ProofChain: An X.509-compatible blockchain-based PKI framework with decentralized trust

Abstract

Public Key Infrastructure (PKI) is the most widely accepted cryptography protocol to enable secure communication over the web. PKI comprises digital certificates managed by the certificate authorities (CAs) to verify the user’s identity, thus providing secure communication channels. However, the security of PKI is profoundly reliant on the reliability of these third-party CAs, which serves as a single point of failure for PKI. Over the past, there have been several incidents of popular CA breaches, where the centralized operation model of CAs caused numerous targeted attacks due to the spread of rogue certificates.In this paper, we aim to make the CA pool completely decentralized and concurrently build our decentralized solution cooperative with established PKI standards (i.e., X.509) for effective real-world integration. In particular, we harness blockchain technology to propose a decentralized PKI framework named ProofChain, which provides complete trust among a decentralized group of CAs. Our proposed solution provides all the traditional X.509 PKI operations (i.e., registration, validation, verification, and revocation), making it compatible with existing PKI standards. We have also evaluated ProofChain against popular security standards (i.e., the CIA triad model) and PKI adversarial attacks. Besides, to demonstrate the practicality of our proposed system, we have also evaluated the performance of the ProofChain by implementing it on the private testbed of the Ethereum network across various real-world PKI scenarios.