Abstract: Mobile Ad Hoc Networks（MANET） usually adopt the distributed CA certification program，but the program focuses on the problem of secure auditing before the secret share distribution in certification service rarely，and the existing scheme is one hop architecture based on the threshold secret sharing cryptography scheme，a node can not work properly when the value of its one hop neighbor is less than threshold value.This paper proposes a security multi-layer distributed secret share distribution scheme combined with the multi-layer distributed technology，on the one hand，which can carry out strict auditing towards the nodes that applies for secret shares to prevent several malicious nodes working together to recover the secret key of system effectively，on the other hand can make the nodes which on the network edge or at other specific location to achieve the correct warrant certificates recur to the deputy neighbor nodes，resolve the amount of warrant certificates less than threshold value issues.

Key words: Mobile Ad Hoc Networks, threshold secret sharing, secret share, multi-layer distributed, warrant certificate

摘要： 移动Ad Hoc网络（MANET）通常采用分布式CA认证方案，但针对认证服务中私钥元分配之前的安全审核方案很少，且已有方案是基于门限方案的单层结构，当一个节点的单跳邻居节点数目小于系统门限值时就无法正常工作。采用多层分布式技术，提出一种安全的多层分布式私钥元分配方案，一方面可以对申请私钥元的节点进行严格审核，防止多个恶意节点合谋重构系统私钥；另一方面可以使网络边缘或其他特殊位置的节点通过代理邻居节点获得正确的担保证书，解决了担保证书低于门限值的问题。

关键词: 移动Ad Hoc网络, 门限秘密共享, 私钥元, 多层分布式, 担保证书