Keyless Signatures' Infrastructure: How to Build Global Distributed Hash-Trees
نویسندگان
چکیده
Keyless Signatures Infrastructure (KSI) is a globally distributed system for providing timestamping and server-supported digital signature services. Global per-second hash trees are created and their root hash values published. We discuss some service quality issues that arise in practical implementation of the service and present solutions for avoiding single points of failure and guaranteeing a service with reasonable and stable delay. Guardtime AS has been operating a KSI Infrastructure for 5 years. We summarize how the KSI Infrastructure is built—and the lessons learned during the operational period of the service.
منابع مشابه
Efficient Quantum-Immune Keyless Signatures with Identity
We show how to extend hash-tree based data signatures to server-assisted personal digital signature schemes. The new signature scheme does not use trapdoor functions and is based solely on cryptographic hash functions and is thereby, considering the current state of knowledge, resistant to quantum computational attacks. In the new scheme, we combine hash-tree data signature (timestamping) solut...
متن کاملEfficient Implementation of Keyless Signatures with Hash Sequence Authentication
We present new ideas for decreasing the size of secure memory needed for hardware implementations of hash-sequence based signatures proposed recently by Buldas, Laanoja and Truu (in the following referred to as BLT). In their scheme, a message m is signed by time-stamping a concatenation m‖zt of the message and the one-time pseudo-random password zt intended to sign messages at a particular tim...
متن کاملOn the Indifferentiability of the Integrated-Key Hash Functions
Most of today’s popular hash functions are keyless such that they accept variable-length messages and return fixed-length fingerprints. However, recent separation results reported on several serious inherent weaknesses in these functions, motivating the design of hash functions in the keyed setting. The challenge in this case, however, is that on one hand, it is economically undesirable to abun...
متن کاملNet-X: Unified Data-Centric Internet Services
Databases and networks currently have different service models. Database services are data-centric in that users typically describe the content of data and the system finds and returns matching data. However, traditional Internet services are server-centric in that users have to know the location of data (e.g., a URL) in order to retrieve it. We envision a future in which Internet services are ...
متن کاملA Tabu-Based Cache to Improve Range Queries on Prefix Trees
Distributed Hash Tables (DHTs) provide the substrate to build large scale distributed applications over Peerto-Peer networks. A major limitation of DHTs is that they only support exact-match queries. In order to offer range queries over a DHT it is necessary to build additional indexing structures. Prefix-based indexes, such as Prefix Hash Tree (PHT), are interesting approaches for building dis...
متن کامل