Today, more and more diploma, certificates and credentials are issued. But there are more and more fake diplomas as well. Buying a diploma has became widely possible. It is a real industry in certain countries where it can represent billions of dollars. There are established websites to buy fake diplomas. There are even fake diplomas poisoning the highest levels of responsabilities. For instance it has been discovered in 2020 that the Swedish military was duped by 'officer' with faked diploma. The consequences can be disastrous for countries, companies and individuals. That is why the certification of the diplomas is increasingly becoming a critical necessity, as well as the ability to independently verify them.

Of course technology has been providing many differents solutions for such digital records for a while now. The main problem is that those classic solutions rely on a central point of failure: the organization in charge of providing the official records. What if corruption makes its way into the organization ? Well, with classic computing, any data can be changed as long as you can put your hands on the server(s). We would need to provide a real guarantee that even the organization in charge of the data can not modify it.

This general problem, wider than just the certificates perimeter we are interested in, has been only solved recently. The answer came as a new technology: the blockchain. Unsurprisingly, blockchain based certification is currently a fast evolving and high competitive sector. For a client, in the end of 2019 I worked on a study of all the significant available solutions. We found more than 20 of them in which only 2 were open source solutions or open standards. Blockcerts is one of those and also the most known. It was developed in 2015 by the MIT Media Lab and Learning Machine and a first version was released in summer 2016.

How does Blockcerts work?

Let's consider a use case in which a university wants to issue certificates to its students. In the certification vocabulary, the university is called an Issuer, and the students receiving the certificates are called Recipients.

The blockchain transaction

In general, on any blockchain, any change of data is executed by submitting a transaction. On all blockchains, the transactions are always kept forever in the registry so they can be check at any time in the future. In our case, we will want to use a public blockchain such as Bitcoin or Ethereum. On those blockchains, all the transactions are publicly accessible at any time and forever. So everyone will always be able to see the transaction in which the certificate was issued, and therefore verify its validity.

The identity problem on the blockchain

So the Issuer, a university for instance, could just have an account on the blockchain, and add certificates. The problem is that in most blockchains, accounts are anonymous and strange, like for instance 0x69fdad6eaaaecdea9c736f9cbdfb3f4d30e6894c. Not really helpful, right? We can know that this address did something, but not know who this address belongs to. That's why all Issuers must declare their official blockchain address on their official website. So it can be later verified that the address that signed the transaction belongs to the university. This is what we call the Issuer profile.

Unfortunately, currently, there is a weakness in the Blockcerts 2.0 standard that can be exploited by a hacker to pretend to be an Issuer that she / he IS NOT, in hosting a fake Issuer profile on his own server. That's why on current Blockcerts, you should always verify that the Issuer profile URL is really on the official Issuer's website.

The data problem on the blockchain

So now that the identity problem is solved, let's just add the certificate on the blockchain, right? Well, it's not that simple. Writing data on blockchain is extremely expensive, and on the Bitcoin blockchain, not even possible for complex data such as certificates. So instead of storing all the certificate data on the blockchain, we just store what we call their hash in computer science.

See the fridge in your kitchen? Instead of certifying all the infinite complex arrangement of atoms it is made of, we just certify its serial number.

Now it will be possible to check that the hash of this certificate was recorded in the blockchain transaction and therefore, verify the certificate.

Mass issuance of certificates

All right, we solved the data problem too, let's store a digital credential hash on the blockchain! Well... we could. But what if want to issue a degree to 1000 students? Instead of repeating the process for each student, we would like to issue all those certificates at the same time. To do this, we use a cryptography concept called Merkle tree.

Picture yourself an oak tree. Instead of certifying each leaf, we can just certify the root of the oak tree. We can later proove that a given leaf belongs to this exact tree, and therefore that this leaf is certified.

Cost of issuing certificates

So we have this mass issuance on the one hand (1 transaction for as many certificates as you want). On the other hand, a Blockcerts issuing transaction is extremely cheap. Indeed, because of its beginnings on Bitcoin (or rather thanks to!), a Blockcerts transaction is technically a burn transaction which is almost the cheapest possible. Blockcerts implementation on Ethereum follows the same principle and does not use any smart contract for now.

Conclusion

Blockcerts really is a very elegant system to issue up to thousands of certificates for not even one cent of a dollar. If you have the knowledge and the tools, of course. However, it still has to evolve.

Articles in this category