ClaimChain

Decentralized public key infrastructure based on cross-referencing hash chains

 
Each user or device maintains repositories of claims regarding their own key material, and their beliefs about public keys and, generally, state of other users of the system. High integrity of the repositories is maintained by virtue of storing claims on authenticated data structures, namely hash chains and Merkle trees, and their authenticity and non-repudiation by the use of digital signatures.
Cross-referencing of hash chains is a way to efficiently and verifiably vouch about states of other users. This allows to detect chain compromises, manifested as forks of hash chains, and to implement various social policies for deriving decisions about the latest state of users in the system.
The claims about keys of other people can reveal the social graph. To solve this, we use cryptographic verifiable random functions to derive private identifiers that are re-randomized on each chain update. This allows to openly and verifiably publish claims that can only be read by the authorized users, ensuring privacy of the social graph. Moreover, the specific construction of Merkle trees, along with the usage of verifiable random functions, ensures users can not equivocate about the state of other people.
Claimchain is flexible with respect to deployment options, supporting fully decentralized deployments, as well as centralized, federated, and hybrid modes of operation.
This work is a part of NEXTLEAP project.