PKI is the infrastructure for support of public key management and authentication,encryption,integrity and accountability. In order to overcome the disadvantages that traditional PKI in secret sharing,needs use reliable third party,can''t resist differential analysis, implements difficultly,needs hardware to implement etc,and to improve the security and practicability of secret sharing,on the basis of Diffie-Hellman secret sharing,at first use this algorithm to share a initial key,then in each secret sharing process,the Hash value is used as a method of session key to simulate a encryption algorithm of one-time system and give the security verification. Through the simula-tion experiments on the Java platform,can observe that every session key is different,it is close to a one-time pad algorithm,and there is no help with the hardware and the trusted third party in the process of communication. The security,practicability and effectiveness of the algorithm are also explained.%PKI是支持公开密钥管理并能支持认证、加密、完整性和可追究性服务的基础设施. 为了克服传统的PKI在秘密共享时,存在需要借助可靠第三方、不能抵抗差分分析攻击、实现难度大、需要借助硬件实现等缺点,提升秘密共享的安全性与实用性,在Diffie-Hellman秘密分享的基础上,首先利用该算法共享一个初始密钥,然后每次在秘密分享的过程中,将随机数种子和初始密钥作和值,采用了和值的Hash值作为会话密钥的方法,模拟出了一种一次一密的加密算法,并用给出了该算法安全性的证明. 通过在Java平台上的仿真实验,可以得知,每一次的会话密钥千差万别,很接近一次一密,而且在通信过程中并没有借助硬件和可信第三方的帮助. 进一步说明了算法的安全性、实用性与有效性.
展开▼
