Abstract: The certification service must adopt distributed architecture in mobile Ad Hoc networks due to its characteristics such as no infrastructure, no center. Existing distributed authentication technology is one hop architecture based on (n,t) threshold secret sharing cryptography, in which a node can not work properly when the amount of its one hop neighbor is less than threshold value. Combined with Feldman verify scheme, DCS-BA(distributed certification signature based on agent)is proposed, which can solve the lack of neighbor node in the one hop distributed certification signature algorithm, on the other hand, it can verify the validity of private key share, protect the system private key from leaking. Simulation results demonstrate that DCS-BA is better than current distributed certification signature algorithm in certification signature success ratio and average time.

Key words: Mobile Ad Hoc network; Verified secret sharing; Distributed certification signature based on agent(DCS-BA)

摘要： 移动自组网无中心、无基础设施等特性决定了在这种网络中提供证书服务必须采用分布式的体系结构。现有的分布式认证技术是基于(n,t)门限方案的单层结构，当一个节点的单跳邻居节点数目小于系统门限值时就无法正常工作。该文结合Feldman 可验证秘密共享策略提出了一种新型基于代理的分布式证书签名算法，一方面可以解决单层分布式证书签名算法中邻居节点数目不足问题，另一方面可以在证书签名合成过程中验证私钥分量正确性，保护系统私钥不泄漏。仿真结果表明，DCS-BA 在证书签名成功率和证书平均签名时间方面明显好于普通的分布式证书签名算法。

关键词: 移动自组网；可验证秘密共享；基于代理的分布式证书签名