Why Use a Blockchain?
Blockchains offer a new public infrastructure for verifying credentials in a manner far more durable, secure, and convenient than relying upon a single authority.
Everyone wants digital records to be shareable and verifiable, but it is only now that we have the technical infrastructure to reliably accomplish that goal. The innovation that makes this possible is blockchain-enabled networks that synchronize around a single truth. While digital signatures and public key infrastructure (PKI) are important pieces of a secure credentialing solution, it is the addition of a decentralized verification network that adds the highest level of security, longevity, and recipient ownership to digital records.
Traditional solutions for verifying digital records, including PKI, have typically relied on a trusted third party (TTP) to transmit or provide verification. This might be a vendor, an issuer, or a certificate authority. Unfortunately, in these cases, the TPP operates within limited jurisdictions and precariously maintains a single point of failure. This means that if the TTP is ever compromised, loses their records, or stops functioning, verification is no longer possible. Some minimize the risk of such a failure, but catastrophic failures happen all the time across every geographic region, leaving people stranded and exposed.
Disaster Examples:
- War: In Syria, civil war left major institutions of government and education destroyed. Millions of people can no longer prove who they are or what their skills are because the only institutions who could verify this information are no longer functioning, or have lost their records.
- Natural: In 2017, Hurricane Maria hit Puerto Rico. Critical infrastructure was wiped out by the hurricane, causing loss of high-stakes records. These included vital records (birth, death, and marriage certificates), driver’s licenses, property titles, and address and tax records.
- Technical: In the United States, the Equifax hack demonstrated how a single honey pot of personal information, like social security numbers, can leave citizens completely exposed.
The point is that disasters are common and can happen anywhere, to any trusted third party. Entrusting a single entity with the power to protect and verify those records creates a brittle system with poor security and longevity. It is insufficient for high-stakes records that need to be accessed and verified reliably for a lifetime.
A better alternative is having this same trusted authority backed up thousands of times, across the globe, and accepted across jurisdictions because the data isn’t controlled by any single company or government. That is what public blockchains have enabled. Even better, using an open standard (like Blockcerts) to anchor records to blockchains creates an ecosystem of globally portable, interoperable records that can easily be recovered if disaster strikes.
Blockchains and Decentralization
Every decade or two, a new computing platform comes along that changes how we live. Personal computers, the Internet, and smartphones are all examples of fundamental innovation. What’s hard to comprehend about new platforms is that they are initially inferior to older platforms in most ways, but they also bring about some profound new capabilities.
Today, decentralized software, enabled by blockchains, are the fundamental innovation. While these platforms are sometimes counterintuitive and lack many features, they offer something that has never existed before: Trust. Instead of having to trust a government, or a large company, or even the other people on the network, the only thing that needs to be trusted is math. That bedrock characteristic opens up the door for new types of software to be developed where trust is essential, like money, property, or official records.
Further, because trust is built into the platform itself, it can be run by a global network with thousands of participants, rather than a single company like Facebook. A blockchain is a way of storing an identical copy of data across the entire network, so when some piece of data needs to be verified, there is a global consensus supporting that fact.
Replication of data provides durability, and decentralization resists censorship.
Technical Benefits
The main difference between PKI and blockchains is simply that, with blockchains, verification authority is being decentralized. We can call this DPKI. The technical benefits of this are independent timestamping and a globally redundant network for instant verification.
Independent timestamping is a security enhancement beyond traditional PKI. A blockchain provides its own timestamp for when each credential was conferred to a recipient, which is a type of transaction. This ultimately gives Issuers the ability to rotate their issuing keys without undermining the ability to verify those transactions.
Verification requires checking that the credential originated from a particular Issuer while that issuing key was valid, which requires knowledge of the timestamp beyond anything written into the credential itself. If a private key is compromised, nothing prevents an attacker from issuing fake credentials and backdating the content. Even if an Issuer publicly revoked those fake credentials, an independent verifier would not know the difference between a valid and invalid credential. With blockchain-based independent time stamping, the time of the transaction is recorded, thus rendering the backdating attack impossible.
A global verification network with thousands of computers that all contain the same copy of historical transactions removes the vulnerability of relying upon a single authority. The effect is improved availability, the capacity to independently verify, and redundancy that avoids single points of failure.
It’s also important to point out that education providers are not surrendering any authority in this situation. Schools still issue, store, and host the records as they always have; they are simply gaining a level of security that didn’t exist before.
Overall, blockchains offer promising new features which help to achieve security goals while enabling individuals to hold their own official records, independent of any authority. This is the cross-jurisdictional verification infrastructure needed in today’s globalized world.