Discussion on “Zero-Trust” or “Evidence-Only” Architecture

Recently, the U.S. Federal government and the Department of Defense announced the “Zero Trust” reigniting the debate on the logic of trust. Subject authentication is the core technology of cyber security. The traditional system is based on the reasoning logic of trust. The trust logic is the product of the situation that the authenticity of the subject cannot be proved, and the authenticity of the subject is remedied by a third party’s certificates. However, the authenticity of certificates still cannot be proved, and can’t be used as evidence after the fact, so a complete signature protocol cannot be constructed. Trust provides a basis for face to face transaction, but not as evidence afterwards. Trust-based reasoning logic adopts a decentralized key generation system, and the decentralized system has too strong exclusivity, which is easy to be used by criminal groups. Therefore, there is a new requirement to construct new authentication logic, which is “Evidence Only Architecture”. The evidence based authentication logic proves the authenticity of the subject through the one-to-one mapping between the identifier and the key. However, we have to admit that it is difficult to establish such a mapping. As long as the mapping is established, the real digital signature can be constituted and can be used as evidence after the fact.