Efficient ML-DSA Public Key Management Method with Identity for PKI and Its Application

TL;DR

This paper introduces a novel identity-based public key management framework for PKI, leveraging post-quantum cryptography and NIST ML-DSA, to improve efficiency and scalability in large-scale, secure PKI applications like RPKI.

Contribution

It proposes the IPK-pq framework that enhances identity mapping, simplifies verification, and provides formal security proof, addressing limitations of traditional certificate-based PKI in the post-quantum era.

Findings

Significant efficiency improvements in RPKI systems using IPK-pq

Enhanced scalability for large-scale PKI applications

Formal security proof validating IPK-pq's robustness

Abstract

With the rapid evolution of the Industrial Internet of Things (IIoT), the boundaries and scale of the Internet are continuously expanding. Consequently, the limitations of traditional certificate-based Public Key Infrastructure (PKI) have become increasingly evident, particularly in scenarios requiring large-scale certificate storage, verification, and frequent transmission. These challenges are expected to be further amplified by the widespread adoption of post-quantum cryptography. In this paper, we propose a novel identity-based public key management framework for PKI based on post-quantum cryptography, termed \textit{IPK-pq}. This approach implements an identity key generation protocol leveraging NIST ML-DSA and random matrix theory. Building on the concept of the Composite Public Key (CPK), \textit{IPK-pq} addresses the linear collusion problem inherent in CPK through an enhanced identity mapping mechanism. Furthermore, it simplifies the verification of the declared public key's authenticity, effectively reducing the complexity associated with certificate-based key management. We also provide a formal security proof for \textit{IPK-pq}, covering both individual private key components and the composite private key. To validate our approach, formally, we directly implement and evaluate \textit{IPK-pq} within a typical PKI application scenario: Resource PKI (RPKI). Comparative experimental results demonstrate that an RPKI system based on \textit{IPK-pq} yields significant improvements in efficiency and scalability. These results validate the feasibility and rationality of \textit{IPK-pq}, positioning it as a strong candidate for next-generation RPKI systems capable of securely managing large-scale routing information.