OK, I’ll admit to using a clickbait headline—mostly because this topic comes up often and needs to be understood. The upshot is that there is no “Blockchain vs. PKI” argument. You might as well argue about whether your passport is better than your bank statement. It’s complete nonsense!
To understand the argument better, let’s back up to the intended purpose and application of each technology.
The most famous implementation of Blockchain is, of course, Bitcoin. For better or worse, Blockchain will be forever associated with cryptocurrencies. After all, Blockchain’s purpose is to provide an unchangeable, irrefutable, distributed record of transactions. It accomplishes this through the use of cryptographic operations, which is why people often get confused and think blockchain can be used for all sorts of other things for which it is not well suited.
With a Blockchain, you can verify that a specific transaction happened and wasn’t altered. You can’t change an entry in a properly implemented Blockchain, which is why it is used for cryptocurrencies. You want a system that doesn’t allow anyone to alter or delete transactions arbitrarily or to double-spend the same currency (e.g., give themselves money).
So, although a Blockchain can prove that a particular transaction occurred and wasn’t altered, it can’t prove that a particular person or entity conducted that transaction. Sure, the transaction may list a name or ID, but strong authentication isn’t part of a standard Blockchain. We live in a world of identity theft and telemarketers who use fake telephone numbers; it should be easy to understand that just because Joe Smith is listed as the entity that conducted a transaction, it doesn’t necessarily follow that Joe Smith actually did it. In fact, Bitcoin’s implementation of Blockchain was intended to allow for transactor anonymity in case you want to pay for something and not reveal who you are. To this day, Bitcoin’s creator is unknown.
In contrast to Blockchain, the specific purpose of Public Key Infrastructure (PKI) is to verify identity—that is, provide authentication. Private keys and their associated certificates are issued by a controlled source, so not just anyone can get them. Assuming that no one else has access to a certificate’s private key, you can cryptographically verify that a certificate you receive is owned by the entity that gave it to you. In addition, you can verify the origin, validity date, and revocation status of that certificate. It’s much like a passport: You can verify ownership and origin of a credential provided by an entity that requests access.
The bottom line is that both Blockchain and PKI use cryptography, but they’re different beasts for different purposes. You use a Blockchain to verify a transaction record. You use PKI to verify the identity of an entity bearing a certificate. That said, there is nothing preventing the use of Blockchain and PKI in combination so that you can not only verify a transaction but also verify the identity of the transactor. So, perhaps the title of a future article could instead be “Blockchain and PKI.”
To learn more about PKI, download my white paper, ‘Internet of Things Security: Implement a Strong, Simple & Massively Scalable Solution.”