证书吊销的线索二叉排序Hash树解决方案

提出了公钥基础设施(publickeyinfrastructure,简称PKI)中证书吊销问题的一个新的解决方案--线索二叉排序Hash树(certificaterevocationthreadedbinarysortedhashtree,简称CRTBSHT)解决方案.目前关于证书吊销问题的主要解决方案有X.509证书系统的证书吊销列表(certificaterevocationlist,简称CRL)、Micali的证书吊销系统(certificaterevocationsystem,简称CRS)、Kocher的证书吊销树(certificaterevocationtree,简称CRT)及Naor-Nissm的2-3证书吊销树(2-3CRT),这些方案均不完善.在CRT系统思想的基础上,利用线索化二叉排序树及Hash树给出的新方案,既继承了CRT证明一个证书的状态(是否被吊销)不需要整个线索二叉树,而只与其中部分相关路径有关的优点,又克服了CRT在更新时几乎需要对整个树重新构造的缺点,新方案在更新时仅需计算相关部分路径的数值.新方案对工程实现具有一定的参考价值.

Threaded Binary Sorted Hash Trees Solution Scheme for Certificate Revocation Problem

A new solution scheme called certificate revocation threaded binary sorted Hash trees (CRTBSHT) for certificate revocation problem in public key infrastructure (PKI) is proposed in this paper. Previous solution schemes including traditional X.509 certificates system's certificate revocation lists (CRL), Micali's Certificate Revocation System (CRS), Kocher's Certificate Revocation Trees (CRT), and Naro-Nossim's 2-3 certificate revocation trees (2-3CRT), but no one is perfect. The new scheme keeps the good properties of CRT that it is easy to check or prove whether a certificate is revoked which only needs the related path values but does not need the whole CRT values and overcomes the disadvantage of CRT that any update will cause the whole CRT to be conmputed completely. The new scheme has referential value to the PKI engineering practice.