抄録
To overcome the privacy limitations of conventional PKI (Public Key Infrastructure) systems, combinatorial certificate schemes assign each certificate to multiple users so that users can perform anonymous authentication. From a certificate pool of N certificates, each user is given n certificates. If a misbehaving user revokes a certificate, all the other users who share the revoked certificate will also not be able to use it. When an honest user shares a certificate with a misbehaving user and the certificate is revoked by the misbehaving user, the certificate of the honest user is said to be covered. To date, only the analysis for the worst scenario has been conducted; the probability that all n certificates of an honest user are covered when m misbehaving users revoke their certificates is known. The subject of this article is the following question: how many certificates (among n certificates) of an honest user are covered on average when m misbehaving users revoke their certificates? We present the first average-case analysis of the cover probability in combinatorial certificate schemes.
