All You Need to Know About V2X PKI Certificates: Butterfly Key Expansion and Implicit Certificates

AutoCrypt SCMS now supports Butterfly Key Expansion for both implicit and explicit certificates of the V2X PKI ecosystem. This article explains why Butterfly Key Expansion is necessary for the SCMS and why implicit certificates might be a useful alternative to conventional certificates.

Vehicle-to-everything (V2X) communication allows vehicles to communicate with other vehicles and road entities for safety warnings, traffic coordination, and eventually vehicle-infrastructure cooperated autonomous driving (VICAD). Given that these V2X messages are critical to road safety, a vehicular public key infrastructure (PKI) known as the Security Credential Management System (SCMS) has been adopted worldwide to protect the integrity of V2X messages and the privacy of road users. V2X PKI certificates, or SCMS certificates, are therefore a crucial enabler of secure V2X communications.

What Is Unique About V2X PKI Certificates?

What makes V2X PKI certificates unique? The most significant difference between IT and V2X authentication is that IT authentication is centralized and hierarchical. Users use their digital signature to reveal their identity to the server, after which the server verifies the identity and grants the user access. There is apparently no need for users to prove their identity to other users. On the other hand, V2X authentication is decentralized, where users (vehicles) need to verify each other’s identity without revealing it. Sounds contradictory? This is made possible by using pseudonym certificates.

In the SCMS, pseudonym certificates are issued by authorization certification authorities (CA) to every road user (vehicle). As suggested by its name, these certificates are pseudonymous and thus do not contain the vehicle’s identity, but instead contain proof that the vehicle’s identity had been verified by the CA and that it is a legitimate entity.

Furthermore, to prevent a stalker from spying on the same pseudonym certificate over an extended period to trace its travel routes and behaviours, pseudonym certificates have very short validity periods. For an average private vehicle, up to 20 pseudonym certificates are issued weekly, rotating every few hours to prevent tracing. These numbers can vary depending on local regulations and the importance of the passenger. For instance, the vehicle for a head of state might require non-rotating, one-time pseudonym certificates issued every five minutes.

What Is Butterfly Key Expansion?

Every time a vehicle requests a pseudonym certificate, the responsible CA needs to sign a new certificate and return it to the vehicle. Given that a typical vehicle needs up to 20 certificates per week, the CA needs to sign over a thousand certificates to a single vehicle over a year. This is a scale never seen before in the IT or financial industry. As more and more vehicles join the V2X environment, it can soon become difficult for CAs to cope with the growing number of requests.

With advancements in cryptographic construction technology, a novel approach known as Butterfly Key Expansion now overcomes this disadvantage. Butterfly Keys allow a vehicle to request an arbitrary number of certificates all at once; each certificate with a different signing key and each encrypted with a different encryption key. A request using Butterfly Key Expansion contains only one signing public key seed, one encryption public key seed, and two expansion functions that enable expansion. Therefore, Butterfly Keys are very useful for requesting pseudonym certificates as they can drastically decrease the number of requests needed.

Note that Butterfly Keys are not needed for issuing application certificates* to roadside units (RSU). Since privacy is not a concern to roadside infrastructures, application certificates are issued once at a time and have very long validity periods, meaning that application CAs are fully capable of dealing with the volume of requests.

(*Pseudonym certificates are used by vehicles for self-identification in V2V communications, whereas application certificates are used by roadside infrastructures for self-identification in V2I applications.)

Explicit vs. Implicit Certificates

Pseudonym certificates can be constructed in two different forms: conventional (explicit) certificates and implicit certificates. Conventional certificates consist of three distinct pieces of data: 1) a public key, 2) the digital signature of the CA, binding the public key to the vehicle’s identification data, and 3) the vehicle’s identification data. During V2V message transmission, the sender signs the certificate with the private key, after which the receiver uses the public key in the certificate to verify and view the message. In this process, the sender’s identity is “explicitly verified” because by opening the message, the receiver knows that the sender is the only entity holding the private key. As such, these certificates are also known as explicit certificates.

However, a disadvantage of explicit certificates is that, since they contain three distinct pieces of data, their size can range between 2,000 bits to 30,000 bits, depending on the level of security needed. Such a size isn’t a concern in and of itself. But in the V2X environment, where traffic volume is high and transmission speeds are pivotal, smaller sizes can be more advantageous.

To enable speedier message transmission and more efficient certificate issuance, a new form of V2X PKI certificate is gaining popularity. Known as implicit certificates, or Elliptic Curve Qu-Vanstone (ECQV), these certificates contain the same three pieces of data as explicit certificates do, but do not carry them as three distinct elements. Instead, the public key and the digital signature are superimposed, leaving a single reconstruction value that is similar in size as the public key. The receiver of the message uses this reconstruction value to reconstruct the public key and verify the message. The way in which the public key and the digital signature are superimposed means that by verifying the public key, the digital signature and the legitimacy of the sender get “implicitly verified”.

Since implicit certificates contain a single reconstruction value, they are much lighter and thus require much less bandwidth to transmit. The typical size of an implicit certificate is only 200 to 500 bits, which is ideal for the SCMS, where a large volume of certificates needs to be transmitted within a constrained timeframe.

The concept of implicit certificates is developed and patented by Blackberry Certicom. Nevertheless, CAs are free to issue implicit certificates for applications in the SCMS in accordance with IEEE 1609.2.

V2X PKI Regional Requirements and Preferences

As mentioned earlier, Butterfly Key Expansion is only beneficial for issuing pseudonym certificates and is not used for generating application certificates. The same is true for implicit certificates. The lightweight advantage of implicit certificates is best seen when applied to pseudonym certificates, but less significant when applied to application certificates. Given that the mechanism behind implicit certificates is more complex, some parts of the world prefer to stay with explicit certificates.

As a result, a mix of different mechanisms is used in the real world. In fact, different transport authorities have established different requirements for the certificates used in their SCMS. In North America, implicit certificates have become the standard for all V2X PKI certificates, whereas, in China, explicit certificates are required. Europe has been establishing two different standards, one for explicit certificates and one for implicit certificates.

In general, V2X PKI certificates can be constructed using four different combinations.

AutoCrypt SCMS Ready to Support All Certificate Types

In late 2022, AUTOCRYPT completed its development on the issuance of both explicit and implicit certificates with Butterfly Key Expansion, gaining the full capability to issue and provision all types of V2X PKI certificates in the SCMS.

To learn more about AUTOCRYPT’s V2X security solutions and AutoCrypt SCMS, contact

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

AUTOCRYPT Demonstrates PKI Interoperability and Implementations at the 3rd ETSI C-V2X Plugtests Event

MUNICH, GERMANY, April 25, 2022 — AUTOCRYPT, a leading V2X communications cybersecurity company, was the only Asian PKI provider to participate in the 3rd C-V2X Plugtests ™ interoperability testing event organized by ETSI (European Telecommunications Standards Insititute) in partnership with 5GAA at the DEKRA technology center for automobiles located in Klettwitz, Germany. The event enabled different vendors, specializing in on-board units, roadside units, and public key infrastructure, to run test sessions and assess the level of interoperability based on the latest C-ITS communications and security standards, all under the watchful eye of highway operators, automobile manufacturers, and government bodies. 

AutoCrypt V2X-PKI, a core component of the C-ITS security suite that is compliant with the standards of the US SCMS, European-based SCMS, and Chinese-based SCMS, has successfully demonstrated interoperability through various state-of-the-art safety use cases, including road hazard signaling, road works warning, time to green, in-vehicle signage, traffic jam warning, longitudinal collision risk warning, and intersection collision risk warning.  

All the tests run by AUTOCRYPT were based on ETSI’s TS sector standards, including V2X communication security and SCMS for C-ITS. The tests showed that AUTOCRYPT’s solutions accomplished high levels of interoperability with other companies that are actively engaging in the development of C-V2X for the automotive industry. Through this inspection and supplementation, AUTOCRYPT expects to develop pilot projects led by the European governments and equipment companies within the year. 

Daniel ES Kim, CEO of Autocrypt Technologies GmbH, said: “It was an honor for AUTOCRYPT to be one of the selected companies at the 3rd C-V2X Plugtests ™. As V2X communications usage in the automotive industry continues to increase and PKI plays a central role in its secure development, it is critical that we continue to strengthen our SCMS management capabilities through various interoperability tests across the globe. The successful demonstration of our PKI solutions means that we are continuing to lead the industry and ensure a safer, more reliable environment to support our users.” 

AUTOCRYPT will continue to raise the standards in the PKI sector and will be demonstrating its new V2X capabilities at the highly anticipated ITF 2022 Summit this coming May. This year’s International Transport Forum will convene various experts across industries and governments to share insights on enabling social inclusion through utilizing innovative technologies in transport while promoting sustainable economic growth.  

As the deployment of applications using PKI continues to increase, AUTOCRYPT looks forward to bringing new fully customizable products and solutions to market for the benefit and safety of the industry, passengers, and the public.

AUTOCRYPT Announces Seamless Support for China’s YD/T 3957-2021 Standard Utilizing Trusted Certificate Lists

SEOUL, KOREA, February 16, 2022 — Autonomous driving security leader, AUTOCRYPT, announced that its V2X security solution, AutoCrypt V2X, now implements YD/T 3957-2021, the newest standard for LTE-based V2N communications and credential management released by the China Academy of Information and Communications Technology (CAICT).

Announced in December 2021 and to be enforced in April 2022, YD/T 3957-2021 utilizes a Trusted Root Certificate List Authority (TRCLA), which manages a Trusted Root Certificate List (TRCL) for the many Root CAs currently authorized in China. AutoCrypt V2X’s Secure Credential Management System has been listed in two Trusted Domain CA Certificate Lists (TDCL) managed by Root CAs listed in the TRCL, meaning clients can more easily operate their connected vehicles and related software in China, without requiring certificate authentication with separate PKIs.

The company’s products already follow the strict C-SCMS standards from China, and regularly update features. CEO and co-Founder Daniel ES Kim remarked: “China has boosted its autonomous driving market in the past few years and will continue to be a major region for development vehicular technology. However, due to its strict C-SCMS standards, many find it difficult to enter the market. Our SCMS ensures full compliance and seamless operations for our OEM and Tier-1 supplier partners who want to utilize V2X communications in China.”

Apart from being the sole V2X provider for all eight C-ITS development projects in South Korea, AUTOCRYPT’s V2X security solution and SCMS has refined its marketability through experience with customers and partners in China, Europe, and North America. Furthermore, its cross-industry interoperability was repeatedly demonstrated at the “Four Layers” C-V2X interoperability demonstration held annually in Shanghai—one of the largest V2X application testing events in the world.

AutoCrypt V2X is the first and only V2X security solution to have successfully completed the demonstration in both areas of device security and the PKI backend. The company is also the first and only provider to have demonstrated interoperability across all three major Security Credential Management System (SCMS) protocols, including the US-based SCMS, European-based C-ITS CMS (CCMS), and China-SCMS (C-SCMS).

AUTOCRYPT Launches Newest Upgrade of SCMS for V2X Security Solution

SEOUL, KOREA, Jan. 5, 2022 — Known for its autonomous driving security solutions, AUTOCRYPT recently announced the launch of AutoCrypt SCMS Version 5.0, a Security Credential Management System (SCMS) for Vehicle-to-Everything (V2X) communications, and a crucial component of its AutoCrypt V2X security solution. An SCMS is essential for autonomous driving as it signs and verifies the messages transmitted via V2X to ensure security and safety. 

Utilizing a public key infrastructure (PKI) to encrypt, validate, and manage certificates for V2X communications, the newest version of AutoCrypt SCMS, Version 5.0, comes with newly added Certificate Revocation List (CRL) and Misbehavior Detection (MBD) functionalities. Based on the IEEE 1609.2 standard, the CRL supports both hash-based CRL, which lists the hash value of revoked certificates; and full linkage ID-based CRL, which allows for more efficient mass revocation.  

AutoCrypt SCMS securely manages the entire lifecycle of a certificate and is updated regularly to comply with stringent regulations from various regions. While many security providers only provide compliance in one or two regions, AUTOCRYPT’s research and development team have secured compliance with all existing standards regarding certificate management, including the US SCMS, European-based C-ITS CMS (CCMS), and Chinese-based C-SCMS.  

The company most recently participated in the OmniAir Consortium’s “OmniAir Plugfest” with companies like Blackberry, ESCRYPT, and Green Hills Software. AUTOCRYPT showcased AutoCrypt SCMS Version 5.0 by completing a demonstration of the revocation of cross-certificates in an actual driving environment and were able to demonstrate international compatibility of the entire certificate lifecycle, including issuance, management, and revocation.  

“V2X technology will need to be prioritized if the industry wants to move past Level 3 Driving Automation into Level 4 and 5. And as autonomous driving technology continues to become more prevalent, security for V2X communications will be more important than ever,” said CEO and co-Founder, Daniel ES Kim. “We are very pleased to be one of the few companies to be able to provide an authentication system that supports all regional standards and look forward to continuously updating our technologies to stay above all regulatory changes.”  

AUTOCRYPT currently oversees security for all smart highway/expressway projects in Korea and has focused on expanding its projects to other C-ITS endeavors worldwide. With its wide international compliance and customizable integrations, AUTOCRYPT is ideal for OEMs, public institutions, and governments looking to prioritize secure mobility for all.