Blockchain vs PKI: What is the Right Security Solution?

OK, I’ll admit to using a clickbait headline—mostly because this topic comes up often and needs to be understood. The upshot is that there is no “Blockchain vs. PKI” argument. You might as well argue about whether your passport is better than your bank statement. It’s complete nonsense!

To understand the argument better, let’s back up to the intended purpose and application of each technology.

Download the IoT Security White Paper Now

Blockchain 101

The most famous implementation of Blockchain is, of course, Bitcoin. For better or worse, Blockchain will be forever associated with cryptocurrencies. After all, Blockchain’s purpose is to provide an unchangeable, irrefutable, distributed record of transactions. It accomplishes this through the use of cryptographic operations, which is why people often get confused and think blockchain can be used for all sorts of other things for which it is not well suited.

With a Blockchain, you can verify that a specific transaction happened and wasn’t altered. You can’t change an entry in a properly implemented Blockchain, which is why it is used for cryptocurrencies. You want a system that doesn’t allow anyone to alter or delete transactions arbitrarily or to double-spend the same currency (e.g., give themselves money).

So, although a Blockchain can prove that a particular transaction occurred and wasn’t altered, it can’t prove that a particular person or entity conducted that transaction. Sure, the transaction may list a name or ID, but strong authentication isn’t part of a standard Blockchain. We live in a world of identity theft and telemarketers who use fake telephone numbers; it should be easy to understand that just because Joe Smith is listed as the entity that conducted a transaction, it doesn’t necessarily follow that Joe Smith actually did it. In fact, Bitcoin’s implementation of Blockchain was intended to allow for transactor anonymity in case you want to pay for something and not reveal who you are. To this day, Bitcoin’s creator is unknown.

PKI 101

In contrast to Blockchain, the specific purpose of Public Key Infrastructure (PKI) is to verify identity—that is, provide authentication. Private keys and their associated certificates are issued by a controlled source, so not just anyone can get them. Assuming that no one else has access to a certificate’s private key, you can cryptographically verify that a certificate you receive is owned by the entity that gave it to you. In addition, you can verify the origin, validity date, and revocation status of that certificate. It’s much like a passport: You can verify ownership and origin of a credential provided by an entity that requests access.

Two Purposes

The bottom line is that both Blockchain and PKI use cryptography, but they’re different beasts for different purposes. You use a Blockchain to verify a transaction record. You use PKI to verify the identity of an entity bearing a certificate. That said, there is nothing preventing the use of Blockchain and PKI in combination so that you can not only verify a transaction but also verify the identity of the transactor. So, perhaps the title of a future article could instead be “Blockchain and PKI.”

To learn more about PKI, download my white paper, ‘Internet of Things Security: Implement a Strong, Simple & Massively Scalable Solution.”

Download the White Paper Now

About KYRIO

For manufacturers and service providers, Kyrio accelerates and deploys new network innovations into the ecosystem. Backed by the power of CableLabs, Kyrio sets technology on a path to commercialization, enabling not just today but tomorrow’s communication.

Privacy Preference Center

Strictly Necessary

Cookies that are necessary for the site to function properly.

__cfduid,hubspotutk, PHPSESSID

Performance

These are used to track user interaction and detect potential problems. These help us improve our services by providing analytical data on how users use this site.

_ga, _gat, _gid, _hjIncludedInSample, mailmunch_second_pageview

Targeting

These cookies are used to (1) deliver advertisements more relevant to you and your interests; (2) limit the number of times you see an advertisement; (3) help measure the effectiveness of the advertising campaign; and (4) understand people’s behavior after they view an advertisement.

__hssc, __hssrc, __hstc

Close your account?

Your account will be closed and all data will be permanently deleted and cannot be recovered. Are you sure?