[Cryptography] Taking CT to its logical conclusion

Phillip Hallam-Baker phill at hallambaker.com
Thu Jun 11 12:16:39 EDT 2020

Micali's Fair Exchange with Invisible TTPs is now out of patent so I
started a draft describing an implementation.

That got me thinking about another expired Micali patent: Revocation trees
(also invented by Paul Kocher at the same time).

While musing on how to implement those, it occurred to me that we missed
something: Mekle certificate trees.

In this model the CA would create a Merkle tree of all the certificates it
issued and signs the tree every day. So if they issue a million certs, the
tree will be 20 nodes deep and a path will be 20*64 = 1260 bytes.

Check the apex signature for the day and we have no need to perform any
more public key signature verifications for that issuer for that day.
Revocation is handled automatically: just leave the bad cert off the tree.

It is probably too late to think about retrofitting this approach to X.509,
it is a product of its day after all. But it might be worth considering for
a successor.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200611/2e6294cd/attachment.htm>

More information about the cryptography mailing list