Abstract
CONIKS is a proposed key transparency system which enables a centralized service provider to maintain an auditable yet privacy-preserving directory of users’ public keys. In the original CONIKS design, users must monitor that their data is correctly included in every published snapshot of the directory, necessitating either slow updates or trust in an unspecified third-party to audit that the data structure has stayed consistent. We demonstrate that the data structures for CONIKS are very similar to those used in Ethereum, a consensus computation platform with a Turing-complete programming environment. We can take advantage of this to embed the core CONIKS data structures into an Ethereum contract with only minor modifications. Users may then trust the Ethereum network to audit the data structure for consistency and non-equivocation. Users who do not trust (or are unaware of) Ethereum can self-audit the CONIKS data structure as before. We have implemented a prototype contract for our hybrid EthIKS scheme, demonstrating that it adds only modest bandwidth overhead to CONIKS proofs and costs hundredths of pennies per key update in fees at today’s rates.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
The term “key” is avoided to prevent confusion with cryptographic keys.
- 2.
The number of valid users in the system can be obscured by adding dummy users at random indices with random data, which will be indistinguishable from real users.
- 3.
Note that in CONIKS, warning messages are only intended when the user’s own key has changed unexpectedly at the server. If their peer’s keys change, this is ignored as it is assumed the peer will monitor this change themselves.
- 4.
In Ethereum parlance, the contract closes by calling a special SUICIDE opcode which enables the network to permanently delete its storage.
- 5.
Currently, the mean time between blocks is about 50 % higher due to network latency.
- 6.
This lower bound does not include block’s timestamp and difficulty (which can be compressed), or the bloom filter whose size will vary based on usage.
References
Ethereum Design Rationale (2016). https://github.com/ethereum/wiki/wiki/Design-Rationale
Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: A Programmers Guide to Ethereum and Serpent, May 2015
Kalodner, H., Carlsten, M., Ellenbogen, P., Bonneau, J., Narayanan, A.: An empirical study of Namecoin and lessons for decentralized namespace design. In: Workshop on the Economics of Information Security (WEIS), June 2015
Laurie, B., Langley, A., Kasper, E.: Google Inc. RFC 6962 Certificate Transparency, June 2013
Loibl, A.: Namecoin (2014). namecoin.info
Luu, L., Teutsch, J., Kulkarni, R., Saxena, P.: Demystifying incentives in the consensus computer. In: ACM Conference on Computer and Communications Security (CCS) (2015)
Melara, M.S., Blankstein, A., Bonneau, J., Freedman, M.J., Felten, E.W.: CONIKS: bringing key transparency to end users. In: USENIX Security, August 2015
Miller, A., Hicks, M., Katz, J., Shi, E.: Authenticated data structures, generically. In: ACM Conference on Principles of Programming Languages (POPL), January 2014
Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008). http://bitcoin.org/bitcoin.pdf
Unger, N., Dechand, S., Bonneau, J., Fahl, S., Perl, H., Goldberg, I., Smith, M.: SoK: secure messaging. In: IEEE Symposium on Security and Privacy, May 2015
Wood, G.: Ethereum: a secure decentralized transaction ledger (2014). http://gavwood.com/paper.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 International Financial Cryptography Association
About this paper
Cite this paper
Bonneau, J. (2016). EthIKS: Using Ethereum to Audit a CONIKS Key Transparency Log. In: Clark, J., Meiklejohn, S., Ryan, P., Wallach, D., Brenner, M., Rohloff, K. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9604. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-53357-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-662-53357-4_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-53356-7
Online ISBN: 978-3-662-53357-4
eBook Packages: Computer ScienceComputer Science (R0)