back

Modern key distribution with ClaimChain

A decentralized Public Key Infrastructure that supports privacy-friendly social verification

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:32:52
Language
English
Abstract
ClaimChain is a Public Key Infrastructure unique in that it can operate in fully decentralized settings with no trusted parties. A vouching mechanism among users, similar to the Web of Trust, assists with social authentication but without revealing the users' social graph. High-integrity data structures prevent equivocation and help detect compromises; the protocol can support generic claims (conventional PGP, modern OTR/Signal etc.); and a prototype evaluation indicates that ClaimChain can scale.

Blockchain holds a big promise for Public Key Infrastructure (PKI) designs. Prominent systems, such as Keybase and CONIKS, tend to be centralized, something that eases the update of keys and provides good availability. Centralized designs, however, require users to trust that the source of authority acts honestly at all times, and does not perform surveillance.<br>

ClaimChain is a decentralized PKI design, where users maintain repositories of claims implemented as hash chains: data structures that allow for efficient verification of the integrity and authenticity of their content. Claims relate to the key material of the owners, or their beliefs about public keys of others. In the latter case, cross-referencing serves as a way of efficient and verifiable vouching about states of other users. In practice, such information would reveal the social graph of the chain owners and even their communication patterns. To solve this privacy issue, we use cryptographic verifiable random functions to derive private identifiers that are re-randomized on each chain update, encrypted to a given set of authorized readers. In that way, chain owners can not present different views to authorized readers of the same contact. ClaimChain allows to detect chain compromises, manifested as forks of hash chains, and to implement various social policies for deriving decisions about the latest state of users in the system.<br>

Evaluation of a prototype implementation indicates that ClaimChain can scale to accommodate the needs of large groups at an acceptable computational and bandwidth overhead cost. Interoperability with PGP makes it possible for users to gradually deploy ClaimChain locally. Email providers that wish to adopt ClaimChain will participate as an additional factor in the social authentication process. Arguably, ClaimChain constitutes an example that decentralization in combination with modern cryptography allow for increased robustness to adversarial central authorities, and offer comparable availability, as well as more options for supporting privacy.

Talk ID
9094
Event:
34c3
Day
4
Room
Saal Dijkstra
Start
12:15 p.m.
Duration
00:30:00
Track
Resilience
Type of
lecture
Speaker
prometheas
Talk Slug & media link
34c3-9094-modern_key_distribution_with_claimchain
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  
0.0% Checking done0.0%
100.0% Nothing done yet100.0%

Work on this video on Amara!

English: Transcribed until

Last revision: 6 months, 4 weeks ago

French: Translated until

Last revision: 6 months, 4 weeks ago