Trustchain synopsis

Trustchain is a proposed approach to the problem of how to build a decentralised Public Key Infrastructure (PKI) based on the W3C standard for Decentralised Identifiers (DIDs). The standard specifies the form and function of DIDs but leaves important implementation details unspecified. In particular, it is predicated on the availability of verifiable data registries and mentions blockchains (or other distributed ledgers) as candidates. However there is a tendency, even in the scientific literature, to exaggerate the extent to which such technologies can provide verifiable guarantees as to the trustworthiness of the data with which they operate. Trustchain is an attempt to leverage the genuinely unique properties of decentralised technology, while recognising its limitations, to build a new public key infrastructure suitable for digital identity applications.

The proposal includes two main contributions. First, a solution to the Oracle Problem for the specific case of persistent institutional identifiers, which exploits the unique capacity of the Proof of Work mechanism to generate independently verifiable timestamps. Second, an extension to the DID standard that enables an attestation of trustworthiness to be attached to newly-created DIDs, via a digital signature from an existing DID. Together, these interventions provide a means for constructing chains of trustworthy DIDs leading back to a verifiably timestamped root, in a manner analogous to the chains of trust between root and subordinate Certificate Authorities in today's Web PKI. However the decentralised nature of the proposed system brings a variety of benefits and mitigates several known issues with the Web PKI model. In particular it enables institutional and individual trust relationships to be expressed precisely and definitively in the digital domain, making it well suited for applications involving selective disclosure through the use of Verifiable Credentials.