NoPKI: A Point-to-Point Trusted Party Service based on Blockchain Consensus Algorithm

The thesis is concerned with using Blockchain to solve the centralization issue in Public Key Infrastructure (a.k.a. PKI). Although PKI didn’t have major security breaches in 2000s, it did hint people with that the entire trust system can be affected even with a slight mis-operational issues. As encryption in communication has started moving from a flavorful option toward, de facto, mandatory for all sites, attackers started to target Certificate Authorities (CAs) so that they can utilize the utmost trust and power CAs have in PKI to issue certificates to any target they would like to perform man-in-the-middle attack, without the victim knowing. It is due to the fact that the computer software will trust whatever certificates issued by CAs whose root certificates are stored in its trust store.

In 2011, two major CAs breaches, with one with its intermediates resellers compromises, with another one with its entire root certificate being compromises under the control of the attacker, it is the time when people understand how overly centralized trust also aggregates risks. CAs will continue to be great targets for attackers, as long as encryption connections are mandatory.

However, the way toward decentralization is not easy, due to the fact that it can be extremely difficult to have trusted storage among a distributed network with no one can be trusted. In 2008, Satoshi created Bitcoin to be a Peerto-Peer transaction system, which he created a storage system specifically for an application that does not have a single point of trust upon a distributed network, named Blockchain.

It has perfectly fit in the difficulties that decentralizing PKI is facing. Many implementations and research have been released. However, many of them didn’t put the disadvantage a Blockchain system can bring into proper consideration - It can be extremely costly when keeping all data in one unified storage. It can be extremely storage consuming, due to that Blockchain is an append-only system, and it can be sluggish when many nodes are trying to reach consensus 2time after time.

NoPKI, though being a Blockchain solution, approaches the issue differently. It overcomes the issue by making each trust network small. Furthermore, each node is allowed to be invited to join other networks. Queries are passed along between networks. When a node on the query chain agrees with the query result, it will sign the result as "witness." The more nodes agree with a particular answer, the more such answer is considered closer to reality. Furthermore, keeping the chain small makes Blockchain efficient. However, it is expected that, overtime, someone may start acting maliciously. NoPKI has a timeout feature for every formed trust network. It will dissolve after some time. It makes attackers’ threat limited in a time frame.