Open Collections

Abstract

Public Key Infrastructure (PKI), especially the X.509 standard, is the backbone of secure digital communication, providing essential services such as authentication, encryption, and digital signature verification. X.509 enables a certificate chain of trust, where Certificate Authorities (CAs) serve as the central trust anchors. While X.509 has proven to be effective in traditional centralized environments, it faces significant challenges such as single points of failure, vulnerability to CA breaches, and limited scalability in a globally distributed network. With the rise of decentralized technologies like blockchain, there is growing interest in developing Decentralized Public Key Infrastructure (DPKI) systems that eliminate these weaknesses by distributing trust across multiple entities. However, the majority of DPKI research either conflicts with X.509 standard, giving up CA as trust anchor, or focuses on general identity management. Especially, there are few research works concentrated on X.509 compatible DPKI systems designed for digital credentials. This thesis addresses the gap by investigating the integration of DPKI with X.509 specifically for managing digital credentials. A thorough literature review identified Trustchain as the most relevant and advanced stateof-the-art framework addressing this topic. Trustchain employs blockchain technology for digital credential management but also exhibits key design limitations. Using Trustchain as a foundational benchmark, this thesis introduces BCChain, a modified DPKI system that enhances identity validation, and incorporates a multi-root architecture, advancing blockchain-based DPKI compatibility with X.509 while improving security and scalability. This thesis also proposes a use case in education by simulation to further illustrate the application of my system.