摘要: 结合椭圆曲线密码体制、门限密码技术和主动秘密共享方案,提出一种基于椭圆曲线可验证门限数字签名的在线CA安全增强方案。该方案将在线CA的签名私钥分发给多个CA共享服务器,并保证任何少于门限值的在线CA共享服务器无法共谋获取、篡改和破坏CA的签名私钥,从而保护了CA签名私钥的机密性、完整性和可用性。
关键词:
入侵容忍,
认证,
数字签名,
椭圆曲线
Abstract: A security enhanced method of a verifiable threshold signature scheme based on the elliptic curve is presented by adopting threshold cryptography and proactive secret sharing. The private key of signature service of an online CA is distributed to a few sharing servers. A set of sharing servers which are below the threshold can not obtain the private key by colluding each other, and can not interpolate and corrupt the private key. The confidentiality, integrality and availability of the private key are guaranteed.
Key words:
Intrusion tolerance,
Certification,
Digital signature,
Elliptic curve
中图分类号:
伍忠东;喻建平;谢维信;白银姬. 在线CA的安全增强方案研究[J]. 计算机工程, 2006, 32(11): 34-36.
WU Zhongdong; YU Jianping; XIE Weixin; BAI Yinji. Study on Security-enhanced Scheme of Online CA[J]. Computer Engineering, 2006, 32(11): 34-36.