Dizar: An Architecture of Distributed Public Key Infrastructure Based on Permissoned Blockchain

  • Qianyi DaiEmail author
  • Kaiyong Xu
  • Leyu Dai
  • Song Guo
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1176)


With the current blockchain-based Public Key Infrastructure (PKI) being in its early stage of R&D, it is suffering from many shortcomings, such as its reliance on the centralized Certificate Authority (CA), the faulty identity registration and verification mechanism, and the difficulty in certificate management. As a result, the existing blockchain based PKI has trouble in adapting to a distributed network. Therefore, we have proposed Dizar: A distributed PKI architecture based on permissoned blockchain. Dizar architecture is designed with a distributed ledger operation system that can verify security. Based on no certificate authentication, electronic certificates with legal identities in the network are registered in a secure and verifiable permissioned blockchain, thus realizing the full-cycle management of the issued electronic certificates. The performance of Dizar is analyzed and compared with previous protocols. The results show that the Dizar architecture has better adaptability to a distributed network.


Distributed PKI Permissioned blockchain Distributed ledger No-certificate authentication 


  1. 1.
    Al-Bassam, M.: SCPKI: a smart contract-based PKI and identity system. In: ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 35–40 (2017)Google Scholar
  2. 2.
    Androulaki, E., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains (2018)Google Scholar
  3. 3.
    Author: Disk storage cost. Accessed 28 Nov 2017
  4. 4.
    Axon, L.: Privacy-awareness in blockchain-based PKI (2015)Google Scholar
  5. 5.
    Camacho, P., Hevia, A., Kiwi, M., Opazo, R.: Strong accumulators from collision-resistant hashing. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 471–486. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  6. 6.
    Diginotar: Diginotar. Accessed 4 Mar 2011
  7. 7.
    Eweek: Mozilla asked to revoke trustwave CA for allowing SSL eavesdropping. February March 4, 2012
  8. 8.
    Faisca, J.G., Rogado, J.Q.: Personal cloud interoperability. In: World of Wireless, Mobile and Multimedia Networks, pp. 1–3 (2016)Google Scholar
  9. 9.
    Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier. White Paper (2011)Google Scholar
  10. 10.
    Fromknecht, C., Velicanu, D.: CertCoin: a NameCoin based decentralized authentication system. Technical report, 6.857 class (2014)Google Scholar
  11. 11.
    Gervais, A., Karame, G.O., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 3–16 (2016)Google Scholar
  12. 12.
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: Usenix Conference on Security Symposium, pp. 129–144 (2015)Google Scholar
  13. 13.
    Lesueur, F., Me, L., Tong, V.V.T.: An efficient distributed PKI for structured P2P networks. In: IEEE Ninth International Conference on Peer-to-Peer Computing, pp. 1–10 (2009)Google Scholar
  14. 14.
    Lewison, K., Corella, F.: Backing rich credentials with a blockchain PKI. Technical report, Pomian & Corella LLC (2016)Google Scholar
  15. 15.
    Matsumoto, S., Reischuk, R.M.: IKP: turning a PKI around with decentralized automated incentives. In: Security and Privacy, pp. 410–426 (2017)Google Scholar
  16. 16.
    Melin, T., Vidhall, T.: Namecoin as authentication for public-key cryptography (2014)Google Scholar
  17. 17.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted (2008)Google Scholar
  18. 18.
    Patrick Wardle, A.M.: CA threats. Accessed 4 Apr 2017
  19. 19.
    Phillip: Comodo SSL affiliate the recent RA compromise. Accessed 4 Mar 2011
  20. 20.
    Nakamoto, S.: Bitcoin blockchain size. Accessed 7 Aug 2018
  21. 21.
    Shen, X., Pei, Q.Q., Liu, X.F.: Survey of block chain. Chin. J. Netw. Inf. Secur. 11, 11–20 (2016)Google Scholar
  22. 22.
    Symantec Threat Intelligence: Marketscore proxyserver certificate. Accessed 4 Apr 2017
  23. 23.
    VerisignDECEMBER: The verisign domain name industry brief. Accessed 4 Apr 2017
  24. 24.
    Xu, J.J.: Are blockchains immune to all malicious attacks? Financ. Innov. 2(1), 25 (2016)CrossRefGoogle Scholar
  25. 25.
    Zhicheng, Z., Lixin, L., Zuohui, L.: Efficient cross domain authentication scheme based on blockchain technology. J. Comput. Appl. 38(2), 316–320 (2018)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Zhengzhou Information Science and Technology InstituteZhengzhouChina

Personalised recommendations