BIX Certificates – Cryptographic Tokens Promoting Anonymity For Blockchain Transactions

With the advent of the blockchain technology and the use of the internet along with mobile technologies, a brand new group of transactions and applications, which rely on anonymity, is increasingly gaining interest and acceptance. Ingenious payment systems, blockchain based voting, digital notaries, medical services and electronic auctions represent examples of these new applications.

Beside anonymity, such transactions and applications will also have to offer traditional security services including identification, authentication, users’ authorization and transaction protection. Effective provision of these services in means that promote anonymity represents a tough challenge, due to the fact that all security services depend on an explicit process of identification and authentication of users. To overcome this challenge and offer web applications that promote security as well as anonymity, a group of researchers published a paper a few days ago that introduced an innovative cryptographic token, which they named “BIX certificates”.

“BIX” stands for “Blockchain Information Exchange”. The purpose of BIX certificates is similar to that of X.509 certificates; to offer secure applications and transactions that provide high levels of anonymity.

The Components and Structure of BIX Certificates:

According to the below diagram, a BIX certificate is formed of the following components:

1- Header: is composed of 3 attributes:

– Sequence number: it corresponds to the certificate’s serial number and denotes its relative position with respect to other BIX certificates within the context of a BCL instance.

– Version: It includes the piece of code that determines the type of a given BIX certificate.

– Date/time: It denotes the date and time stamp of the issuing of the certificate. It marks the start of the validity period of the certificate.

2- Subject: is comprised of 4 attributes:

– Subject BIX ID: a global identifier that is unique for each owner of a certificate.

– Date/time: it denotes the date and time stamp of creation of the public key and its corresponding private key.

– Algorithm identifier: it is an attribute that determines the cryptographic algorithm that was used with the corresponding public key.

– Public key: this is the public key that corresponds to the owner of the certificate.

3- Subject Signature:

it includes the signature over the “Subject’s” attributes using the certificate’s private key.

4- Issuer:

It includes the same attributes of the “Subject” but they point to the BIX user who issued the certificate.

5- Issuer signature:

This is a self-signed form of digital signature over the attributes of the issuer.

6- Backward cross-signature:

This attribute is comprised of 2 signatures; one for the Issuer and the other for the “Subject” over the 3 attributes of the “Header” concatenated with the “Subject’s” hash and the “Issuer’s” hash.

7- Next subject:

These are the same as the 4 “Subject’s” attributes but correspond to the BIX user who was certified by the BIX user who issued the certificate.

8- Next subject signature:

This represents the same attribute as the Subject signature, but it is created by the certificate’s issuer over the data of the Next subject

9- Forward cross-signature:

This contains 2 signatures, one corresponding to the Issuer and the other to the Next subject, over the 3 attributes of the “Header” concatenated with the hashes of both the Issuer and the Next subject.

10- Extensions:

This attribute has ObjectID which includes additional attributes that could be utilized in other applications of BIX certificates.

Difference between X.509 and BIX certificates:

One of the main goals of BIX certificates is to provide users with anonymous identities and corresponding public keys that allow users to be verified for correctness and/or ownership. These also represent the main goals of X.509 certificates. Accordingly, we can assume that BIX certificates are quite similar to X.509 certificates. There are two main differences between BIX certificates and X.509 certificates:

– User credentials that are included in BIX certificates are totally anonymous.

– BIX certificates are not issuable by any form of intermediary or third parties.

Although an X.509 certificate has a “serial number” attribute that refers to a specific X.509 certificate among those issued by a given “certification authority”, BIX certificates are only issued by members of a BIX community and collectively aggregated in a blockchain that represents a certificates’ ledger, so there is no need for a serial number to categorize certificates on issuer basis. Nevertheless, BIX certificates have a “Sequence Number” attribute that aids in referencing and other purposes.

A BIX certificates has a “Subject” component which includes identification attributes in the form of a personal identification number known as “BIX Identifier” which is an anonymous, globally unique, publically available random number within the BIX system. BIX identifiers are used to conveniently reference individuals within the BIX system. The “subject” component has 4 attributes: Personal ID number, Date/Time, Subject Public Key Info and Algorithm Identifier. Due to the fact that a BIX certificate is generated by its owner, a private key, linked to its corresponding public key, is used to “self-sign” the “Subject” component of the certificate.

BIX certificates represent an innovation that adds an element of anonymity to bitcoin and other similar cryptographic protocols and can open the door to the formulation of a myriad of secure applications during the next few years.