Research On The Transparency Issuance Of Certificates Based On Blockchain

With the continuous development of Internet technology,the security-related issues of the network environment have gradually attracted attention.As one of the important infrastructures of Internet security,Public Key Infrastructure(PKI,Public Key Infrastructure)provides complete network security services.However,there are still some defects in the traditional PKI,such as the certificate authority(CA,Certificate Authority)is too authoritative,vulnerable to malicious attacks and forms a single point of failure,the issuance process of digital certificates is opaque,and it is difficult to trace and audit the source.Among the existing blockchain certificate schemes,the Practical Byzantine Fault Tolerance(PBFT)PBFT consensus process is inefficient,and the CA management certificate authority is still absolute.In view of the above problems,the main research contents of this paper are as follows:Aiming at the problems of low efficiency and high overhead of consensus communication in PBFT,easy calculation of network master node election,and vulnerability to attacks,the existing Practical Byzantine Fault Tolerance(PBFT)consensus algorithm is analyzed and improved on the basis of research.The PBFT consensus algorithm integrates the idea of the signature algorithm of secret sharing into the consensus algorithm,reducing the complexity of network communication in the consensus process;using the workload proof consensus mechanism(Po W,Proof of Work)to elect the master node,reducing It reduces the possibility of the master node doing evil,creates checkpoints for the consensus transaction set,reduces the cost of log data storage,improves the switching of views,satisfies the correctness of the consensus,and improves the efficiency of consensus.After a detailed elaboration,the security and robustness of the consensus protocol is analyzed.The analysis shows that as long as the malicious nodes in the network do not exceed 1/3,the distributed consensus protocol will not be affected.In view of the problems existing in the PKI system,a model scheme based on the transparency of blockchain digital certificate issuance is proposed,and the relevant fields are added to the existing X.509 digital certificate to combine the use of blockchain technology to realize the traceability audit of the certificate.Constructed the Merkel-BST structure to improve the efficiency of certificate data query,reduce the time cost of data synchronization in the network,designed the life cycle management scheme of digital certificate,and finally analyzed the security of the scheme.The analysis results show that,Digital certificate schemes have good security against malicious CAs,impersonating domain owners,and DDo S attacks.In this paper,the above improved consensus algorithm is simulated and compared with the traditional PBFT consensus algorithm in terms of delay and throughput,and it is verified that the improved algorithm has better performance.By comparing and analyzing the response time of the existing digital certificate management scheme and the scheme based on the transparency of the blockchain digital certificate,the results show that the scheme based on the transparency of digital certificate issued by block chain is better than the existing scheme and has feasibility in practical application.