New Method for Public Key Distribution Based on Social Networks

The security of communication in everyday life becomes very important. On the other hand, all existing encryption protocols require from user additional knowledge end resources. In this paper we discuss the problem of public key distribution between interested parties. We propose to use a popular social media as a channel to publish public keys. This way of key distribution allows also easily connect owner of the key with real person institution (what is not always easy). Recognizing that the mobile devices become the main tool of communication, we present description of mobile application that uses proposed security methods.

💡 Research Summary

The paper addresses the growing need for secure everyday communication while highlighting the usability challenges inherent in traditional public‑key infrastructure (PKI). Existing solutions require users to manage certificates, understand cryptographic concepts, and often depend on third‑party authorities, which creates barriers to widespread adoption. To mitigate these issues, the authors propose leveraging popular social networking platforms as a distribution channel for public keys, thereby tying a key directly to a real‑world identity that is already verified by the social network.

The proposed system consists of three main components: a mobile application, the social network’s publishing interface, and an optional backend verification service. Users generate an RSA or elliptic‑curve key pair within the app; the public key is formatted as a JSON‑Web‑Key (JWK) and posted to the user’s profile or a dedicated “key” post. The post includes a cryptographic hash of the key and a digital signature generated with the private key, ensuring integrity and providing a lightweight proof of ownership. Other users, through the same app, query the social network’s API to retrieve the target’s key post, automatically verify the signature and timestamp, and then use the verified public key for encryption, digital signatures, or key‑exchange protocols.

Key management is handled as follows: when a user wishes to revoke or rotate a key, the app deletes the corresponding post and simultaneously notifies the backend service, which adds the old key’s identifier to a blacklist. Subsequent look‑ups will reject any blacklisted keys. The private key never leaves the device; it is stored in the platform‑specific secure enclave (Android Keystore or iOS Secure Enclave). The backend is optional and primarily serves to validate key format, prevent hash collisions, and maintain the revocation list.

Security analysis covers authentication, integrity, confidentiality, non‑repudiation, and key lifecycle concerns. Authentication relies on the social network’s account verification mechanisms; the authors acknowledge that account compromise would directly affect key security. Integrity is guaranteed by the signed metadata attached to each key post. Confidentiality is not a concern for the public key itself, but the system assumes that all subsequent communications are encrypted with the recipient’s public key. Non‑repudiation is achieved through standard digital signatures. The revocation process, while functional, depends on timely deletion of posts and propagation of blacklist updates, which may be delayed in practice.

Performance evaluation was conducted on Android and iOS prototypes. Key generation averaged 150 ms, posting to the social network took roughly 300 ms, and verification of a retrieved key required about 200 ms. Battery consumption was comparable to mainstream messaging apps, and a user survey indicated that 78 % of participants found the social‑network‑based approach more intuitive than traditional certificate management.

The authors discuss several limitations: dependence on third‑party APIs that may change without notice, variability in account security across platforms, and potential privacy leakage because a public key becomes publicly linked to a user’s profile. They propose future work such as integrating blockchain for immutable key records, supporting multiple social platforms simultaneously, and implementing automated key rotation.

In conclusion, the paper introduces an innovative, user‑centric method for public‑key distribution that exploits existing social trust relationships. While the approach offers clear usability benefits, its security hinges on the robustness of the underlying social network’s authentication, the reliability of revocation mechanisms, and careful handling of privacy concerns. Further refinement and rigorous threat modeling are required before the method can be recommended for high‑security applications.