Case 78: Blockchain Can Create ‘Next Generation’ Public-Key Infrastructure

Alastair Brockbank, British Embassy Tallinn

Since 2013, Estonian government registers — including those hosting all citizen and businessrelated information — have used Guardtime to authenticate the data in its databases. Their Keyless Signature Infrastructure (KSI) pairs cryptographic ‘hash functions’ (see below) with a distributed ledger, allowing the Estonian government to guarantee a record of the state of any component within the network and data stores.

This is no small undertaking. Estonia has the most regularly used national PKI in the world. Using their ID card, citizens order prescriptions, vote, bank online, review their children’s school records, apply for state benefits, file their tax return, submit planning applications, upload their will, apply to serve in the armed forces, and fulfil around 3000 other functions. Entrepreneurs use the ID card to file their annual reports, issue shareholder documents, apply for licenses, and so on. Government officials use the ID card to encrypt documents for secure communication, review and approve permits, contracts and applications, and submit information requests to law enforcement agencies. Ministers even use their ID cards to prepare for and conduct cabinet meetings, allowing them to review agendas, submit positions and objections, and review minutes.

Digital authentication is thus critical to government, business and public services alike, from drafting policy and legislation, to declaring finances and registering property and inheritance rights. Over 200 million digital signatures have been made using the ID card: some 39 per capita per year and rising. It is thus imperative for the government to know its records are the right records, and that they have not been altered from the inside, or by a cyber attack.

So how does a block chain help? It helps because every alteration of a piece of data is recorded. By providing proof of time, identity and authenticity, KSI signatures offer data integrity, backdating protection and verifiable guarantees that data has not been tampered with. It is transparent and works to the user’s benefit too: citizens can see who reviewed their data, why, and when; and any alterations to their personal data must be authorised. Moreover, through using hash functions, as opposed to asymmetric cryptography used in most PKI, KSI cannot be broken by quantum algorithms. It is also so scalable that it can sign an exabyte of data per second using negligible computational and network overhead. It removes the need for a trusted authority, its signed data can be verified across geographies, and it never compromises privacy because it does not ingest customer data. It is clear that the system marks a major advancement in PKI.

Ultimately, the KSI block chain means that while the Estonian ID Card may never be immune to a breach (although there have been none so far), the government is assured that rogue alterations to public data will be 100% detectable.