Privacy-preserving revocation checking

摘要

Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert the validity of another party’s certificate, it performs a certificate revocation check. There are several revocation techniques varying in both the operational model and underlying data structures. One common feature is that a client typically contacts some third party (whether trusted, untrusted or semi-trusted) and obtains some evidence of either revocation or validity (non-revocation) for the certificate in question. While useful, revocation checking can leak sensitive information. In particular, third parties of dubious trustworthiness can discover the identity of the party performing the revocation check, as well as the target of the check. The former can be easily remedied with techniques such as onion routing or anonymous web browsing. Whereas, hiding the target of the query is not obvious. This paper focuses on the privacy in revocation checking, explores the loss of privacy in current revocation checking techniques and proposes simple and efficient privacy-preserving techniques for two well-known revocation methods.