Tandem: Securing Keys by Using a Central Server While Preserving Privacy

by   Wouter Lueks, et al.

Users' devices, e.g., smartphones or laptops, are typically incapable of securely storing and processing cryptographic keys. We present Tandem, a novel set of protocols for securing cryptographic keys with support from a central server. Tandem uses one-time-use key-share tokens to, unlike traditional threshold-cryptographic solutions, preserve users' privacy with respect to a malicious central server. Additionally, Tandem enables users to block their keys if they lose their shares, and it enables the server to limit how often an adversary can use an unblocked key. We prove Tandem's security and privacy properties, and we empirically show that it causes little overhead using a proof of concept implementation. To illustrate Tandem's advantages we use it to secure attribute-based credentials keys using a central server without hurting the privacy properties provided by the credential system.



There are no comments yet.


page 1

page 2

page 3

page 4


Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, ...

Cryptographically Secure Information Flow Control on Key-Value Stores

We present Clio, an information flow control (IFC) system that transpare...

DESIRE: A Third Way for a European Exposure Notification System Leveraging the best of centralized and decentralized systems

This document presents an evolution of the ROBERT protocol that decentra...

Arcula: A Secure Hierarchical Deterministic Wallet for Multi-asset Blockchains

This work presents Arcula, a new design for hierarchical deterministic w...

Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy

Existing systems for metadata-hiding messaging that provide cryptographi...

HERMES: Scalable, Secure, and Privacy-Enhancing Vehicle Access System

We propose HERMES, a scalable, secure, and privacy-enhancing system, whi...

Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA

In this paper, we perform an automated analysis of two devices developed...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.