基于变色龙哈希区块树的可撤销证书管理机制
A REVOCABLE CERTIFICATE MANAGEMENT MECHANISM BASED ON CHAMELEON HASH BLOCK-TREE
余发江 1徐庆 1卢岩 2董之微2
作者信息
- 1. 空天信息安全与可信计算教育部重点实验室武汉大学国家网络安全学院 湖北 武汉 430040
- 2. 国网辽宁省电力有限公司电力科学研究院 辽宁 沈阳 110006
- 折叠
摘要
为了解决单一证书授权中心(Certificate Authority,CA)存在的风险并实现高效证书撤销与查询,提出一种区块树可撤销证书管理机制.该机制使用变色龙哈希函数,仅用一棵树结构就实现了证书的加入和撤销,同时区块树是平衡搜索树,实现证书的高效验证与查询.对该机制进行系统建模和安全证明,并进行原型验证.实验和分析表明,该机制空间占用较少,证书的查询、加入和撤销均为对数时间复杂度,同时其分布式特性有效解决了中心化机构存在的风险问题.
Abstract
In order to eliminate the risk of a single CA(Certificate Authority)and make certificate revocation and query efficient,a block-tree revocable certificate management mechanism is proposed.This mechanism used the chameleon Hash function to implement the addition and revocation of certificates with only a tree structure.At the same time,the block-tree was a balanced search tree,which implemented the efficient verification and query of certificates.The paper carried out system modeling and safety proof of the mechanism,and carried out prototype verification.Experiments and analysis show that the mechanism occupies less space,and the query,addition and revocation of certificates are logarithmic time complexity.At the same time,the distributed feature of this mechanism eliminates the risk of centralized organization.
关键词
证书管理/变色龙哈希/区块树/可撤销Key words
Certificate management/Chameleon Hash/Block-tree/Revocable引用本文复制引用
出版年
2024
国家科技期刊平台
NSTL
万方数据