Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures
This addresses the problem of ensuring transparency and security in auditable logs for users and services, offering a more decentralized and trustworthy approach.
The paper tackles the lack of suitable gossip protocols and reliance on trusted auditors in verifiable data structures by proposing Mog, a gossip protocol and verifiable registry that enables users to perform their own auditing, with proven security and demonstrated performance in near-term deployments.
In recent years, there has been increasing recognition of the benefits of having services provide auditable logs of data, as demonstrated by the deployment of Certificate Transparency and the development of other transparency projects. Most proposed systems, however, rely on a gossip protocol by which users can be assured that they have the same view of the log, but the few gossip protocols that do exist today are not suited for near-term deployment. Furthermore, they assume the presence of global sets of auditors, who must be blindly trusted to correctly perform their roles, in order to achieve their stated transparency goals. In this paper, we address both of these issues by proposing a gossip protocol and a verifiable registry, Mog, in which users can perform their own auditing themselves. We prove the security of our protocols and demonstrate via experimental evaluations that they are performant in a variety of potential near-term deployments.