摘要
分析了现有容侵CA方案,提出了一种基于二方共享与(t,n)门限方案相结合的容侵CA方案,即先由CA应用服务器(CAA)、密钥服务器(SS)共享CA私钥,而后进一步将SS的共享密钥SK2利用门限密码的思想分成n份,并由n个密钥共享服务器(SSS)共享。在签名过程中既不需要由d2i(1≤i≤n)重构SK2,也不需要由d2i(1≤i≤n)与SK1重构SK。签名被分为CAA的初次签名与SS的二次签名,在形成正式签名前CAA要与SS相互认证,一旦发现对方签名异常,可即时向仲裁中心报警,从而提高了CA系统的安全性及容侵能力。
After the existing schema is analyzed, a new intrusion-tolerant CA scheme based on a new mechanism, which combines two-party secret sharing arithmetic with (t,n) threshold scheme is proposed. Firstly, CA application sever(CAA) shares secret key of CA with secret sharing server (SS), then the SK2 of SS is further shared among the n secret sharing server(SSS). During the signature, it not only don't need to reconstruct the SK2 by d2i(1≤i≤n) but also to reconstruct the SK by d2i(1≤i≤n) and SK1. The signature is divided into two stage, one is primary signature which is performed in CAA, the other is bis signature which is performed in SS. Before the formation of true signature, CAA and SS would perform mutual authentication, once one of them find the opposing party is in fault, they could give an alarm quickly in this way, the proposed mechanism would improve the security and intrusion-tolerant ability of CA.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第21期138-139,142,共3页
Computer Engineering
基金
国家自然科学基金资助项目(60273084)
武警部队院校军事科研项目
关键词
入侵容忍
CA
(T
N)门限方案
二方共享
Intrusion-tolerant
CA
(t,n) threshold scheme
Two-party secret sharing
