The Research Of Forward Secure Digital Signature And Path Construction Algorithm On Cross Authentication

Public Key Infrastructure has Provided four technological supports for the development of Internet based on the technology of the public encryption and digital signature, which are secrecy, authenticity, integrality and undeniablefeature.lt is very critical for single trust domain of CA to realize local PKI to be linked each other and cooperation of different CA to promote the development of PKI. Cross authentication that expends the trust domain of CAs is the key technology to develop PKI.The secury of cross authentication on the signture and revocation of the cross Certification is based on the digital signature of root CA in different trust domains, if a root CA' s signing secret key is compromised, The PKI system is invalid obviously . The thesis analyzes the policy of the cross authentication, The digital signature algorithms with special attributes are studied, a undeniable forward secure digital signature scheme based on the difficult mathematic Problems. The scheme which is applied in cross authentication not only can keeps the general feature of digital signature scheme, but also has the feature of forward secure. In the this scheme, the digital signature can not be denied or forged, and the secret key updated algorithm is very fast, and the scheme guarantees that the loss is the lowest in the case that CA' s signing secret key is compromised.The user of PKI system must achieve public key by certificate path and then verify the public key of the certificates before they use the valid certificates. In this thesis, The new algorithm of certificate path construction, the cooperational and dynamic path constuction algorithm is proposed after analyzing the shortcoming of existing certificate path construction algorithm based on graphs, Existing certificate path construction method can' t build multiple paths, the new method can construct all certificate paths by transmitting path construction request messages among CAs, At the same time, it also can meet the need to expend PKI trust domain dynamicly, so it can make cross authentication more efficiently. We can verify the method by programming with JBuilder language andusing the Java secure scheme.