CN111539718A - Block chain cross-chain identity authentication method based on side chain - Google Patents
Block chain cross-chain identity authentication method based on side chain Download PDFInfo
- Publication number
- CN111539718A CN111539718A CN202010062108.9A CN202010062108A CN111539718A CN 111539718 A CN111539718 A CN 111539718A CN 202010062108 A CN202010062108 A CN 202010062108A CN 111539718 A CN111539718 A CN 111539718A
- Authority
- CN
- China
- Prior art keywords
- message
- tgs
- user
- chain
- signature information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
A block chain cross-chain identity authentication method based on a side chain comprises the following steps: the server S obtains K through calculationc,sAlso using the public key KPcVerifying signature information (r)Auth2,sAuth2) Verification of the Authentication code2Generated by user C; the server S utilizes the private key KRsTicket for decrypting billsObtain the parameter Q4And signature informationReusing TGS in Block chain B2Public key KPtgs2Verifying signature informationServer S using secret key Kc,sAuthentication of decrypted Authentication codes2Judging the Random number Random4Value of (D) and TicketsThe parameter values in (1) are consistent; when the authentication of the user C is completed, the server S constructs a message M10By usingSession key pair message M for user C and server S in blockchain A10Encryption is performed. Compared with the prior art, the invention ensures the effectiveness and the rigor of the authentication process, and improves the safety performance while ensuring the authentication of the cross-chain transaction.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a block chain cross-chain identity authentication method based on a side chain.
Background
The blockchain is essentially a distributed shared account book, and the core problem solved by the blockchain is how to enable two mutually untrusted parties in a peer-to-peer network to trust each other and to securely conduct transactions without a trust background. In the block chain, transactions in a certain time period form blocks after being processed by a cryptographic algorithm so as to record confirmation information of the transactions, and the blocks are mutually related and connected in series to form a head-to-tail related block chain.
All transactions in the block chain go through the following five processes and are finally recorded into the book, and assuming that the transaction in the block chain is transferred from A to B, the specific process is as follows:
the first step is as follows: encrypting the previous transaction by using the public key of the payee B to obtain a hash value h, encrypting h by using the private key of the payer A to obtain a digital signature, attaching the signature to a transaction list, and sending the transaction list to the payee B, thereby successfully creating a new transaction;
the second step is that: payer A broadcasts the transaction order to other nodes in the whole network in the P2P network, and the other nodes record the transaction order into a block;
the third step: each node strives to calculate the hash value of the characteristics so as to carry out workload certification, thereby obtaining the accounting right and corresponding rewards;
the fourth step: the first node which calculates the result broadcasts a block containing the transaction to other nodes in the whole network, and attaches a timestamp, and each broadcasted node verifies the block;
the fifth step: after other nodes verify that all transactions in the block are correct, the block is synchronized to the block chain of all nodes in the whole network, and then the account book is recorded.
The existing single-chain authentication technology is mainly divided into the following three stages:
the first stage is as follows: the client C requests the authentication server AS to issue a permission ticket to access the ticket granting server TGS. The AS sends back an encrypted ticket, the encryption key being derived from the user password. When the response reaches the client, the client prompts user C to enter a password, thereby generating a key and attempting to decrypt the received message. If the password is correct, the bill can be correctly recovered.
And a second stage: the client C accesses the TGS to obtain a service license ticket for accessing the server S. The TGS decrypts the received license ticket, and verifies whether the decryption is successful by checking whether the ID of the TGS exists. The ticket life cycle is then checked to ensure that the ticket is not expired. And finally, comparing whether the user information in the ticket is consistent with the user information in the received data packet or not, determining that the user is a legal user according to the user information, and sending a service permission ticket.
And a third stage: the client C accesses the server S with the service ticket and performs mutual authentication.
The above prior art scheme can only perform effective authentication on single-chain transactions within a blockchain, but is not applicable to user authentication required by cross-chain transactions.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a block chain cross-chain identity authentication method based on a side chain, so that the validity and the rigor of an identity authentication process are ensured, and the safety performance is improved while the cross-chain transaction identity authentication is ensured.
The invention provides a block chain cross-chain identity authentication method based on a side chain, which comprises the following steps,
step S1, user C of block chain B constructs message Q1Wherein, in the step (A),using private key KRcTo Q1Signing to obtain signature informationUsing message Q1And signature informationConstructing a message M1(ii) a Using AS1The public key KR of (what meaning)cFor message M1Encrypting, and sending the encrypted message M1AS sent to Block chain A1;
Step (ii) ofS2、AS1Using a private keyDecrypting message M1Obtaining a message Q1And signature informationUsing the public key KRcVerifying signature informationSending out for the user C; AS1Looking up a local database according to the message Q1ID of (1)cConfirming the existence and the legality of the user C; when user C is confirmed to be legal, AS1Construct access TGS1The billSignature informationIs AS1Using a private keyTo Q2Signature information of AS1By TGS1Public key pair billPerforms encryption, AS1To the noteSigning to obtain signature informationAS1According to access TGS1The billAddress IDtgs1Random number Random1+1 and signature informationConstructing a message M2Using public key of user C to message M2Encrypting, the encrypted message M2Sending the data to a user C;
step S3, user C uses private key KRcFor message M2Decrypting and confirming the parameter Random obtained by decryption1+1 is a message Q1Random number Random in (1)1+1,; user C uses AS1Of (2) a public keyVerification signature informationThe correctness of the test; user C uses the address IDCAnd Random number Random2Architecture Authentication code1And using the private key KRcAuthentication of verification code1Signing to obtain signature informationUser C reuses address IDtgs2Access to TGS1The billAuthentication code Authentication1And signature informationConstructing a message M3(ii) a Using TGS1Public key pair message M3Encrypting, and sending the encrypted message M3To TGS1Requesting cross-chain access to the ticket;
step S4, TGS1With the private key KRtgs1For message M3Decrypting to obtain billAuthentication of Authentication code1And signature informationUsing public key KR of user CcVerifying signature informationVerification of the correctness of the Authentication code1Is issued by user C; TGS1Using private keys KRtgs1Decrypted access TGS1The billObtaining a parameter Q2And signature informationTGS1By AS1Of (2) a public keyVerifying signature informationAcknowledgement parameter Q2By AS1Sending out; TGS1Using the parameter Q2Parameter (2) ofAuthentication of decrypted Authentication codes1The obtained parameter IDcAnd parameter Random2Comparing IDcAnd Q2ID of (1)cIf they are consistent, the bill is confirmedOwned by user C;
TGS1constructing cross-chain access ticketsTGS1With the private key KRtgs1For parameter Q3Signing to obtain signature informationTGS1To cross the chainAccess ticketSigning to obtain signature informationTGS1According to the use of address IDtgs2Random number Random2+1, cross-chain access ticketAnd signature informationConstructing a message M4;TGS1Message M with public key of user C4Encrypting, and sending the encrypted message M4Sending the data to a user C;
step S5, user C uses private key KRcFor message M4Decrypting to obtain parametersAnd confirms the Random number Random2+1 is the Random number Random sent in step 32+ 1; TGS for user C1Public key KPtgs1Verifying signature informationConfirming cross-chain access Tickettgs2Is composed of TGS1The information is issued; for user CDecryption cross-chain access ticketObtain the parameter Q3And signature informationAnd will beStored as secret information, and parameter Q3And parametersAs proof-of-knowledge data for zero; user C constructs message M5(ii) a Message M5TGS Using Block chain B2Encrypting the public key; and will message M5TGS sent to Block chain B2;
Step S6 TGS of Block chain B2With the private key KRtgs2For message M5Decrypting to obtain parameter IDRealm,IDs,KPc,Random3,Q3,According to TGS2The trust value information about the block chain A stored in the step (A) is used for calculating a parameter t and a parameter e which meet zero knowledge proof; TGS of Block chain B2Obtaining a public parameter p and a parameter g, and selecting a random number n1,n2,...ni,...,ne},i∈[1,e]And n isi∈ (1, p-1), calculatingRestructuring a message M6As a query, message M6Sending the data to a user C;
step S7, user C receives message M6Then, the parameter T is obtained1,T2,...,TeObtaining public parameter p and parameter g from a third party and using secret informationComputing[1,e](ii) a Restructuring a message M7As a pair message M6In response to (2), message M7Is sent toTGS of Block chain B2;
Step S8 TGS of Block chain B2Receiving message M7Then, the parameter C is obtained1,C2,...,Ce(ii) a Reusing TGS in Block chain A1Public key KPtgs1Parameter Q3And parametersVerification equationIs established, whereinWhen verifying the equationIf yes, judging whether zero knowledge proving conditions are met, and if not, continuing to select e random numbersAnd repeating steps S6 through S8; when the zero knowledge proof condition is satisfied after the repetition, the TGS of the block chain B2TGS based on Block chain A1Trusting, and confirming that the user C is a legal user; TGS of Block chain B2Ticket for user C to access serviceTicket for accessing servicesUsing the public key of the server S for encryption, whereinAlso for TGS2Ticket for accessing servicesSigning to obtain signature informationTGS2Constructing a message M8Message M8Occurs to user C;
step 9, user C uses private key KRcFor message M8Decrypting to obtain parametersVerifying the received Random number Random3+1 is Random generated in step 53A random number + 1; TGS for user C2KR public keytgs2Verifying signature informationIf the verification is correct, a verification code is generatedUsing the private key KRcAuthentication of verification code2Signature derivation (r)Auth2,sAuth2) (ii) a Finally, user C constructs message M9(ii) a Message M with public key pair of server S9Encrypting, and sending the encrypted message M9Sending the data to a server S;
step 10. Server S utilizes private Key KRsDecrypting message M9Get the Ticket Ticket of the access servicesAuthentication code2Public key KPcSignature information (r)Auth2,sAuth2) And signature informationThe server S obtains K through calculationc,sAlso using the public key KPcVerifying signature information (r)Auth2,sAuth2) Verification of the Authentication code2Generated by user C; the server S utilizes the private key KRsTicket for decrypting billsObtain the parameter Q4And signature informationReusing TGS in Block chain B2Public key KPtgs2Verification signature informationTicket to validate access to servicessFrom TGS2Issuing; server S using secret key Kc,sAuthentication of decrypted Authentication codes2To obtain a parameter IDRealm,Random4,Judging Random number Random4Value of (D) and TicketsThe parameter values in the bill are consistent, and the bill is ensured to be held by a user C who initially applies for the bill; when the authentication of the user C is completed, the server S constructs a message M10Message M is paired with the session key of user C and server S in blockchain A10Encryption is performed.
As a further technical solution of the present invention, in step S1, a message Q is used1And signature informationConstructing a message M1Is of the formula
Further, in S4: cross-chain access ticketWherein, the parameter Q3=h(IDtgs2,IDtgs1,IDc) H () is a one-way hash function; message
The invention ensures the effectiveness and the rigor of the authentication process through the zero-knowledge proof algorithm, improves the safety performance while ensuring the authentication of the cross-chain transaction, and can effectively resist common network attacks such as replay attack, man-in-the-middle attack, eavesdropping and the like.
Drawings
FIG. 1 is a block diagram of a server application module of the present invention.
Detailed Description
Side chain and chain spanning technology
The block chain system is developed from a POW-based bitcoin network, an Ethernet network to a PBFT-and-DPOS-consensus-algorithm-based alliance chain and a public chain network, and although the TPS is greatly promoted from single digit to ten thousand levels, certain decentralization is sacrificed, and the block chain system does not conform to the core concept of the block chain system.
The side chain technology is promoted along with the capacity expansion dilemma of bitcoin. The concept of side chains is relative to the main chain. When the performance of the main chain is bottleneck or some functions cannot be expanded, the assets are transferred to the side chain, and related transactions only need to be executed on the side chain, so that the purposes of sharing the pressure of the main chain and expanding the performance and the functions of the main chain are achieved.
The side chain technical scheme is mainly proposed for bitcoin. Because of the technical structure of bitcoin, it has the disadvantage of self-extensibility. For example, long transaction delay, low throughput, and no support for smart contracts with complete graphics are inherent design defects of bitcoin. And these defects must be resolved by reconstructing the bitcoin base framework and algorithm.
However, considering that the bitcoin is the digital currency with the largest market value, the highest currency and the widest acceptance, modifying the infrastructure of the bitcoin may cause great risks, which determines that the bitcoin is difficult to improve the scalability of the bitcoin through technical upgrading.
The basic idea of the side chain technology is to additionally activate a side chain to transfer the bitcoin asset to the side chain, and vice versa, the asset on the side chain can be transferred back to the bitcoin. The assets of bitcoin on the main chain and the side chain can be transferred in two directions, and the process is the anchor of the assets in two directions.
With respect to sidechains, cross-chaining refers to the transfer, communication, and exchange of assets and states on two or more different chains through a trusted mechanism. In a cross-chain scenario, the chain-to-chain relationship is not only a main-side relationship, but also can be a peer-to-peer relationship, and assets on the chain can be anchored in both directions, exchanged with each other through a variable exchange rate, and even can complete interaction in an intelligent contract manner. In order to realize interconnection and interworking between chains, an identity authentication mechanism between blockchain systems is designed first, so that one blockchain can receive and verify a transaction on another blockchain.
Side chain based cross-chain identity authentication
Symbol interpretation
The Client represents a Client;
AS (authentication Server) is an authentication server;
KDC (Key Distribution center) key Distribution center
Tgt (ticket grading ticket) ticket authorization ticket
Tgs (ticket ranking server) bill authorization server
Ek{ M } represents the key K encryption information M;
random represents a Random number set to prevent replay attack;
KP and KR respectively represent a public key and a private key;
kx, y denotes a session key shared by x and y;
(rM,sM) Represents a signature on the information M;
Tickettgs1representing an in-chain access permission ticket;
Ticketsrepresenting a cross-chain access permission ticket;
Tickettgs1representing a service license ticket.
Referring to fig. 1, the present embodiment provides a block chain cross-chain identity authentication method based on side chains, including the following steps:
step 1. user C of block chain B constructs message Q1WhereinUsing the private key KRcTo Q1Signing to obtain signature informationUsing message Q1And signature informationConstructing a message M1WhereinUsing AS1KR public keycFor message M1Encrypting, and sending the encrypted message M1AS sent to Block chain A1;
Step 2.AS1Using a private keyDecrypting message M1Get the message Q1And signature informationAS1Also using public key KRcVerifying signature informationSending out for the user C; AS1Looking up a local database according to the message Q1ID of (1)cConfirming the existence and the legality of the user C; when user C is confirmed to be legal, AS1Construct access TGS1The billWherein Is AS1Using a private keyTo Q2Signature information of AS1By TGS1Public key pair billPerforms encryption, AS1To the noteSigning to obtain signature informationAS1According to the ticketAddress IDtgs1Random number Random1+1 and signature informationConstructing a message M2WhereinMessage M with public key of user C2Encrypting, the encrypted message M2Sending the data to a user C;
step 3, the user C uses the private key KRcFor message M2Decrypting and confirming the parameter Random obtained by decryption1+1 is the message Q in step 11Random number Random in (1)1+1,; user C uses AS1Is provided with a keyVerifying signature informationThe correctness of the test; user C uses the address IDCAnd Random number Random2Structure verification codeUsing the private key KRcFor Authentication1Signing to obtain signature informationUser C reuses address IDtgs2BillAuthentication of Authentication code1And signature informationConstructing a message M3WhereinUsing TGS1Public key pair message M3Encrypting, and sending the encrypted message M3To TGS1Requesting cross-chain access to the ticket;
step 4.TGS1With the private key KRtgs1For message M3Decrypting to obtain the billAuthentication of Authentication code1And signature informationUsing public key KR of user CcVerifying signature informationVerification of the correctness of the Authentication code1Is issued by user C; TGS1Using private keys KRtgs1Deciphering billObtain the parameter Q2And signature informationTGS1By AS1Is provided with a keyVerifying signature informationAcknowledgement parameter Q2By AS1Sending out; TGS1Using the parameter Q2Parameter (1) ofAuthentication of decrypted Authentication codes1The obtained parameter IDcAnd parameter Random2Comparing IDcAnd Q2ID of (1)cIf they are consistent, the bill is confirmedOwned by user C;
TGS1constructing cross-chain access ticketsWherein the parameter Q3=h(IDtgs2,IDtgs1,IDc) H () represents a one-way hash function; TGS1With the private key KRtgs1For parameter Q3Signing to obtain signature informationTGS1Accessing tickets for cross-chainingSigning to obtain signature informationTGS1According to the use of address IDtgs2Random number Random2+1, cross-chain access ticketAnd signature informationConstructing a message M4Wherein the messageTGS1Message M with public key of user C4Encrypting, and encryptingMessage M of4Sending the data to a user C;
step 5, user C private key KRcFor message M4Decrypting to obtain parametersAnd confirms the Random number Random2+1 is the Random number Random sent in step 32+ 1; TGS for user C1Public key KPtgs1Verifying signature informationConfirming cross-chain access Tickettgs2Is composed of TGS1The information is issued; for user CDecryption cross-chain access bill Tickettgs2To obtain a parameter Q3And signature informationAnd will beStored as secret information, and parameter Q3And parametersAs proof-of-knowledge data for zero; user C constructs message M5WhereinMessage M5TGS Using Block chain B2Encrypting the public key; and will message M5TGS sent to Block chain B2;
Step 6. TGS of Block chain B2With the private key KRtgs2For message M5Decrypting to obtain parameter IDRealm,IDs,KPc,Random3,Q3,According to TGS2The trust value information about the block chain A stored in the step (A) is used for calculating a parameter t and a parameter e which meet zero knowledge proof; TGS of Block chain B2Obtaining a public parameter p and a parameter g, and selecting a random numberAnd isComputingRestructuring a message M6As a query, whereinMessage M6Sending the data to a user C;
step 7, user C receives message M6Then, the parameter T is obtained1,T2,...,TeObtaining public parameter p and parameter g from a third party and using the secret informationComputing[1,e](ii) a Restructuring a message M7As a pair message M6In whichMessage M7TGS sent to Block chain B2;
Step 8. TGS of Block chain B2Receiving message M7Then, the parameter C is obtained1,C2,...,Ce(ii) a Reusing TGS in Block chain A1Public key KPtgs1Parameter Q3And parametersVerification equationIs established, whereinWhen verifying the equationIf yes, judging whether zero knowledge proving conditions are met, and if not, continuing to select e random numbersAnd repeating step 6, step 7 and step 8; when the zero knowledge proof condition is satisfied after repeating the steps 6, 7 and 8, the TGS of the blockchain B2TGS based on Block chain A1Trusting, and confirming that the user C is a legal user; TGS of Block chain B2Ticket for user C to access serviceTicket for accessing servicesUsing the public key of the server S for encryption, whereinAlso for TGS2Ticket for accessing servicesSigning to obtain signature informationTGS2Constructing a message M8WhereinMessage M8Occurs to user C;
step 9, user C uses private key KRcFor message M8Decrypting to obtain parametersVerifying the received Random number Random3+1 is Random generated in step 53A random number + 1; TGS for user C2KR public keytgs2Verifying signature informationIf the verification is correct, a verification code is generatedUsing the private key KRcAuthentication of verification code2Signature derivation (r)Auth2,sAuth2) (ii) a Finally, user C constructs message M9WhereinMessage M with public key pair of server S9Encrypting, and sending the encrypted message M9Sending the data to a server S;
step 10. Server S utilizes private Key KRsDecrypting message M9Get the Ticket Ticket of the access servicesAuthentication code2Public key KPcSignature information (r)Auth2,sAuth2) And signature informationThe server S obtains K through calculationc,sAlso using the public key KPcVerifying signature information (r)Auth2,sAuth2) Verification of Authentication code2Generated by user C; the server S utilizes the private key KRsTicket for decrypting billsObtain the parameter Q4AndwhereinReusing TGS in Block chain B2Public key KPtgs2Verifying signature informationTicket to validate access to servicessFrom TGS2Issuing; server S using secret key Kc,sAuthentication of decrypted Authentication codes2To obtain a parameter IDRealm,Random4,Judging Random number Random4Value of (D) and TicketsThe parameter values in the bill are consistent, and the bill is ensured to be held by a user C who initially applies for the bill; when the authentication of the user C is completed, the server S constructs a messagePair of messages M using session keys of user C and server S in blockchain A10Encryption is performed.
Security analysis
A block chain cross-chain identity authentication method based on a side chain provides a basic identity authentication trust mechanism, ensures the security in the cross-chain transaction process, and is specifically analyzed as follows:
replay attack, in the process of cross-chain identity authentication, because the identity authentication process needs to strictly meet the zero-knowledge proof condition, information in the interaction process between the whole chain and the whole chain does not contain private information of a user, and even if an attacker can resend certain steps of attack, more valuable information cannot be obtained; in addition, random numbers are introduced in the encryption and decryption stages, so that a receiver can confirm whether received messages are sent by the receiver, and interference caused by clock synchronization is avoided.
The whole system adopts the digital signature and zero knowledge proving method, so that a receiver can confirm whether the information is sent by the original sender, and the possibility of existence of a man-in-the-middle is avoided.
The collusion attack adopts a strict zero-knowledge proof mechanism, so that a user does not need to submit private information related to the identity information of the user while proving the identity of the user to other chains, and the collusion attack can be effectively avoided.
And eavesdropping is carried out, and the session key between the user and the application server is negotiated by the user and the application server, so that the possibility of eavesdropping is avoided in the session process.
The foregoing illustrates and describes the principles, general features, and advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are intended to further illustrate the principles of the invention, and that various changes and modifications may be made without departing from the spirit and scope of the invention as defined by the appended claims. The scope of the invention is defined by the claims and their equivalents.
Claims (10)
1. A block chain cross-chain identity authentication method based on a side chain is characterized by comprising the following steps,
step S1, user C of block chain B constructs message Q1Wherein, in the step (A),using private key KRcTo Q1Signing to obtain signature informationUsing message Q1And signature informationConstructing a message M1(ii) a Using AS1Public key KR of (authentication server 1)cFor message M1Encrypting, and sending the encrypted message M1AS sent to Block chain A1;
Step S2, AS1Using a private keyDecrypting message M1Obtaining a message Q1And signature informationUsing the public key KRcVerifying signature informationSending out for the user C; AS1Looking up a local database according to the message Q1ID of (1)cConfirming the existence and the legality of the user C; when user C is confirmed to be legal, AS1Construct access TGS1The billSignature informationIs AS1Using a private keyTo Q2Signature information of AS1By TGS1Public key pair billPerforms encryption, AS1To the noteSigning to obtain signature informationAS1According to access TGS1The billAddress IDtgs1Random number Random1+1 and signature informationConstruction eliminatorMessage M2Using public key of user C to message M2Encrypting, the encrypted message M2Sending the data to a user C;
step S3, user C uses private key KRcFor message M2Decrypting and confirming the parameter Random obtained by decryption1+1 is a message Q1Random number Random in (1)1+1,; user C uses AS1Of (2) a public keyVerifying signature informationThe correctness of the test; user C uses the address IDCAnd Random number Random2Authentication of construction of verification codes1And using the private key KRcAuthentication of verification code1Signing to obtain signature informationUser C reuses address IDtgs2Access to TGS1The billAuthentication of Authentication code1And signature informationConstructing a message M3(ii) a Using TGS1Public key pair message M3Encrypting, and sending the encrypted message M3To TGS1Requesting cross-chain access to the ticket;
step S4, TGS1With the private key KRtgs1For message M3Decrypting to obtain billAuthentication of Authentication code1And signature informationUsing public key KR of user CcVerifying signature informationVerification of the correctness of the Authentication code1Is issued by user C; TGS1With the private key KRtgs1Decrypted access TGS1The billObtaining a parameter Q2And signature informationTGS1By AS1Of (2) a public keyVerifying signature informationAcknowledgement parameter Q2By AS1Sending out; TGS1Using the parameter Q2Parameter (2) ofAuthentication of decrypted Authentication codes1The obtained parameter IDcAnd parameter Random2Comparing IDcAnd Q2ID of (1)cIf they are consistent, the bill is confirmedOwned by user C;
TGS1constructing cross-chain access ticketsTGS1With the private key KRtgs1For parameter Q3Signing to obtain signature informationTGS1Accessing tickets for cross-chainingSigning to obtain signature informationTGS1According to the use of address IDtgs2Random number Random2+1, cross-chain access ticketAnd signature informationConstructing a message M4;TGS1Message M with public key of user C4Encrypting, and sending the encrypted message M4Sending the data to a user C;
step S5, user C uses private key KRcFor message M4Decrypting to obtain parametersRandom2+1,And confirms the Random number Random2+1 is the Random number Random sent in step 32+ 1; TGS for user C1Public key KPtgs1Verifying signature informationConfirming cross-chain access Tickettgs2Is composed of TGS1The information is issued; for user CDecrypting cross-chain access Tickettgs2To obtain a parameter Q3And signature informationAnd will beStored as secret information, and parameter Q3And parametersAs proof-of-knowledge data for zero; user C constructs message M5(ii) a Message M5TGS Using Block chain B2Encrypting the public key; and will message M5TGS sent to Block chain B2;
Step S6 TGS of Block chain B2With the private key KRtgs2For message M5Decrypting to obtain parameter IDRealm,IDs,KPc,Random3,Q3,According to TGS2The parameter t and the parameter e which meet zero knowledge proof are calculated according to the trust value information which is stored in the block chain A; TGS of Block chain B2Obtaining a public parameter p and a parameter g, and selecting a random number n1,n2,...ni,...,ne},i∈[1,e]And n isi∈ (1, p-1), calculatingi∈[1,e](ii) a Restructuring a message M6As a query, message M6Sending the data to a user C;
step S7, user C receives message M6Then, the parameter T is obtained1,T2,...,TeFromThe third party obtains the public parameter p and the parameter g and uses the secret informationComputing(modp),i∈[1,e](ii) a Restructuring a message M7As a pair message M6In response to (2), message M7TGS sent to Block chain B2;
Step S8 TGS of Block chain B2Receiving message M7Then, the parameter C is obtained1,C2,...,Ce(ii) a Reusing TGS in Block chain A1Public key KPtgs1Parameter Q3And parametersVerification equationIf it is true, where i ∈ [1, e](ii) a When verifying the equationIf yes, judging whether zero knowledge proving conditions are met, and if not, continuing to select e random numbers { n }1,n2,...ni,...,ne},i∈[1,e]And repeating steps S6 to S8; when the zero knowledge proof condition is satisfied after the repetition, the TGS of the block chain B2TGS based on Block chain A1Trusting, and confirming that the user C is a legal user; TGS of Block chain B2Ticket for user C to access serviceTicket for accessing servicesUsing the public key of the server S for encryption, whereinAlso for TGS2Ticket for accessing servicesSigning to obtain signature informationTGS2Constructing a message M8Message M8Occurs to user C;
step 9, user C uses private key KRcFor message M8Decrypting to obtain parametersRandom3+1,Tickets,Verifying the received Random number Random3+1 is the Random3 Random number +1 generated in step 5; TGS for user C2KR public keytgs2Verifying signature informationIf the verification is correct, a verification code is generatedUsing the private key KRcAuthentication of verification code2Signature derivation (r)Auth2,sAuth2) (ii) a Finally, user C constructs message M9(ii) a Message M with public key pair of server S9Encrypting, and sending the encrypted message M9Sending the data to a server S;
step 10. Server S utilizes private Key KRsDecrypting message M9Get the Ticket Ticket of the access servicesAuthentication code2Public key KPcSignature information (r)Auth2,sAuth2) And signature informationServer S obtains by calculationTo Kc,sAlso using the public key KPcVerifying signature information (r)Auth2,sAuth2) Verification of the Authentication code2Generated by user C; the server S utilizes the private key KRsTicket for decrypting billsObtain the parameter Q4And signature informationReusing TGS in Block chain B2Public key KPtgs2Verifying signature informationTicket to validate access to servicessFrom TGS2Issuing; server S using secret key Kc,sAuthentication of decrypted Authentication codes2To obtain a parameter IDRealm,Random4,Judging Random number Random4Value of (D) and TicketsThe parameter values in the bill are consistent, and the bill is ensured to be held by a user C who initially applies for the bill; when the authentication of the user C is completed, the server S constructs a message M10Message M is paired with the session key of user C and server S in blockchain A10Encryption is performed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010062108.9A CN111539718B (en) | 2020-01-19 | 2020-01-19 | Block chain cross-chain identity authentication method based on side chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010062108.9A CN111539718B (en) | 2020-01-19 | 2020-01-19 | Block chain cross-chain identity authentication method based on side chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111539718A true CN111539718A (en) | 2020-08-14 |
CN111539718B CN111539718B (en) | 2022-09-20 |
Family
ID=71980009
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010062108.9A Active CN111539718B (en) | 2020-01-19 | 2020-01-19 | Block chain cross-chain identity authentication method based on side chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111539718B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111339509A (en) * | 2020-03-03 | 2020-06-26 | 李斌 | Block chain cross-chain identity authentication method based on side chain |
CN112163845A (en) * | 2020-09-29 | 2021-01-01 | 深圳前海微众银行股份有限公司 | Cross-block-chain transaction identity confirmation method and device |
CN113300837A (en) * | 2021-04-25 | 2021-08-24 | 从法信息科技有限公司 | Cross-chain verification method and device based on block certification and electronic equipment |
WO2022083399A1 (en) * | 2020-10-21 | 2022-04-28 | 腾讯科技(深圳)有限公司 | Blockchain-based data processing method, computer device, computer-readable storage medium, and computer program product |
CN114598531A (en) * | 2022-03-10 | 2022-06-07 | 上海星图比特信息技术服务有限公司 | Identity authentication method and equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103780618A (en) * | 2014-01-22 | 2014-05-07 | 西南交通大学 | Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket |
CN107257334A (en) * | 2017-06-08 | 2017-10-17 | 中国电子科技集团公司第三十二研究所 | Identity authentication method for Hadoop cluster |
CN109039655A (en) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | Real name identity identifying method and device, identity block chain based on block chain |
CN110505058A (en) * | 2019-08-20 | 2019-11-26 | 西安电子科技大学 | The identity identifying method of isomery block chain under across chain scene |
-
2020
- 2020-01-19 CN CN202010062108.9A patent/CN111539718B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103780618A (en) * | 2014-01-22 | 2014-05-07 | 西南交通大学 | Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket |
CN107257334A (en) * | 2017-06-08 | 2017-10-17 | 中国电子科技集团公司第三十二研究所 | Identity authentication method for Hadoop cluster |
CN109039655A (en) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | Real name identity identifying method and device, identity block chain based on block chain |
CN110505058A (en) * | 2019-08-20 | 2019-11-26 | 西安电子科技大学 | The identity identifying method of isomery block chain under across chain scene |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111339509A (en) * | 2020-03-03 | 2020-06-26 | 李斌 | Block chain cross-chain identity authentication method based on side chain |
CN112163845A (en) * | 2020-09-29 | 2021-01-01 | 深圳前海微众银行股份有限公司 | Cross-block-chain transaction identity confirmation method and device |
CN112163845B (en) * | 2020-09-29 | 2024-03-22 | 深圳前海微众银行股份有限公司 | Transaction identity confirmation method and device for cross-region block chain |
WO2022083399A1 (en) * | 2020-10-21 | 2022-04-28 | 腾讯科技(深圳)有限公司 | Blockchain-based data processing method, computer device, computer-readable storage medium, and computer program product |
CN113300837A (en) * | 2021-04-25 | 2021-08-24 | 从法信息科技有限公司 | Cross-chain verification method and device based on block certification and electronic equipment |
CN113300837B (en) * | 2021-04-25 | 2022-07-26 | 从法信息科技有限公司 | Cross-chain verification method and device based on block certification and electronic equipment |
CN114598531A (en) * | 2022-03-10 | 2022-06-07 | 上海星图比特信息技术服务有限公司 | Identity authentication method and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN111539718B (en) | 2022-09-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111539718B (en) | Block chain cross-chain identity authentication method based on side chain | |
US11449819B2 (en) | Blockchain-based authentication and authorization | |
CN113194469B (en) | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain | |
CN110959163B (en) | Computer-implemented system and method for enabling secure storage of large blockchains on multiple storage nodes | |
CN101902476B (en) | Method for authenticating identity of mobile peer-to-peer user | |
CN111339509A (en) | Block chain cross-chain identity authentication method based on side chain | |
CN113301022B (en) | Internet of things equipment identity security authentication method based on block chain and fog calculation | |
Xue et al. | A distributed authentication scheme based on smart contract for roaming service in mobile vehicular networks | |
CN103905384A (en) | Embedded inter-terminal session handshake realization method based on security digital certificate | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
CN111163109B (en) | Block chain center-removing type node anti-counterfeiting method | |
EP3707853B1 (en) | Conducting secure interactions utilizing reliability information | |
CN110336673A (en) | A kind of block chain design method based on secret protection | |
CN111738857B (en) | Generation and verification method and device of concealed payment certificate applied to block chain | |
Abdelfatah et al. | Secure VANET authentication protocol (SVAP) using Chebyshev chaotic maps for emergency conditions | |
CN112364331A (en) | Anonymous authentication method and system | |
CN113468570A (en) | Private data sharing method based on intelligent contract | |
Han et al. | Zero-knowledge identity authentication for internet of vehicles: Improvement and application | |
Kara et al. | VoIPChain: A decentralized identity authentication in Voice over IP using Blockchain | |
Dwivedi et al. | Design of blockchain and ecc-based robust and efficient batch authentication protocol for vehicular ad-hoc networks | |
Zhang et al. | A novel privacy protection of permissioned blockchains with conditionally anonymous ring signature | |
CN113626794A (en) | Authentication and key agreement method, system and application in client/server mode | |
CN115865426B (en) | Privacy intersection method and device | |
CN111353780A (en) | Authorization verification method, device and storage medium | |
CN111062029A (en) | Multi-factor authentication protocol based on identification password |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |