CN111539718B - Block chain cross-chain identity authentication method based on side chain - Google Patents
Block chain cross-chain identity authentication method based on side chain Download PDFInfo
- Publication number
- CN111539718B CN111539718B CN202010062108.9A CN202010062108A CN111539718B CN 111539718 B CN111539718 B CN 111539718B CN 202010062108 A CN202010062108 A CN 202010062108A CN 111539718 B CN111539718 B CN 111539718B
- Authority
- CN
- China
- Prior art keywords
- message
- tgs
- user
- chain
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
A block chain cross-chain identity authentication method based on a side chain comprises the following steps: the server S obtains K through calculation c,s Also using the public key KP c Verifying signature information (r) Auth2 ,s Auth2 ) Verification of the Authentication code 2 For use byGenerating a user C; the server S utilizes the private key KR s Ticket for decrypting bill s Obtain the parameter Q 4 And signature informationReusing TGS in Block chain B 2 Public key KP tgs2 Verifying signature informationServer S using secret key K c,s Authentication of decrypted Authentication codes 2 Judging the Random number Random 4 Value of and Ticket s The parameter values in (1) are consistent; when the authentication of the user C is completed, the server S constructs a message M 10 Message M is paired with the session key of user C and server S in blockchain A 10 Encryption is performed. Compared with the prior art, the invention ensures the effectiveness and the rigor of the authentication process, and improves the safety performance while ensuring the authentication of the cross-chain transaction.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a block chain cross-chain identity authentication method based on a side chain.
Background
The blockchain is essentially a distributed shared account book, and the core problem solved by the blockchain is how to enable mutually untrusted parties in a peer-to-peer network to trust each other and to securely conduct transactions without a trust background. In the block chain, transactions in a certain time period form blocks after being processed by a cryptographic algorithm so as to record confirmation information of the transactions, and the blocks are mutually related and connected in series to form a head-to-tail related block chain.
All transactions in the block chain go through the following five processes and are finally recorded into the book, and assuming that the transaction in the block chain is transferred from A to B, the specific process is as follows:
the first step is as follows: encrypting the previous transaction by using the public key of the payee B to obtain a hash value h, encrypting h by using the private key of the payer A to obtain a digital signature, attaching the signature to a transaction list, and sending the transaction list to the payee B, thereby successfully creating a new transaction;
the second step: payer A broadcasts the transaction order to other nodes in the whole network in the P2P network, and the other nodes record the transaction order into a block;
the third step: each node strives to calculate the hash value of the characteristics so as to carry out workload certification, thereby obtaining the accounting right and corresponding rewards;
the fourth step: the first node which calculates the result broadcasts a block containing the transaction to other nodes in the whole network, and attaches a timestamp, and each broadcasted node verifies the block;
the fifth step: after other nodes verify that all transactions in the block are correct, the block is synchronized to the block chain of all nodes in the whole network, and then the account book is recorded.
The existing single-chain authentication technology is mainly divided into the following three stages:
the first stage is as follows: the client C requests the authentication server AS to issue a permission ticket to access the ticket authorisation server TGS. The AS sends back an encrypted ticket, the encryption key being derived from the user password. When the response reaches the client, the client prompts user C to enter a password, thereby generating a key and attempting to decrypt the received message. If the password is correct, the bill can be correctly recovered.
And a second stage: the client C accesses the TGS to obtain a service license ticket for accessing the server S. The TGS decrypts the received license ticket, and verifies whether the decryption is successful by checking whether the ID of the TGS exists. The ticket life cycle is then checked to ensure that the ticket is not expired. And finally, comparing whether the user information in the ticket is consistent with the user information in the received data packet or not, determining that the user is a legal user according to the user information, and sending a service permission ticket.
And a third stage: the client C accesses the server S with the service ticket and performs mutual authentication.
The above prior art scheme can only perform effective authentication on single-chain transactions within a blockchain, but is not applicable to user authentication required by cross-chain transactions.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a block chain cross-chain identity authentication method based on a side chain, so that the validity and the rigor of an identity authentication process are ensured, and the safety performance is improved while the cross-chain transaction identity authentication is ensured.
The invention provides a block chain cross-chain identity authentication method based on a side chain, which comprises the following steps,
step S1, user C of block chain B constructs message Q 1 Wherein, in the step (A),using private keys KR c To Q 1 Signing to obtain signature informationUsing message Q 1 And signature informationConstructing a message M 1 (ii) a Using AS 1 The public key KR of (what meaning) c For message M 1 Encrypting, and sending the encrypted message M 1 AS sent to Block chain A 1 ;
Step S2, AS 1 Using a private keyDecrypting messages M 1 Obtaining a message Q 1 And signature informationUsing the public key KR c Verifying signature informationSending out for the user C; AS 1 Looking up a local database based on the message Q 1 ID of (1) c Confirming the existence and the legality of the user C; when user C is confirmed to be legal, AS 1 Construct access TGS 1 The billSignature informationIs AS 1 Using a private keyTo Q 2 Signature information of AS 1 By TGS 1 Public key pair billPerforms encryption, AS 1 To the noteSigning to obtain signature informationAS 1 According to access TGS 1 The billAddress ID tgs1 Random number Random 1 +1 and signature informationConstructing a message M 2 Using public key of user C to message M 2 Encrypting, the encrypted message M 2 Sending the data to a user C;
step S3, user C uses private key KR c For message M 2 Decrypting and confirming the parameter Random obtained by decryption 1 +1 is a message Q 1 Random number Random in (1) 1 +1,; user C uses AS 1 Of (2) a public keyVerification signature informationThe correctness of the test; user C uses the address ID C And Random number Random 2 Architecture Authentication code 1 And using the private key KR c Authentication of verification code 1 Signing to obtain signature informationUser C reuses address ID tgs2 Access to TGS 1 The billAuthentication code Authentication 1 And signature informationConstructing a message M 3 (ii) a Using TGS 1 Public key pair message M 3 Encrypting, and sending the encrypted message M 3 To TGS 1 Requesting cross-chain access to the ticket;
step S4, TGS 1 With the private key KR tgs1 For message M 3 Decrypting to obtain billAuthentication of verification codes 1 And signature informationUsing public key KR of user C c Verifying signature informationVerification of the correctness of the Authentication code 1 Is issued by user C; TGS 1 Using private keys KR tgs1 Decrypted access TGS 1 The billObtaining a parameter Q 2 And signature informationTGS 1 By AS 1 Of (2)Verifying signature informationAcknowledgement parameter Q 2 By AS 1 Sending out; TGS 1 Using the parameter Q 2 Parameter (2)Authentication of decrypted Authentication codes 1 The obtained parameter ID c And parameter Random 2 Comparing ID c And Q 2 ID of (1) c If they are consistent, the bill is confirmedOwned by user C;
TGS 1 structuring cross-chain access ticketsTGS 1 With the private key KR tgs1 For parameter Q 3 Signing to obtain signature informationTGS 1 Accessing tickets for cross-chainingSigning to obtain signature informationTGS 1 According to the use of address ID tgs2 Random number Random 2 +1, cross-chain access ticketAnd signature informationConstructing a message M 4 ;TGS 1 Message M with public key of user C 4 Encrypting, and sending the encrypted message M 4 Sending the data to a user C;
step S5, user C uses private key KR c For message M 4 Decrypting to obtain parametersAnd confirms the Random number Random 2 +1 is the Random number Random sent in step 3 2 + 1; TGS for user C 1 Public key KP tgs1 Verifying signature informationConfirming cross-chain access Ticket tgs2 Is composed of TGS 1 The information is issued; for user CDecryption cross-chain access ticketObtain the parameter Q 3 And signature informationAnd will beStored as secret information, and parameter Q 3 And parametersAs proof-of-knowledge data for zero; user C constructs message M 5 (ii) a Message M 5 TGS Using Block chain B 2 Encrypting the public key; and will message M 5 TGS sent to Block chain B 2 ;
Step S6 TGS of Block chain B 2 With the private key KR tgs2 For message M 5 Decrypting to obtain parameter ID Realm ,ID s ,KP c ,Random 3 ,Q 3 ,According to TGS 2 Information on trust value of block chain A stored in the databaseCalculating a parameter t and a parameter e which meet zero knowledge proof; TGS of Block chain B 2 Obtaining a public parameter p and a parameter g, and selecting a random number n 1 ,n 2 ,...n i ,...,n e },i∈[1,e]And n is i E (1, p-1), calculatingRestructuring a message M 6 As a query, message M 6 Sending the data to a user C;
step S7, user C receives message M 6 Then, the parameter T is obtained 1 ,T 2 ,...,T e Obtaining public parameter p and parameter g from a third party and using secret informationComputing[1,e](ii) a Restructuring a message M 7 As a pair message M 6 In response to (2), message M 7 TGS sent to Block chain B 2 ;
Step S8 TGS of Block chain B 2 Receiving message M 7 Then, the parameter C is obtained 1 ,C 2 ,...,C e (ii) a Reusing TGS in Block chain A 1 Public key KP tgs1 Parameter Q 3 And parametersVerification equationIs established, whereinWhen verifying the equationIf yes, judging whether zero knowledge proving conditions are met, and if not, continuing to select e random numbersAnd repeating steps S6 to S8; when the zero knowledge proof condition is satisfied after the repetition, the TGS of the block chain B 2 TGS based on Block chaining A 1 Trusting, and confirming that the user C is a legal user; TGS of Block chain B 2 Ticket for user C to access serviceTicket for accessing service s Using the public key of the server S for encryption, whereinAlso for TGS 2 Ticket for accessing service s Signing to obtain signature informationTGS 2 Constructing a message M 8 Message M 8 Occurs to user C;
step 9, user C uses private key KR c For message M 8 Decrypting to obtain parametersVerifying the received Random number Random 3 +1 is Random generated in step 5 3 A random number + 1; TGS for user C 2 KR public key tgs2 Verifying signature informationIf the verification is correct, a verification code is generatedUsing the private key KR c Authentication of verification codes 2 Signature derivation (r) Auth2 ,s Auth2 ) (ii) a Finally, user C constructs message M 9 (ii) a Message M with public key pair of server S 9 Encrypting, and sending the encrypted message M 9 Sending the data to a server S;
step 10. Server S utilizes private Key KR s Decrypting message M 9 Get Ticket to access service s Authentication code 2 Public key KP c Signature information (r) Auth2 ,s Auth2 ) And signature informationThe server S obtains K through calculation c,s Also using the public key KP c Verifying signature information (r) Auth2 ,s Auth2 ) Verification of the Authentication code 2 Generated by user C; the server S utilizes the private key KR s Ticket for decrypting bill s Obtain the parameter Q 4 And signature informationReusing TGS in Block chain B 2 Public key KP tgs2 Verification signature informationTicket to validate access to services s From TGS 2 Issuing; server S using secret key K c,s Authentication of decrypted Authentication codes 2 To obtain a parameter ID Realm ,Random 4 ,Judging Random number Random 4 Value of and Ticket s The parameter values in the bill are consistent, and the bill is ensured to be held by a user C who initially applies for the bill; when the authentication of the user C is completed, the server S constructs a message M 10 Message M is paired with the session key of user C and server S in blockchain A 10 Encryption is performed.
As a further technical solution of the present invention, in step S1, a message Q is used 1 And signature informationConstructing a message M 1 Is of the formula
Further, in S4: cross-chain access ticketWherein, the parameter Q 3 =h(ID tgs2 ,ID tgs1 ,ID c ) H () is a one-way hash function; message
The invention ensures the effectiveness and the rigor of the authentication process through the zero-knowledge proof algorithm, improves the safety performance while ensuring the authentication of the cross-chain transaction, and can effectively resist common network attacks such as replay attack, man-in-the-middle attack, eavesdropping and the like.
Drawings
FIG. 1 is a block diagram of a server application module of the present invention.
Detailed Description
Side chain and chain spanning technology
The block chain system is developed from a POW-based bitcoin network, an Ethernet network to a PBFT-and-DPOS-consensus-algorithm-based alliance chain and a public chain network, and although the TPS is greatly promoted from single digit to ten thousand levels, certain decentralization is sacrificed, and the block chain system does not conform to the core concept of the block chain system.
The side chain technology is promoted along with the capacity expansion dilemma of bitcoin. The concept of side chains is relative to the main chain. When the performance of the main chain is bottleneck or some functions cannot be expanded, the assets are transferred to the side chain, and related transactions only need to be executed on the side chain, so that the purposes of sharing the pressure of the main chain and expanding the performance and the functions of the main chain are achieved.
The side chain technical scheme is mainly proposed for bitcoin. Because of the technical structure of bitcoin, it has the disadvantage of self-extensibility. For example, long transaction delay, low throughput, and no support for smart contracts with complete graphics are inherent design defects of bitcoin. And these defects must be resolved by reconstructing the bitcoin base framework and algorithm.
However, considering that the bitcoin is the digital currency with the largest market value, the highest currency and the widest acceptance, modifying the infrastructure of the bitcoin may cause great risks, which determines that the bitcoin is difficult to improve the scalability of the bitcoin through technical upgrading.
The basic idea of the side chain technology is to additionally activate a side chain to transfer the bitcoin asset to the side chain, and vice versa, the asset on the side chain can be transferred back to the bitcoin. The assets of bitcoin on the main chain and the side chain can be transferred in two directions, and the process is the anchor of the assets in two directions.
With respect to side chains, cross-chain refers to assets and states on two or more different chains that are transferred, passed, and exchanged with each other through a trusted mechanism. In a cross-chain scenario, the chain-to-chain relationship is not only a main-side relationship, but also can be a peer-to-peer relationship, and assets on the chain can be anchored in both directions, exchanged with each other through a variable exchange rate, and even can complete interaction in an intelligent contract manner. In order to realize interconnection and interworking between chains, an identity authentication mechanism between blockchain systems is designed first, so that one blockchain can receive and verify a transaction on another blockchain.
Side chain based cross-chain identity authentication
Symbol interpretation
The Client represents a Client;
AS (authentication Server) is an authentication server;
KDC (Key Distribution center) key Distribution center
Tgt (ticket grading ticket) ticket authorization ticket
Tgs (ticket ranking server) bill authorization server
E k { M } represents the key K encryption information M;
random represents a Random number set to prevent replay attack;
KP and KR respectively represent a public key and a private key;
kx, y denotes a session key shared by x and y;
(r M ,s M ) Represents a signature on the information M;
Ticket tgs1 representing an in-chain access permission ticket;
Ticket s representing a cross-chain access permission ticket;
Ticket tgs1 representing a service license ticket.
Referring to fig. 1, the present embodiment provides a block chain cross-chain identity authentication method based on side chains, including the following steps:
step 1. user C of block chain B constructs message Q 1 WhereinUsing the private key KR c To Q 1 Signing to obtain signature informationUsing message Q 1 And signature informationConstructing a message M 1 WhereinUsing AS 1 KR public key c For message M 1 Encrypting, and sending the encrypted message M 1 AS sent to Block chain A 1 ;
Step 2.AS 1 Using a private keyDecrypting message M 1 Get the message Q 1 And signature informationAS 1 Also using public key KR c Verifying signature informationSending out for the user C; AS 1 Looking up a local database according to the message Q 1 ID of (1) c Confirming the existence and the legality of the user C; when user C is confirmed to be legal, AS 1 Construct access TGS 1 The billWherein Is AS 1 Using private keysTo Q 2 Signature information of AS 1 By TGS 1 Public key pair billPerforms encryption, AS 1 To the noteSigning to obtain signature informationAS 1 According to the ticketAddress ID tgs1 Random number Random 1 +1 and signature informationConstructing a message M 2 WhereinMessage M with public key of user C 2 Encryption, to encryptMessage M after 2 Sending the data to a user C;
step 3, the user C uses the private key KR c For message M 2 Decrypting and confirming the parameter Random obtained by decryption 1 +1 is the message Q in step 1 1 Random number Random in (1) 1 +1,; user C uses AS 1 Is provided with a keyVerifying signature informationThe correctness of the test; user C uses the address ID C And Random number Random 2 Structure verification codeUsing the private key KR c For Authentication 1 Signing to obtain signature informationUser C reuses address ID tgs2 BillAuthentication of Authentication code 1 And signature informationConstructing a message M 3 WhereinUsing TGS 1 Public key pair message M 3 Encrypting, and sending the encrypted message M 3 To TGS 1 Requesting cross-chain access to the ticket;
step 4.TGS 1 With the private key KR tgs1 For message M 3 Decrypting to obtain the billAuthentication of Authentication code 1 And signature informationUsing public key KR of user C c Verifying signature informationVerification of the correctness of the Authentication code 1 Is issued by user C; TGS 1 Using private keys KR tgs1 Deciphering billObtain the parameter Q 2 And signature informationTGS 1 By AS 1 Is provided with a keyVerifying signature informationAcknowledgement parameter Q 2 By AS 1 Sending out; TGS 1 Using the parameter Q 2 Parameter (1) ofAuthentication of decrypted Authentication codes 1 The obtained parameter ID c And parameter Random 2 Comparing ID c And Q 2 ID of (1) c If they are consistent, the bill is confirmedOwned by user C;
TGS 1 structuring cross-chain access ticketsWherein the parameter Q 3 =h(ID tgs2 ,ID tgs1 ,ID c ) H () represents a one-way hash function; TGS 1 With the private key KR tgs1 For parameter Q 3 Sign onObtaining signature informationTGS 1 Accessing tickets for cross-chainingSigning to obtain signature informationTGS 1 According to the use of address ID tgs2 Random number Random 2 +1, cross-chain access ticketAnd signature informationConstructing a message M 4 Wherein the messageTGS 1 Message M with public key of user C 4 Encrypting, and sending the encrypted message M 4 Sending the data to a user C;
step 5, user C private key KR c For message M 4 Decrypting to obtain parametersAnd confirms the Random number Random 2 +1 is the Random number Random sent in step 3 2 + 1; TGS for user C 1 Public key KP tgs1 Verifying signature informationConfirming cross-chain access Ticket tgs2 Is composed of TGS 1 The signing is carried out; for user CDecryption cross-chain access bill Ticket tgs2 To obtain a parameter Q 3 And signature informationAnd will beStored as secret information, and parameter Q 3 And parametersAs proof-of-knowledge data for zero knowledge; user C constructs message M 5 WhereinMessage M 5 TGS Using Block chain B 2 Encrypting the public key; and will message M 5 TGS sent to Block chain B 2 ;
Step 6. TGS of Block chain B 2 With the private key KR tgs2 For message M 5 Decrypting to obtain parameter ID Realm ,ID s ,KP c ,Random 3 ,Q 3 ,According to TGS 2 The trust value information about the block chain A stored in the step (A) is used for calculating a parameter t and a parameter e which meet zero knowledge proof; TGS of Block chain B 2 Obtaining a public parameter p and a parameter g, and selecting a random numberAnd isComputingRestructuring a message M 6 As a query, whereinMessage M 6 Sending the data to a user C;
step 7, user C receives message M 6 Then, the parameter T is obtained 1 ,T 2 ,...,T e Obtaining public parameter p and parameter g from a third party and using the secret informationComputing[1,e](ii) a Restructuring a message M 7 As a pair message M 6 In whichMessage M 7 TGS sent to Block chain B 2 ;
Step 8. TGS of Block chain B 2 Receiving a message M 7 Then, the parameter C is obtained 1 ,C 2 ,...,C e (ii) a Reusing TGS in Block chain A 1 Public key KP tgs1 Parameter Q 3 And parametersVerification equationIs established, whereinWhen verifying the equationIf yes, judging whether zero knowledge proving conditions are met, and if not, continuing to select e random numbersAnd repeating the step 6, the step 7 and the step 8; when the zero knowledge proof condition is satisfied after repeating steps 6, 7 and 8, the blockchain B isTGS 2 TGS based on Block chain A 1 Trusting and confirming that the user C is a legal user; TGS of Block chain B 2 Ticket for user C to access serviceTicket for accessing service s Encryption is performed using the public key of the server S, whereAlso for TGS 2 Ticket for accessing service s Signing to obtain signature informationTGS 2 Constructing a message M 8 WhereinMessage M 8 Occurs to user C;
step 9, user C uses private key KR c For message M 8 Decrypting to obtain parametersVerifying the received Random number Random 3 +1 is Random generated in step 5 3 A random number + 1; TGS for user C 2 KR public key tgs2 Verifying signature informationIf the verification is correct, a verification code is generatedUsing the private key KR c Authentication of verification codes 2 Signature derivation (r) Auth2 ,s Auth2 ) (ii) a Finally, user C constructs message M 9 WhereinMessage M with public key pair of server S 9 The encryption is carried out in such a way that,the encrypted message M 9 Sending the data to a server S;
step 10. Server S utilizes private Key KR s Decrypting messages M 9 Get the Ticket Ticket of the access service s Authentication code 2 Public key KP c Signature information (r) Auth2 ,s Auth2 ) And signature informationThe server S obtains K through calculation c,s Also using the public key KP c Verifying signature information (r) Auth2 ,s Auth2 ) Verification of Authentication code 2 Generated by user C; the server S utilizes the private key KR s Decrypting bill Ticket s Obtain the parameter Q 4 AndwhereinReusing TGS in Block chain B 2 Public key KP tgs2 Verifying signature informationTicket for confirming access to services s From TGS 2 Issuing; server S using secret key K c,s Authentication of decrypted Authentication codes 2 To obtain a parameter ID Realm ,Random 4 ,Judging Random number Random 4 Value of (D) and Ticket s The parameter values in the bill are consistent, and the bill is ensured to be held by a user C who initially applies for the bill; when the authentication of the user C is completed, the server S constructs a messagePair of messages M using session keys of user C and server S in blockchain A 10 And performing encryption.
Security analysis
A block chain cross-chain identity authentication method based on a side chain provides a basic identity authentication trust mechanism, ensures the security in the cross-chain transaction process, and is specifically analyzed as follows:
replay attack, in the process of cross-chain identity authentication, because the identity authentication process needs to strictly meet the zero-knowledge proof condition, information in the interaction process between the whole chain and the whole chain does not contain private information of a user, and even if an attacker can resend certain steps of attack, more valuable information cannot be obtained; in addition, random numbers are introduced in the encryption and decryption stages, so that a receiver can confirm whether received messages are sent by the receiver, and interference caused by clock synchronization is avoided.
The whole system adopts the digital signature and zero knowledge proving method, so that a receiver can confirm whether the information is sent by the original sender, and the possibility of existence of a man-in-the-middle is avoided.
The collusion attack adopts a strict zero-knowledge proof mechanism, so that a user does not need to submit private information related to the identity information of the user while proving the identity of the user to other chains, and the collusion attack can be effectively avoided.
And eavesdropping is carried out, and the session key between the user and the application server is negotiated by the user and the application server, so that the possibility of eavesdropping is avoided in the session process.
The foregoing illustrates and describes the principles, general features, and advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are intended to further illustrate the principles of the invention, and that various changes and modifications may be made without departing from the spirit and scope of the invention as defined by the appended claims. The scope of the invention is defined by the claims and their equivalents.
Claims (10)
1. A block chain cross-chain identity authentication method based on a side chain is characterized by comprising the following steps,
step S1, user C of block chain B constructs message Q 1 Wherein, in the step (A),using private key KR c To Q 1 Signing to obtain signature informationUsing message Q 1 And signature informationConstructing a message M 1 (ii) a Using AS 1 Public key KR of (authentication server 1) c For message M 1 Encrypting, and sending the encrypted message M 1 AS sent to Block chain A 1 ;
Step S2, AS 1 Using private keysDecrypting message M 1 Obtaining a message Q 1 And signature informationUsing the public key KR c Verifying signature informationSending out for the user C; AS 1 Looking up a local database according to the message Q 1 ID of (1) c Confirming the existence and the legality of the user C; when user C is confirmed to be legal, AS 1 Construct access TGS 1 The billSignature informationIs AS 1 Using a private keyTo Q 2 Signature information of (AS), AS 1 By TGS 1 Public key pair billPerforms encryption, AS 1 To the noteSigning to obtain signature informationAS 1 According to access TGS 1 The billAddress ID tgs1 Random number Random 1 +1 and signature informationConstructing a message M 2 Using public key of user C to message M 2 Encrypting, the encrypted message M 2 Sending the data to a user C;
step S3, user C uses private key KR c For message M 2 Decrypting and confirming the parameter Random obtained by decryption 1 +1 is a message Q 1 Random number Random in (1) 1 +1, user C uses AS 1 Of (2) a public keyVerifying signature informationThe correctness of the test; user C uses the address ID C And Random number Random 2 Authentication of construction of verification codes 1 And using the private key KR c Authentication of verification code 1 Signing to obtain signature informationUser C reuses address ID tgs2 Access to TGS 1 The billAuthentication of verification codes 1 And signature informationConstructing a message M 3 (ii) a Using TGS 1 Public key pair message M 3 Encrypting, and sending the encrypted message M 3 To TGS 1 Requesting cross-chain access to the ticket;
step S4, TGS 1 With the private key KR tgs1 For message M 3 Decrypting to obtain the billAuthentication of Authentication code 1 And signature informationUsing public key KR of user C c Verifying signature informationVerification of the correctness of the Authentication code 1 Is issued by user C; TGS 1 With the private key KR tgs1 Decrypted access TGS 1 The billObtaining a parameter Q 2 And signature informationTGS 1 By AS 1 Of (2) a public keyVerifying signature informationAcknowledgement parameter Q 2 By AS 1 Sending out; TGS 1 Using the parameter Q 2 Parameter (2) ofAuthentication of decrypted Authentication codes 1 The obtained parameter ID c And parameter Random 2 Comparing ID c And Q 2 ID of (1) c If they are consistent, the bill is confirmedOwned by user C;
TGS 1 constructing cross-chain access ticketsTGS 1 With the private key KR tgs1 For parameter Q 3 Signing to obtain signature informationTGS 1 Accessing tickets for cross-chainingSigning to obtain signature informationTGS 1 According to the use of address ID tgs2 Random number Random 2 +1, cross-chain access ticketAnd signature informationConstructing a message M 4 ;TGS 1 Message M with public key of user C 4 Encrypting, and sending the encrypted message M 4 Sending the data to a user C;
step S5, user C uses private key KR c For message M 4 Decrypting to obtain parametersAnd confirms the Random number Random 2 +1 is the Random number Random issued in step 3 2 + 1; TGS for user C 1 Public key KP tgs1 Verifying signature informationConfirming cross-chain access Ticket tgs2 Is composed of TGS 1 The information is issued; for user CDecrypting cross-chain access Ticket tgs2 To obtain a parameter Q 3 And signature informationAnd will s Q3 Stored as secret information, and parameter Q 3 And the parameter r Q3 As proof-of-knowledge data for zero; user C constructs message M 5 (ii) a Message M 5 TGS Using Block chain B 2 Encrypting the public key; and will message M 5 TGS sent to Block chain B 2 ;
Step S6 TGS of Block chain B 2 With private key KR tgs2 For message M 5 Decrypting to obtain parameter ID Realm ,ID s ,KP c ,Random 3 ,Q 3 ,According to TGS 2 Related to block chain stored inB, calculating a parameter t and a parameter e which meet zero knowledge proof according to the trust value information of A; TGS of Block chain B 2 Obtaining a public parameter p and a parameter g, and selecting a random number n 1 ,n 2 ,...,n i ,...,n e },i∈[1,e]And n is i E (1, p-1), calculatingRestructuring a message M 6 As a query, message M 6 Sending the information to a user C;
step S7, user C receives message M 6 Then, the parameter T is obtained 1 ,T 2 ,...,T e Obtaining public parameter p and parameter g from a third party and using secret informationComputingRestructuring a message M 7 As a pair message M 6 In a corresponding manner, the message M 7 TGS sent to Block chain B 2 ;
Step S8 TGS of Block chain B 2 Receiving message M 7 Then, the parameter C is obtained 1 ,C 2 ,...,C e (ii) a Reusing TGS in Block chain A 1 Public key KP tgs1 Parameter Q 3 And parametersVerification equationWhether or not, where i ∈ [1, e ]](ii) a When verifying the equationIf yes, judging whether zero knowledge proving conditions are met, and if not, continuing to select e random numbers { n } 1 ,n 2 ,...,n i ,...,n e },i∈[1,e]And repeating steps S6 to S8; when the zero knowledge proof condition is satisfied after the repetition, the TGS of the block chain B 2 TGS based on Block chain A 1 Trusting, and confirming that the user C is a legal user; TGS of Block chain B 2 Ticket for user C to access serviceTicket for accessing service s Using the public key of the server S for encryption, whereinAlso for TGS 2 Ticket for accessing service s Signing to obtain signature informationTGS 2 Constructing a message M 8 Message M 8 Occurs to user C;
step S9, user C uses private key KR c For message M 8 Decrypting to obtain parametersVerifying the received Random number Random 3 +1 is Random generated in step 5 3 A random number + 1; TGS for user C 2 KR public key tgs2 Verifying signature informationIf the verification is correct, generating a verification codeUsing the private key KR c Authentication of verification codes 2 Signature derivation (r) Auth2 ,s Auth2 ) (ii) a Finally, user C constructs message M 9 (ii) a Message M with public key pair of server S 9 Encrypting, and sending the encrypted message M 9 Sending the data to a server S;
step S10, server S utilizes private key KR s Decrypting message M 9 Get the Ticket Ticket of the access service s Authentication code 2 Public key KP c Signature information (r) Auth2 ,s Auth2 ) And signature informationThe server S obtains K through calculation c,s Also using the public key KP c Verifying signature information (r) Auth2 ,s Auth2 ) Verification of the Authentication code 2 Generated by user C; the server S utilizes the private key KR s Ticket for decrypting bill s Obtain the parameter Q 4 And signature informationReusing TGS in Block chain B 2 Public key KP tgs2 Verifying signature informationTicket to validate access to services s From TGS 2 Issuing; server S using secret key K c,s Authentication of decrypted Authentication codes 2 To obtain a parameter ID Realm ,Random 4 ,Judging Random number Random 4 Value of (D) and Ticket s The parameter values in the bill are consistent, and the bill is ensured to be held by a user C who initially applies for the bill; when the authentication of the user C is completed, the server S constructs a message M 10 Message M is paired with the session key of user C and server S in blockchain A 10 Encryption is performed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010062108.9A CN111539718B (en) | 2020-01-19 | 2020-01-19 | Block chain cross-chain identity authentication method based on side chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010062108.9A CN111539718B (en) | 2020-01-19 | 2020-01-19 | Block chain cross-chain identity authentication method based on side chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111539718A CN111539718A (en) | 2020-08-14 |
CN111539718B true CN111539718B (en) | 2022-09-20 |
Family
ID=71980009
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010062108.9A Active CN111539718B (en) | 2020-01-19 | 2020-01-19 | Block chain cross-chain identity authentication method based on side chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111539718B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111339509A (en) * | 2020-03-03 | 2020-06-26 | 李斌 | Block chain cross-chain identity authentication method based on side chain |
CN112163845B (en) * | 2020-09-29 | 2024-03-22 | 深圳前海微众银行股份有限公司 | Transaction identity confirmation method and device for cross-region block chain |
CN111970129B (en) * | 2020-10-21 | 2021-01-01 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and readable storage medium |
CN113300837B (en) * | 2021-04-25 | 2022-07-26 | 从法信息科技有限公司 | Cross-chain verification method and device based on block certification and electronic equipment |
CN114598531A (en) * | 2022-03-10 | 2022-06-07 | 上海星图比特信息技术服务有限公司 | Identity authentication method and equipment |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103780618B (en) * | 2014-01-22 | 2016-11-09 | 西南交通大学 | A kind of based on across the isomery territory authentication accessing mandate bill and session cipher negotiating method |
CN107257334B (en) * | 2017-06-08 | 2020-07-14 | 中国电子科技集团公司第三十二研究所 | Identity authentication method for Hadoop cluster |
CN109039655A (en) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | Real name identity identifying method and device, identity block chain based on block chain |
CN110505058B (en) * | 2019-08-20 | 2021-07-20 | 西安电子科技大学 | Identity authentication method for heterogeneous block chain in cross-chain scene |
-
2020
- 2020-01-19 CN CN202010062108.9A patent/CN111539718B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111539718A (en) | 2020-08-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111539718B (en) | Block chain cross-chain identity authentication method based on side chain | |
US11842317B2 (en) | Blockchain-based authentication and authorization | |
EP3985916A1 (en) | Secure dynamic threshold signature scheme employing trusted hardware | |
CN113194469B (en) | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain | |
CN110959163B (en) | Computer-implemented system and method for enabling secure storage of large blockchains on multiple storage nodes | |
Feng et al. | An efficient privacy-preserving authentication model based on blockchain for VANETs | |
CN111339509A (en) | Block chain cross-chain identity authentication method based on side chain | |
CN101902476B (en) | Method for authenticating identity of mobile peer-to-peer user | |
Wu et al. | A provably secure authentication and key exchange protocol in vehicular ad hoc networks | |
Xue et al. | A distributed authentication scheme based on smart contract for roaming service in mobile vehicular networks | |
CN109861956B (en) | Data verification system, method, device and equipment based on state channel | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
US11477184B2 (en) | Conducting secure interactions utilizing reliability information | |
Xu et al. | Authentication-based vehicle-to-vehicle secure communication for VANETs | |
CN112364331A (en) | Anonymous authentication method and system | |
CN113162907A (en) | Attribute-based access control method and system based on block chain | |
Han et al. | Zero-knowledge identity authentication for internet of vehicles: Improvement and application | |
Zhang et al. | A novel privacy protection of permissioned blockchains with conditionally anonymous ring signature | |
Kara et al. | VoIPChain: A decentralized identity authentication in Voice over IP using Blockchain | |
Dwivedi et al. | Design of blockchain and ecc-based robust and efficient batch authentication protocol for vehicular ad-hoc networks | |
CN113626794A (en) | Authentication and key agreement method, system and application in client/server mode | |
CN117375797A (en) | Anonymous authentication and vehicle-mounted information sharing method based on blockchain and zero knowledge proof | |
CN115865426B (en) | Privacy intersection method and device | |
CN111353780A (en) | Authorization verification method, device and storage medium | |
Nait-Hamoud et al. | Certificateless Public Key Systems Aggregation: An enabling technique for 5G multi-domain security management and delegation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |