From Pretty Good to Great: Enhancing PGP Using Bitcoin and the Blockchain

PGP is built upon a Distributed Web of Trust in which a user’s trustworthiness is established by others who can vouch through a digital signature for that user’s identity. Preventing its wholesale adoption are a number of inherent weaknesses to include (but not limited to) the following: 1) Trust Relationships are built on a subjective honor system, 2) Only first degree relationships can be fully trusted, 3) Levels of trust are difficult to quantify with actual values, and 4) Issues with the Web of Trust itself (Certification and Endorsement). Although the security that PGP provides is proven to be reliable, it has largely failed to garner large scale adoption. In this paper, we propose several novel contributions to address the aforementioned issues with PGP and associated Web of Trust. To address the subjectivity of the Web of Trust, we provide a new certificate format based on Bitcoin which allows a user to verify a PGP certificate using Bitcoin identity-verification transactions forming first degree trust relationships that are tied to actual values (i.e., number of Bitcoins transferred during transaction). Secondly, we present the design of a novel Distributed PGP key server that leverages the Bitcoin transaction blockchain to store and retrieve Bitcoin-Based PGP certificates. Lastly, we provide a web prototype application that demonstrates several of these capabilities in an actual environment. In a recent article, Yahoo announced its intentions to add an extension that will provide its customers with the ability to digitally sign and encrypt messages using Pretty Good Privacy (PGP). Yahoo plans to use a fork of Google’s End to End OpenPGP plugin that is currently in development. Yahoo follows the likes of Google, Facebook and Microsoft, who also recently announced they would encrypt internal traffic in response to the Snowden spying revelations [1]. Traditional methods of securely sharing between two or more parties rely on the use of Public-Key Encryption within a Public Key Infrastructure (PKI). In a traditional PKI scheme, a certificate authority or certification authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a Trusted Third Party (TTP) that is trusted by both the ? Department of Computer Science, Johns Hopkins University ?? Department of Computer Science, Sapienza University of Rome ar X iv :1 50 8. 04 86 8v 2 [ cs .C R ] 2 1 A ug 2 01 5 subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many PKI schemes. [2]. Currently, the most viable alternative for Public Key Crytography based on a CA is PGP. PGP is built upon a Distributed Web of Trust in which a user’s trustworthiness is established by others who can vouch for that user’s identity. Preventing its wholesale adoption are a number of inherent weaknesses to include (but not limited to) the following: – Trust Relationships are built on a subjective honor system – Only first degree relationships can be fully trusted – Levels of trust are difficult to quantify with actual values – Issues specific to the Web of Trust: 1. Certification. It is currently difficult to get certified if the key is new. In general people complain that it is hard to find endorsers to enhance the trustworthiness of a new key which will limit its use. 2. Endorsement. Competence and willingness of endorsers. There is currently no incentive to endorse a key of someone you know much less someone you indirectly know through a friend or relative. Bitcoin is a form of digital currency, created and held electronically [3]. According to “Crypto Coin News”, the number of active Bitcoin users worldwide will reach 4.7 million by the end of 2019, marking a significant gain over the 1.3 million last year, according to a report from Juniper Research [4]. As a result of its popularity, we introduce a new Bitcoin-Based PGP certificate format, certificate validation methodology, and certificate endorsement model that overcomes the issues we have highlighted above. Issues 1 and 2 with the Web of Trust can be easily solved using our new Bitcoin-Based PGP certificate format and verification system. Issue 4 can be resolved by use of endorsement fee. The amount of the fee can be determined by the user and will vary based on the current value of a Bitcoin which has been relatively stable of late [5]. In Issue 2, the bitcoin payment ensures that the endorser follows the “authentication” procedure otherwise they risk losing bitcoins which demonstrates both their competence and willingness to serve as a viable certificate endorser. There are some interesting properties of our trust establishment protocol that could result in safer use of PGP. Property 1) People have the option of using previous transactions before using a certificate OR directly establishing a trust relationship themselves with a certificate owner (i.e., direct trust). Property 2) As mentioned above, because of the risk of losing bitcoins via the identityverification process, people will be less likely to leverage our certificates without a direct trust establishment. Property 3) The block chain and associated identityverification transactions provide transparency into the trustworthiness of others. In addition to these benefits, we also provide the design of a novel PGP Key Server based on the blockchain’s ability to store pieces of data since the 0.9.0 release. The 0.9.0 release of Bitcoin Core added a new standard transaction type granting access to a previously disallowed script function, OP-RETURN [6]. This function accepts a user-defined sequence of up to 40 bytes (now 80 bytes in current release). Once realized, this new key server will be completely de-centralized and serve as an appropriate repository for Bitcoin-Based PGP Certificates. Our work specifically provides the following contributions: – Bitcoin-Based PGP Certificate: Contains Bitcoin address for identity verification and certificate revocation. – Identity-Verification and Revocation Transactions: Serves as alternative means of verifying a certificate owner’s Public Key contained in a Bitcoin-Based PGP Certificate. Also provides a mechanism for certificate revocation using the embedded Bitcoin address for revocation purposes. – PGP Trust Levels: Allows users to specify the amount of Bitcoins they are willing to “risk” in order to verify a particular Bitcoin-Based PGP certificate. This amount (determined by the verifier) now attests to level of trust the verifier has in the certificate owner. – Certificate Signing Endorsements: Adds small incentive fee (via Bitcoin) each time an endorser (with a valid Bitcoin address) signs an Enhanced PGP Certificate stored on Bitcoin-Based PGP Key Server. – Bitcoin-Based PGP Key Server Design: Demonstrates method of using the Bitcoin Transaction Blockchain for PGP Key Storage. Offers a completely decentralized client-based software application that allows users to efficiently store and retrieve Bitcoin-Based PGP certificates within the blockchain. Application will separate certificate into individual pieces to fit within the allowed number of bytes and store within blockchain as append only data. Similarly, upon request (e.g., based on PGP Key ID or similar), client will facilitate the retrieval of PGP certificate fragments and reassemble them for use by requesting user. The rest of this paper is organized as follows: Section 2 discusses the work related to this area of research, Section 3 provides a background of the current PGP Public Key Certificate format as a context for our Bitcoin-Based PGP certificate, Section 4 presents an overview of PGP threats addressed by our contributions, Section 5 discusses the design details of our prototype application and new key server, Section 6 provides relevant sample output from the primary prototype functions, and Section 7 concludes the paper and identifies areas for future work.