A New Blockchain-Based PKI and A Digital Signature Format For Long-Term Validation of Digital Signatures

Abstract

Traditional Public Key Infrastructure (PKI) has long been grappling with security issues arising from its centralized and non-transparent design. Despite Google's implementation of the Certificate Transparency (CT) project in 2013, aimed at addressing SSL certificate tracking, it has continued to be vulnerable to attacks such as split-world attacks. In recent years, blockchain-based PKI architectures have emerged as promising solutions to overcome such issues. However, existing research has predominantly focused on SSL certificates, overlooking other critical certificate types such as electronic signatures/seals, code signing, and S/MIME — all of which are dependent on the foundational PKI infrastructure. In this study, we present a semi-decentralized new blockchain-based PKI (SemiDec-PKI) architecture designed to accommodate various certificate types.

Our SemiDec-PKI, combining the principles of the Web of Trust with a centralized model, establishes a resilient, distributed infrastructure. This unparalleled fusion minimizes reliance on a single central authority, reducing security vulnerabilities associated with the single points of failure in traditional PKI systems. Through the collective consensus of multiple trusted organizations, SemiDec-PKI achieves higher fault tolerance, protecting the system against potential issues such as certificate misissuance and compromise of certificate authority. Additionally, within SemiDec-PKI, we introduce a stake-based reward-punishment mechanism that incentivizes honest behavior and penalizes malicious actions, serving as a robust deterrent against impersonation attacks.

In addition to the pioneering SemiDec-PKI, this study introduces a new blockchain-compatible electronic signature format known as Blockchain-based Advanced Electronic Signature (BlAdES). This format not only adheres to blockchain principles but also provides interoperable services through smart contracts. It introduces an optimized form of multiple signatures — a BLAdES form using threshold signatures and Musig. This innovative approach ensures secure, collaborative, and scalable electronic transactions, aligning with the dynamic needs of the digital era. The study's multifaceted contributions extend beyond SSL certificates, encompassing various critical certificate types and establishing a resilient and secure foundation for diverse applications in the evolving landscape of digital transactions.