TrustCA: Achieving Certificate Transparency Through Smart Contract in Blockchain Platforms

Certificate Authorities (CAs) are important components for digital certificate issuances in Public Key Infrastructure(PKI). However, current CAs have some intrinsic weaknesses due to the CA-centric implementation. And when browser and operating system vendors contain a CA in the software, they place complete trust in the CA. In this paper, we utilize natural characteristics of tamper-proof and transparency of smart contracts in blockchain platforms to design an independent entity, named the CA proxy, to manage life cycle of digital certificates. This management will achieve the certificate transparency. We propose a new system architecture easy to integrate the CA proxy with current CAs through applying the blockchain oracle service. In this architecture, the CA proxy, CAs, and even professional identity verification parties can accomplish life cycle management of certificates, signature of certificates, identity verification for certificates correspondingly. The achievement of the certificate transparency through life cycle management of digital certificates in blockchain platforms, when compared with traditional CAs, solves traditional CAs' trust model weaknesses and improve the security.