• PDF / 1,242,649 Bytes
• 15 Pages / 439.37 x 666.142 pts Page_size
• 16 Downloads / 199 Views

DOWNLOAD

REPORT

Abstract. Recently, a number of projects (both from academia and industry) have examined decentralized public key infrastructures (PKI) based on blockchain technology. These projects vary in scope from fullfledged domain name systems accompanied by a PKI to simpler transparency systems that augment the current HTTPS PKI. In this paper, we start by articulating, in a way we have not seen before, why this approach is more than a complementary composition of technologies, but actually a new and useful paradigm for thinking about who is actually authoritative over PKI information in the web certificate model. We then consider what smart contracts could add to the web certificate model, if we move beyond using a blockchain as passive, immutable (subject to consensus) store of data—as is the approach taken by projects like Blockstack. To illustrate the potential, we develop and experiment with an Ethereum-based web certificate model we call Ghazal, discuss different design decisions, and analyze deployment costs.

1

Introductory Remarks

The blockchain data structure and consensus mechanism has received significant interest since being introduced as the underlying technology of the cryptocurrency Bitcoin in Satoshi Nakamoto’s (pseudonymous) 2008 whitepaper [25]. In 2014, Buterin presented a new blockchain based application known as Ethereum [10]. As a blockchain-based distributed public network, Ethereum implements a decentralized virtual machine, known as the Ethereum Virtual Machine (EVM), which allows network nodes to execute deployed programmable smart contracts on the Ethereum blockchain [31]. This platform enables developers to create and execute blockchain applications called decentralized applications (dapps) that are executed correctly according to the consensus of the network. A Dapp’s code and data is stored in a decentralized manner on the blockchain. Dapps or smart contracts are now often written in a high level programming language such as Solidity which is syntactically similar to Java [1]. Digital smart contracts were first described Nick Szabo in 1993 [28], however they reached a high level of adoption through blockchain technology. One application of blockchain technology that has received some research and commercial interest is the idea of replacing (or augmenting) the web certificate c International Financial Cryptography Association 2019  A. Zohar et al. (Eds.): FC 2018 Workshops, LNCS 10958, pp. 352–366, 2019. https://doi.org/10.1007/978-3-662-58820-8_24

Ghazal: Toward Truly Authoritative Web Certificates Using Ethereum

353

model used by clients (OS and browsers) to form secure communication channels with web-servers (described in more detail below). This model has been plagued with issues from fraudulent certificates used to impersonate servers to ineffective revocation mechanisms; see Clark and van Oorschot for a survey [12]. We argue that the application of blockchains to this model is more than an interesting experiment; it is actually a new uni-authoritative paradigm that resolves some of the funda

Recommend Documents

Energy Trading Using Ethereum Blockchain

187 4 26MB

Authoritative Knowledge

192 91 989KB

Ethereum for Web Developers Learn to Build Web Applications on top o

365 30 3MB

Article 34: Authoritative Texts

192 75 5MB

Is Idiopathic Hirsutism Truly Idiopathic?

177 16 763KB

Formal Verification of Ethereum Smart Contracts Using Isabelle/HOL

179 73 7MB

Using Blazor Web Assembly

187 27 38MB

Ethereum Use Cases

208 26 7MB

Toward Web Templates Support in Nested Context Language

143 9 15MB

Characterizing Erasable Accounts in Ethereum

159 86 23MB

Post-quantum Certificates for Electronic Travel Documents

118 38 19MB

Incremental Quality Improvement in Web Applications Using Web Model Refactoring

198 104 365KB