CN113452701B - Cross-chain system and distributed user identity authentication method facing cross-chain system - Google Patents
Cross-chain system and distributed user identity authentication method facing cross-chain system Download PDFInfo
- Publication number
- CN113452701B CN113452701B CN202110716727.XA CN202110716727A CN113452701B CN 113452701 B CN113452701 B CN 113452701B CN 202110716727 A CN202110716727 A CN 202110716727A CN 113452701 B CN113452701 B CN 113452701B
- Authority
- CN
- China
- Prior art keywords
- cross
- user
- chain
- identity
- chain system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
A cross-chain system comprises a user identification registration module, a user identification updating module and a user identification authentication module. The user identification registration module is used for issuing a cross-chain system uniform identity identification C-BUID for a user on a blockchain accessed to the cross-chain system. And the user identification updating module is used for updating the identity information of the registered user in each independent block chain in the cross-chain system so as to realize identity interconnection in the cross-chain system, wherein the independent block chains refer to different block chain systems. And the user identification authentication module is used for verifying the user identity on each independent block chain in the cross-chain system.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a cross-chain system and a distributed user identity authentication method for the same.
Background
With the development of blockchain technology and economy, as an important trust infrastructure of digital economy, the data circulation and application cooperation requirements among blockchains are increasingly shown. In different block chain systems, each user/node has a set of own identity system, and due to business requirements, users often need to register account numbers in a plurality of block chain systems, and the identities of the accounts on different block chains are not intercommunicated, so that an individual identity information management isolated island is formed.
Therefore, unified management of user identities is a key technical direction to be solved in the cross-chain interaction process. In the face of requirements of cross-chain identity management, cross-chain interconnection and intercommunication and identity privacy protection of massive heterogeneous block chains, a traditional centralized identity management system has the problems of poor interoperability, difficulty in credible evaluation, easiness in leakage of privacy information and the like, and the requirements of a block chain cross-chain interaction scene are difficult to meet.
Disclosure of Invention
In one embodiment of the invention, a cross-link system comprises a user identifier registration module, a user identifier updating module and a user identifier authentication module.
The user identification registration module is used for issuing a unified identity identifier (UID) of the cross-chain system for the user on the first independent blockchain accessed to the cross-chain system.
And the user identification updating module is used for updating the identity information of the registered user in each independent block chain in the cross-chain system.
And the user identification authentication module is used for verifying the user identity on each independent block chain in the cross-chain system.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
fig. 1 is a schematic diagram of a cross-chain system subscriber identity infrastructure according to an embodiment of the present invention.
FIG. 2 is a schematic diagram of a cross-chain authentication model of a cross-chain system user according to one embodiment of the present invention. .
Detailed description of the preferred embodiments
In order to solve the problems of uniform identity identification among heterogeneous block chain systems and trust transfer, cross-chain access, privacy protection and the like of the heterogeneous block chain systems in a cross-chain system, the invention provides an identity design facing distributed users in the cross-chain system. The Unified Identity (UID) is a global Identity of a user in the heterogeneous inter-link system, and the inter-link system is responsible for maintenance and management, stores in the relay link, and implements Identity exchange with each independent block chain. As shown in fig. 1, in the cross-chain architecture model, the user identity of each independent blockchain is associated with a cross-chain system, and the cross-chain system stores the uniform identity in the relay chain. In order to realize chain networking, a cross-chain technology is used as a bridge for connecting homogeneous/heterogeneous block chains, and a reliable infrastructure is provided for interconnection and intercommunication among the block chains.
In one embodiment of the present invention, a distributed user identity authentication model for a cross-chain system includes a plurality of independent blockchain systems and a plurality of users on a chain, where the user identity authentication model is used for identity authentication in the cross-chain system in different blockchain systems.
The user identity model independent block chain user identity information and the cross-chain system unified user identity identification definition are used for standardizing cross-chain identity information.
The user identity model comprises cross-chain identity registration and updating, and the identity of the same user in different blockchain systems is aligned by performing relational mapping on the identity in the independent blockchain and the identity of the cross-chain system.
The user identity authentication is designed based on an elliptic curve algorithm and zero knowledge proof, so that a cross-chain access function of a user is realized, and the identity privacy of the user in a cross-chain system is guaranteed.
According to one or more embodiments, a distributed user identity authentication system oriented to a cross-chain system, the system comprising: the system comprises a user identification registration module, a user identification updating module and a user identification authentication module.
And the user identification registration module is used for issuing a cross-chain identity identification for a user accessing to an independent block chain in the cross-chain system, wherein the independent block chain refers to different block chain systems. And the user identification updating module is used for updating the identity information of the users registered in the cross-chain system on the plurality of blockchain systems. And the user identification authentication module is used for verifying the identity of the user on each independent block chain in the cross-chain system.
The user identification comprises: and the independent block chain user identity identification and the cross-chain system uniform user identity identification are adopted.
The independent block chain user identity is the registration information when the independent block chain link point information is used as the identity of the user in the chain crossing system.
The uniform user identity identification of the cross-chain system is the uniform user identity identification of the cross-chain system, the same entity user has different identity information structures and identifications in different block chain systems, the relay chain of the cross-chain system can associate the identity identifications of the user in different systems together through mapping, and unique identifications in the cross-chain system are established. A cross-chain identity may be associated with identity information on multiple independent blockchains, indicating that the user has registered nodes in multiple blockchain systems.
Furthermore, after the independent block link is connected to the cross-link system, a user on the link needs to register the cross-link identity identifier in the cross-link system before performing cross-link operation.
If the user is a user registered in the cross-chain system, the identity information of the user on other block chains needs to be added, and the user identification updating module can update the identity identification to realize the association of multi-chain information.
The user identification authentication module introduces a zero-knowledge proof protocol for protecting the identity privacy of a user in a user authentication stage, namely the authentication stage is zero-knowledge. The user identification authentication module realizes the authentication of the block chain cross-chain identity based on an elliptic curve algorithm and zero knowledge proof.
According to one or more embodiments, a distributed user identity authentication model for a cross-chain system is provided, wherein the cross-chain system is an interactive architecture based on a relay chain, and in the design of a user identification infrastructure, the relay chain is responsible for maintaining the distribution of uniform identity certificates of users accessing the cross-chain system and providing a cross-chain trust transfer service mechanism;
the cross-chain system is responsible for cross-chain access and cross-chain identity verification of the user.
When the heterogeneous block chain system applies for accessing the cross-chain system, the cross-chain identity identification needs to be registered on the relay chain, so that cross-chain trust service is provided for user extension on the chain.
The cross-chain identity registration process is that the input of the user registration unified identity algorithm is the identity and the attribute of the user on the independent blockchain system, and the identity and the attribute are used for binding the identity in the cross-chain system. And the output is a public and private key and an identity generated by the user in the cross-link system. The method comprises the following specific steps:
step S1. UserIdentify information of the user (including the user identification of the block chain->And attribute->) Sending to a cross-chain system through an independent blockchain;
s2, the cross-chain system generates a cross-chain identity mark according to the information uploaded by the user;
S3, generating a public key by the cross-chain system according to the parameters of the elliptic curve () And private key (>). Wherein it is present>G is a base point on the elliptic curve;
And S5, the cross-chain system sends the block chain user identity, the cross-chain user identity, the private key and the digital signature to a user U.
If the user registered in the cross-chain system needs to add the identity information of the user on other blockchains, the identity identification can be updated, and the association of multi-chain information is realized. The input of the user updating unified user identification information algorithm is the identity and the attribute of the user on the independent block chain system, and the output is the identity and the updating result signature of the user in the cross-chain system. The method comprises the following specific steps:
step S1. UserIdentify information of the user (including the user identification of the block chain->And attribute +>) Sending to an independent block chain;
s2, searching for a uniform identity identifier by the independent block chain, and if the uniform identity identifier is found, executing an updating operation;
s3, independent area cross-chain user information (block chain user identification)And unified user identification->And attribute information->Public key information->And hash authentication information>) Sending to a cross-chain system;
s4, the cross-chain system inquires the cross-chain identity identification according to the information uploaded by the userUpdating relevant attribute information and recording attribute mapping relation;
S6, returning an updating result to the independent block chain by the cross-chain system;
and S7, the block chain sends the block chain identity identification, the cross-chain identity identification and the digital signature to a user U.
Further, authentication of the blockchain cross-chain identity is designed based on an elliptic curve algorithm and zero-knowledge proof. Suppose thatIs a limited field->Upper elliptic curve +>Is->Above base point, <' >>For a user>In combination with a private key of>As a user>The public key of (a) is stored, satisfy->. The specific verification steps are as follows:
s1. Block chain system A connects usersThe digital signature of (a) is sent to the block chain system B;
And S3, passing the verification, and indicating that the block chain system B agrees to zero-knowledge identity authentication. Then the block chain system A selectsCalculating >>And will >>Transmitting a block chain system B;
s6, verifying the block chain system BWhether or not this is true. If yes, the blockchain system B receives the certification of the blockchain system A, and the identity of the blockchain system A is correct; otherwise, the user identity on the blockchain system a is rejected. As shown in fig. 2. />
Compared with the existing block chain cross-chain asset transaction mode, the multi-hop cross-chain transaction method has the advantages that,
the invention provides a distributed uniform identity design method aiming at the problem of multi-heterogeneous block chain identity management in a cross-chain system, wherein the cross-chain identity comprises a global identity of a user in the cross-chain system and identity information of the user in an independent block chain system, and the identity of the same user in different block chain systems is aligned by performing relation mapping on the identity in the independent block chain and the identity of the cross-chain system. On the basis of the design, a zero-knowledge proof protocol and a digital signature are introduced, so that the cross-chain access function of the user is realized, and the identity privacy of the user in a cross-chain system is guaranteed. The method can provide identity authentication service for cross-link resource access in a cross-link system, so that users complete a series of operations such as authentication, access and communication in mutually untrusted environments, and the identity privacy of the users is protected through a zero-knowledge proof protocol and an encryption algorithm in the access process, thereby realizing the credible verification of the identity of the users and protecting the identity privacy.
It should be noted that while the foregoing has described the spirit and principles of the invention with reference to several specific embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in these aspects cannot be combined. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (2)
1. A cross-link system is characterized in that the system comprises a user identification registration module, a user identification updating module and a user identification authentication module,
the user identification registration module is used for issuing a uniform user identification of the cross-chain system for the user on the blockchain accessed to the cross-chain system;
the user identification updating module is used for updating the identity information of the registered user in each independent block chain in the cross-chain system to realize identity interconnection in the cross-chain system, wherein the independent block chains refer to different block chain systems;
a user identification authentication module for user identity verification on each independent block chain in the cross-chain system,
the user identity identification comprises: independent blockchain user identification and cross-chain system uniform user identification,
the independent block chain user identity is the registration information when the independent block chain link point information is used as the identity of a user in a chain crossing system;
the chain-crossing system unifies the user identity, which is a chain-crossing system unifies the user identity;
the relay chain of the cross-chain system associates the identification identifiers of the users in different blockchain systems together through mapping, establishes a unique identifier in the cross-chain system, namely a cross-chain system uniform user identification identifier,
after the independent block chain is accessed to the cross-chain system, the user registers in the user identification registration module, and can carry out cross-chain operation after acquiring the uniform identity identification of the cross-chain system,
the registration process of the uniform identity identification of the cross-chain system comprises the following steps:
s101, userThe identity information of the user is divided into the user identification of the block chainBCIDAnd attribute +>Sending the data to a cross-chain system through the independent block chain;
s102, the cross-chain system generates a cross-chain identity mark according to the information uploaded by the user;
S103, generating a public key according to the elliptic curve parameters by the cross-chain systemAnd private key->Wherein, in the step (A),,/>is a limited field->The upper elliptical curve of the lower plate is a curve,Gis a base point on the elliptic curve;
S105, the cross-chain system sends the blockchain user identity, the cross-chain user identity, the private key and the digital signature to a user U,
when the user adds the identity information of the user on the independent block chain, the user identification updating module updates the identity identification to realize the association of multi-chain information,
the user identification updating module performs identity identification updating operation, and comprises the following steps:
s201, userThe identity information of the user comprises the user identification of the block chainBCIDAnd attribute->Sending the data to the independent block chain;
s202, the independent block chain searches for the uniform identity, and if the uniform identity is found, the updating operation is executed;
s203, independent area cross-linking user information including block chain user identificationAnd unified user identification->And attribute information->Public key information->And hash authentication information>Sending to a cross-chain system;
s204, the cross-chain system inquires the cross-chain identity identification according to the information uploaded by the userUpdating relevant attribute information and recording attribute mapping relation;
S206, the cross-chain system returns the updating result to the independent block chain;
s207, the block chain sends the block chain identity identification, the cross-chain identity identification and the digital signature to a user U,
a user identity authentication process comprising the steps of:
s301, the block chain system A connects the usersThe digital signature of (a) is sent to the blockchain system B;
S303, the verification is passed, the blockchain system B agrees zero-knowledge identity authentication, and the blockchain system A selectsCalculating >>And will >>Transmitting a block chain system B;
s306, verification of the block chain system BWhether or not the above-mentioned conditions are satisfied,
if yes, the blockchain system B receives the certification of the blockchain system A that the identity of the blockchain system A is correct,
otherwise, the user identity on the blockchain system a is rejected.
2. A distributed user identity authentication method for a cross-chain system, which is based on the cross-chain system as claimed in claim 1,
the user identification registration module and the user identification updating module respectively register and update the cross-chain identity of the user, and the identity of the same user in different block chain systems is aligned by mapping the relation between the identity in the independent block chain and the cross-chain system identity;
the user identification authentication module is designed based on an elliptic curve algorithm and zero knowledge proof, so that cross-chain access of a user is realized, and identity privacy of the user in a cross-chain system is guaranteed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110716727.XA CN113452701B (en) | 2021-06-28 | 2021-06-28 | Cross-chain system and distributed user identity authentication method facing cross-chain system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110716727.XA CN113452701B (en) | 2021-06-28 | 2021-06-28 | Cross-chain system and distributed user identity authentication method facing cross-chain system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113452701A CN113452701A (en) | 2021-09-28 |
CN113452701B true CN113452701B (en) | 2023-04-18 |
Family
ID=77813338
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110716727.XA Active CN113452701B (en) | 2021-06-28 | 2021-06-28 | Cross-chain system and distributed user identity authentication method facing cross-chain system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113452701B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114615095B (en) * | 2022-05-12 | 2022-09-09 | 北京邮电大学 | Block chain cross-chain data processing method, relay chain, application chain and cross-chain network |
CN115085946B (en) * | 2022-08-22 | 2022-11-04 | 航天信息股份有限公司 | Cross-chain identity verification method and system based on block chain |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108880794A (en) * | 2018-06-15 | 2018-11-23 | 浙江华信区块链科技服务有限公司 | Across chain user identity and its digital asset management system |
CN109460413A (en) * | 2018-11-19 | 2019-03-12 | 众安信息技术服务有限公司 | Method and system for establishing account across block chains |
CN112003889A (en) * | 2020-07-10 | 2020-11-27 | 南京邮电大学 | Distributed cross-chain system and cross-chain information interaction and system access control mechanism |
CN112287029A (en) * | 2020-11-17 | 2021-01-29 | 北京物资学院 | Block chain multi-chain cross-chain system and implementation mechanism thereof |
CN112291305A (en) * | 2020-10-09 | 2021-01-29 | 全球码链科技合作中心有限公司 | Code chain construction method and device based on unified identification |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
BR112019008000B1 (en) * | 2018-11-16 | 2022-03-15 | Advanced New Technologies Co., Ltd | Computer-implemented method for authenticating a domain name, computer-implemented method, non-transient computer-readable medium, and system for implementing a method |
CN111262860B (en) * | 2020-01-16 | 2022-10-11 | 航天信息股份有限公司 | Identity authentication method and device in cross-link mode |
CN111447073B (en) * | 2020-03-31 | 2023-04-18 | 河北大学 | Identity management and authentication system and method based on block chain and zero-knowledge proof |
CN112214797B (en) * | 2020-05-22 | 2021-10-26 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment, block chain system and storage medium |
CN112184245B (en) * | 2020-09-30 | 2024-04-26 | 深圳前海微众银行股份有限公司 | Transaction identity confirmation method and device for cross-region block chain |
CN112580102A (en) * | 2020-12-29 | 2021-03-30 | 郑州大学 | Multi-dimensional digital identity authentication system based on block chain |
CN112380294B (en) * | 2020-12-31 | 2021-04-06 | 支付宝(杭州)信息技术有限公司 | Block chain cross-chain access method and device |
CN112732832B (en) * | 2021-01-06 | 2024-02-13 | 上海泰砥科技有限公司 | Block chain supply chain financial supply method and system based on DID and zero knowledge proof |
-
2021
- 2021-06-28 CN CN202110716727.XA patent/CN113452701B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108880794A (en) * | 2018-06-15 | 2018-11-23 | 浙江华信区块链科技服务有限公司 | Across chain user identity and its digital asset management system |
CN109460413A (en) * | 2018-11-19 | 2019-03-12 | 众安信息技术服务有限公司 | Method and system for establishing account across block chains |
CN112003889A (en) * | 2020-07-10 | 2020-11-27 | 南京邮电大学 | Distributed cross-chain system and cross-chain information interaction and system access control mechanism |
CN112291305A (en) * | 2020-10-09 | 2021-01-29 | 全球码链科技合作中心有限公司 | Code chain construction method and device based on unified identification |
CN112287029A (en) * | 2020-11-17 | 2021-01-29 | 北京物资学院 | Block chain multi-chain cross-chain system and implementation mechanism thereof |
Also Published As
Publication number | Publication date |
---|---|
CN113452701A (en) | 2021-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109189962B (en) | License service implementation system based on block chain | |
CN113452701B (en) | Cross-chain system and distributed user identity authentication method facing cross-chain system | |
CN110311883A (en) | Identity management method, equipment, communication network and storage medium | |
CN108696502B (en) | Block chain node authority control method, block chain system and storage medium | |
CN109522735A (en) | A kind of data permission verification method and device based on intelligent contract | |
CN112583917B (en) | CSCP-based hybrid chain construction method | |
CN113239382A (en) | Credible identity model based on block chain intelligent contract | |
CN113271311B (en) | Digital identity management method and system in cross-link network | |
CN111461723A (en) | Data processing system, method and device based on block chain | |
CN110147684A (en) | For realizing the method and apparatus of block chain data-privacy protection | |
CN112712372B (en) | Alliance chain cross-chain system and information calling method | |
CN112187712A (en) | Anonymous authentication method and system for trust in de-center mobile crowdsourcing | |
CN112615915A (en) | Method for constructing alliance chain between private chains | |
CN112765268A (en) | Block chain-based data privacy protection method, device and equipment | |
CN110990879B (en) | Data evidence storing method based on block chain | |
CN113672942B (en) | PKI certificate cross-domain authentication method based on blockchain | |
TW202217620A (en) | Verification requirement document for credential verification | |
Xu et al. | An efficient blockchain‐based privacy‐preserving scheme with attribute and homomorphic encryption | |
CN112600707A (en) | Internet of things equipment authentication method and device, electronic equipment and storage medium | |
Zhang et al. | Cross-domain identity authentication scheme based on blockchain and PKI system | |
Chen et al. | BCGS: Blockchain-assisted privacy-preserving cross-domain authentication for VANETs | |
CN114978698B (en) | Network access method, target terminal, credential management network element and verification network element | |
Zhang et al. | Efficient privacy protection authentication protocol for vehicle network in 5G | |
KR101317403B1 (en) | Private information management system on trust level and method thereof | |
CN113518124B (en) | Internet of things equipment authentication method based on cellular block chain network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |