Trusted third party

trusted partyTrusted Third Partiesneutral third partytrusted third party (TTP)trusted third-party authority
In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; the Third Party reviews all critical transaction communications between the parties, based on the ease of creating fraudulent digital content.wikipedia
42 Related Articles

Certificate authority

certificate authoritiesCAcertification authority
TTPs are common in any number of commercial transactions and in cryptographic digital transactions as well as cryptographic protocols, for example, a certificate authority (CA) would issue a digital identity certificate to one of the two parties in the next example. That large impersonal corporations make promises of accuracy in their attestations of the correctness of a claimed public-key-to-user correspondence (e.g., by a certificate authority as a part of a public key infrastructure) changes little. The 2011 incident at CA DigiNotar broke the trust of the Dutch governments PKI, and is a textbook example of the weaknesses of the system and the effects of it. As Bruce Schneier has pointed out, after the 2013 mass surveillance disclosures, no third party should in fact ever be trusted.
A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate.

Public key infrastructure

PKIpublic-key infrastructurepublic key infrastructure (PKI)
That large impersonal corporations make promises of accuracy in their attestations of the correctness of a claimed public-key-to-user correspondence (e.g., by a certificate authority as a part of a public key infrastructure) changes little. The 2011 incident at CA DigiNotar broke the trust of the Dutch governments PKI, and is a textbook example of the weaknesses of the system and the effects of it. As Bruce Schneier has pointed out, after the 2013 mass surveillance disclosures, no third party should in fact ever be trusted.
The term trusted third party (TTP) may also be used for certificate authority (CA).

DigiNotar

Breach of Diginotar CAfraudulent certificates
The 2011 incident at CA DigiNotar broke the trust of the Dutch governments PKI, and is a textbook example of the weaknesses of the system and the effects of it. As Bruce Schneier has pointed out, after the 2013 mass surveillance disclosures, no third party should in fact ever be trusted.
Dick Batenburg and the KNB formed the group TTP Notarissen (TTP Notaries), where TTP stands for trusted third party.

Web of trust

PGPTrust Agenttrust networks
The PGP cryptosystem includes a variant of the TTP in the form of the web of trust.
Therefore, one or more trusted third-party authority (TTPA) type of entity or group need to be available for users and be usable by users, and such entity/group need to be capable of providing trusted-verification or trust-delegation services for millions of users around the world, at any time.

Double-spending

double spending51% attack51% attacks
Double-spending
This is usually implemented using an online central trusted third party that can verify whether a token has been spent.

Cryptography

cryptographiccryptographercryptology
In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; the Third Party reviews all critical transaction communications between the parties, based on the ease of creating fraudulent digital content.

Cryptographic protocol

protocolsecurity protocolprotocols
TTPs are common in any number of commercial transactions and in cryptographic digital transactions as well as cryptographic protocols, for example, a certificate authority (CA) would issue a digital identity certificate to one of the two parties in the next example.

Bruce Schneier

Schneiermovie plot threatSecrets and Lies
The 2011 incident at CA DigiNotar broke the trust of the Dutch governments PKI, and is a textbook example of the weaknesses of the system and the effects of it. As Bruce Schneier has pointed out, after the 2013 mass surveillance disclosures, no third party should in fact ever be trusted.

Global surveillance disclosures (2013–present)

2013 mass surveillance disclosuresglobal surveillance disclosures2013 global surveillance disclosures
The 2011 incident at CA DigiNotar broke the trust of the Dutch governments PKI, and is a textbook example of the weaknesses of the system and the effects of it. As Bruce Schneier has pointed out, after the 2013 mass surveillance disclosures, no third party should in fact ever be trusted.

Pretty Good Privacy

PGPOpenPGPPretty Good Privacy (PGP)
The PGP cryptosystem includes a variant of the TTP in the form of the web of trust.

Key signing party

key signing partieskey signingkey-signing parties
A key signing party is one way of combining a get-together with some certificate signing.

Notary public

notaries publicnotarynotaries
For instance, a notary public acts as a trusted third party for authenticating or acknowledging signatures on documents.

Mental poker

Mental poker is the common name for a set of cryptographic problems that concerns playing a fair game over distance without the need for a trusted third party.

Secure Remote Password protocol

SRPSecure Remote PasswordSecure Remote Password (SRP)
The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not require a trusted third party.

Distributed key generation

Unlike most public key encryption models, distributed key generation does not rely on Trusted Third Parties.

Trust on first use

TOFUtrust certificates on first usetrust-on-first-use
The TOFU approach can be used when connecting to arbitrary or unknown endpoints which do not have a trusted third party such as a certificate authority.

OpenTimestamps

With the advent of systems like Bitcoin, it is possible to create and verify proofs of existence of documents (timestamps) without relying on a trusted third party; this represents an enhancement in term of security, since it excludes the possibility of a malicious (or careless) notary to compromise the timestamp.

DigiCert

DigiCert Inc.DigiCert, Inc.
As a trusted third party, DigiCert verifies the authenticity of secure websites on behalf of a web browser.

Domain Name System Security Extensions

DNSSECstub resolverdeployment of DNSSEC at the root zone
The correct DNSKEY record is authenticated via a chain of trust, starting with a set of verified public keys for the DNS root zone which is the trusted third party.

Kerberos (protocol)

KerberosKerberos 5Kerberos protocol
Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication.

Certified email

Sender Bond
These are dominated by two-party scenarios with only one sender and one receiver as well as a trusted third party (TTP) serving as a mediator.

Decentralized autonomous organization

decentralized autonomous corporationblockchainDAO
This approach eliminates the need to involve a mutually acceptable trusted third party in a financial transaction, thus simplifying the transaction.

Key-agreement protocol

key agreementkey agreement protocolanonymous Diffie–Hellman
A widely used mechanism for defeating such attacks is the use of digitally signed keys that must be integrity-assured: if Bob's key is signed by a trusted third party vouching for his identity, Alice can have considerable confidence that a signed key she receives is not an attempt to intercept by Eve.

Al Gore and information technology

1999 CNN interviewAl Gore Invented InternetAl Gore invented the Internet
Another initiative proposed a software-based key escrow system, in which keys to all encrypted data and communications would reside with a trusted third party.