CertLedger
Traceability

Overview

In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certificate Transparency (CT) in 2013. Later, several new PKI models (e.g., AKI, ARPKI, and DTKI) are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certificate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide an ideal certificate/revocation transparency. All TLS certificates, their revocation status, entire revocation process, and trusted CA management are conducted in the CertLedger. CertLedger provides a unique, efficient, and trustworthy certificate validation process eliminating the conventional inadequate and incompatible certificate validation processes implemented by different software vendors. TLS clients in the CertLedger also do not require to make certificate validation and store the trusted CA certificates anymore. We analyze the security and performance of the CertLedger and provide a comparison with the previous proposals.

People also viewed

CoinAlpha
The future of asset management.
CoinAlpha
Lightning Labs
Taking blockchains to the next layer.
Lightning Labs
Computable
Open protocol for decentralized data markets and exchange.
Computable
IC3
The Initiative For CryptoCurrencies & Contracts.
IC3

Expanding Ecosystems

With over 70+ ecosystems actively growing, they are equally deserving of your attention.

Ethereum
SOLANA
BNB Chain
The Open Network
Avalanche
Sui
Aptos
Polygon
Arbitrum
Optimism
COSMOS
StarkNet
Blast
Base