Paper 2019/1141

KORGAN: An Efficient PKI Architecture Based on PBFT Through Dynamic Threshold Signatures

Murat Yasin Kubilay, Mehmet Sabir Kiraz, and Haci Ali Mantar

Abstract

During the last decade, several misbehaving Certificate Authorities (CA) have issued fraudulent TLS certificates allowing MITM kinds of attacks which result in serious security incidents. In order to avoid such incidents, Yakubov et al. recently proposed a new PKI architecture where CAs issue, revoke, and validate X.509 certificates on a public blockchain. However, in their proposal TLS clients are subject to MITM kinds of attacks and certificate transparency is not fully provided. In this paper, we eliminate the issues of the Yakubov et al.’s scheme and propose a new PKI architecture based on permissioned blockchain with PBFT consensus mechanism where the consensus nodes utilize a dynamic threshold signature scheme to generate signed blocks. In this way, the trust to the intermediary entities can be completely eliminated during certificate validation. Our scheme enjoys the dynamic property of the threshold signature because TLS clients do not have to change the verification key even if the validator set is dynamic. We implement our proposal on private Ethereum network to demonstrate the experimental results. The results show that our proposal has negligible overhead during TLS handshake. The certificate validation duration is less than the duration in the conventional PKI and Yakubov et al.’s scheme.

Note: Corrected some typos.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
SSLTLSPKICertificate TransparencyPBFTDynamic Threshold Signatures
Contact author(s)
m kiraz @ gmail com
History
2020-03-29: last of 14 revisions
2019-10-03: received
See all versions
Short URL
https://ia.cr/2019/1141
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1141,
      author = {Murat Yasin Kubilay and Mehmet Sabir Kiraz and Haci Ali Mantar},
      title = {{KORGAN}: An Efficient {PKI} Architecture Based on {PBFT} Through Dynamic Threshold Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1141},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1141}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.