PKI provides a digital certication system. Each certication basically contains the

information of ID k pk k valid $$ period k algorithm k metadata together with a signature CA of CA$.$

$(1)$ Could we just use an MAC to generate CA$?$ please brie$$y explain. $(2)$ Root CA CAr needs to

be very careful about his secret key which is the root trust of the whole PKI system. He may choose

to be oine, and introducing a bunch of intermediate CAs $($CA$1$; : : : ;CAn$)$ to interact with the users

who are requesting certicates. At the system setup phase, he issues certicates for each of the CAi and

let those intermediate CAs to generate certicates. Essentially any certicate generated by any of the

CAi is considered valid. Another solution is for the CA to split his root secret into n pieces and stored

in n dierent machines, and leverage a threshold certication generation procedure that only when n$=2$

machines respond with a valid certicate share, user can combine and obtain a valid certicate. Which

of the two solutions is more vulnerable $($or requiring more trust$)?$ please brie$$y explain.