StemCerts-2: Pairs of X.509 v3 Certificates for Greater Security, Flexibility and Convenience

We introduce the notion of StemCerts, a digital certificate scheme that allows the user to modify some fields of a digital certificate while keeping it valid. The owner can modify a StemCert in a limited and controlled fashion without interacting with the certification authority which issued it. By modifying her identity, the user can achieve "pseudonymous anonymity" - but the CA can still associate a certificate to its owner - and/or handle temporary or permanent address changes. Modifying the expiry date allows the user to transform her certificate into a set of "one time" certificates, thus alleviating the need for revocation lists. We developed two proof-of-concept implementations for this new scheme. The first one was based on Chameleon hash functions, while the second one was based on the use of two chained, standard X.509 v3 certificates. We also present experimental data collected from the prototype implementations that show how the second prototype can easily be adopted in real environments, possibly exploiting smartcard technology.