Research On Distributed Key Escrow Technology In PKI

With the flourishing development of civil e-government and e-commence, the Public Key Infrastructure (PKI) as their basis plays an important role in network security. While providing safeguard of e-government and e-commence, PKI may provide the conviniece for criminal. To insolve this problem, the theory about key escrow was introduced. Except the build of CA, we need build another third trustee - key management centre (KMC) to manage user's encryption key during the construction of PKI. There exist many disadwantiges in current key escrow system during the aspect of management, which can results in the leakage of user key. This is a threat to PKI system.In this thesis, we introduced the domestic and international research results about key escrow technology, analysed four sorts of key escrow schemes according to difference of generation and escrow about private key, which are complete key escrow scheme, verified key escrow scheme, improved verified key escrow scheme and threshold key escrow scheme. The reseach area covers zero knowledge proof, shared key generation, oblivious transfer, homomorphic encryption, distributed computation etc. On the basis of comprehensive analysis of the efficiency of these four key escrow schemes mentioned above and features of current key escrow scheme in use,we posed a new distributed key escrow scheme. This scheme was based on multi-prime RSA cryptosystem, which was more secure than standard RSA cryptosystem. In contrast with current key escrow scheme, the target the distributed key escrow scheme escrowed is not user's private key directly but factors of user's public key N, which private key d was created by user himself in his (her) client end.We designed a distributed key escrow system based on the distributed key escrow algorithm. According to the theory of software engineering, we analysed its software demand firstly, then designed its database structure, provided the process of key generation, download, archive etc at last. Our distributed key escrow system is composed of main server, prime generation server, public key and management terminal.At last ,we analysed the construction model of PKI, posed the notion of key management infrastructure (KMI).