Abstract
The existing certificate architecture has two problems in terms of security and authentication. One is that there exists some possibility of certificate forgery by exploiting the collision problem associated with the hash algorithm used for signing. The other is that certification path complicates user authentication because it increases according to the distance between communicating users. In this paper we propose a new digital signature scheme and certificate architecture that solve the problems. It is achieved by using two-public key cryptography and a new certificate architecture. The proposed approach can be used without reconstructing the structure of the existing PKI system and always allows a certification path whose length is 1 regardless of the distance between the users. This is because each user confirms only the digital signature of root CA in the combined hierarchical-network infrastructure.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
William, T., Nelson E., Polk, Hastings, Ambarish Malpani.: Public Key Infrastructures that Satisfy Security Goals, IEEE Internet Computing. (2003)
William, E., Burr, Noel, A., Nazario and W. Timothy Polk.: A Proposed Federal PKI Using X.509 V3 Certificates. NIST. http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper042/pkipapl.pdf
Adams, C., Cain, P., Pinkas, D., Zuccherato, R.: Internet X.509 Public Key Infrastructure Time Stamp Protocol. draft-ietf-pkix-time-stamp-OO.txt. (1998)
Housely, R., Ford, W, Polk, W, Solo, D.: Internet X.509 Public Key Infrastructure. IETF RFC 2459. (1999)
National Institute of Standards and Technology (NIST).: Digital Signature Standard. FIPS PUB 186–2. (2000). http://csrc.nist.gov/publications/fips/fips186–2/fips186–2-changel.pdf
National Institute of Standards and Technology (NIST).: Secure Hash Standard. FIPS PUB 180–1. (1995). http://www.itl.nist.gov/fipspubs/fip180–1.htm
Dobbertin, H.: The status of MD5 after a recent attack. RSA Laboratories. CryptoBytes, 2(2). (1996)
Eastlake, D. 3rd, Jones, P.: US Secure Hash Algorithm 1 (SHA1). RFC 3174. (2001) http://www.faqs.org/rfcs/rfc3174.html
Keromytis, A., Provos, N.: The Use of HMAC-RIPEMD-160–96 within ESP and AH. RFC 2857. (2000)
Damgard, I.B.: A design principle for hash functions. Advances in Cryptology-Crypto ’89, Lecture Notes in Computer Science, vol. 435, Springer-Verlag, (1990) 416–427
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, (1978) 120–126
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Info. Theory, IT-31, No. 4, (1985) 469–472
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Song, S.K., Youn, H.Y., Lee, K.S. (2004). A New Digital Signature and Certificate Architecture with Shortest Certification Path. In: Mitrou, N., Kontovasilis, K., Rouskas, G.N., Iliadis, I., Merakos, L. (eds) Networking 2004. NETWORKING 2004. Lecture Notes in Computer Science, vol 3042. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24693-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-24693-0_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21959-0
Online ISBN: 978-3-540-24693-0
eBook Packages: Springer Book Archive