Score:0

Authentication in P2P networks without central server

br flag

I'm trying to understand how to perform authentication in an P2P network without a central server. Given a network with no central trusted unit and a PKI, how can one be sure of the authenticity of the public keys?

Usually the public keys would be signed by some central trusted authority which guarantees the authenticity of the keys. However, in a P2P network without a central server no such unit exists. This raises the question on how to trust the authenticity of the public keys.

Is it possible to use a web of trust approach? How many peers must sing a public key before it can be trusted?

Is it possible to use a distributed ledger or a block chain?

Is there alternatives to an PKI in this scenario?

Example of the problem: A user, userA, can generate his key pair and propagate his public key on the network. Then a second user, userB, can generate a new key pair and propagate the public key on the network claiming it belongs to userA. Then when I want to send a message to userA, I will find two public keys. The one generated by userA, and the fake one generated by userB. Without a central trusted unit to sign the key I will have no way of knowing which key actually belong to userA and I may end up communicating with userB believing it is user A.

The question is similar to this one, but hopefully some work have been done last 7 years. How to perform authentication without central server in P2P?

jp flag
Start by thinking about: What does "authentic" mean in your network? I generated 10000000 public keys and they are all real, genuine 100%-pure-cotton public keys. What makes them inauthentic? Is it the fact that I told you they belonged to Sigmund Berbom? But my name *is* Sigmund Berbom - you can't prove it's not. Therefore these must be authentic Sigmund Berbom keys, no?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.