Cryptology ePrint Archive: Report 2018/1232

Certificate Transparency Using Blockchain

D S V Madala and Mahabir Prasad Jhanwar and Anupam Chattopadhyay

Abstract: The security of web communication via the SSL/TLS protocols relies on safe distributions of public keys associated with web domains in the form of $\mathsf{X.509}$ certificates. Certificate authorities (CAs) are trusted third parties that issue these certificates. However, the CA ecosystem is fragile and prone to compromises. Starting with Google's Certificate Transparency project, a number of research works have recently looked at adding transparency for better CA accountability, effectively through public logs of all certificates issued by certification authorities, to augment the current $\mathsf{X.509}$ certificate validation process into SSL/TLS.

In this paper, leveraging recent progress in blockchain technology, we propose a novel system, called $\mathsf{CTB} $, that makes it impossible for a CA to issue a certificate for a domain without obtaining consent from the domain owner. We further make progress to equip $\mathsf{CTB}$ with certificate revocation mechanism. We implement $\mathsf{CTB}$ using IBM's Hyperledger Fabric blockchain platform. $\mathsf{CTB}$'s smart contract, written in Go, is provided for complete reference.

Category / Keywords: applications / TLS, Blockchain, Hyperledger

Original Publication (in the same form): BlockSEA 2018 The 1st Workshop on Blockchain and Sharing Economy Applications

Date: received 23 Dec 2018

Contact author: mahavir jhawar at ashoka edu in

Available format(s): PDF | BibTeX Citation

Version: 20181231:033414 (All versions of this report)

Short URL: ia.cr/2018/1232


[ Cryptology ePrint archive ]