The CA-to-directory communication costs of our scheme are optimal (proportional to the number of changes in the revocation list), enabling high update rates. The proof supplied by the directory is of length logarithmic in the number of revoked certificates. This allows the user to hold a short transferable proof of the validity of his certificate and present it with his certificate (This proof may be efficiently updated, we will make use of this feature in the certificate update scheme of Section 6).
In the following, we compare the communication costs of CRL, CRS and our system (the communication costs of CRT are similar to ours). Basing on this analysis, we show that the proposed system is more robust to changes in parameters, and allows higher update rates than the other.
Other advantages of the proposed scheme are:
The parameters we consider are:
Values for are taken from Micali [18], and are specific to our scheme.
The following table shows the estimated daily communication costs (in bits) according to the three schemes.
As shown in the table, the proposed scheme costs are lower than CRL costs both in CA-to-directory and in directory-to-users communication. The CA-to-directory costs are much lower than the corresponding CRS costs but, the directory-to-user (and thus the over all) communication costs are increased. Note that in practice, due to communication overheads, the difference between CRS and the proposed method in Directory-to-users communication may be insignificant.
Our scheme is more robust to changes in parameters than CRL and CRS. Since these are bound to change in time or due to the specific needs of different implementations, it is important to have a system that is robust to such changes.
Changes will occur mainly in the total number of certificates (n) and the update rate (T). In the proposed method, changes in n are moderated by a factor of p. Changes in T are moderated by the fact that the update communication costs are not proportional to nT but to T. Figure 1 shows how the CA-to-directory update communication costs of the three methods depend on the update rate (all other parameters are held constant). The update communication costs limit CRS to about one update a day (Another factor that limits the update rate is the amount of computation needed by a user in order to verify that a certificate was not revoked). The proposed method is much more robust, even allowing once per hour updates.
Figure 1: Daily CA-to-directory update costs vs. update rate.