Special Session 153: 

BKI: A Decentralized and Accountable Public-Key Infrastructure Based on Blockchain

Zhiguo Wan
Shandong University
Peoples Rep of China
Co-Author(s):    Zhiguo Wan, Zhangshuang Guan
Abstract:
Traditional PKIs suffer from a well-known vulnerability due to bogus certificates issued by a compromised Certificate Authorities (CA). Several solutions like AKI and ARPKI have been proposed to address this vulnerability. However, they require complex interactions and synchronization among related entities, and they have not been validated with wide deployment. We propose an accountable, flexible and efficient decentralized PKI to achieve the same goal using the blockchain technology of Bitcoin, which has been proven to be secure and reliable. The proposed scheme, called BKI, realizes certificate issuance, update and revocation using specially designed transactions on a blockchain managed by multiple trusted maintainers. We also design a special Merkle Patricia Tree (MPT) to store the certificate status information, which implements highly efficient certificate status checking. BKI not only solves the well-known vulnerability in traditional PKIs, but also achieves accountability for certificate management. Moreover, the certificate status update interval of BKI can be in seconds, which makes the vulnerability window much shorter than AKI/ARPKI. In addition, BKI is also flexible since the number of required CAs to issue/revoke certificates is tunable for different applications. To prove security of BKI, we use the Tamarin prover to formalize a model for BKI and then security properties of BKI are proved with help of Tamarin. Finally, we implement BKI using smart contracts on Ethereum, and conduct comprehensive experiments to evaluate its performance.