Skip to main content

Contour: A Practical System for Binary Transparency

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11025)


Transparency is crucial in security-critical applications that rely on authoritative information, as it provides a robust mechanism for holding these authorities accountable for their actions. A number of solutions have emerged in recent years that provide transparency in the setting of certificate issuance, and Bitcoin provides an example of how to enforce transparency in a financial setting. In this work we shift to a new setting, the distribution of software package binaries, and present a system for so-called “binary transparency.” Our solution, Contour, uses proactive methods for providing transparency, privacy, and availability, even in the face of persistent man-in-the-middle attacks. We also demonstrate, via benchmarks and a test deployment for the Debian software repository, that Contour is the only system for binary transparency that satisfies the efficiency and coordination requirements that would make it possible to deploy today.

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

  2. 2.

  3. 3.

  4. 4.

  5. 5.

  6. 6.


  1. Security/binary transparency - mozillawiki (2017).

  2. Apostolaki, M., Zohar, A., Vanbever, L.: Hijacking Bitcoin: Large-scale Network Attacks on Cryptocurrencies (2016). arXiv:abs/1605.07524

  3. Basin, D., Cremers, C., Kim, T.H.-J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: ACM CCS 2014, pp. 382–393 (2014)

    Google Scholar 

  4. Bonneau, J.: EthIKS: using ethereum to audit a CONIKS key transparency log. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 95–105. Springer, Heidelberg (2016).

    CrossRef  Google Scholar 

  5. Chase, M., Meiklejohn, S.: Transparency overlays and applications. In: ACM SIGSAC Conference on Computer and Communications Security (2016)

    Google Scholar 

  6. Chuat, L., Szalachowski, P., Perrig, A., Laurie, B., Messeri, E.: Efficient gossip protocols for verifying the consistency of certificate logs. In: IEEE Conference on Communications and Network Security (2015)

    Google Scholar 

  7. Dowling, B., Günther, F., Herath, U., Stebila, D.: Secure logging schemes and certificate transparency. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 140–158. Springer, Cham (2016).

    CrossRef  Google Scholar 

  8. Eijdenberg, A., Laurie, B., Cutter, A.: Verifiable Data Structures (2015).

  9. Eskandarian, S., Messeri, E., Bonneau, J., Boneh, D.: Certificate transparency with privacy. CoRR, abs/1703.02209 (2017)

    Google Scholar 

  10. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: Financial Cryptography and Data Security (2014)

    Google Scholar 

  11. Farivar, C.: Judge: Apple must help FBI unlock San Bernardino shooter’s iPhone (2016).

  12. Fromknecht, C., Velicanu, D., Yakoubov, S.: A decentralized public key infrastructure with identity retention. IACR Cryptology ePrint Archive, Report 2014/803 (2014).

  13. Gervais, A., Ritzdorf, H., Karame, G., Capkun, S.: Tampering with the delivery of blocks and transactions in bitcoin. In: ACM CCS 2015 (2015)

    Google Scholar 

  14. Goodin, D.: “Flame” malware was signed by rogue Microsoft certificate (2012).

  15. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX Security 2015 (2015)

    Google Scholar 

  16. Kim, T.H.-J., Huang, L.-S., Perrig, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: WWW 2013, pp. 679–690 (2013)

    Google Scholar 

  17. Kogias, E.K., Jovanovic, P., Gailly, N., Khoffi, I., Gasser, L., Ford, B.: Enhancing bitcoin security and performance with strong consistency via collective signing. In: USENIX Security 2016 (2016)

    Google Scholar 

  18. Laurie, B., Langley, A., Kasper, E.: Certificate Transparency (2013)

    Google Scholar 

  19. Leyden, J.: Inside ’Operation Black Tulip’: DigiNotar hack analysed (2011).

  20. Matsumoto, S., Reischuk, R.M.: IKP: Turning a PKI Around with Blockchains. IACR Cryptology ePrint Archive, Report 2016/1018 (2016).

  21. Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security 2015 (2015)

    Google Scholar 

  22. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008).

  23. Nikitin, K., et al.: CHAINIAC: Proactive software-update transparency via collectively signed skipchains and verified builds. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1271–1287 (2017). USENIX Association, Vancouver

    Google Scholar 

  24. Nordberg, L., Gillmor, D., Ritter, T.: Gossiping in CT (2016).

  25. Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS 2014 (2014)

    Google Scholar 

  26. Singh, A., Ngan, T.-W.J., Druschel, P., Wallach, D.S.: Eclipse attacks on overlay networks: threats and defenses. In: IEEE Conference on Computer Communications (2006)

    Google Scholar 

  27. Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. In: IEEE Symposium on Security and Privacy (“Oakland”) (2016)

    Google Scholar 

  28. Tomescu, A., Devadas, S.: Catena: Efficient Non-equivocation via Bitcoin. In: IEEE Symposium on Security and Privacy (“Oakland”) (2017)

    Google Scholar 

Download references


Mustafa Al-Bassam is supported by a scholarship from the Alan Turing Institute, and Sarah Meiklejohn is supported by EPSRC grant EP/N028104/1.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Mustafa Al-Bassam .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Al-Bassam, M., Meiklejohn, S. (2018). Contour: A Practical System for Binary Transparency. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2018 2018. Lecture Notes in Computer Science(), vol 11025. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00304-3

  • Online ISBN: 978-3-030-00305-0

  • eBook Packages: Computer ScienceComputer Science (R0)