Design And Implementation Of CA System Based On Ring Signature

This paper studies and analyses PKI and elliptic curve based ring signature mechanism,designs and implements a CA authentication center system based on ring signature.CA is the core of PKI and a third party organization with authority,credibility and impartiality.By issuing public key certificate to users,traditional CA also writes CA information into public key certificate.The outside world can know which institution issued the certificate through the certificate.With the development of block chain technology,a large number of applications require that public key certificates can hide specific issuing agencies.CA based on ring signature issues public key certificates to users,and the outside world can not get a specific issuing authority through this certificate,but it can determine whether the certificate is issued by one of the N members of the ring.This paper first introduces the related theories and technologies,including symmetric encryption and asymmetric encryption,one-way hash function and digital signature,elliptic curve cryptosystem and other basic knowledge of moden cryptography,the PKI knowledge description,the concept and role of ring signature.On this basis,a CA system based on Borromean ring signature is implemented through requirement analysis,outline design and detailed design of the system.Compared with other traditional CA systems,the CA system uses ring signature as the signature of X509 certificate,thus realizing the purpose of hiding the certificate issuer.The system has the functions of certificate application,certificate issuance and certificate revocation,It is a perfect and available CA system.The certificates issued follow the X.509 standard.My main work is as follows:1.Participated in the whole process of demand analysis of the system.2.Participated in the system architecture design,database design,interface design and functional module design.3.Independently completed the "initialization" module,"certificate template"module,"ring signature" module,"certificate registration" module,"certificate audit" module,"certificate issuance" module outline design,detailed design,coding implementation and testing.4.Be responsible for the deployment of the whole system independently,and write the deployment document.At present,the application of CA is more and more extensive,but there are few mature CA products that issue ring signature certificates.This paper extends the signature algorithm supported by X.509 certificate,introduces ring signature system in CA authentication center system.Compared with traditional certificate,the ring signature certificate issued by the system not only has the most functions of traditional certificate,but also pays attention to the protection of privacy.The proposal of ring signature certificate also gives the old CA a new charm,which is the extension and development of PKI system.