Blockchain technology has become a major discussion topic in recent years. Rightfully so because there is no question that Blockchain holds significant promise for the future. Many major companies are investing in this technology such as Microsoft, IBM, Cisco, SAP, as well as others. As with any new technology, there is a lot of claims made around Blockchain, and it is very difficult to separate the fiction and truth from this topic. Only time will tell whether the things that are said actually become reality or they just stay as false promises.
One topic, in particular, has caught my attention, the implementation of Public Key Infrastructure (PKI) and Blockchain. While the outcome is yet to be determined, I believe that Blockchain technology will deeply benefit from PKI and other identity technologies, rather than replacing them.
Blockchain at its core is a shared ledger, the technology provides a mechanism for multiple participants to agree upon the contents of the ledger, in a decentralized manner. These participants make up what often called as the Blockchain network. Blockchain leverages digital signatures, Elliptic-Curve Cryptography, and SHA-2 hashes, as the main cryptography for all transactions. Having to use Public Key or “asymmetric” cryptography system with Blockchain requires the private key to be protected to the highest level, that is because if you lose your private key with Bitcoin that essentially means losing your money. With all of this information, there’s no question that Blockchain stands significance in certain applications. The experiments made by the banking industry is a great example how Blockchain can secure bank transfers. However, because Blockchain is new technology, it has lots of room to develop and improve.
In the Bitcoin Blockchain, the ledger contains transactions involving the exchange of currency, but in the more general case, the contents of the ledger can be almost anything. When it comes to Public Key Infrastructure I believe that the basic setup will remain the same. That means that CA will issue and manage certificates needed for the trusted digital identities to implement strong authentication, digital signatures, and data encryption. But instead of running the infrastructure on a computer which requires a lot of maintenance, the CA would be running on the Blockchain instead. It would replace the single computer by a group of connected computers where the code is accessible to anyone and that would make PKI even more trustworthy and vigorous.
In order to really understand how implementing PKI on Blockchain would benefit over traditional PKI let’s go over some apparent advantages.The certificates are not signed, resulting in them being shorter which would reduce the time it takes to transmit a certificate backed by CA certificate chain.Validation of a certificate and its CA certificate chain is critical. But because Blockchain is a “distributed ledger”, the verifier has a local copy of the entire blockchain and is able to look up the hashes of certificates in the blockchain stores without network access, therefore no signatures need to be verified.
Lastly, in Blockchain PKI the use of certificate revocation list (CRLs) or responses to online certificate status protocol (OCSP) queries would no longer be required. This is an advantage because these lists can consume a lot of data, resulting in a slower overall process.
The technology is very exciting but the future is yet to be determined. Because of this technology being quite new, we can expect few bumps on the way as the technology matures. Blockchain will remain as one of the most interesting technologies to keep an eye on in the next few years.