CTng: Secure Certificate and Revocation Transparency
Jie Kong
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · Web Security
The **Web PKI** ecosystem that underpins secure internet communication relies on **Certificate Transparency (CT)** to detect maliciously or mistakenly issued certificates, and on revocation mechanisms to invalidate compromised ones. However, both systems suffer from fundamental security and privacy flaws. Revocation is effectively broken -- browsers routinely accept revoked certificates through **soft-fail** behavior, vendor-assisted revocation provides no guarantee of complete coverage, and rogue CAs can hide revocation status. Meanwhile, CT itself is vulnerable to **split-world attacks** where a malicious logger maintains parallel log views, and relying parties who attempt to audit certificates directly compromise their **privacy** by revealing their communication patterns to loggers. This talk introduces **CTng**, an evolutionary extension of Certificate Transparency that simultaneously achieves secure transparency, revocation transparency, relying party privacy, and improved efficiency through a gossip-based threshold signature scheme among monitors.
AI review
A well-designed evolutionary extension of Certificate Transparency that adds revocation transparency, eliminates split-world attacks via gossip-based threshold signatures, and preserves relying party privacy. Solid cryptographic engineering, though more infrastructure-defense than offensive research.