Visible to the public A Certificate Authority Scheme Based on Trust Ring for Consortium Nodes

TitleA Certificate Authority Scheme Based on Trust Ring for Consortium Nodes
Publication TypeConference Paper
Year of Publication2022
AuthorsLiang, Xiubo, Guo, Ningxiang, Hong, Chaoqun
Conference Name2022 International Conference on High Performance Big Data and Intelligent Systems (HDIS)
KeywordsBig Data, blockchain, certificate authority, combined public key, Elliptic curve cryptography, Human Behavior, metadata, Metrics, PKI Trust Models, power distribution, pubcrawl, Public key, Reliability engineering, resilience, Resiliency, Scalability, smart contract, smart contracts, transformation matrix, trust ring
AbstractThe access control mechanism of most consortium blockchain is implemented through traditional Certificate Authority scheme based on trust chain and centralized key management such as PKI/CA at present. However, the uneven power distribution of CA nodes may cause problems with leakage of certificate keys, illegal issuance of certificates, malicious rejection of certificates issuance, manipulation of issuance logs and metadata, it could compromise the security and dependability of consortium blockchain. Therefore, this paper design and implement a Certificate Authority scheme based on trust ring model that can not only enhance the reliability of consortium blockchain, but also ensure high performance. Combined public key, transformation matrix and elliptic curve cryptography are applied to the scheme to generate and store keys in a cluster of CA nodes dispersedly and securely for consortium nodes. It greatly reduced the possibility of malicious behavior and key leakage. To achieve the immutability of logs and metadata, the scheme also utilized public blockchain and smart contract technology to organize the whole procedure of certificate issuance, the issuance logs and metadata for certificate validation are stored in public blockchain. Experimental results showed that the scheme can surmount the disadvantages of the traditional scheme while maintaining sufficiently good performance, including issuance speed and storage efficiency of certificates.
DOI10.1109/HDIS56859.2022.9991690
Citation Keyliang_certificate_2022