RDI: Real Digital Identity Based on Decentralized PKI

Establishing a digital identity plays a vital part in the digital era. It is crucial to authenticate and identify the users in order to perform online transactions securely. For example, internet banking applications normally require a user to present a digital identity, e.g., username and password, to allow users to perform online transactions. However, the username-password approach has several downsides, e.g., susceptible to the brute-force attack. Public key binding using Certificate Authority (CA) is another common alternative to provide digital identity. Yet, the public key approach has a serious drawback: all CAs in the browser/OS’ CA list are treated equally, and consequently, all trusts on the certificates could be invalidated by compromising only a single root CA’s private key.We propose a Real Digital Identity based approach, or RDI, on decentralized PKI scheme. The core idea relies on a combination of well-known parties (e.g., a bank, a government agency) to certify the identity, instead of relying on a single CA. These parties, collectively known as Trusted Source Certificate Authorities (TSCA), formed a network of CAs. The generated certificates are stored in the blockchain controlled by smart contract. RDI creates a digital identity that can be trusted based on the TSCAs’ challenge/response and it is also robust against a single point of trust attack on traditional CAs.