Performance Evaluation of Certificate Revocation Using k-Valued Hash Tree

A CRL (Certificate Revocation List) defined in X.509 is currently used for certificate revocation. There are some issues of CRL including a high communication cost and a low latency for update. To solve the issues, there are many proposals including CRT (Certificate Revocation Tree), Authenticated Dictionary, and Delta List. In this paper, we study CRT using k-valued hash tree. To estimate the optimal value of k, we examine the overhead of computation and the communication cost. We also discuss when a CRT should be reduced by eliminating unnecessary entries that are already expired.

[1]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[2]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[3]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[4]  Tim Howes,et al.  Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 , 1999, RFC.

[5]  Tim Howes,et al.  Internet X.509 Public Key Infrastructure LDAPv2 Schema , 1999, RFC.

[6]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[7]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[8]  Shohachiro Nakanishi,et al.  Performance evaluation of public-key certificate revocation system with balanced hash tree , 1999, Proceedings of the 1999 ICPP Workshops on Collaboration and Mobile Computing (CMC'99). Group Communications (IWGC). Internet '99 (IWI'99). Industrial Applications on Network Computing (INDAP). Multime.

[9]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[10]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.