Master's Thesis Friederike Groschupp

Exploring the Use of SSL/TLS Certificates for Identity Assertion and Verification in Ethereum

While blockchain technology promises a new era of transparent and secure distributed applications, there is a lack of an established identity management process. This poses a problem for applications requiring smart contract owners to be authenticated. One issue that previously proposed solutions face is the accumulation of a critical mass of trusted data that makes the system usable. In this work, we propose an identity assertion and verification framework for Ethereum that overcomes this bootstrapping problem. It achieves this by leveraging SSL/TLS certificates, which are part of the established infrastructure that is commonly used for authenticating internet connections.

We design and implement an SSL/TLS certificate-based authentication framework whose key features are the smart contract-based validation and storage of certificates and address-identity bindings. Looking at the current SSL/TLS ecosystem, we find that a large share of all domain certificates is issued by a small number of intermediate and root certificates. Therefore, we decide to store and maintain certificates in a central database to minimize processing costs. The evaluation of our prototype implementation shows that the associated cost of our system is within a feasible operating range, with the costs of submitting a new certificate currently averaging around 2.40 $ and the cost of creating an address-identity binding averaging around 1.30 $. The cost of verifying an address-identity binding averages around 0.08 $ or 1.02 $ depending on the deployment scheme. Our system is a pragmatic and, most importantly, quickly bootstrapped method for an identity assertion and verification framework for Ethereum.