2006 Volume 2 Pages 513-523
Certificate revocation is a critical issue for a practical, public-key infrastructure. A new efficient revocation protocol using a one-way hash tree structure (instead of the classical list structure, which is known as a standard for revocation) was proposed and examined to reduce communication and computation costs. A tree approach, however, may run in O(n) time, in the worst case, i.e., when all the entries are sorted in descending order. A red-black tree is a binary sorted tree, with one extra bit per node, which is used for balancing the tree and guarantees that search and insertion operations take O(logn), even in the worst case. In this paper, we propose a binary red-black hash tree for certificate revocation and prove that it reduces costs more than any other tree balancing approache. We also compare the estimated communication and computation cost reductions of the red-black hash tree to those of the conventional binary search tree.