\begin{kaupaper}[ author={% \textbf{Rasmus Dahlberg} and Tobias Pulls }, title={% Verifiable Light-Weight Monitoring for Certificate Transparency Logs }, reference={% NordSec (2018) }, summary={% An often overlooked part of Certificate Transparency is that domain owners are expected to inspect the logs for mis-issued certificates continuously. The cost and required expertise to do so have led to the emergence of third-party monitoring services that notify domain owners of newly issued certificates that they subscribe to. For example, one may subscribe to email notifications whenever a certificate is issued for \texttt{*.example.com}. One downside of such third-party monitoring is that these notification services become trusted parties with little or no accountability with regard to omitted certificate notifications. We show how to add this accountability and tie it to the gossip-audit model employed by the Certificate Transparency ecosystem by proposing verifiable light-weight monitoring. The idea is for logs to batch appended certificates into an additional data structure that supports \emph{wild-card (non-)membership proofs}. As a result, third-party monitors can prove cryptographically that they did not omit any certificate notifications selectively. Our experimental performance evaluation shows that overhead can be tuned to be small for all involved parts. }, participation={\vspace{-0.75cm} I had the initial idea and conducted most of the work myself. Tobias mainly contributed with discussions that lead to the final design. }, label={ paper:lwm }, ] \maketitle \begin{abstract} \input{src/lwm/src/abstract} \end{abstract} \input{src/lwm/src/introduction} \input{src/lwm/src/background} \input{src/lwm/src/lwm} \input{src/lwm/src/evaluation} \input{src/lwm/src/conclusion} \input{src/lwm/src/acknowledgments} \bibliographystyle{plain} \bibliography{src/lwm/src/references} \end{kaupaper}