Privacy-preserving decentralized public key distribution based on cross-referencing hash chains




Each user or device maintains repositories of claims regarding their own key material, and their beliefs about public keys and, generally, state of other users of the system. High integrity of the repositories is maintained by virtue of storing claims on authenticated data structures, namely hash chains and Merkle trees, and their authenticity and non-repudiation by the use of digital signatures.
Cross-referencing of hash chains is a way to efficiently and verifiably vouch about states of other users. This allows to detect chain compromises, manifested as forks of hash chains, and to implement various social policies for deriving decisions about the latest state of users in the system.
The claims about keys of other people can reveal the social graph. To solve this, we use cryptographic verifiable random functions to derive private identifiers that are re-randomized on each chain update. This allows to openly and verifiably publish claims that can only be read by the authorized users, ensuring privacy of the social graph. Moreover, the specific construction of Merkle trees, along with the usage of verifiable random functions, ensures users can not equivocate about the state of other people.
Claimchain is flexible with respect to deployment options, supporting fully decentralized deployments, as well as centralized, federated, and hybrid modes of operation.

Citing ClaimChain

  title={ {ClaimChain}: Improving the Security and Privacy
         of In-band Key Distribution for Messaging},
  author={Kulynych, Bogdan and Lueks, Wouter and Isaakidis,
          Marios and Danezis, George and Troncoso, Carmela},
  journal={arXiv preprint arXiv:1707.06279},
This work is a part of NEXTLEAP project.