Revisiting User Privacy for Certificate Transparency

Public key infrastructure (PKI) based on certificate authorities is one of the cornerstones of secure communication over the internet. Certificates issued as part of this PKI provide authentication of web servers among others. Yet, the PKI ecosystem is susceptible to certificate misissuance and misuse attacks. To prevent those attacks, Certificate Transparency (CT) facilitates auditing of issued certificates and detecting certificates issued without authorization. Users that want to verify inclusion of certificates on CT log servers contact the CT server directly to retrieve inclusion proofs. This direct contact with the log server creates a privacy problem since the users' browsing activities could be recorded by the log server owner. Lueks and Goldberg (FC 2015) suggested the use of Private Information Retrieval (PIR) in order to protect the users' privacy in the CT ecosystem. With the immense amount of certificates included on CT log servers, their approach runs into performance issues, however. Nevertheless, we build on this approach and extend it using multi-tier Merkle trees, and render it practical using multi-server PIR protocols based on distributed point functions (DPFs). Our approach leads to a scalable design suitable to handle the increasing number of certificates and is, in addition, generic allowing instantiations using secure accumulators and PIRs. We implement and test this mechanism for privacy-preserving membership proof retrieval and show that it can be integrated without disrupting existing CT infrastructure. Most importantly, even for larger CT log sizes of 2^31 certificates, the performance overhead is less than 9 milliseconds in total.

• Publication year

  2019

• Venue

  European Symposium on Security and Privacy

• Publication date

  2019-06-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/EuroSP.2019.00039
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Privacy Preserving Verifiable Key Directories

  2018cited by this paper
• PIR-PSI: Scaling Private Contact Discovery

  2018influential reference
• Fast Distributed RSA Key Generation for Semi-Honest and Malicious Adversaries

  2018cited by this paper
• PIR with Compressed Queries and Amortized Query Processing

  2018cited by this paper
• DECIM: Detecting Endpoint Compromise In Messaging

  2018cited by this paper
• Gossiping in CT

  2018cited by this paper
• Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model

  2017cited by this paper
• Catena: Efficient Non-equivocation via Bitcoin

  2017cited by this paper
• Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

  2017cited by this paper
• Fast Secure Two-Party ECDSA Signing

  2017cited by this paper
• Splinter: Practical Private Queries on Public Data

  2017cited by this paper
• Scalable and Private Media Consumption with Popcorn

  2016cited by this paper
• XPIR : Private Information Retrieval for Everyone

  2016cited by this paper
• Function Secret Sharing: Improvements and Extensions

  2016influential reference
• Secure Logging Schemes and Certificate Transparency

  2016cited by this paper
• EthIKS: Using Ethereum to Audit a CONIKS Key Transparency Log

  2016cited by this paper
• CONIKS: Bringing Key Transparency to End Users

  2015cited by this paper
• Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives

  2015cited by this paper
• Function Secret Sharing

  2015cited by this paper
• Sublinear Scaling for Multi-Client Private Information Retrieval

  2015influential reference
• Distributed Point Functions and Their Applications

  2014cited by this paper
• RAID-PIR: Practical Multi-Server PIR

  2014cited by this paper
• Zerocash: Decentralized Anonymous Payments from Bitcoin

  2014cited by this paper
• Certificate transparency

  2014influential reference
• Optimally Robust Private Information Retrieval

  2012influential reference
• Path ORAM: an extremely simple oblivious RAM protocol

  2012cited by this paper
• Transport Layer Security (TLS) Extensions: Extension Definitions

  2011cited by this paper
• Transport Layer Security (TLS) Extensions: Extension Definitions

  2011cited by this paper
• Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

  2008cited by this paper
• Performance Comparison of Low-Latency Anonymisation Services from a User Perspective

  2007cited by this paper
• What’s on Your Hard Drive?

  2006cited by this paper
• Status of This Memo The Transport Layer Security (TLS) Protocol

  2006influential reference
• Cryptology

  2005cited by this paper
• Accumulators from Bilinear Pairings and Applications

  2005cited by this paper
• Tor: The Second-Generation Onion Router

  2004cited by this paper
• Robust Information-Theoretic Private Information Retrieval

  2002cited by this paper
• Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

  2002cited by this paper
• Project “anonymity and unobservability in the Internet”

  2000cited by this paper
• X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP

  1999influential reference
• Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees

  1997cited by this paper
• Private information retrieval

  1995cited by this paper
• A Certified Digital Signature

  1989cited by this paper
• Towards a theory of software protection and simulation by oblivious RAMs

  1987cited by this paper

• ACME++: A Secure Authorization Mechanism for ACME Clients in the Web PKI Ecosystem

  2025cites this paper
• IM-PIR: In-Memory Private Information Retrieval

  2025influential citation
• Collusion Resistant DNS With Private Information Retrieval

  2025cites this paper
• HomeRun: High-efficiency Oblivious Message Retrieval, Unrestricted

  2024cites this paper
• Ready or Not, Here I Come: Characterizing the Security of Prematurely-public Web Applications

  2024cites this paper
• HiddenTor: Toward a User-Centric and Private Query System for Tor BridgeDB

  2024cites this paper
• YPIR: High-Throughput Single-Server PIR with Silent Preprocessing

  2024cites this paper
• Certificate Transparency With Enhanced Privacy

  2023cites this paper
• TreePIR: Sublinear-Time and Polylog-Bandwidth Private Information Retrieval from DDH

  2023cites this paper
• An Evaluation of X.509 Certificate Revocation and Related Privacy Issues in the Web PKI Ecosystem

  2023cites this paper
• Semi-CT: Certificates Transparent to Identity Owners but Opaque to Snoopers

  2023cites this paper
• Privacy-Preserving Epidemiological Modeling on Mobile Graphs

  2022cites this paper
• Evolving Role of PKI in Facilitating Trust

  2022cites this paper
• TreePIR: Efficient Private Retrieval of Merkle Proofs via Tree Colorings with Fast Indexing and Zero Storage Overhead

  2022influential citation
• Incremental Offline/Online PIR

  2022cites this paper
• Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots

  2022cites this paper
• One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval

  2022influential citation
• SoK: SCT Auditing in Certificate Transparency

  2022cites this paper
• Parallel Private Retrieval of Merkle Proofs via Tree Colorings

  2022influential citation
• Postcertificates for Revocation Transparency

  2022cites this paper
• Privacy-Preserving eID Derivation to Self-Sovereign Identity Systems with Offline Revocation

  2021cites this paper
• Privacy-Preserving & Incrementally-Deployable Support for Certificate Transparency in Tor

  2021cites this paper
• CTng: Secure Certificate and Revocation Transparency

  2021cites this paper
• Revisiting Hybrid Private Information Retrieval

  2021cites this paper
• Incremental Offline/Online PIR (extended version)

  2021cites this paper
• CTng: Secure Certificate and Revocation Transparency

  2021cites this paper
• TLS 1.3 in Practice:How TLS 1.3 Contributes to the Internet

  2021cites this paper
• PEM: Privacy-preserving Epidemiological Modeling

  2020influential citation
• Multi-Party Revocation in Sovrin: Performance through Distributed Trust

  2020influential citation