FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4376311937> ?p ?o ?g. }

• W4376311937 abstract "Software repositories, used for wide-scale open software distribution, are a significant vector for security attacks. Software signing provides authenticity, mitigating many such attacks. Developer-managed signing keys pose usability challenges, but certificate-based systems introduce privacy problems. This work, Speranza, uses certificates to verify software authenticity but still provides anonymity to signers using zero-knowledge identity co-commitments. In Speranza, a signer uses an automated certificate authority (CA) to create a private identity-bound signature and proof of authorization. Verifiers check that a signer was authorized to publish a package without learning the signer's identity. The package repository privately records each package's authorized signers, but publishes only commitments to identities in a public map. Then, when issuing certificates, the CA issues the certificate to a distinct commitment to the same identity. The signer then creates a zero-knowledge proof that these are identity co-commitments. We implemented a proof-of-concept for Speranza. We find that costs to maintainers (signing) and end users (verifying) are small (< 1 ms), even for a repository with millions of packages. Techniques inspired by recent key transparency systems reduce the bandwidth for serving authorization policies to 2 KiB. Server costs in this system are negligible. Our evaluation finds that Speranza is practical on the scale of the largest software repositories. We also emphasize practicality and deployability in this project. By building on existing technology and employing relatively simple and well-established cryptographic techniques, Speranza can be deployed for wide-scale use with only a few hundred lines of code and minimal changes to existing infrastructure. Speranza is a practical way to bring privacy and authenticity together for more trustworthy open-source software." @default.
• W4376311937 created "2023-05-13" @default.
• W4376311937 creator A5025546105 @default.
• W4376311937 creator A5029675337 @default.
• W4376311937 creator A5059317801 @default.
• W4376311937 creator A5064227464 @default.
• W4376311937 date "2023-05-10" @default.
• W4376311937 modified "2023-09-27" @default.
• W4376311937 title "Speranza: Usable, privacy-friendly software signing" @default.
• W4376311937 doi "https://doi.org/10.48550/arxiv.2305.06463" @default.
• W4376311937 hasPublicationYear "2023" @default.
• W4376311937 type Work @default.
• W4376311937 citedByCount "0" @default.
• W4376311937 crossrefType "posted-content" @default.
• W4376311937 hasAuthorship W4376311937A5025546105 @default.
• W4376311937 hasAuthorship W4376311937A5029675337 @default.
• W4376311937 hasAuthorship W4376311937A5059317801 @default.
• W4376311937 hasAuthorship W4376311937A5064227464 @default.
• W4376311937 hasBestOaLocation W43763119371 @default.
• W4376311937 hasConcept C107457646 @default.
• W4376311937 hasConcept C108827166 @default.
• W4376311937 hasConcept C11413529 @default.
• W4376311937 hasConcept C121332964 @default.
• W4376311937 hasConcept C136764020 @default.
• W4376311937 hasConcept C148417208 @default.
• W4376311937 hasConcept C148730421 @default.
• W4376311937 hasConcept C167529545 @default.
• W4376311937 hasConcept C170130773 @default.
• W4376311937 hasConcept C178005623 @default.
• W4376311937 hasConcept C203062551 @default.
• W4376311937 hasConcept C24890656 @default.
• W4376311937 hasConcept C2778355321 @default.
• W4376311937 hasConcept C38652104 @default.
• W4376311937 hasConcept C41008148 @default.
• W4376311937 hasConcept C96865113 @default.
• W4376311937 hasConceptScore W4376311937C107457646 @default.
• W4376311937 hasConceptScore W4376311937C108827166 @default.
• W4376311937 hasConceptScore W4376311937C11413529 @default.
• W4376311937 hasConceptScore W4376311937C121332964 @default.
• W4376311937 hasConceptScore W4376311937C136764020 @default.
• W4376311937 hasConceptScore W4376311937C148417208 @default.
• W4376311937 hasConceptScore W4376311937C148730421 @default.
• W4376311937 hasConceptScore W4376311937C167529545 @default.
• W4376311937 hasConceptScore W4376311937C170130773 @default.
• W4376311937 hasConceptScore W4376311937C178005623 @default.
• W4376311937 hasConceptScore W4376311937C203062551 @default.
• W4376311937 hasConceptScore W4376311937C24890656 @default.
• W4376311937 hasConceptScore W4376311937C2778355321 @default.
• W4376311937 hasConceptScore W4376311937C38652104 @default.
• W4376311937 hasConceptScore W4376311937C41008148 @default.
• W4376311937 hasConceptScore W4376311937C96865113 @default.
• W4376311937 hasLocation W43763119371 @default.
• W4376311937 hasOpenAccess W4376311937 @default.
• W4376311937 hasPrimaryLocation W43763119371 @default.
• W4376311937 hasRelatedWork W2025476074 @default.
• W4376311937 hasRelatedWork W2247980666 @default.
• W4376311937 hasRelatedWork W2252281522 @default.
• W4376311937 hasRelatedWork W2347353918 @default.
• W4376311937 hasRelatedWork W2371321627 @default.
• W4376311937 hasRelatedWork W2610396733 @default.
• W4376311937 hasRelatedWork W2783999343 @default.
• W4376311937 hasRelatedWork W3196529645 @default.
• W4376311937 hasRelatedWork W4210686566 @default.
• W4376311937 hasRelatedWork W2914672392 @default.
• W4376311937 isParatext "false" @default.
• W4376311937 isRetracted "false" @default.
• W4376311937 workType "article" @default.