Research On Digital Certificate Management Mechanism Based On Blockchain

In traditional PKI,CA,as the absolute authority for certificate management,is assumed to be completely credible,but in fact this absolute credibility leads to major security threats.Blockchain technology can meet the requirements of the certificate management mechanism for unforgeable data,difficult to tamper with,and weakened CA dependency.There are still some unsolved problems in the existing digital certificate management solutions based on blockchain.In the existing blockchain-based certificate management schemes,the tree-like trust chain structure between the CAs at each level has not been changed,which leads to the need for complex multi-level verification of the credibility of the certificate.And CA still has absolute authority in certificate management,and there is a risk of single point of failure.In addition,the current solutions default that users have absolute trust in the CA,and cannot solve the problem of users losing trust in a certain CA.In response to the above problems,first of all,the traditional X.509 certificate structure was improved,and a more secure and simple three-tier trust structure was redesigned.On the basis of this trust structure,a blockchain-based digital certificate management model was proposed for solve the problem that CA has absolute authority in certificate management and multi-level verification process is complicated;Secondly,a digital certificate management scheme based on conditional trust is proposed.The multi-party signature is used to realize the trust authentication mechanism of conditional intermediate CA certificate,which solves the problem of the trust authentication of intermediate CA in the model when all root CA nodes participate in the maintenance of alliance chain.Finally,a digital certificate management scheme based on secret sharing is proposed.The user completes the secret reconstruction to generate a complete certificate,which solves the problem of how to obtain the certificate normally after the user loses the trust of the intermediate CA.Compared with other certificate management models,the blockchain-based digital certificate management model proposed in this article can meet more security requirements.By establishing a security model to compare with the traditional CA system,it is verified that the digital certificate management scheme based on conditional trust has higher security.By comparing with other certificate management schemes in terms of security and performance,it is verified that the digital certificate management scheme based on secret sharing can well balance performance and security,and it is feasible in practical applications.