Decentralized Identity and the Prevention of Public Key Substitution Attacks

A Technical Survey of Key Event Infrastructure, Hardware Security, and Distributed Trust Models

Authors

  • Waitman Gobble Author

Keywords:

identity, activitypub, federation, nomadic identity

Abstract

Public Key Infrastructure (PKI) authentication, despite its cryptographic rigor, is subject to a class of attacks that exploit not the mathematics of key generation but the integrity of the systems that bind identities to those keys. This paper examines the problem of public key substitution, wherein a malicious or compromised database administrator may silently replace a legitimate user's public key with one under adversarial control. It surveys the primary engineering defenses against this threat, including Hash-based Message Authentication Codes (HMACs), digital signing services, Hardware Security Modules (HSMs), and append-only audit logs. The analysis then proceeds to examine more fundamental architectural remedies, notably the Key Event Receipt Infrastructure (KERI) protocol, Soroban smart contracts on the Stellar blockchain, and deterministic key derivation from BIP-39 seed phrases. Hardware instantiation of these systems through PIV-compliant JavaCards is also addressed, culminating in a proposed layered identity model relevant to decentralized social networking applications such as Hyphero.

Author Biography

  • Waitman Gobble

    Dev for Hyphero

References

Downloads

Published

2026-04-08

Issue

Vol. 1 No. 1 (2026): Decentralized

Section

Articles

License

Copyright (c) 2026 Waitman Gobble (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

For the License Terms textarea in OJS, you want to provide a clear, legally sound statement that confirms your Diamond Open Access status while reinforcing the Hyphero mission of author sovereignty.

Since you've selected CC BY 4.0, here is a professional "Gold Standard" text you can copy and paste:

License Terms: Recommended Text

Authors who publish with the Journal of Decentralized Systems (JDS) agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0). This allows others to share, copy, and adapt the work for any purpose, even commercially, provided they acknowledge the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their personal website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

  4. There are no fees (APCs) charged to authors for submission or publication.