Tandem: Securing Keys by Using a Central Server While Preserving Privacy

Authors: Wouter Lueks (SPRING Lab, EPFL), Brinda Hampiholi (Philips Research, all work done while a PhD student at Radboud University), Greg Alpár (Open University of the Netherlands, and Radboud University), Carmela Troncoso (SPRING Lab, EPFL)

Volume: 2020
Issue: 3
Pages: 327–355
DOI: https://doi.org/10.2478/popets-2020-0055

artifact

Download PDF

Abstract: Users’ devices, e.g., smartphones or laptops, are typically incapable of securely storing and processing cryptographic keys. We present Tandem, a novel set of protocols for securing cryptographic keys with support from a central server. Tandem uses one-time-use key-share tokens to preserve users’ privacy with respect to a malicious central server. Additionally, Tandem enables users to block their keys if they lose their device, and it enables the server to limit how often an adversary can use an unblocked key. We prove Tandem’s security and privacy properties, apply Tandem to attributebased credentials, and implement a Tandem proof of concept to show that it causes little overhead.

Keywords: privacy, threshold cryptography, anonymity

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.