Blerify’s Smart-Contract-Based Root of Trust
Decentralized Public Key Directories (DPKDs)
DPKDs serve as on-chain registries where the identity of issuers of Digital Credentials is publicly recorded, allowing third parties to resolve and verify them in a trustless manner. These decentralized public key directories are implemented as smart contracts compatible with any Ethereum Virtual Machine (EVM)-based blockchain.
Our data schema enables the association of an issuer’s identity information with multiple data formats, including:
W3C Verifiable Credentials (VCs)
ISO 18013 digital credentials
EBSI Legal Entity data formats
Other standardized and custom schemas
Additionally, our solution supports immutable timestamps, allowing the system to record when an entity ceases to be valid within the DPKD. This ensures historical transparency and facilitates time-bound verification. These DPKDs are designed to be governed by a Decentralized Certificate Authority (DCA), ensuring decentralized and tamper-proof identity verification.
Decentralized Trusted Lists (DTLs)
DTLs introduce a multi-level smart contract framework where individuals or organizations can endorse reputational trust to other entities for general or specific purposes. Similar to our DPKD, our DTL solution allows the use of immutable timestamps, enabling transparent tracking of trust endorsements and revocations. If an entity’s reputational trust is removed, any credential or asset issued by that entity can be rejected based on its validity timeframe.
DTLs are interoperable with DPKDs, allowing for seamless integration between public key verification and reputational trust mechanisms. Unlike DPKDs, which focus on identity verification, DTLs are designed to be self-managed by the entities that issue and receive endorsements.
Authentication & Security in DPKDs and DTLs
Since DPKDs and DTLs are built on EVM-compatible blockchains, every privileged action must be authenticated. Our architecture supports two authentication models:
Externally Owned Accounts (EOAs) – Simple authentication usig a private key-controlled Ethereum account.
Contract Accounts (CAs) – A more advanced and secure model where contract-based authentication replaces single-key authentication.
This enables entities to secure access to DPKD/DTL instances using smart contracts instead of relying solely on cryptographic keys. Key benefits include:
Multi-signature contract accounts, adding an extra layer of security for identity management.
Account abstraction, allowing the implementation of custom authentication mechanisms beyond the standard ECDSA-secp256k1 signatures (used across Ethereum networks).
Hardware Security Module (HSM) integration, enabling enterprises to enhance security and mitigate risks related to key compromise.
Decentralized Root of Trust (DRoT) & Access Recovery
In the Decentralized Root of Trust (DRoT) model, entities always retain a path to recover access. The entity that initially endorsed trust can update or restore access when necessary. However, endorsing trust to another entity does not imply control over that entity's identity.
Furthermore, when an entity is endorsed, it must acknowledge the endorsement to establish trust. The mechanism for acknowledgment is left to implementations built on top of this protocol, allowing flexibility in trust management while preserving decentralization and autonomy.
For each level of depth in the trusted lists, is it possible to create different groups.
Last updated
