Asynchronous Large-Scale Certification Based on Certificate Verification Trees

  • Josep Domingo-Ferrer
  • Marc Alba
  • Francesc Sebé
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 64)


Good public-key infrastructures (PKIs) are essential to make electronic commerce secure. Quite recently, certificate verification trees (CVTs) have been introduced as a tool for implementation of large-scale certification authorities (CAs). In most aspects, the CVT approach outperforms previous approaches like X.509 and certificate revocation lists, SDSI/SPKI, certificate revocation trees, etc. However, there is a tradeoff between manageability for the CA and response time for the user: CVT-based certification as initially proposed is synchronous, i.e. certificates are only issued and revoked at the end of a CVT update period (typically once a day). Assuming that the user is represented by a smart card, we present here solutions that preserve all advantages of CVTs while relaxing the aforementioned synchronization requirement. If short-validity certificates are used, implicit revocation provided by the proposed solutions completely eliminates the need for the signature verifier to check any revocation information (CRLs, CRTs, etc.).


Large-scale public key infrastructures Certification authorities Certificate verification trees Smart cards Implicit revocation 


  1. [1]
    S. Berkovits, S. Chokhani, J. A. Furlong, J. A. Geiter and J. C. Guild. Public Key Infrastructure Study: Final Report. The Mitre Corporation, 1994.Google Scholar
  2. [2]
    C. M. Ellison. SPKI Certificate Documentation, 1998. Scholar
  3. [3]
    I. Gassko, P. S. Gemmell and P. MacKenzie. Efficient and fresh certification. In Public Key Cryptography’2000, pages 342–353, 2000. Springer-Verlag LNCS 1751.Google Scholar
  4. [4]
    P. Kocher. A quick introduction to certificate revocation trees (CRTs), 2000. Scholar
  5. [5]
    R. Merkle. A certified digital signature. In Advances in Cryptology - Crypto’89, pages 218–238, 1990. Springer-Verlag, LNCS 435.Google Scholar
  6. [6]
    S. Micali. Efficient certificate revocation. In RSA Data Security Conference. San Francisco CA, January 1997.Google Scholar
  7. [7]
    M. Naor and K. Nissim. Certificate revocation and certificate update. In Proceedings of 7th Usenix Security Symposium. San Antonio TX, January 1998.Google Scholar
  8. [8]
    R. L. Rivest. Can we eliminate certificate revocation lists? In Financial Cryptography’98, pages 178–193, 1998. Springer-Verlag, LNCS 1465.Google Scholar
  9. [9]
    R. L. Rivest and B. Lampson. SDSI-A Simple Distributed Security Infrastructure, 2000. Scholar
  10. [10]
    D. Stinson. Cryptography: Theory and Practice. CRC Press, 1995.zbMATHGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2001

Authors and Affiliations

  • Josep Domingo-Ferrer
    • 1
  • Marc Alba
    • 1
  • Francesc Sebé
    • 1
  1. 1.Dept. of Computer Engineering and MathematicsUniversitat Rovira i VirgiliTarragona, CataloniaSpain

Personalised recommendations