Post-doctoral Research Visit F/m Decentralised Public Key Infrastructure

Le descriptif de l’offre ci-dessous est en Anglais_

**Type de contrat**: CDD

**Niveau de diplôme exigé**: Thèse ou équivalent

**Fonction**: Post-Doctorant

**Contexte et atouts du poste**:
This postdoc position will be in the context of IPCEI-CIS (Important Project of Common European Interest - Next Generation Cloud Infrastructure and Services) DXP (Data Exchange Platform) project involving Amadeus and three Inria research teams (COAST, CEDAR and MAGELLAN). This project aims to design and develop an open-source management solution for a federated and distributed data exchange platform (DXP), operating in an open, scalable, and massively distributed environment (cloud-edge continuum).

The postdoc will be located at The Inria Center of the University of Lorraine in the COAST team.

The Inria Center of the University of Lorraine is one of Inria's nine centers and has twenty project teams, located in Nancy, Strasbourg and Saarbrücken. Its activities occupy over 400 people, scientists and research and innovation support staff, including 45 different nationalities. The Inria Center is a major and recognized player in the field of digital sciences. It is at the heart of a rich R&D and innovation ecosystem: highly innovative PMEs, large industrial groups, competitiveness clusters, research and higher education players, laboratories of excellence, technological research institutes, etc.

**Mission confiée**:
Some End-to-End Encryption (E2EE) systems leverage out-of-band (OOB) channels for client authentication, using either manual comparison of public key fingerprints [1] or pre-shared passwords [2].

However, a secure and user-friendly OOB channel is difficult to implement in practice. Users often overlook password entropy, while fingerprint comparison is error-prone and tedious [3].

Other client authentication solutions rely on trusted third parties, i.e., key servers, to distribute and authenticate public keys between clients. Many popular E2EE services such as WhatsApp [4] use centralized key servers because they are easy to use and simple to implement. However, a centralized key server becomes a single point of failure, vulnerable to attacks from adversaries or surveillance agencies. As a result, achieving secure and autonomous client authentication remains a major challenge for E2EE.

Rather than preemptively verifying exchanged keys, key transparency [5][6][7] allows clients to verify whether the key server is behaving correctly during communication. The general idea is to turn the key server into a transparent logging server using an authenticated data structure [8] that is append-only and thus efficiently auditable. The key server acts as a prover, returning public keys upon request along with compact proofs that can be verified by the clients. This way, clients are not concerned about Man-In-The-Middle (MITM) attacks, as any attempt to tamper with client keys is logged in an auditable server log.

The authenticated data structure guarantees that the server cannot modify user keys without being recorded. However, a compromised key server could still behave inconsistently by presenting different responses to different clients. Therefore, logging clients need a way to cross-validate the information they receive to ensure key server consistency across clients. This process is known as auditing. There are third-party clients (auditors) that regularly query the key server for proofs. Thus, whenever clients receive responses from the key server, they can verify the proofs using these auditors. The state of the art recommends using a gossip protocol between logging clients and auditors to share information and efficiently blacklist any compromised key server.

However, such a gossip protocol is difficult to implement in practice [8]. It is vulnerable to certain failure modes in adversarial networks, such as Sybil attacks [9]. It is hard to incentivize clients to participate and bootstrap the gossip network. Furthermore, user privacy may be at risk [10]. To date, there is no known complete protocol design for gossiping in current transparent logging systems. A similar effort in the area of certificate transparency [11] is currently under standardization, although after several years, it is still not finalized.

Rather than using a separate gossip protocol, EthIKS [12] implements the transparent log server on the Ethereum blockchain [13]. However, because EthIKS's operational cost increases with the number of users, and due to the significant rise in the price of ETH, the system does not scale well to large key servers with millions of users.

We aim to propose an efficient decentralized public/private key infrastructure enabling the verification of the authenticity of asymmetric key pairs, thereby preventing man-in-the-middle attacks.

References:
[1] Zimmermann, P.R.: The official PGP user's guide. MIT press (1995)
[2] Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange us