A Decentralized Dynamic PKI based on Blockchain
This work addresses the fragility and operational demands of centralized CAs in traditional PKI for large, loosely-connected systems, offering a more robust and efficient alternative.
This paper proposes a decentralized and dynamic Public Key Infrastructure (PKI) that eliminates traditional Certificate Authorities (CAs) and digital certificates by registering all public key information on a blockchain. Public key management, including registration, revocation, and updates, is handled through a consensus mechanism among existing system entities, allowing any node to act as an auditor and initiate revocation without the need for revocation lists.
The central role of the certificate authority (CA) in traditional public key infrastructure (PKI) makes it fragile and prone to compromises and operational failures. Maintaining CAs and revocation lists is demanding especially in loosely-connected and large systems. Log-based PKIs have been proposed as a remedy but they do not solve the problem effectively. We provide a general model and a solution for decentralized and dynamic PKI based on a blockchain and web of trust model where the traditional CA and digital certificates are removed and instead, everything is registered on the blockchain. Registration, revocation, and update of public keys are based on a consensus mechanism between a certain number of entities that are already part of the system. Any node which is part of the system can be an auditor and initiate the revocation procedure once it finds out malicious activities. Revocation lists are no longer required as any node can efficiently verify the public keys through witnesses.