Certiicate Revocation and Certiicate Update

A new solution is suggested for the problem of certi cate revocation. This solution represents Certi cate Revocation Lists by an authenticated search data structure. The process of verifying whether a certi cate is in the list or not, as well as updating the list, is made very e cient. The suggested solution gains in scalability, communication costs, robustness to parameter changes and update rate. Comparisons to the following solutions are included: `traditional' CRLs (Certi cate Revocation Lists), Micali's Certi cate Revocation System (CRS) and Kocher's Certi cate Revocation Trees (CRT). Finally, a scenario in which certi cates are not revoked, but frequently issued for short-term periods is considered. Based on the authenticated search data structure scheme, a certi cate update scheme is presented in which all certi cates are updated by a common message. The suggested solutions for certi cate revocation and certi cate update problems is better than current solutions with respect to communication costs, update rate, and robustness to changes in parameters and is compatible e.g. with X.500 certi cates.