A scalable bitcoin-based public key certificate management system

Abstract

The main challenges with traditional public key infrastructures arise from the detection of fraudulent public key certificates and the timely retrieval of an up-to-date record of revoked certificates. While Certificate Transparency logs help to detect falsified certificates in circulation, they do not address the prevailing issues with certificate revocation. Public blockchains such as Bitcoin can be used to create a transparent, tamper-proof log of events secured by the cryptographic work carried out by nodes in the network. In this paper, we present a Bitcoin-based certificate management system that exploits the scalability and low-cost features of its underlying blockchain infrastructure, while preserving user privacy. Based on a feasibility analysis, we estimate the capability to support 9000 certificate issuances, revocations, or updates per second at a cost of less than 0.005 USD per event. The immutability and auditability of records stored on the blockchain provides a universal view of public key certificates. A comparative analysis shows that our solution can significantly reduce the overhead endured by live certificate status retrievals and offers flexibility in certificate revocation. The revocation of a public key certificate is as simple as spending a Bitcoin transaction.