| The Internet lets the world to grow rapidly,new technologies are emerging one after another and its associated data security issues,is becoming a cutting-edge research field.As a cornerstone of security,cryptography research is of great significance.In the traditional public key cryptosystem,the authority is used to issue the certificate to manage the user's public key,but at the same time it also leads to additional communication and storage overhead.In order to simplify the management of the certificate,the identity-based cryptosystem comes into being,in which the user's public key is his unique identification information,such as phone and WeChat number,so the certificate authentication is no longer needed.China's began research on identity-based cryptosystem in 2006,and in 2016,the National Cryptographic Bureau of China officially announced SM9 algorithm as China's identity-based cryptosystem standard,which also officially became international standards in 2017.Although the identity-based cryptosystem removes the overhead related to certificate,while the key generation center is too powerful,this brings new problems.The principle of SM9 algorithm is discussed and the reasons of key escrow and key revocation are analyzed.A scheme based on multiple KGCs is first proposed for the key escrow problem,which divides into two ideas: key negotiation where KGCs negotiate a shared master key and ciphertext confusion where KGCs serve the user independently,both solution ensure the user's private key is only known to itself.After compare them a improvement solution based on key privacy authorities is proposed.The complexity and application scenarios are given.A scheme based on the ciphertext confusion and cloud revocation mechanism is proposed to solve the key revocation problem.The proposed scheme not only retains the advantages of identity-based cryptosystem,but also overcomes its original shortcomings. |
PDF Full Text Request