LRS_PKI: A novel blockchain-based PKI framework using linkable ring signatures

In recent years, numerous security vulnerabilities have emerged within the PKI system. For example, a compromised CA can issue illegal or fake certificates for any domains, and a CA can issue unauthorized certificates without the consent of the domain owner. In addition, some high-value target domains, such as banks and government agencies may have been frequently attacked, and the adversaries can launch the targeted attacks by making use of the disclosure of the issuing CAs. To address these pressing issues or challenges, in this work, we propose a novel blockchain-based PKI framework using linkable ring signatures, called LRS_PKI. Specially, we propose a novel certificate issuance mechanism that utilizes linkable ring signatures to hide the issuing CA, so as to reduce the risk of the PKI system being attacked. Additionally, we introduce the blockchain as a public log to record the certificate operations, and adopt the decentralized storage IPFS to store the certificates to decouple the blockchain layer and storage layer. In order to prevent the CA from issuing unauthorized certificates, we have added a condition to verify whether the issuing CA is consistent with the previous issuing CA in the certificate verification. The security analysis and experimental results show that LRS_PKI is both secure and efficient.