Traditional public key infrastructure(PKI)only provides authentication for network communication,and the standard X.509 certificate used in this architecture reveals the user’s identity.This lack of privacy protectio...Traditional public key infrastructure(PKI)only provides authentication for network communication,and the standard X.509 certificate used in this architecture reveals the user’s identity.This lack of privacy protection no longer satisfies the increasing demands for personal privacy.Though an optimized anonymous PKI certificate realizes anonymity,it has the potential to be abused due to the lack of identity tracking.Therefore,maintaining a balance between user anonymity and traceability has become an increasing requirement for current PKI.This paper introduces a novel traceable self-randomization certificate authentication scheme based on PKI architecture that achieves both anonymity and traceability.We propose a traceable self-randomization certificate authentication scheme based on the short randomizable signature.Specifically,certificate users can randomize the initial certificate and public key into multiple anonymous certificates and public keys by themselves under the premise of traceability,which possesses lower computational complexity and fewer interactive operations.Users can exhibit different attributes of themselves in different scenarios,randomizing the attributes that do not necessarily need to be displayed.Through security and performance analysis,we demonstrate the suitability of the improved PKI architecture for practical applications.Additionally,we provide an application of the proposed scheme to the permissioned blockchain for supervision.展开更多
基金This work was supported by the National Key R&D Program of China(No.2020YFB1005600)Beijing Natural Science Foundation(No.M21031)+4 种基金the Natural Science Foundation of China(Nos.U21A20467,61932011,62002011,and 61972019)the Populus Euphratica Foundation(No.CCF-HuaweiBC2021009)the Open Research Fund of Key Laboratory of Cryptography of Zhejiang Province(No.ZCL21007)Zhejiang Soft Science Research Program(No.2023C35081)the Youth Top Talent Support Program of Beihang University(No.YWF-22-L-1272).
文摘Traditional public key infrastructure(PKI)only provides authentication for network communication,and the standard X.509 certificate used in this architecture reveals the user’s identity.This lack of privacy protection no longer satisfies the increasing demands for personal privacy.Though an optimized anonymous PKI certificate realizes anonymity,it has the potential to be abused due to the lack of identity tracking.Therefore,maintaining a balance between user anonymity and traceability has become an increasing requirement for current PKI.This paper introduces a novel traceable self-randomization certificate authentication scheme based on PKI architecture that achieves both anonymity and traceability.We propose a traceable self-randomization certificate authentication scheme based on the short randomizable signature.Specifically,certificate users can randomize the initial certificate and public key into multiple anonymous certificates and public keys by themselves under the premise of traceability,which possesses lower computational complexity and fewer interactive operations.Users can exhibit different attributes of themselves in different scenarios,randomizing the attributes that do not necessarily need to be displayed.Through security and performance analysis,we demonstrate the suitability of the improved PKI architecture for practical applications.Additionally,we provide an application of the proposed scheme to the permissioned blockchain for supervision.