论文信息 - On the security of the blockchain BIX protocol and certificates

On the security of the blockchain BIX protocol and certificates

In recent years certification authorities (CAs) have been the target of multiple attacks due to their sensitive role in internet security. In fact, with access to malicious certificates it is possible to mount effective large-scale man-in-the-middle attacks that may become very vicious, especially if the incident is not properly handled. Many attacks, such as the 2011 ones against DigiNotar and Comodo, also show strong hints of state sponsorship; thus, CAs have to be considered primary targets in a scenario of (possibly state-sponsored) large-scale cyber attacks. Therefore, there is a need for a PKI protocol which is more resilient and without single points of failure, such as the CAs. The BIX protocol is a blockchain-based protocol that allows distribution of certificates linking a subject with their public key, hence providing a service similar to that of a PKI but without the need for a CA. In this paper, we analyse the security of the BIX protocol in a formal way. First, we identify formal security assumptions which are well-suited to this protocol. Second, we present some attack scenarios against the BIX protocol. Third, we provide formal security proofs that these attacks are not feasible under our previously established assumptions.

[1] Alfred Menezes,et al. The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[2] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[3] N. Rosanov. Proof of existence , 2011, Nature Photonics.

[4] Raphael M. Reischuk,et al. IKP: Turning a PKI Around with Blockchains , 2016, IACR Cryptol. ePrint Arch..

[5] Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[6] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7] Shawn Wilkinson,et al. Storj A Peer-to-Peer Cloud Storage Network , 2014 .

[8] Quynh H. Dang,et al. Secure Hash Standard | NIST , 2015 .

[9] Sead Muftic,et al. BIX Certificates: Cryptographic Tokens for Anonymous Transactions Based on Certificates Public Ledger , 2016, Ledger.

[10] Pascal Paillier,et al. Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[11] M. Rabin. DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[12] Bart Preneel,et al. The State of Cryptographic Hash Functions , 1998, Lectures on Data Security.