Share

BLT: Blockchain Standard
for Digital Identity

Quantum-Immune Alternative to RSA

BLT is a new cryptographic algorithm invented by Guardtime cryptographers Ahto Buldas, Risto Laanoja and Ahto Truu in 2014.  It is a replacement for the RSA signature algorithm which is fundamentally broken upon the realization of practical quantum computers.

The RSA signature algorithm has been the underpinning of Internet security for the last 40 years but with the advent of quantum computing it is rapidly approaching the end of its shelf life.


As the sophistication of nation-state cyber-attacks continues to increase on a daily basis, there is an urgent need to find alternatives to RSA  to protect strategic national assets and critical infrastructure. 

BLT represents game-changing innovation for cyber-security and will ensure that critical infrastructure can remain protected even in an age of quantum computers.





"While Black Lantern could be used by governments to protect its secrets, it just as easily could be used as a tool to keep government accountable."
http://www.wired.com/2015/06/tech-behind-bitcoin-stop-next-snowden


"...unlike RSA, its cryptographic scheme “cannot be efficiently broken” even if an attacker uses quantum-computing algorithms." 

http://www.scientificamerican.com/article/can-t-touch-this-new-encryption-scheme-targets-transaction-tampering/


"...in the case of Bitcoin the values represent transactions; in the case of Guardtime, it’s the hashed signatures of the assets being tracked."
http://www.networkworld.com/article/2925215/security0/new-protocol-from-guardtime-hopes-to-unseat-rsa-for-authentication-digital-signatures.html



"BLT, an all-new signature approach created by new-generation security provider Guardtime 
and named for the initials of its inventors, Ahto Buldas, Risto Laanoja and Ahto Truu,
is a legitimate candidate to replace the RSA secret sauce."
http://www.eweek.com/security/why-guardtime-believes-it-will-replace-rsa-security-standard.html





How is BLT Different?


Simplified revocation management

In BLT, signing key status is checked at the signature issuance, and then the signature is sealed using KSI. There’s no need to find and check a Certificate Revocation List (CRL) when verifying the signature in the future.

Long-term validity

There is no need for periodic re-timestamping of signatures due to expiring keys - time and integrity of the signature can be proven mathematically without reliance on security of keys or trusted parties.

Cryptographic non-repudiation

It is mathematically impossible for the CA to generate the signatures on behalf of the user.

Limited liability

In BLT the signatures are created with server assistance – they require the CA to assist in the process of generating a signature (at the same time without being trusted). This is valuable as the CA can monitor or limit the number of signatures issued by a user.

Quantum immunity

BLT uses only industry standard cryptographic hash-functions for signature generation and verification. Unlike asymmetric cryptography used in today's PKI solutions (i.e. RSA, elliptic curves,) hash-functions cannot be efficiently broken using quantum algorithms.

Scale and efficiency

BLT easily scales for next-generation IoT applications assuming billions of online devices needing to be validated, and is more efficient to calculate and store than RSA.










Guardtime Announces BLT, A New Blockchain Standard for Digital Identity 

TALLINN, ESTONIA – May 21 , 2015 – Guardtime, the first and only platform for ensuring the integrity of data and systems at industrial scale, today announced BLT, the authentication and signature protocol meant to replace RSA as the standard for digital signatures. In contrast to RSA’s reliance on quantum-vulnerable asymmetric key cryptography, BLT is based on Guardtime’s quantum-secure Keyless Signature Infrastructure (KSI) technology, which uses only hash function cryptography.

RSA has been the dominant digital signature scheme since the 1970s, but it’s outdated and cannot scale for the explosion of data or devices we’re seeing with IoT, mobile and machine-to-machine technologies. Most importantly, on the advent of quantum computers, RSA could be rendered completely useless. No practical and scalable alternative for the market exists, until now,” said Mike Gault, CEO of Guardtime. “Our scientists invented BLT in recognition of the urgency to find a scalable alternative to RSA in a world of continuously connected machines.”

KSI blockchain technology employs one-way hash functions to generate digital signatures that can prove the time, integrity and attribution of origin for electronic data. BLT extends this approach to provide human and machine identity management, with a level of non-repudiation consistent with existing digital signature schemes. Through this methodology, BLT benefits include:

  • Simplified revocation management: There is no need to check the certificate validity when verifying signatures, eliminating the need for complicated Certificate Revocation Lists (CRLs). 
  • Long-term validity: There is no need for periodic re-timestamping of the signatures due to expiring keys – time and integrity of the signature can be proven mathematically without reliance on trusted parties or the security of keys. 
  • Limited liability: Unlike with RSA, BLT signatures cannot be generated offline, removing the potential for unlimited liability in the case of private key theft. 
  • Quantum immunity: BLT’s hash functions cannot be broken using quantum algorithms. 

Apart from robust security, e-commerce and/or device registration applications, BLT greatly improves the strength of any signing and authentication process,” says Matt Johnson, CTO of Guardtime. “BLT collapses security issues and removes traditional trust anchors with this new signature scheme. It’s clean, efficient and beautifully simple, demonstrating the power of KSI to transform the world’s security landscape.”

Guardtime announces BLT after more than seven years in development, building off its proprietary KSI technology, which is already being utilized in government, enterprise and private applications. The country of Estonia ensures the integrity of the world’s most advanced digital society with Guardtime. Ericsson, a world leader in communications technology and services, recently announced a data-centric security offering based on Guardtime’s technology that will enhance trust, transparency and accountability for IoT and for machine-to-machine applications.

The efficacy of Guardtime’s BLT protocol was demonstrated by Ahto Buldas, Risto Laanoja and Ahto Truu, after whom BLT is named.