I built a working SSL certificate replacement using Certificateless Public Key Cryptography (CL-PKC) – live demo inside

Hey,

I've been building a proof-of-concept called 0Cert that replaces
SSL certificates with Certificateless Public Key Cryptography (CL-PKC).

The core problem with SSL:
~150 Certificate Authorities can issue certificates for any domain.
One compromised CA breaks trust for the entire web. We've seen this
happen (DigiNotar, Comodo, etc.).

How 0Cert works:

Instead of CAs, a Key Generation Center (KGC) issues a partial
private key for your domain. You generate your own ECDH P-256 secret
locally. You combine them into a full private key that the KGC never
sees.

`partialKey = KGC.derive(masterSecret, identity) ← KGC knows this

userSecret = ECDH.random() ← never leaves device

fullPrivKey = combine(partialKey, userSecret) ← nobody else has this`

Even a fully compromised KGC cannot decrypt user traffic. This is
based on the Al-Riyami & Paterson 2003 CL-PKC scheme.

What I built:

• Live KGC server: https://kgc.0cert.io
• Web app (works on any device): https://app.0cert.io
• iOS browser app (Swift) that detects 0Cert sites via DNS TXT records
• npm middleware: npm install 0cert-middleware
• All code: https://github.com/0cert

How site verification works:

Site owner adds DNS TXT record:

TXT @ ibc-kgc=https://kgc.0cert.io

Installs middleware:

app.use(zerocert({ identity: 'mysite.com', fullPrivKey: '...', userSecret: '...' }))

Browser checks DNS → calls /.well-known/0cert → shows verified badge.
No certificate chain. No CA involved.

Honest limitations (security folks will ask):

1. Browsers don't support this natively — runs alongside SSL for now
2. KGC trust problem — you're replacing CA trust with KGC trust. The difference: KGC provably can't decrypt (math), CAs just promise they won't fake certs (policy)
3. My implementation uses HMAC-SHA256 key derivation instead of actual Weil/Tate pairings over elliptic curves — the trust model is cryptographically sound, the underlying math is simplified
4. No IETF RFC yet

The path to browser adoption:

DNS TXT records are already trusted by browsers. DANE (RFC 6698)
proved the concept. The missing piece is a standardized KGC protocol
and browser-native verification — which starts with a working
implementation people can test.

Would love feedback from the security community, especially on:

• The KGC trust model vs CA trust model
• Whether the CL-PKC approach is worth pursuing seriously
• Known attacks on this model I should address

https://0cert.io
https://github.com/0cert

Comments

[Dima Ulyanov]

hope to see some of your opinions here