摘要
基于标识的密码算法(如SM9等),需要可信第三方密钥生成中心KGC为用户生成标识私钥,存在密钥托管、单点故障的风险和问题。提出了一种分布式标识密码管理方案,多个参与方分别产生部分标识私钥发送给用户,用户本地运算产生标识私钥,避免了密钥托管的问题;同时身份标识状态等数据可信上链,可以去中心化查询用户身份标识及有效性,解决了KGC单点失效及信任的问题,提高了系统可用性和安全性。经分析表明,方案在运行效率和带宽要求方面均具有明显优势。
The identity-based cryptography algorithm such as SM9,requires a trusted third party key generation center KGC to generate the user′s identity private key,which will be faced with the risks and problems of key escrow and single point failure.This paper proposes a distributed identity-based cryptography key management scheme.Several participants generate partial identity private key to the user,and the user locally generates its own identity private key,avoiding the key escrowing problem.Meanwhile,the data such as identity status and other data can be uploaded to the blockchain.It can be used to decentralize the query of user′s identity and validity,solve the single point failure and trust problem of single KGC,and improve the system availability and security.The results show that the proposed scheme has obvious advantages in terms of efficiency and bandwidth requirements.
作者
于艳艳
李智虎
涂因子
袁艳芳
李延
庞振江
Yu Yanyan;Li Zhihu;Tu Yinzi;Yuan Yanfang;Li Yan;Pang Zhenjiang(Beijing Smartchip Microelectronics Technology Company Limited,Beijing 102200,China;China Electric Power Research Institute,Beijing 100192,China)
出处
《电子技术应用》
2023年第8期98-102,共5页
Application of Electronic Technique
基金
国家电网有限公司科技项目(5400-202116144A-0-0-00)。
关键词
标识密码
SM9
密钥生成
分布式计算
区块链
identity-based cryptography
SM9
key generation
distributed computation
blockchain
