Modern vehicular security architectures provision authorized vehicles with multiple short-term pseudonym certificates, so users can avoid tracking by rotating among certificates when signing messages. The large number of certificates in the system, however, makes revocation via Certificate Revocation Lists (CRLs) complex and/or inefficient. Two possible solutions for this issue are: (1) frequently provision non-revoked vehicles with few certificates, as done in the Cooperative Intelligent Transport Systems (C-ITS) standard; or (2) provision many encrypted certificates and periodically broadcast “activation codes” for controlling decryption by non-revoked vehicles, as proposed in Activation Codes for Pseudonym Certificates (ACPC), an extension of the Security Credential Management System (SCMS) standard. In this article, we compare such approaches in terms of computational efficiency and privacy preservation. We show that ACPC has advantages over both C-ITS (e.g., support for distributed caching) and CRLs (e.g., avoiding processing overheads on vehicles). We also discuss how ACPC can benefit from the unicast distribution of activation codes, with different trade-offs between privacy and bandwidth savings: getting as much privacy as C-ITS, but downloading 16-byte codes instead of hundreds of kilobytes, or fixing bandwidth costs (resp. privacy level) for a privacy degradation (resp. bandwidth usage) that grows logarithmically with the number of revocations.

现代车辆安全体系结构为授权车辆提供了多个短期假名证书，因此用户在签名消息时可以通过在证书之间循环来避免跟踪。但是，系统中大量的证书使通过证书吊销列表（CRL）吊销变得复杂和/或效率低下。针对此问题的两种可能的解决方案是：（1）像协作智能运输系统（C-ITS）标准那样，经常为未吊销的车辆提供很少的证书；或（2）提供许多加密证书，并定期广播“激活码”以控制非撤销车辆的解密，如“假名证书激活码（ACPC）”（安全证书管理系统（SCMS）标准的扩展）中所述。在这篇文章中，我们在计算效率和隐私保护方面比较了这些方法。我们证明，ACPC优于C-ITS（例如，支持分布式缓存）和CRL（例如，避免车辆的处理开销）。我们还将讨论ACPC如何从中受益。激活码的单播分发，在隐私和节省带宽之间有不同的权衡：获得与C-ITS一样多的隐私，但是下载16字节代码而不是数百千字节，或者固定带宽成本（分别为隐私级别）隐私降级（分别为带宽使用）与撤销次数成对数增长。