SmartDNSPKI: A Blockchain Based DNS and PKI.

Date of Submission

December 2017

Date of Award

Winter 12-12-2018

Institute Name (Publisher)

Indian Statistical Institute

Document Type

Master's Dissertation

Degree Name

Master of Technology

Subject Name

Computer Science


Cryptology and Security Research Unit (CSRU-Kolkata)


Ruj, Sushmita (CSRU-Kolkata; ISI)

Abstract (Summary of the Work)

PKI is an infrastructure used to create, store, manage, revoke, and distribute Digital certificates which bind a public key to an entity. PKI is implemented broadly using two approaches: first approach is a centralised system with Certificate Authorities (CAs) playing the crucial role of certifying an entity and publishing the certificate of the certified entity. This introduces a central point of failure in the system in the form of trusted CAs. Moreover, Certificate Authorities are not publicly auditable making it more difficult to detect a fraud CA. The second approach is “Web-of-Trust (WoT) ”, which is a decentralised system of certifying the entities and has no trusted third party. The participating entities can certify themselves and get attestations from other participants who vouch for their certificates and are trusted by other users. However, a participant needs a trusted introducer to enter the system. To overcome these problems, few blockchain-based PKIs have been proposed to make the process of certificate issuance, updation and revocation publicly auditable and unalterable.Google suggested use of append-only ledgers to make the activity of certificate issuance publicly auditable. Use of a publicly auditable, append-only ledger, which is otherwise very useful, comes with a number of privacy-related challenges. One of those challenges is registering a certificate for a private subdomain. Certificate transparency has extended support to register redacted domain names in CT logs. However, domain name redaction has many weaknesses. Use of wildcard certificates for securing subdomains is also ambiguous and insecure. Other blockchain-based PKIs also do not have any method to support private subdomains in a secure way. We have proposed SmartDNSPKI: a blockchain-based DNS and PKI, which provides all the functionalities of a DNS and a PKI preserving the privacy of private subdomains. Our scheme does not reveal any information about the private subdomains, apart from the fact that a private subdomain has been registered for the domain. To support the linkability between the certificate owner and the domain owner, the two smart contracts interact with each other. We have implemented our solution on Ethereum platform.


ProQuest Collection ID:

Control Number


Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.


This document is currently not available here.