Speranza: Usable, Privacy-friendly Software Signing

Merrill, Kelsey; Newman, Zachary; Torres-Arias, Santiago; Sollins, Karen

Author(s)

Merrill, Kelsey; Newman, Zachary; Torres-Arias, Santiago; Sollins, Karen

Download3576915.3623200.pdf (1.200Mb)

Publisher with Creative Commons License

Terms of use

Creative Commons Attribution https://creativecommons.org/licenses/by/4.0/

Metadata

Show full item record

Abstract

Software repositories, used for wide-scale open software distribution, are a significant vector for security attacks. Software signing provides authenticity, mitigating many such attacks. Developer-managed signing keys pose usability challenges, but certificate-based systems introduce privacy problems. This work, Speranza, uses certificates to verify software authenticity but still provides anonymity to signers using zero-knowledge identity co-commitments. In Speranza, a signer uses an automated certificate authority (CA) to create a private identity-bound signature and proof of authorization. Verifiers check that a signer was authorized to publish a package without learning the signer's identity. The package repository privately records each package's authorized signers, but publishes only commitments to identities in a public map. Then, when issuing certificates, the CA issues the certificate to a distinct commitment to the same identity. The signer then creates a zero-knowledge proof that these are co-commitments. We implemented a proof-of-concept for Speranza. We find that costs to maintainers (signing) and end users (verifying) are small (sub-millisecond), even for a repository with millions of packages. Techniques inspired by recent key transparency systems reduce the bandwidth for serving authorization policies to 2 KiB. Server costs in this system are negligible. Our evaluation finds that Speranza is practical on the scale of the largest software repositories. We also emphasize practicality and deployability in this project. By building on existing technology and employing relatively simple and well-established cryptographic techniques, Speranza can be deployed for wide-scale use with only a few hundred lines of code and minimal changes to existing infrastructure. Speranza is a practical way to bring privacy and authenticity together for more trustworthy open-source software.

Date issued

2023-11-15

URI

https://hdl.handle.net/1721.1/153143

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory

Publisher

ACM|Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Citation

Merrill, Kelsey, Newman, Zachary, Torres-Arias, Santiago and Sollins, Karen. 2023. "Speranza: Usable, Privacy-friendly Software Signing."

Version: Final published version

ISBN

979-8-4007-0050-7

Collections

MIT Open Access Articles

The following license files are associated with this item:

Creative Commons