Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Decentralized PKI (DPKI)

2 min read
Pronunciation
[dee-sen-truh-lahyzd pee-key-ahy / dee-pee-key-ahy]
Analogy
Imagine traditional PKI as a system where only a few central government offices (CAs) can issue official ID cards (digital certificates). DPKI is like a community-managed system where ID verifications and attestations are recorded in a shared, tamper-proof public ledger (blockchain) that everyone can inspect. Trust is based on the transparency and immutability of this shared ledger, rather than solely on the reputation of a few central offices.
Definition
Decentralized Public Key Infrastructure (DPKI) is an alternative to traditional, centralized Public Key Infrastructure (PKI) where trust is not reliant on a small number of Certificate Authorities (CAs). Instead, DPKI leverages distributed ledger technology (blockchain) or other decentralized systems to manage, distribute, and revoke digital certificates or attestations of identity and key ownership.
Key Points Intro
DPKI aims to overcome the single points of failure and censorship risks associated with traditional centralized Certificate Authorities.
Key Points

No Central Certificate Authority: Trust is distributed across a network rather than concentrated in a few CAs.

Leverages Blockchain/DLT: Uses distributed ledgers for transparent and tamper-resistant recording of public keys and identities.

Enhanced Censorship Resistance: Makes it harder for a single entity to deny or revoke certificates arbitrarily.

User-Centric Identity: Often aligns with self-sovereign identity principles where users have more control over their digital identities.

Example
A DPKI system might allow users to register their public keys on a blockchain. Other users or entities can then issue attestations (claims) about these public keys/identities, also recorded on the blockchain. When someone needs to verify an identity, they can query the blockchain to retrieve the public key and any associated attestations from trusted sources, without relying on a traditional CA hierarchy. Systems like Ethereum Name Service (ENS) for naming can also incorporate DPKI-like features.
Technical Deep Dive
DPKI implementations can vary. Some might use a blockchain to store X.509-like certificates or simpler public key registrations. Others might use decentralized identifiers (DIDs) and verifiable credentials (VCs), where DIDs are registered on a ledger, and VCs (attestations) are issued by various entities and held by the user. Revocation can be handled by publishing revocation messages to the ledger. Trust models in DPKI can be based on web-of-trust, community validation, or staking mechanisms, rather than a strict hierarchy.
Security Warning
The security of a DPKI system depends on the security of the underlying blockchain or DLT and the specific mechanisms for key registration, attestation, and revocation. Bootstrapping trust and ensuring reliable identity verification in a decentralized manner are significant challenges.
Caveat
DPKI is an emerging field with ongoing research and development. Achieving widespread adoption and interoperability, similar to what traditional PKI has for web security, is a major hurdle. Governance of DPKI systems themselves can also be complex.
Related Terms
Blockchain

Decentralized PKI (DPKI) - Related Articles

No related articles for this term.