For the high-security needs of CA private key, a new (t,n) secret sharing mechanism is proposed. First, the CA private key is generated using the RSA algorithm to ensure its un-Forged; then CA private key is shared based on the new (t,n) secret sharing mechanism. It uses its identification as a share of the private key and the private key as a secret share. It also provides a simple and efficient method to detect partner deceive, there is no real secret share is needed when secret is reconstructed, and without the need to maintain security channel too, so it enhances the efficiency.Applied to CA private key protection, it improves its security.%针对CA私钥的高安仝性需求,提出一种新的(t,n)秘密分享机制保护CA私钥.首先,使用RSA算法产生CA私钥,保证了私钥的不可伪造性:然后基于新的(t,n)秘密共享机制将CA私钥进行分存,使用其身份作为私钥份额的标识,并使用私钥作为秘密份额.在使用CA私钥进行签名时,使用Lagrange插值多项式进行重构,并提供了简单高效的合作者欺骗验证方法;秘密重构中无需真正的秘密份额,因此,无需维护安全通道,提高了效率.理论分析和实验结果表明方案的有效性.
展开▼
