Abstract
Public key infrastructures (PKIs) provide the foundations for securing Internet communications. Currently, PKIs are operated by centralized authorities, which have been involved in numerous security incidents. Blockchain or smart contract PKIs employ their distributed, fault-tolerant log of transactions to store either all identity records, or, constant-sized data to verify identity records stored off-chain. However, as most of these systems have never been implemented, there is little information regarding their practical implications. In this article, we implement, evaluate, and provide a complete security proof for the smart contract-based PKI of (Patsonakis et al.) on Ethereum. This construction incurs constant-sized storage at the expense of computational complexity. To explore this tradeoff, we propose and implement a second construction which, eliminates the need for trusted setup, preserves its security properties and show that it is the only version with constant-sized state that can be deployed on Ethereum's live chain. We compare these constructions with the simple approach of storing all identity records on the smart contract's state, to illustrate several shortcomings of Ethereum and its cost model. We propose several modifications for fine tuning the model, which should be considered for any smart contract platform like Ethereum so that it may support arbitrary distributed applications.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
