Abstract:Public key infrastructures are essential for Internet security, ensuring robust certificate management and revocation mechanisms. The transition from centralized to decentralized systems presents challenges such as trust distribution and privacy-preserving credential management. The transition from centralized to decentralized systems is motivated by addressing the single points of failure inherent in centralized systems and leveraging decentralized technologies' transparency and resilience. This paper explores the evolution of certificate status management from centralized to decentralized frameworks, focusing on blockchain technology and advanced cryptography. We provide a taxonomy of the challenges of centralized systems and discuss opportunities provided by existing decentralized technologies. Our findings reveal that, although blockchain technologies enhance security and trust distribution, they represent a bottleneck for parallel computation and face inefficiencies in cryptographic computations. For this reason, we propose a framework of decentralized technology components that addresses such shortcomings to advance the paradigm shift toward decentralized credential status management.

What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to solve the centralization problems existing in certificate management and revocation mechanisms in public key infrastructure (PKI), especially the problems of single - point - of - failure, trust monopoly and insufficient privacy protection. Specifically: 1. **Single - point - of - failure and trust monopoly**: - Centralized PKI systems rely on a few certificate - issuing authorities (CAs), which makes the entire system vulnerable to attacks. Once a CA is breached, it may lead to a widespread trust crisis. - For example, incidents such as DigiNotar and Symantec show that single - point - of - failure in centralized systems may lead to serious security vulnerabilities. 2. **Insufficient privacy protection**: - In centralized systems, users' identity information and certificate status are usually managed by a single entity, which not only increases the risk of privacy leakage but also limits users' control over their own data. 3. **Efficiency problems in certificate management and revocation**: - Traditional certificate revocation lists (CRL) and online certificate status protocol (OCSP) have problems of update delay and scalability, which affect the system's response speed and security. To solve these problems, the paper proposes the transition from centralized PKI (CPKI) to decentralized PKI (DPKI) and explores the applications of advanced technologies such as blockchain technology, multi - party computation (MPC), fully homomorphic encryption (FHE) and zero - knowledge proof (ZKP) in decentralized credential state management (DCSM). Through these technologies, more secure, more efficient and more privacy - protected digital trust management can be achieved. ### Main research questions The paper mainly explores the following research questions: 1. **How to use decentralized technologies to enhance credential state management?** - Explore how technologies such as blockchain, MPC, FHE and ZKP can improve the state management of credentials to ensure their security and privacy. 2. **What cryptographic primitives and governance frameworks are required to support robust DCSM?** - Analyze the cryptographic tools and techniques required to achieve decentralized credential state management, such as distributed ledger technology (DLT), consensus algorithms and smart contracts. 3. **How to effectively integrate DCSM into the self - sovereign identity (SSI) paradigm to improve user - centered and privacy - protected identity management?** - Explore how the SSI concept, including decentralized identifiers (DID) and verifiable credentials (VC), can be combined with DCSM to provide more secure and privacy - protected identity management solutions. Through these studies, the paper hopes to provide a solid foundation for future research and innovation and promote the development of decentralized credential state management.

Decentralized Credential Status Management: A Paradigm Shift in Digital Trust

Privacy Protection in Trust Management

Distributed Certification Application Via a Trusted Dealer

Trustchain -- Trustworthy Decentralised Public Key Infrastructure for Digital Credentials

Decentralized Public Key Infrastructures Atop Blockchain.

A Blockchain-Based Decentralized Public Key Infrastructure Using the Web of Trust

Supervised and Revocable Decentralized Identity Privacy Protection Scheme

Poster: Towards Fully Distributed User Authentication with Blockchain.

Non-Disclosing Credential On-chaining for Blockchain-based Decentralized Applications

Toward distributed key management for offline authentication

Decentralized Identity Authentication with Trust Distributed in Blockchain Backbone.

A Semi-Decentralized PKI Based on Blockchain With a Stake-Based Reward-Punishment Mechanism

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

A Decentralised Digital Identity Architecture

Lifecycle Management of Resumés with Decentralized Identifiers and Verifiable Credentials

Decentralized Authorization and Authentication Based on Consortium Blockchain.

None Shall Pass: A blockchain-based federated identity management system

Private Status Retrieval for Blockchain-Based Certificate Revocation System

FutureDID: A Fully Decentralized Identity System with Multi-Party Verification

ScalaCert: Scalability-Oriented PKI with Redactable Consortium Blockchain Enabled "On-Cert" Certificate Revocation

Decentralized Certificate Authorities