CONIKS is an end-user Key Verification service capable of integration in end-to-end encrypted communication systems.

CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users.

CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users.

CONIKS offers a Key Transparency which enables automated trust establishment with untrusted communication Service Providers by having the Service Provider maintain an auditable directory of all of its users' keys.

Alice and Bob#

The CONIKS client software on a user's device simply registers the user's online name (e.g. alice@example.com) mapped to a previously-generated public key in the provider's key directory. Then when Alice wants to send a secure message to some other user, say Bob, her CONIKS client looks up Bob's key at the key directory, and verifies that this key has not changed unexpectedly over time.

Alice's CONIKS client also checks that Bob's key is consistent with the key other clients are seeing for Bob. Only if these two consistency checks pass will the CONIKS client send Alice's message to Bob. The CONIKS client also performs these same checks for Alice's own key on a regular basis to ensure that the Service Provider is not tampering with Alice's key.

More Information#

There might be more information for this subject on one of the following: