Abstract
In this paper we investigate the notion of space efficient public-key infrastructure (PKI) directories. The area of PKI is relatively young and we do not know yet the long term implications of design decisions regarding PKI and its interface with applications. Our goal is to study mechanisms for networks and systems settings where the size of directories is a significant resource (due to space restrictions).
Naturally, the tools we employ are cryptographic hashing techniques combined with the tradeoffs of public storage and computation. Our mechanisms are quite simple, easy to implement and thus practical, yet they are quite powerful in making the operation substantially less costly (mainly) storage-wise and in trading storage for computation. In the past, tree based mechanisms were considered extensively to improve the complexity of PKI directories. We show that hashing techniques provide various advantages as well.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
W. Aiello, S. Lodha and R. Ostrovsky. Fast Digital Identity Revocation. In Advances in Cryptology—Crypto’98, pages 137–152.
J. Benaloh and M. de Mare, One-Way Accumulators: A Decentralized Alternative to Digital Signatures, In Advances in Cryptology— EUROCRYPT 93.
W. Die, M. Hellman. New Directions in Cryptography. In volume IT-22, n. 6 of IEEE Transactions on Information Theory, pages 644–654, Nov. 1976.
Proposed Federal Information Processing Standard 186 for Digital Signature Standard (DSS). In volume 56, n. 169 of Federal Register, pages 42980–42982, 1991.
Proposed Federal Information Processing Standard 180-1 for Secure Hash Standard, 1995.
T. ElGamal. A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In CRYPTO’ 84, pages 10–18.
W. Ford and M. Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signature and Encryption. Prentice Hall, 1997.
B. Fox and B. LaMacchia. Certicate Revocation: Mechanisms and Meaning. In Financial Cryptography 98, pages 158–164, 1998.
I. Gasseko, P. Gemmel and P. MacKenzie, Efficient and Fresh Certication. In Public Key Cryptography: PKC 2000, LNCS 1751.
On-line Certicate Status Checking Protocol, IETF.
C. Kaufman, R. Perlman and M Speciner, Network Security: Private Comunication in a Public World, Prentice Hall, 1995.
P. Kocher. On Certicate Revocation and Validation. In Financial Cryptography 98, pages 172–178, 1998.
L. Kohnfelder. A Method for Certication. MIT Lab. for Computer Science, Cambridge Mass., May 1978.
Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography, 1997. CRC Press LLC.
S. Micali. Efficient Certificate Revocation. In MIT Tech. Report. 1996.
M. Myers. Revocation: Options and Challenges. In Financial Cryptography 98, pages 165–171, 1998.
M. Naor and K. Nissim. Certicate Revocation and Certicate Update. In 7-th USENIX Security Symp., 1998.
K. Nyberg. Fast Accumulated Hashing. In Fast Software Encryption 96, pages 83–87.
K. Nyberg, R. Rueppel. Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem. In Advances in Cryptology—Eurocrypt’ 94, pages 182–193, 1994. Springer-Verlag.
R. Rivest. Can We Eliminate Certicate Revocation Lists? In Financial Cryptography 98, pages 178–183, 1998.
R. Rivest, A. Shamir, L. Adleman. A method for obtaining Digital Signatures and Public-Key Cryptosystems. In Communications of the ACM, volume 21, n. 2, pages 120–126, 1978.
C. P. Schnorr. Efficient Signature Generation for Smart Cards. In Advances in Cryptology—CRYPTO’ 89, pages 239–252, 1990. Springer-Verlag.
C. P. Schnorr. Method for Identifying subscribers and for generating and verifying electronic signatures in a data exchange system In U.S. Patent 4,995,082, 19 Feb. 1991. Springer-Verlag.
A. Young, M. Yung. The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems. In CRYPTO’ 97, pages 264–276. Springer-Verlag.
C. K. Wong and S. Lam, Digital Signatures for Flows and Multicasts, IEEE ICNP’98, 1998.
Phil Zimmerman. PGP User’s Guide, 4 Dec. 1992.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Young, A., Yung, M. (2001). Hash to the Rescue: Space Minimization for PKI Directories. In: Won, D. (eds) Information Security and Cryptology — ICISC 2000. ICISC 2000. Lecture Notes in Computer Science, vol 2015. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45247-8_19
Download citation
DOI: https://doi.org/10.1007/3-540-45247-8_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41782-8
Online ISBN: 978-3-540-45247-8
eBook Packages: Springer Book Archive