Decentralizing Authorities into Scalable Strongest-Link Cothorities
Bryan Ford
Abstract:
Online infrastructure often depends on security-critical authorities such as logging, time, and certificate services. Authorities are typically vulnerable to the compromise of a few centralized hosts, however, yielding "weakest-link" security. Byzantine replication and threshold cryptography can split trust but typically do not scale beyond a few semi-trusted replicas. Addressing this "trust scaling” challenge, we introduce an architecture for scalable collective authorities or “cothorities”, services embodying "strongest-link” security aggregated over collectives of any size and strengthening with size. Our first concrete instantiation of this architecture, a collective witnessing cothority, offers a foundation for more secure logging, timestamping, certification, and notary services by ensuring that every authoritative action has been witnessed and co-signed by many participants. Hosts comprising a witnessing cothority form an efficient communication tree, in which each host validates proposals by the untrusted leader and contributes to collectively signed log entries. The resulting collective signatures are nearly as small and efficient to verify as conventional signatures, while embodying widely-decentralized trust. We find that our prototype witnessing cothority can scale to support over 4000 globally-distributed participants while keeping collective validation and signing latencies to within a few seconds.
Bio:
Bryan Ford leads the Decentralized/Distributed Systems (DEDIS) research group at the Swiss Federal Institute of Technology in Lausanne (EPFL). Ford focuses broadly on building secure decentralized systems, touching on topics including private and anonymous communication technologies, Internet architecture, and secure operating systems. He received the Jay Lepreau Best Paper Award at OSDI, and grants from NSF, DARPA, and ONR, including the NSF CAREER award. His pedagogical achievements include PIOS, the first OS course leading students through the development of a working, native multiprocessor OS kernel. Ford earned his B.S. at the University of Utah and his Ph.D. at MIT, then joined and was tenured at Yale University before moving to EPFL in 2015.