I think this is the wrong question. Pgp keys are remotely like what bitcoin does but it is a different technology. Perhaps you might see Pgp signatures to validate the binaries came from someone on the dev team. How do you verify the gpg binaries have not been replaced after downloading via HTTP?
Man I am a noob about these stuffs. May be my question is incorrect. But I am willing to learn about all like pgp keys, pgp signature, etc.