Search papers, labs, and topics across Lattice.
This paper uncovers a critical vulnerability in the Block.co blockchain-based digital credential certification system, revealing that it allows for the creation of forged certificates that are erroneously accepted as valid. The research highlights the inherent limitations of decentralized certification systems that lack a central trusted authority, raising concerns about the authenticity of digital identities linked to academic institutions. The findings suggest that this vulnerability may extend to other blockchain-based certification systems, emphasizing the need for improved security measures in decentralized credentialing approaches.
Forged certificates can be produced and accepted as valid in the Block.co system, exposing a fundamental flaw in blockchain-based credentialing.
Certification of digital documents, such as academic credentials, seems a particularly suitable application for the use of blockchain and distributed ledger technologies. Indeed, these technologies enable decentralized certification systems that rely on the immutability and persistence of their distributed ledgers. However, in the absence of a central trusted authority, it is not easy to guarantee the authenticity of the connection between the real identity of an academic institution and the digital identity of the certificate issuer. In this paper, we demonstrate that one of such systems, known as Block.co, has a vulnerability that allows the production of forged certificates that are recognized as valid by the system. Since this is an inherent limitation of the approach used for blockchain-based certification, our attack is likely to be extendable to other systems adopting the same approach.