When Whit Diffie proposed asymmetric key cryptography in 1976 he had a single use case in mind, namely establishing secure communications across an insecure channel. The concept is simple to understand. Bob and Alice want to establish secure communications but need to establish a shared secret for encryption of the communicated data. Bob uses a trust authority to connect Alice’s identity with a public key which he uses to encrypt the secret and send to Alice. Alice then decrypts it using her private key and that secret is then used to encrypt all communication going forward. This idea, implemented using RSA’s algorithm, revolutionized communication on the Internet and enabled e-commerce as we know it today. It works beautifully because of the stateless nature i.e. if either party’s keys are compromised they can simply generate a new key-pair and communication can start without any impact on history (because past communications are exactly that – in the past and therefore complete).
After the invention of PKI a separate use case was proposed – digital signatures i.e. by signing data with a private key then others can verify the integrity of the data using the signer’s public key. There are many problems with this. The first is that the proof of integrity is more of an attestation, i.e., it is true only because the signer says it is. The bigger problem though is that the verification of integrity relies on signers securing their private keys for the lifetime of the corresponding data. This is incredibly challenging to do well. Ask RSA. If the world’s leading security firm can’t secure its keys, what chance does the rest of the world have, such as your local hospital, car manufacturer or airline ?
For the last 40 years PKI has been the only tool available and if all you have is a hammer then everything looks like a nail. In reality privacy and integrity are diametrically opposite problems and require completely different tools.
Think of a crime in the physical world
In order to maintain confidentiality the fewer witnesses there are to the crime the better. But for integrity (i.e. proving what happened) the more witnesses there are to the crime the better. This is the principle of KSI. It uses an infrastructure to capture a signer’s data (or more accurately a fingerprint of the data). The infrastructure then aggregates all the fingerprints it receives during a second and publishes the result to a wide audience using a public ledger know as a blockchain. Without the need for keys or key management the complexity is removed and the reliability of the signature is based only on widely witnessed agreement. Confidentiality requires secrets. Integrity requires the opposite.
Because of its unique challenges as the world’s leading digital society, “Estonia, Inc.” recognized that globally scalable integrity services are as important as secure communication networks and invented KSI specifically to solve the integrity problem.
PKI and KSI are both just tools for data security and have complementary roles. PKI is best used for authenticating people on a network and establishing secure communications; KSI is best used for acting as an integrity proof for data at rest, providing a mathematical verifiable audit trail for what happens when without a trusted party or key in sight.