PTS2025

Since the inception of Certificate Transparency, the use of Transparency logs is booming: go sumdb, Key Transparency, Sigstore, etc. These various ecosystems build on top of the promise of transparency logs: accurate, immutable, publicly verifiable data. Building with tamper-evident logs means that you can cryptographically prove that the data hasn’t been unexpectedly changed.

This growing number of ecosystems together with the increase of the logs’ size called for efficient APIs to ensure logs could deliver their promise. This led to the standardization of transparency logs APIs and format: the concept of tiles and checkpoint emerged. Tiles split the underlying Merkle tree into chunks that can be stored, served and cached efficiently, while checkpoints represent the state of the tree.

Certificate Transparency (CT) has been the most successful role model for transparency ecosystems. Static Certificate Transparency API, an evolution of RFC 6962, is Certificate Transparency’s attempt at implementing these new standards, thus bringing all ecosystems closer to one another.

This talk introduces Trillian Tessera, an open-source Go library for building tile-based transparency logs using these standard formats on both major cloud and on-premises infrastructure, together with TesseraCT, a readily deployable solution for Certificate Transparency using Trillian Tessera.

Attendees will gain insights into a lightweight yet powerful library for building their own reliable and easily maintainable transparency solutions. We will showcase a concrete example of its application with Certificate Transparency. The demo covers the TesseraCT deployment and the performance of submitting entries and verifying the entry inclusion and log consistency.