A few questions about how bitcoin addresses are used in blockcerts:
So I think bitcoin addresses are used in blockcerts in three ways (and maybe also a fourth - for revocations):
Payment. The issuer creates a bitcoin address (outside of blockcerts), and transfers enough money to the address to pay for the bitcoin transaction that logs the merkle root in the bitcoin blockchain. I think (based on the tutorial in the cert-issuer README (https://github.com/blockchain-certificates/cert-issuer/blob/master/README.md) that this same bitcoin address is also used to identify the issuer (by embedding the address in the certificate), as well as to sign the certificate (more specifically, using the private key that backs the address), as described further below.
Identification. Bitcoin addresses are used as public keys with which to identify the:
a) recipient - the recipient’s blockcerts wallet generates a bitcoin address and sends it to the issuer (to the ‘introduction’ endpoint). The issuer embeds this address into the certificate for the recipient. Because the recipient owns the key pair that generated the bitcoin address (in that the bitcoin address is a hash of the public key part of the key pair), the recipient can use the private part of that key pair to prove that the bitcoin address, and so also the certificate, is theirs. QUESTION: Are all the bitcoin addresses for the certificate recipients (in a batch) also listed as recipients of the bitcoin transaction (the transaction that logs the merkle root for the batch)? Or was this how an earlier version of blockcerts worked, and the recipients’ bitcoin addresses are no longer used as recipients of the bitcoin transaction, and are only used for identification (in which case any public key would do, not just a bitcoin address?) Are any bitcoin addresses listed as recipients for the bitcoin transaction?
b) issuer - the issuer embeds their bitcoin address (QUESTION: is this in fact the same address that was used to pay for the transaction?) into the certificate, just as the issuer embedded the recipient’s bitcoin address into the certificate. The issuer’s bitcoin address is also published publicly somehow (I think in the ‘issuer identify json’ endpoint like this example: https://www.blockcerts.org/samples/2.0/issuer-testnet.json under the ‘publicKey’ property. As an aside, I assume that since the publicKey property is an array, multiple public keys can be listed?). Because the issuer’s key is publicly available at a known/verified url, it can be (is?) used in the verification process to confirm that the key is actually owned by the university (i.e, to prove identity of the issuer, I think?).
Signing - The private key associated with the issuers bitcoin address (again, the same bitcoin address used for payment and for identification) is used to digitally sign the certificate (by encrypting the hash of the certificate).
Revocation - There is a command line utility in the blockcerts cert-utils to generate bitcoin addresses to be somehow used with revocation lists. I don’t, though, see how that would work with the revocation list endpoint. But, maybe using bitcoin transactions for revocation is an older approach (which seems likely, given what Kim says here:
In summary, there seem to be two bitcoin addresses in play: that of the recipient (assuming one recipient, but as many more addresses as there are recipients for a batch of certificates) and that of the issuer. The recipient’s address is used for one purpose: to identify the recipient by embedding the address in the certificate. The issuer’s address serves three purposes: to identify the issuer by embedding the address in the certificate, to sign the certificate, and to pay for the bitcoin transaction.
Have I got this mostly right?