Simple and Flexible Revocation Checking with Privacy

  • John Solis
  • Gene Tsudik
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4258)


Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert the validity of another party’s certificate, it performs revocation checking. There are many revocation techniques varying in both the operational model and underlying data structures. One common feature is that a client typically contacts an on-line third party (trusted, untrusted or semi-trusted), identifies the certificate of interest and obtains some form of a proof of either revocation or validity (non-revocation) for the certificate in question.

While useful, revocation checking can leak potentially sensitive information. In particular, third parties of dubious trustworthiness discover two things: (1) the identity of the party posing the query, as well as (2) the target of the query. The former can be easily remedied with techniques such as onion routing or anonymous web browsing. Whereas, hiding the target of the query is not as obvious. Arguably, a more important loss of privacy results from the third party’s ability to tie the source of the revocation check with the query’s target. (Since, most likely, the two are about to communicate.) This paper is concerned with the problem of privacy in revocation checking and its contribution is two-fold: it identifies and explores the loss of privacy inherent in current revocation checking, and, it constructs a simple, efficient and flexible privacy-preserving component for one well-known revocation method.


Leaf Node Serial Number Range Query Block Cipher Domain Name System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998)Google Scholar
  2. 2.
    The OpenPGP Alliance. Openpgp: Open pretty good privacy,
  3. 3.
    Berkovits, S., Chokhani, S., Furlong, J., Geiter, J., Guild, J.: Public key infrastructure study: Final report, Produced by the MITRE Corporation for NIST (April 1994)Google Scholar
  4. 4.
    Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylog communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, Springer, Heidelberg (1999)Google Scholar
  5. 5.
    Verisign Corporation. Compare all ssl certificates from verisign, inc.,
  6. 6.
    Verisign Corporation. Corporate overview: Fact sheet from verisign, inc.,
  7. 7.
    Verisign Corporation. Public online crl repository,
  8. 8.
    Inc. Free Software Foundation. Gnu privacy guard,
  9. 9.
    Goodrich, M., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proceedings of DARPA DISCEX II (2001)Google Scholar
  10. 10.
    OpenSSL User Group. The openssl project web page,
  11. 11.
    Hackerson, J.: Rethinking department of defense public key infrastructure. In: Proceedings of 23rd National Information Systems Security Conference (October 2000)Google Scholar
  12. 12.
    Kent, S., Atkinson, R.: Security architecture for the internet protocol. Internet Request for Comments: RFC 2401. Network Working Group (November 1998)Google Scholar
  13. 13.
    Kikuchi, H.: Privacy-preserving revocation check in pki. In: 2nd US-Japan Workshop on Critical Information Infrastructure Protection, July 2005, pp. 480–494 (2005)Google Scholar
  14. 14.
    Klensin, J.: Role of the domain name system (dns). Internet Request for Comments: RFC 3467. Network Working Group (February 2003)Google Scholar
  15. 15.
    Kocher, P.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Kushilevitz, E., Ostrovsky, R.: Computationally private information retrieval with polylog communication. In: Proceedings of IEEE Symposium on Foundation of Computer Science, pp. 364–373 (1997)Google Scholar
  17. 17.
    US Army Research Laboratory. Using the cac with pki - faqs,
  18. 18.
    Lenstra, A., Wang, X., de Weger, B.: Colliding x.509 certificates. Cryptology ePrint Archive, Report 2005/067 (2005),
  19. 19.
    Merkle, R.: Secrecy, Authentication, and Public-Key Systems. PhD thesis, Stanford University, PH.D Dissertation, Department of Electrical Engineering (1979)Google Scholar
  20. 20.
    Micali, S.: Certificate revocation system. United States Patent 5666416 (September 1997)Google Scholar
  21. 21.
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: Internet public key infrastructure online certificate status protocol - OCSP. Internet Request for Comments: RFC 2560. Network Working Group (1999)Google Scholar
  22. 22.
    Naor, M., Nissim, K.: Certificate revocation and certificate update. IEEE Journal on Selected Areas in Communications (JSAC) 18(4), 561–570 (2000)CrossRefGoogle Scholar
  23. 23.
    National Institute of Standards and Technology. Federal information processing standards (fips), publication 180-2, secure hash standard (shs) (February 2004)Google Scholar
  24. 24.
    International Telecommunication Union. Recommendation x.509 (1997 e): Information technology open systems interconnection - the directory: Authentication framework, 6-1997 (1997) Also published as ISO/IEC International Standard 9594-8Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • John Solis
    • 1
  • Gene Tsudik
    • 1
  1. 1.Computer Science DepartmentUniversity of CaliforniaIrvine

Personalised recommendations