摘要: 数字证书的可信任性取决于数字签名本身的有效性。为增强数字签名的有效性,提出一种认证中心(CA)签名私钥可以容忍入侵的高安全性签名方案。使用RSA算法产生CA私钥,保证私钥的不可伪造性。基于新的(t, n)秘密共享机制将CA私钥进行分存,使用其身份作为私钥份额的标识,提供私钥保护的容侵性。在进行数字签名时,基于RSA签名本身的特性,设计一种无需重构CA私钥的分步签名方案,进一步增强CA私钥的高容侵性。通过仿真实验对(t,n)门限取值结果的影响进行验证,表明方案的有效性。
关键词:
私钥,
容忍入侵,
秘密分享,
数字签名,
安全性
Abstract: The validity of digital certificate depends on the digital signatures. To ensure the validity of digital signatures, a digital signature scheme with intrusion-tolerance private key is proposed. The Certificate Authority(CA) private key is generated using the RSA algorithm to ensure its un-forged. CA private key is shared based on the new (t, n) secret sharing mechanism. It uses its identification as a share of the private key. Furthermore, it is no need to reconstruct the CA private key to sign, so it enhances the security of CA private key. Theoretical analysis and experimental results show the effectiveness of the scheme.
Key words:
private key,
intrusion-tolerance,
secret sharing,
digital signature,
safety
中图分类号:
唐俊, 彭敏. 一种私钥容侵的数字签名方案[J]. 计算机工程, 2011, 37(10): 123-124.
TANG Dun, BANG Min. Digital Signature Scheme with Private Key Intrusion-tolerance[J]. Computer Engineering, 2011, 37(10): 123-124.