OverView #
Public Key Infrastructure (PKI) is one of the most widely accepted cryptographic protocols for solving authentication for enabling secure communications on the web. PKI consists of digital certificates managed by a certification authority (CA) to verify the identity of the user, thus providing a secure communication channel. However, the traditional PKI method has problems such as difficulty in mutual trust between multiple certification center nodes, single point of failure, and low efficiency. The centralized mode of operation of CAs has led to many targeted attacks, such as man-in-the-middle attacks. In this paper, the goal of DECA is to completely decentralize the CA pool, while building a high-performance DPKI certification system to achieve a DPKI decentralized solution.
DECA uses the two basic modules of decentralized identity identification (DID) and verifiable statement (identity certificate) to define the format of identity identifiers, describe documents and processes such as generation, presentation, verification and destruction of identity certificates, covering identity and The complete life cycle of credential management, using decentralized trust management technology, provides on-chain storage and off-chain storage. Best practice is to store a small amount of data (e.g. id, state, etc.) on-chain, and a large amount of data (e.g. public key, authentication method, etc.) off-chain (e.g. IPFS), and combine them through the on-chain data transfer. Store hash, and realize decentralized authentication calculation by constructing offline data crdt consistent storage, and constructing component roles such as issuer and verifier.
This decentralized authentication protocol improves the efficiency of online cross-domain authentication transactions by verifying the hash value of the certificate instead of the signature. By placing the certificate generation process and the storage process of its hash in the registration operation, the verification process of Verifier and CA is reduced, and the efficiency is further improved.
