A Decentralized Dynamic PKI based on Blockchain

TL;DR

This paper proposes a decentralized, blockchain-based PKI system that eliminates traditional CAs, enabling secure, dynamic, and trustless public key management through consensus and witness verification.

Contribution

It introduces a novel blockchain and web of trust model for PKI, removing CAs and revocation lists, and allowing any node to verify and revoke keys efficiently.

Findings

Decentralized PKI reduces reliance on central authorities.

Blockchain enables transparent and tamper-proof registration and revocation.

Any node can verify public keys without revocation lists.

Abstract

The central role of the certificate authority (CA) in traditional public key infrastructure (PKI) makes it fragile and prone to compromises and operational failures. Maintaining CAs and revocation lists is demanding especially in loosely-connected and large systems. Log-based PKIs have been proposed as a remedy but they do not solve the problem effectively. We provide a general model and a solution for decentralized and dynamic PKI based on a blockchain and web of trust model where the traditional CA and digital certificates are removed and instead, everything is registered on the blockchain. Registration, revocation, and update of public keys are based on a consensus mechanism between a certain number of entities that are already part of the system. Any node which is part of the system can be an auditor and initiate the revocation procedure once it finds out malicious activities. Revocation lists are no longer required as any node can efficiently verify the public keys through witnesses.