Cryptology ePrint Archive: Report 2016/1018

IKP: Turning a PKI Around with Blockchains

Stephanos Matsumoto and Raphael M. Reischuk

Abstract: Man-in-the-middle attacks in TLS due to compromised CAs have been mitigated by log-based PKI enhancements such as Certificate Transparency. However, these log-based schemes do not offer sufficient incentives to logs and monitors, and do not offer any actions that domains can take in response to CA misbehavior. We propose IKP, a blockchain-based PKI enhancement that offers automatic responses to CA misbehavior and incentives for those who help detect misbehavior. IKP’s decentralized nature and smart contract system allows open participation, offers incentives for vigilance over CAs, and enables financial recourse against misbehavior. We demonstrate through a game theoretic model and through an Ethereum prototype implementation that the incentives and increased deterrence offered by IKP are technically and economically viable.

Category / Keywords: applications / public-key infrastructures, blockchain, smart contracts, incentives

Date: received 26 Oct 2016

Contact author: steve at stevematsumoto net

Available format(s): PDF | BibTeX Citation

Version: 20161027:211034 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]