Why the blockchain

The use of blockchain in the Blockcerts treatment isn’t demonstrable to many people, who wonder why this can’t be done with PKI. It can be done with PKI, but this describes the advantages Blockchain offers.

In Blockcerts, the issuer uses their digital signature to provide a credential to a recipient, identified by a recipient-owned public key, and issued on the blockchain. The recipient’s credential contains the Merkle proof linking the credential with a specific blockchain transaction.

This is used to establish integrity of the credential; i.e. that it hasn’t been tampered with. Additionally, the recipient-owned public key embedded in the credentials permits the recipient to prove ownership.

To establish authenticity, one must establish that the issuer wielded the issuing key at the time the credential was issued. This is why a reliable timestamp is needed, expanded on below.

A reliable source of a timestamp, and the capability to be persuaded of the correctness of this value, is clearly significant in the case of a credential that expires, but it is also critical for a practical reason — the issuer must be able to rotate issuing keys, on a regular basis as part of security best practices, but more critically in response to a key leak.

To determine that a credential was issued by the issuer, while that issuing key was valid, requires skill of the timestamp — beyond anything written into the credential itself. Why? Because if the private key was leaked, there is nothing to prevent an attacker from issuing false credentials and backdating in the contents. That means, even if an issuer has publicly revoked the leaked credential, an independent verifier would not know the difference inbetween a valid and invalid credential unless there were some extra reliable source of when the transaction took place.

This could be done through use of a timestamping authority (TSA) — more commonly used in a PKI solution — but that places a dependency on a trusted third party.

On the other forearm, blockchain provides permanent, trusted timestamping by design. It requires massive computational effort — rewriting the entire blockchain — to tamper with the timestamps. So blockchain timestamps can prove existence of data before a certain point. Furthermore, it is a distributed ledger, and not dependent on a trusted party. This improves availability, capability to independently verify, and reduces single points of failure.

Related video:

admin_en | 1@1.com

Related Posts

Bit (money) The word bit is a colloquial expression referring to specific coins in various coinages across the world. Contents In the United States, the bit is equal to one eighth of a dollar or twelve 1 ⁄Two cents. In the U.S., the “bit” as a designation for money dates from the colonial period, when […]

Best Bitcoin Exchanges in the World For Trading Bitcoins Bitcoin is gaining momentum quicker than anybody primarily thought. People around the globe have already began talking about it, and thanks to many fresh startups, even non-technical people are able to purchase Bitcoin these days. If you search for “Best Bitcoin exchanges“, you will get perplexed […]

August one and the Potential Disruption of the Bitcoin Network If you’ve been listening to the bitcoin ‘community,’ you’d know that in about two weeks the bitcoin network may face some protocol switches. Due to the possible user-activated soft fork (UASF) planned and the chance some groups may counter this plan, this has created thousands […]

Leave a Reply

Your email address will not be published. Required fields are marked *