Speranza: Usable, privacy-friendly software signing. (arXiv:2305.06463v2 [cs.CR] UPDATED)

Abstract:Software repositories, used for wide-scale open software distribution, are a significant vector for security attacks. Software signing provides authenticity, mitigating many such attacks. Developer-managed signing keys pose usability challenges, but certificate-based systems introduce privacy problems. This work, Speranza, uses certificates to verify software authenticity but still provides anonymity to signers using zero-knowledge identity co-commitments. In Speranza, a signer uses an

Read more

Related Posts

• Unlearnable Examples Give a False Sense of Security: Piercing through Unexploitable Data with Learnable Examples. (arXiv:2305.09241v3 [cs.LG] UPDATED)a
• SF-IDS: An Imbalanced Semi-Supervised Learning Framework for Fine-grained Intrusion Detection. (arXiv:2308.00542v1 [cs.CR])a
• QEVSEC: Quick Electric Vehicle SEcure Charging via Dynamic Wireless Power Transfer. (arXiv:2205.10292v3 [cs.CR] UPDATED)a
• Neural Disaggregation via Spatially Coherent Architectures. (arXiv:2306.07292v2 [cs.LG] UPDATED)a
• Model Conversion via Differentially Private Data-Free Distillation. (arXiv:2304.12528v2 [cs.CR] UPDATED)a