whether a certificate issuance or a timestamp, is vetted and publically logged by multiple entities. Such an approach serves as a proactive measure against attacks by ensuring transparency and public scrutiny, thereby deterring attackers who rely on secrecy.

CoSi's design builds upon cryptographic multisignature methods and scales these methods to thousands of witnesses through efficient communication trees. The practical implementation is demonstrated with a prototype capable of operating with up to 8,000 witnesses, completing the cosigning process in under two seconds.

Technical Highlights

1. Distributed Architecture: CoSi employs a tree-based architecture for aggregating signatures from witnesses. This structure ensures efficient communication and computation by distributing the workload across a logarithmic depth tree. Each level of the tree aggregates the cryptographic commitments of its nodes, ultimately producing a single compact collective signature.
2. Witness Thresholds: The protocol introduces flexibility in signature verification through customizable predicates rather than simple numeric thresholds. Authorities and clients can define their verification criteria based on the number or weight of cosigning witnesses, accommodating complex trust dynamics.
3. Scalability and Performance: CoSi demonstrates scalability to large witness groups, contrasted with traditional systems that cannot efficiently handle more than a few dozen participants. The study found that the computational and communication overhead remains practical for up to thousands of cosigners, with collective signing latencies averaging around two seconds for 8,192 witnesses.
4. Adaptability to Faults: The protocol accounts for network unreliability and witness failures by allowing leaders to adjust their witness communication trees dynamically. This capability ensures that cosigning can proceed even with partial availability of witnesses without having to restart signature aggregation significantly.

Implications and Future Directions

The research implies substantial developments for the existing trust infrastructures in network services. For practical applications, CoSi could dramatically enhance the security and transparency of certificate authorities and timestamping services by preventing the misuse of their keys. Moreover, it offers potential benefits for blockchain technologies, digital voting systems, and software update mechanisms by introducing an extra layer of distributed trust verification.

The theoretical contributions presented in the paper provide a strong foundation for further explorations into decentralized cryptographic protocols that can operate at scale. Future research directions could involve integrating CoSi with existing public key infrastructures, exploring additional use cases like distributed ledger technologies, and refining methods for optimizing signature verification predicates.

In conclusion, the CoSi protocol offers a robust solution to safeguarding network critical authorities from key compromise attacks by ensuring that unauthorized activities do not go unnoticed. Its ability to create a decentralized trust model mitigates the weakest-link vulnerabilities inherent in centralization, making it a promising advancement in the field of cryptographic security. As internet services increasingly adopt decentralized architectures, protocols like CoSi could become indispensable in maintaining integrity and trust in digital communications.