Research On Cross Authentication And Digital Signature In Internet Public Key Infrastructure

Public Key Infrastructure has become an efficient platform that realizes identity authentication and guarantees secure of Internet information transmittance, which provides four technological support : secrecy ? authenticity ? integrality and undeniable feature for Internet information transmittance based on the technology of the encryption and digital signature. Utilizing Bridge Certification Authority ( BCA ) to achieve cross authentication can realize local PKI to be linked each other and co-operation of different CA and promote the development of PKI. Cross authentication is the key technology to develop PKI. The main results are the followings:1 . The digital signature algorithms with special attributes are studied, and the new digital signature scheme, a undeniable forward-secure digital signature scheme based on zero-knowledge proof, is proposed based on the difficult mathematic problems. It is the first time that the undeniable property and the forward-secure property are combined in a digital signature scheme. The new scheme not only keeps the general feature of undeniable signature scheme, but also has the feature of forward secure. In the new scheme, the digital signature can not be denied or forged, and the secret key update algorithm is fast , and the sizes of key and signature are small. The idea of zero-knowledge proof is used in key updating protocol-, the signature protocol-, validity verification protocol of signature and the verification protocol of forward security. It can guarantee that the new scheme is more secure and efficient than previous schemes.2 . The bridge certification authority and the technology of cross authentication in the Public Key Infrastructure are studied. The new cross authentication scheme andcertificate revocation scheme based on forward-secure digital signature are proposed. The forward security of new scheme can guarantee the lowest loss and high efficiency in the case that the BCA's signing secret key is exposed. The difficult problems of certificate management in PKI with bridge certification authority have been solved and the control on the risk of digital signature security has realized on theory.3. The algorithm for certificates path construction that it is suitable for PKI with bridge certification authority and cross authentication is proposed based on the theory of breadth first search algorithms for graphs. It is simplified by the theory of transitive signature algorithm. The algorithm for bridge certification authority certificates path verification based on transitive signature algorithm is proposed.4. The Web database information encryption algorithms are studied. The database information encryption algorithms based on the theory of private homomorphism is structured based on the mathematic theory of polynomial homomorphism. If this algorithm is applied to encrypt the database information that is important or sensitive, it can be achieved that someone can directly carry mathematic operation and ordinary database operation for encrypted database message but can't obtain any obvious message.