Exploiting approximate transitivity of trust

Social networks, of which webs of trust are a particular type, have been shown to be effective ways of moving information with minimal external configuration, setup, or management. For applications requiring information assurance, a web of trust is an appealing system architecture, since trust is an inherent component of both the network design and assurance. The trust in a typical web of trust is not transitive, however, making the construction of an application with strong assurance difficult or impossible. Instead, in this paper we examine a notion of weak assurance that can be provided by a web of trust, and might be “good enough” for many applications. As a motivating example, and to provide a more concrete basis for exposition, we present KeyChains, a peer-to-peer system that operates over a distributed web of trust to provide fully decentralized public key publishing and retrieval. In addition to weak assurance guarantees, KeyChains also provides an audit trail for public keys retrieved. Our analysis and simulations show that the resulting system is both efficient and secure.