CryptoDB
Improved CRL compression with structured linear functions
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | To revoke certificates in a public-key infrastructure, relying parties need to learn that the certificate is revoked. In a web protocol such as TLS, OCSP stapling may be an acceptable way to do this, but for other use cases OCSP has unacceptable performance, reliability and privacy costs. Certificate revocation lists have acceptable privacy, but are impractically large. CRLite implements certificate revocation by aggregating compressing certificate revocation lists (CRLs) and compressing them using a special-purpose compression technology — this is necessary because otherwise CRLs are impractically large. This talk covers CRLite's compression technique, other state-of-the-art approaches, and several improvements on these. Specifically, we discuss encoding databases as structured linear functions, and how to accommodate non-uniform data — for example, in the common case when only 1% of certificates are revoked. These improvements could give a ~40% reduction in compressed CRL size, and are independently useful. |
BibTeX
@misc{rwc-2022-35490,
title={Improved CRL compression with structured linear functions},
note={Presentation at \url{https://iacr.org/submit/files/slides/2022/rwc/rwc2022/34/slides.pptx}},
howpublished={Talk given at RWC 2022},
author={Mike Hamburg},
year=2022
}