With the rapid evolution of the Industrial Internet of Things (IIoT), the boundaries and scale of the Internet are continuously expanding. Consequently, the limitations of traditional certificate-based Public Key Infrastructure (PKI) have become increasingly evident, particularly in scenarios requiring large-scale certificate storage, verification, and frequent transmission. These challenges are expected to be further amplified by the widespread adoption of post-quantum cryptography. In this paper, we propose a novel identity-based public key management framework for PKI based on post-quantum cryptography, termed \textit{IPK-pq}. This approach implements an identity key generation protocol leveraging NIST ML-DSA and random matrix theory. Building on the concept of the Composite Public Key (CPK), \textit{IPK-pq} addresses the linear collusion problem inherent in CPK through an enhanced identity mapping mechanism. Furthermore, it simplifies the verification of the declared public key's authenticity, effectively reducing the complexity associated with certificate-based key management. We also provide a formal security proof for \textit{IPK-pq}, covering both individual private key components and the composite private key. To validate our approach, formally, we directly implement and evaluate \textit{IPK-pq} within a typical PKI application scenario: Resource PKI (RPKI). Comparative experimental results demonstrate that an RPKI system based on \textit{IPK-pq} yields significant improvements in efficiency and scalability. These results validate the feasibility and rationality of \textit{IPK-pq}, positioning it as a strong candidate for next-generation RPKI systems capable of securely managing large-scale routing information.

翻译：随着工业物联网的快速发展，互联网的边界与规模持续扩展。传统基于证书的公钥基础设施在需要大规模证书存储、验证及频繁传输的场景中，其局限性日益凸显。后量子密码的广泛应用将进一步加剧这些挑战。本文提出了一种基于后量子密码的新型PKI身份公钥管理框架，命名为\textit{IPK-pq}。该方法利用NIST标准化的ML-DSA算法与随机矩阵理论，设计了一个身份密钥生成协议。在组合公钥的概念基础上，\textit{IPK-pq}通过增强的身份映射机制，解决了CPK固有的线性共谋问题。同时，该方法简化了声明的公钥真实性验证过程，有效降低了基于证书的密钥管理复杂度。我们还为\textit{IPK-pq}提供了形式化安全证明，涵盖单个私钥组件与组合私钥。为验证方案的有效性，我们在典型PKI应用场景——资源公钥基础设施中直接实现并评估了\textit{IPK-pq}。对比实验结果表明，基于\textit{IPK-pq}的RPKI系统在效率与可扩展性方面均实现显著提升。这些结果验证了\textit{IPK-pq}的可行性与合理性，使其成为面向下一代、可安全管理大规模路由信息的RPKI系统的有力候选方案。