Associative Blockchain for Decentralized PKI Transparency

The conventional public key infrastructure (PKI) model, which powers most of the Internet, suffers from an excess trust into certificate authorities (CAs), compounded by a lack transparency makes it vulnerable to hard-to-detect targeted stealth impersonation attacks. Existing approaches make issuance more transparent, including ones based on blockchains, are still somewhat centralized. We present decentralized PKI (DPKIT): client-based approach enforcing in and revocation while eliminating single points failure. DPKIT efficiently leverages existing blockchain realize append-only, distributed associative array, allows anyone (or their browser) audit update history all publicly issued certificates revocations for any domain. Our technical contributions include definitions append-only ledgers, security model transparency, formal analysis our construction with respect same. Intended as client-side browser extension, will be effective at fraud detection prosecution, even under fledgling user adoption, better coverage privacy than federated observatories, such Google’s or Electronic Frontier Foundation’s.