A distributed Online certificate status protocol based on GQ signature scheme

Abstract

OCSP (Online Certificate Status Protocol) is the most popular mechanism for providing the real-time status of a certificate in PKI (Public Key Infrastructure). A major drawback of OCSP is the heavy load required by the CA (Certification Authority). Traditional D-OCSP (Distributed OCSP) can relieve the burden of the CA, but it increases the client's load. To solve this problem, D-OCSP-KIS (Distributed OCSP based on Key-Insulated Signature) was recently introduced. While multiple responders designated by the CA have different private keys, only a single public key is used in D-OCSP-KIS to reduce the client's load. However, the length of the single public key is in proportion to the number of responders. Hence, we propose D-OCSP-IBS (Distributed OCSP based on Identity-Based Signature), where the length of the single public key is constant and short. To give a concrete example, we present a D-OCSP-IBS system based on GQ (Guillou-Quisquater) signature scheme and discuss the advantages of D-OCSP-IBS.