Skip to content

Latest commit

 

History

History
59 lines (46 loc) · 3.08 KB

design-improvements.md

File metadata and controls

59 lines (46 loc) · 3.08 KB

Key Transparency Contributions

Efficiency and Speed

We needed Key Transparency to work on mobile devices which meant minimizing network utilization. We were able to achieve a logarithmic performance increase by switching from the hash chains used by CONIKS to Certificate Transparency Logs and Monitors.

Using a more efficient data structure also allowed us to rapidly update the system without imposing a high network bandwidth overhead for clients that would previously need to download each update. This improved system responsiveness and user experience while also keeping the system simple and robust.

Redundancy

Experience has taught us that all systems need redundancy. As we looked at CONIKS, we realized we needed a way to achieve a separation of responsibilities between the transparency properties of the system, and the certification authority that the system represented.

We achieve this redundancy by using multiple append-only transparent logs to hold snapshots of the Merkle tree data structure and the requests that built the data structures. Monitors look for discrepancies between the logs.

Scale and Storage

Our systems also needed to handle large volumes of data quickly. Typically this means using advanced databases and sharding requests between many servers. However, Key Transparency offers continually up-to-date cryptographic global snapshots of the data which made this a non-trivial task for computation and data storage. We ended pairing each section of the data structure with its own dedicated compute for up-to-date cryptographic summaries of each section.

Account Recovery

To provide a solution that can be deployed to users of all skill-sets without the risk of account loss, a robust and flexible account recovery mechanism is needed. Our goal is to enable users as well as authorized third-parties to facilitate account recovery while retaining the transparency properties of the log.

Multiple Apps

To support more than one product, eventually even third-party products, we needed a data structure that would support multiple apps. We have proposed one such data structure and will be iterating as we gain experience and receive feedback.

References