Design And Implementation Of Distributed PKI Architecture Based On Consortium Blockchain

Public key infrastructure(Public Key Infrastructure,PKI)is a key technology to solve the problem of information security.However,the core structure is prone to the problem of single point failure of certificate center(Certificate Authority,CA),CA false certificates are issued because of being attacked and deceived.The blockchain technology is widely concerned because of its characteristics of distributed,non-tampering and transparent traceability.In this thesis,the blockchain technology is introduced to design and implement the distributed PKI architecture based on the blockchain in view of the problem that the traditional PKI centralization structure is vulnerable to single point failures and attacks.The research contents include the following aspects.1.Design a distributed PKI architecture based on consortium blockchain.On the basis of studying blockchain technology and PKI framework,this thesis puts forward a distributed PKI system architecture based on consortium blockchain in view of the shortcomings of traditional PKI system centralization architecture.A multi-CA cooperative certificate issuing mechanism based on consortium blockchain is designed.The architecture can support the chain storage and release of CA operation logs.Multiple CA servers monitor and verify each other through consensus algorithm,and issue digital certificates in cooperation,which can effectively reduce the risk of single CA nodes being attacked.2.Propose an extended optimization scheme of PBFT consensus algorithm.To solve the problem of low efficiency and low scalability of practical Byzantine fault-tolerant consensus algorithm(Practical Byzantine Fault Tolerance,PBFT),a scalable optimization PBFT consensus algorithm(A scalable optimized PBFT consensus algorithm,S-PBFT).On the basis of the existing PBFT consensus algorithm,the node reputation degree is introduced to select some nodes to participate in the consensus,and the probability of transaction delay caused by Byzantine node becoming master node is reduced by dynamic adjustment of the nodes participating in the consensus.3.Design and implement a distributed PKI system based on consortium blockchain.Based on the above key technologies,a distributed PKI system based on consortium blockchain architecture is designed and implemented.The main key modules are verified and the feasibility of combining blockchain technology with PKI system is verified.Compared with traditional PKI system,this system has higher reliability and security.