Decentralized Certificate Authority

A Decentralized Certificate Authority is required to check public keys for use with Decentralized IDentifiers (DIDs). This allows for the use of Verifiable Credentials on a network.

Comment

Inspiration

I work in the Self-Sovereign Identity (SSI) space and we use Hyperledger Indy. Indy is based on the Plenum blockhain. Plenum is written in Python and is not very actively updated. The only use case for it is Hyperledger Indy and it is slow. I am looking for a replacement blockchain that has a higher throughput, better security and toolset. N3 provides these. On top of that I am really encouraged by N3's commitment to a governance stack on the blockchain. This is very important as the root of trust of an SSI system is governance.

What it does

The Decentralized CA is the basic building block for making decentralized cryptography work. Verifiable Credentials are signed by an issuer to prove that the credential was issued by that issuer for the holder of the credential. The Decentralized CA is what a verifier requires so that they can verify the signature without having to communicate with the issuer. It allows for discrete peer-to-peer communication between the issuer and the holder and the verifier and the holder. It allows a Verifiable Credential to last beyond the life of the issuer. If an issuer goes out of business, the credential is still verifiable using the public key in the Decentralized CA.

How we built it

There are two parts to this. The Decentralized CA uses a smart contract that maps a DID as a Key to a public Key as a value. The second part is who to grant access to the ability to put a key/value pair in the smart contract. This requires a governance framework. I am hoping to be able to harness the N3 blockchain governance for this.

Challenges we ran into

Accomplishments that we're proud of

What we learned

What's next for Decentralized Certificate Authority

Built With

  • tbd
Share this project:

Updates