CertOracle: Enabling Long-term Self-Sovereign Certificates with Blockchain Oracles

Abstract

Identity certificate is an endorsement of identity attributes from an authority issuer, and plays a critical role in many digital applications such as electronic banking. However, the existing certificate schemes have two weaknesses: (1) a certificate is valid only for a short period due to expiry of the issuer’s private key, and (2) privacy leaks because all the attributes have to be disclosed in the attribute verification process. To overcome the weaknesses, this paper proposes a blockchain-based certificate scheme called CertOracle. Specifically, CertOr-acle allows a traditional certificate owner to encrypt the off-chain certificate attributes with fully homomorphic encryption algorithms. Then, the uploading protocol in CertOracle enables to post the encrypted off-chain attributes into the blockchain via a blockchain oracle in an authenticated way, i.e., the off-chain attributes and on-chain encrypted attributes are consistent. Finally, the attribute verification protocol in CertOracle enables anyone to verify any set of on-chain attributes under the control of the attribute owner. As the on-chain certificate attributes are immutable forever, a traditional short-term certificate is transformed into a long-term one. Besides, the owner of the on-chain certificate attributes can arbitrarily select his/her attributes to meet the requirements of target applications, i.e., the on-chain certificate has the self-sovereign merit. Moreover, the proposed scheme is implemented with fully homomorphic encryption and secure two-party computation algorithms, and its experiments show that it is viable in terms of computation time and communication overhead.