PKI Infrastructure Based On ECC Algorithm Study

With the development of network and computer technology and the reduction of hardware costing, more and more people will have computers. People will use computers every time in live. Most of transactions will be completed through thg network, such as shopping online, banking online, and recharge online. The new means of trading based on network has brought great convenience to us. At the same time, it is dangerous to the security of information. How can we guarantee that the process of transaction is fair and the important data is safe and how to make dealers identiry each other.For the protection of data in the network transactions and trading of mutual authenticationand, now, the most mature and practical solution is combining PKI system and trading system. Using the technology of encryption, difital signature, the mechanisms of data integrity and digitan envelope to ensure the security of the process of transaction. Existed PKI systems are mostly based on the RSA algorithm, and the RSA algorithm is proposed based on the mathematics of large integer decomposition problems. The process of calculation is very complicated and slow. With the maturity of software decomposition technique, the increasesing of hardware computing speed and the rise of distributed computing model, some technology has been able to decipher the512-bit RSA key within the validity period. Consider the security of the system, we must increase the length of the RSA key, but the efficiency of the algorithm in this way will further decline. The highest single-bit encryption strength of public key algorithm is ECC that based on elliptic curve discrete logarithm problem.The160-bit ECC key has the same security with the1024-bit RSA key, and with the increase of security strength, this proportion is growing quickly. Compared wity the RSA algorithm, the ECC algorithm with higher security strength, faster calculation, and take up less space.SM2algorithm is also based on the elliptic curve discrete logarithm problem and independently developed by the State Cryptography Administration, and improves the international standard ECC algorithm in the encryption process, the structure of the ciphertext, encoding plaintext and the efficiency of encryption. The SM2algorithm removes the operation that encoding the plaintext to some elliptic curve point applying to its unique encryption process. It uses the SM3sumary algorithm with the digital signature operation. And uses key defivation function to lift the limit to the encrypted plaintext length. The SM2algorithm is better than the international standard ECC algorithm in all aspects.In this paper, we will deeply research the combination of the SM2algorithm and PKI system, focusing on the following works:1) This paper points the drawbacks of the PKI system that based on RSA algorithm.With the development of the decomposition technique and computing technique, the RSA algorithm need to increase the length of key to offset the security risks. But, at the same time, the efficiency of the PKI system will greatly reduce. This will affect the whole system running quichly.2) By compared to the RSA algorithm, we can see that the ECC algorithm has full advantage. The SM2algorithm improves the ECC algorithm. We will analysis the possibility and the necessity of combining the SM2algorithm.3)I implement the security desktop application based on the SM2signature algorithm,and implement the cryptographic library software system using the SM2encryption aogorithm. It is used to encrypt the small file that has high security. So the data is safe.