The BIX protocol is a blockchain-based protocol that allows distribution of
certificates linking a subject with his public key, hence providing a service
similar to that of a PKI but without the need of a CA. In this paper we analyze
the security of the BIX protocol in a formal way, in four steps. First, we
identify formal security assumptions which are well-suited to this protocol.
Second, we present some attack scenarios against the BIX protocol. Third, we
provide a formal security proof that some of these attacks are not feasible
under our previously established assumptions. Finally, we show how another
attack may be carried on.Comment: 16 pages, 1 figur