\begin{frame} \begin{columns} \begin{column}{0.5\textwidth} \mktitle{Outline} \begin{enumerate} \item Explore the problem area \item A bird's view of the design \item Revisit the problem area \item How to get involved \end{enumerate} \end{column} \begin{column}{0.5\textwidth} \centering \includegraphics[width=\columnwidth]{img/rgdd} \burl{https://creativecommons.org/licenses/by-sa/4.0/} \end{column} \end{columns} \end{frame} % % https://curl.se/download.html % \begin{frame} % % 1. Introduce the setup. Daniel represents many software projects. % 2. How would you know if your private key got compromised? % \begin{columns} \begin{column}{0.5\textwidth} \mktitle{Meet Daniel, the author of \texttt{curl}} \begin{itemize} \item Digital signing using \texttt{gpg} \item Long-term RSA public key \end{itemize} \end{column} \begin{column}{0.5\textwidth} \centering \includegraphics[height=.75\textheight]{img/curl} \burl{https://creativecommons.org/licenses/by-sa/4.0/} \end{column} \end{columns} \end{frame} %% %% signify: https://www.openbsd.org/papers/bsdcan-signify.html %% %% Locate next public key from the current OpenBSD, version 69. %% 1. Download from mirror: https://cdn.openbsd.org/pub/OpenBSD/6.9/ %% 2. Unpack src.tar.gz %% 3. See etc/signify/openbsd-70-base.pub %% %\begin{frame} % % % % 1. Introduce the setup. A newer type of tooling than gpg. Sort of built- % % in revocation by "ignoring the problem until it goes away". % % 2. However, you would still like to know if you have a problem or not. % % % \vfill % \begin{columns} % \begin{column}{0.5\textwidth} % \mktitle{Meet Puffy, the OpenBSD cartoon} % \begin{itemize} % \item Digital signing using \texttt{signify} % \item Basically an interface to use Ed25519 % \item Public keys are rotated every release % \end{itemize} % \end{column} % \begin{column}{0.5\textwidth} % \centering % \includegraphics[width=\columnwidth]{img/openbsd} % \burl{https://www.openbsd.org/art4.html} % \end{column} % \end{columns} %\end{frame} % % https://arxiv.org/pdf/2104.06020.pdf, page 6 for the challenge. % \begin{frame} % % 1. What is R-B. % 2. Challenge % 3. How I think that challenge could be approached % \vfill \begin{columns} \begin{column}{0.5\textwidth} \mktitle{Meet the R-B project} \begin{itemize} \item Same input gives the same output \item Consensus of ``valid'' checksum? \end{itemize} \end{column} \begin{column}{0.5\textwidth} \centering \includegraphics[width=\columnwidth]{img/rb} \burl{https://creativecommons.org/licenses/by-sa/4.0/} \end{column} \end{columns} \end{frame} \begin{frame} \mktitle{Problem summary} \vfill \begin{columns} \begin{column}{0.125\textwidth} \end{column} \begin{column}{0.75\textwidth} \begin{enumerate} \item What signatures were produced by a given private key? \item Consensus of checksums that should be considered valid? \end{enumerate} \end{column} \begin{column}{0.125\textwidth} \end{column} \end{columns} \vfill \end{frame} \begin{frame} % % 1. Introduce the system. Think first two paragraphs in design.md % \mktitle{Our starting point} \begin{columns} \begin{column}{0.5\textwidth} \begin{itemize} \item Data publisher \item End-user \item Assumptions \begin{itemize} \item Public key can be located \item Signed data can be located \item End-user can install extra tooling \end{itemize} \end{itemize} \end{column} \begin{column}{0.5\textwidth} \centering \input{img/before} \end{column} \end{columns} \vfill \pause \alert{The attacker can compromise the data publisher}\\ \pause \alert{The goal is to detect unwanted key-usage} \end{frame} \begin{frame} % % 1. Our design is about transparency logs. So, I need to explain briefly % what a transparency log is. % 2. Append-only Merkle tree. You can think of the data as being stored in % the leaves. Each leaf is hashed. Parents concatenate their children % hashes to produces their own hash values. Repeat until single root hash. % 3. The root hash is usually called a tree head. % 4. Tree head interesting because it fixes the structure and the content of % the tree. Add/remove/modify -> new tree head. % 5. If the log signs the tree head, you can hold it accountable for its % structure and content. % 6. This is important because the attacker can control the log. % 7. So we cannot trust that the log is append-only. We will need to verify % that. To this end we have consistency proofs. The intuition is that you % can force the log to reveal a number of cryptographic hashes. These % hashes will prove that the tree head you see today is consistent with the % tree head you saw yesterday. % 8. You can also prove that something is in the log efficiently. This is % called an inclusion proof. The intuition is that you reveal a number of % hashes. If you can use them to reconstruct the root of a globally % consistent tree head you can be sure that some data is in the log. % 8. Global consistency (as opposed to just consistency) is what prevents % the log from creating forks. I will return to this later on because it is % an important part of our design. % (9. Not having global consistency would be like having a blockchain % without a consensus mechanism.) % \mktitle{A quick step back---Transparency log crash course} \input{img/mt} \vfill \begin{columns} \begin{column}{0.33\textwidth} \begin{itemize} \item Tree head \end{itemize} \end{column} \begin{column}{0.33\textwidth} \begin{itemize} \item Consistency proof \end{itemize} \end{column} \begin{column}{0.33\textwidth} \begin{itemize} \item Inclusion proof \end{itemize} \end{column} \end{columns} \vfill \pause \alert{The attacker can control the log} \end{frame} \begin{frame} \mktitle{Preparing a logging request} \begin{columns} \begin{column}{0.5\textwidth} \begin{itemize} \item Select a shard hint and checksum \item Sign using your private key \end{itemize} \end{column} \begin{column}{0.5\textwidth} \lstinputlisting[style=CStyle]{img/tree-leaf.trunnel} \end{column} \end{columns} \end{frame} \begin{frame} \mktitle{Submitting a logging request} \begin{columns} \begin{column}{0.2\textwidth} \underline{Key-value pairs:} \begin{itemize} \item Shard hint \item Checksum \item Signature \item Public key \item Domain hint \end{itemize} \end{column} \begin{column}{0.8\textwidth} \centering \input{img/log-request} \end{column} \end{columns} \end{frame} \begin{frame} \mktitle{Distributing proofs of public logging} \begin{columns} \begin{column}{0.5\textwidth} \begin{itemize} \item End-user will not talk to the log \item Proofs of logging \begin{itemize} \item Inclusion proof \item Tree head \end{itemize} \item Witness cosigning \end{itemize} \end{column} \begin{column}{0.5\textwidth} \centering \input{img/after} \end{column} \end{columns} \pause \alert{The attacker can control a threshold of witnesses} \end{frame} \begin{frame} \mktitle{Summary and additional details} \begin{columns} \begin{column}{0.5\textwidth} \begin{itemize} \item Signed checksums \item Sharding \item Preserved data flows \item Anti-spam \item Global consistency \item Few simple parsers \item No cryptographic agility \end{itemize} \end{column} \begin{column}{0.5\textwidth} \includegraphics[width=\columnwidth]{img/clean} \end{column} \end{columns} \end{frame} \begin{frame} \begin{columns} \begin{column}{0.5\textwidth} \mktitle{Remember Daniel?} \begin{itemize} \item (Cross-)sign with Ed25519 \item Backwards compatible verification? \begin{enumerate} \item Verify RSA \texttt{gpg} signature \item Verify the rest with tlog tooling \end{enumerate} \item Monitor the log for your own leaves \end{itemize} \end{column} \begin{column}{0.5\textwidth} \centering \includegraphics[height=.75\textheight]{img/curl} \burl{https://creativecommons.org/licenses/by-sa/4.0/} \end{column} \end{columns} \end{frame} %\begin{frame} % \vfill % \begin{columns} % \begin{column}{0.5\textwidth} % \mktitle{Remember Puffy?} % \begin{itemize} % \item No extra key-pair % \item Cross-sign for backwards compatibility % \item Possible end-user verification % \begin{enumerate} % \item Verify \texttt{signify} signature % \item Verify the rest with tlog tooling % \end{enumerate} % \end{itemize} % \end{column} % \begin{column}{0.5\textwidth} % \centering % \includegraphics[width=\columnwidth]{img/openbsd} % \burl{https://www.openbsd.org/art4.html} % \end{column} % \end{columns} %\end{frame} \begin{frame} \vfill \begin{columns} \begin{column}{0.5\textwidth} \mktitle{Remember the R-B project?} \begin{itemize} \item Sign and log the expected checksums \item Valid checksum is a logged checksum \item Rebuilders monitor the log \end{itemize} \end{column} \begin{column}{0.5\textwidth} \centering \includegraphics[width=\columnwidth]{img/rb} \burl{https://creativecommons.org/licenses/by-sa/4.0/} \end{column} \end{columns} \end{frame} \begin{frame} \vfill \begin{columns} \begin{column}{0.7\textwidth} \mktitle{Get involved} \begin{itemize} \item Feedback on our v0 design\footnotemark and API\footnotemark? \item Is this a service that you would use? Why (not)? \item Want to run an experimental log or witness? \item Implementation and tooling is still early-days \item Reach out via slack\footnotemark, GitHub, or DM \end{itemize} \end{column} \begin{column}{0.3\textwidth} \centering \includegraphics[width=\columnwidth]{img/thanks} \end{column} \end{columns} \footnotetext[1]{\burl{https://github.com/system-transparency/stfe/blob/design/doc/design.md}} \footnotetext[2]{\burl{https://github.com/system-transparency/stfe/blob/design/doc/api.md}} \footnotetext[3]{\burl{https://communityinviter.com/apps/system-transparency/join}} \end{frame}