BIX Certificates: Cryptographic Tokens for Anonymous Transactions Based on Certificates Public Ledger
With the widespread use of Internet, Web, and mobile technologies, a new category of applications and transactions that requires anonymity is gaining increased interest and importance. Examples of such new applications are innovative payment systems, digital notaries, electronic voting, documents sharing, electronic auctions, medical applications, and many others. In addition to anonymity, these applications and transactions also require standard security services: identification, authentication, and authorization of users and protection of their transactions. Providing those services in combination with anonymity is an especially challenging issue, because all security services require explicit user identification and authentication. To solve this issue and enable applications with security and also anonymity we introduce a new type of cryptographically encapsulated objects called BIX certificates. “BIX” is an abbreviation for “Blockchain Information Exchange.” Their purpose is equivalent to X.509 certificates: to support security services for users and transactions, but also enhanced with anonymity. This paper describes the structure and attributes of BIX certificate objects and all related protocols for their creation, distribution, and use. The BIX Certification Infrastructure (BCI) as a distributed public ledger is also briefly described.
Andreesen, M. “Why Bitcoin Matters”, The New York Times (2014)
Bamert, T., Decker, C., Wattenhofer, R., Welten, S. “BlueWallet: The Secure Bitcoin Wallet.” In Security and Trust Management. Springer 65–80 (2014)
bin Abdullah, N. Security Architecture and Protocols for Protection, Privacy, and Anonymity of Users and Transactions. Licentiate Thesis ICT/KTH (November 2015)
Buterin, V., “Secret Sharing and Erasure Coding: A Guide for the Aspiring Dropbox Decentralizer.” Ethereum Blog (16 August 2014) https://blog.ethereum.org/2014/08/16/secret- sharing-erasure-coding-guide-aspiring-dropbox-decentralizer/
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W. “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile”, IETF RFC 5280 (2008)
Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J. A., Felten, E. W., Narayanan, A. “Securing Bitcoin Wallets via Threshold Signatures.” No Publisher (2014) http://www.cs.princeton.edu/~stevenag/bitcoin_threshold_signatures.pdf
Kounelis, J. Secure and Trusted Mobile Commerce System based on Virtual Currencies. Ph.D. dissertation ICT/KTH (November 2015)
Larcheveque, E. “Bitcoin address authentication protocol (BitID).” No Publisher (2014)
Muftic, S. “Security, Privacy, and Anonymity of Peer–to–Peer Transactions.” Lecture notes EIT Digital, University of Trento (November 2015)
Muftic, S., bin Abbdullah, N., Kounelis, I. “Business Information Exchange System with Security, Privacy, and Anonymity.” Journal of Electrical and Computer Engineering 2016 1-10 (2016) doi:10.1155/2016/7093642
Nakamoto, S., “Bitcoin: A Peer-to-Peer Electronic Cash System.” No Publisher
No Author. “Bitcoin revealed: a Ponzi scheme for redistributing wealth from one libertarian to another.” Washington Post (January 2015)
No Author. “Cyber-Extortionists Targeting the Financial Sector Are Demanding Bitcoin Ransoms.” Bloomberg Business (September 2015)
No Author. “Extensible Messaging and Presence Protocol.” XMPP Standards Foundation www.xmpp.org
No Author. “XEP–0080: User Location.” XMPP Standards Foundation www.xmpp.org/extensions/xep- 0080.html
Pedro, F., Understanding Bitcoin: Cryptography, Engineering and Economics. Wiley Finance Series (2014) ISBN: 978-1-119-01916-9
Pseudonymous (MysteryMiner). “Easywallet.org wallets compromised – Uninstall Google Chrome spyware right now!” Bitcoin Forum (10 April 2013) https://bitcointalk.org/index.php?topic=172527.0
Ratnayake, Y. SDMS: Secure Documents Management System. M.Sc. thesis ICT/KTH (November 2015)
Shibli, A., et al. “Security Analysis of Bitcoin System (Vulnerabilities, Threats and Defense Techniques).” Unpublished manuscript
Sparkes, M., “The coming digital anarchy,” In The Telegraph (June 2014) http://www.telegraph.co.uk/technology/news/10881213/The-coming-digital- anarchy.html
Svensson, D. SecuRES: Secure Resource Sharing System. M.Sc. thesis ICT/KTH (June 2015)
Wilkinson, S. “Storj: A Peer-to-Peer Cloud Storage Network.” No Publisher (15 December 2014)
Copyright (c) 2016 Sead Muftic
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- The Author retains copyright in the Work, where the term “Work” shall include all digital objects that may result in subsequent electronic publication or distribution.
- Upon acceptance of the Work, the author shall grant to the Publisher the right of first publication of the Work.
- The Author shall grant to the Publisher and its agents the nonexclusive perpetual right and license to publish, archive, and make accessible the Work in whole or in part in all forms of media now or hereafter known under a Creative Commons Attribution 4.0 International License or its equivalent, which, for the avoidance of doubt, allows others to copy, distribute, and transmit the Work under the following conditions:
- Attribution—other users must attribute the Work in the manner specified by the author as indicated on the journal Web site;
- The Author is able to enter into separate, additional contractual arrangements for the nonexclusive distribution of the journal's published version of the Work (e.g., post it to an institutional repository or publish it in a book), as long as there is provided in the document an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post online a prepublication manuscript (but not the Publisher’s final formatted PDF version of the Work) in institutional repositories or on their Websites prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work. Any such posting made before acceptance and publication of the Work shall be updated upon publication to include a reference to the Publisher-assigned DOI (Digital Object Identifier) and a link to the online abstract for the final published Work in the Journal.
- Upon Publisher’s request, the Author agrees to furnish promptly to Publisher, at the Author’s own expense, written evidence of the permissions, licenses, and consents for use of third-party material included within the Work, except as determined by Publisher to be covered by the principles of Fair Use.
- The Author represents and warrants that:
- the Work is the Author’s original work;
- the Author has not transferred, and will not transfer, exclusive rights in the Work to any third party;
- the Work is not pending review or under consideration by another publisher;
- the Work has not previously been published;
- the Work contains no misrepresentation or infringement of the Work or property of other authors or third parties; and
- the Work contains no libel, invasion of privacy, or other unlawful matter.
- The Author agrees to indemnify and hold Publisher harmless from Author’s breach of the representations and warranties contained in Paragraph 6 above, as well as any claim or proceeding relating to Publisher’s use and publication of any content contained in the Work, including third-party content.
- The Author agrees to digitally sign the Publisher’s final formatted PDF version of the Work.
Revised 7/16/2018. Revision Description: Removed outdated link.