Paper 2009/121

Optimized Public Key Infrastructure -- A PKI to Support Efficient Document's Signatures

Martín Augusto Gagliotti Vigil and Ricardo Felipe Custódio and Nelson da Silva and Ricardo Moraes

Abstract

Optimized Public Key Infrastructures are traditional PKI in which end users may optimize the signatures of their documents, replacing the signer's validation data with Optimized Certificates (OC). OCs carry the signer's identification and public key, but are issued for a specific time, i.e., fields notBefore and notAfter have the same value, thus there are no reasons to revoke them. The OC's certification path is supposed to be shorter and uses Micali's revocation scheme. Furthermore, OCs include signed document's hashcodes, working also as time-stamps. Therefore, OCs are useful to replace signed document's validation data by one smaller and easier to verify. Finally, when OCs become invalid due to cryptographic algorithm weakness and limits in the validity periods of their certificate chains, they can be easily replaced by new ones, thus this proposal is suitable for efficient long term archiving.

Note: This work brings a full revision of a previous paper about Optimized Certificates which was published at the Proceedings of the 5th European PKI workshop on Public Key Infrastructure. Thus, Optimized Certificate's idea has been rewritten in order to make it clear, an unnoticed wrong deployment of Micali Novomodo proofs embedded in self-verifiable document way has been bypassed and some new novelties has been added.