Distributed Threshold Certificate based Encryption Scheme with No Trusted Dealer

摘要

Generating certified keys and managing certification information in a fully distributed manner can find a wide range of applications in the increasingly distributed IT environment. However, the prohibition of trusted entities within the distributed system and the high complexity certificate management and revocation mechanism, hinder the adoption of this approach in a large scale. Threshold cryptography offers an elegant solution to these issues through Shamir's secret sharing scheme, where a secret (the Certificate Authority's (CA) master key) is split and shared among all participants. Combining this approach with the reasonable certificate service requirements of Certificate based encryption (CBE) schemes could result in a functional and efficient distributed security scheme. However, centralized entities, denoted as trusted dealers, are needed in most threshold cryptography schemes even those few that support CBE, while the static way in which the system's functionality is viewed, considerably limits possible applications (i.e. dynamic environments like p2p, Ad-Hoc networks, MANETS). In this paper, we explore the potentials of combining the latest developments in distributed key generation threshold cryptography schemes with efficient yet highly secure certificate based encryption schemes in order to provide a solution that matches the above concerns. We draft a fully distributed Threshold Certificate Based Encryption Scheme that has no need for any centralized entity at any point during its operating cycle, has few requirements concerning certificate management due to CBE and does not need any trusted dealer to create, and split secrets or distribute certificates. The proposed scheme has an easy participant addition-removal procedure to support dynamic environments.