CN114866260B - Chameleon hash distributed identity using method and system - Google Patents
Chameleon hash distributed identity using method and system Download PDFInfo
- Publication number
- CN114866260B CN114866260B CN202210782316.5A CN202210782316A CN114866260B CN 114866260 B CN114866260 B CN 114866260B CN 202210782316 A CN202210782316 A CN 202210782316A CN 114866260 B CN114866260 B CN 114866260B
- Authority
- CN
- China
- Prior art keywords
- verifiable
- signature
- unit
- chameleon
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention relates to a chameleon hash distributed identity using method and a chameleon hash distributed identity using system in the technical field of computers, which comprise the following steps: generating a verifiable certificate for the distributed identity by using a chameleon hash algorithm, and verifying the reliability of the verifiable certificate; generating a verifiable expression according to the verifiable certificate, and verifying the reliability of the verifiable expression; according to the statement requirement proposed by the distributed identity holder, the verifiable voucher is regenerated, the version-changed verifiable voucher is obtained, the reliability of the version-changed verifiable voucher is verified, the method has the advantage of reducing the workload of the issuer of the verifiable voucher, and the bottleneck that the conventional verifiable voucher structure cannot realize the function of randomly arranging and combining the statement contents is broken through.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a chameleon hash distributed identity using method and a chameleon hash distributed identity using system.
Background
When the existing DID (distributed identity) is used, the related content of the Merkle tree in the verifiable certificate structure makes the data structure of the verifiable certificate more complicated, because each data in the Merkle tree is related to other data before and after, if the verifiable certificate is selectively disclosed, the hash value of non-disclosed data must be provided at the same time so that a verifier can correctly calculate the root of the Merkle tree and verify the digital signature, therefore, the method needs to additionally calculate the information of the Merkle tree when verifying the digital signature; when a verifiable expression is shown according to a verifiable certificate, because the sequence of the statement content is strictly controlled by the related content of a Merkle tree, the conventional verifiable certificate structure cannot realize the function of randomly arranging and combining the statement content, and cannot meet the privacy protection requirements of some scenes needing to replace the statement sequence of the verifiable certificate, for example, the attention degree of each verifier of the verifiable certificate to the statement is different, and the optimal method is to sort the statements according to the attention degree of the opposite party before verification each time and then send the sorted statements to the opposite party so that the opposite party verifies and compares the statement information, but the conventional Merkle tree structure cannot meet the function.
On the other hand, when the existing DID is used, the content related to the Merkle tree in the verifiable voucher structure makes it necessary to recalculate the digital signature of the verifiable voucher and the content related to the Merkle tree after any change occurs in the data structure of the verifiable voucher, which increases the load of the issuer of the verifiable voucher.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides the chameleon hash distributed identity using method and the chameleon hash distributed identity using system, which have the advantages of reducing the workload of a certifiable certificate issuer and breaking through the bottleneck that the conventional certifiable certificate structure cannot realize the function of randomly arranging and combining the statement contents.
In order to solve the technical problem, the invention is solved by the following technical scheme:
a chameleon hash distributed identity use method comprises the following steps:
generating a verifiable certificate for the distributed identity by using a chameleon hash algorithm, and performing reliability verification on the verifiable certificate;
generating a verifiable expression according to the verifiable certificate, and verifying the reliability of the verifiable expression;
and regenerating the verifiable certificate according to the statement requirement proposed by the distributed identity holder to obtain a modified verifiable certificate and verify the reliability of the modified verifiable certificate.
Optionally, generating a verifiable credential for a distributed identity using a chameleon hash algorithm, comprising the steps of:
obtaining a plurality of claims provided by a distributed identity holder;
calculating a common hash value and a chameleon random number of the distributed identity, and calculating a first chameleon hash value according to the common hash value and the chameleon random number;
calculating chameleon random numbers corresponding to the statements according to the statements;
signing the first chameleon hash value using a verifiable credential issuer private key to obtain a first signature.
Optionally, the authenticity verification of the verifiable credential includes the steps of:
verifying the validity of the first signature;
according to each statement, calculating a second chameleon hash value corresponding to each statement;
and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, wherein the first signature is effective, if so, the verifiable certificate is reliable, and otherwise, the verifiable certificate is unreliable.
Optionally, generating a verifiable representation from the verifiable credentials includes the steps of:
obtaining non-signed data of a verifiable representation, wherein the non-signed data comprises verifiable representation metadata and one or more verifiable credentials;
and signing the non-signed data by using a distributed identity holder private key to obtain a second signature.
Optionally, verifying the authenticity of the verifiable representation comprises the steps of:
verifying the validity of the first and second signatures;
calculating a second chameleon hash value corresponding to each statement according to each statement;
and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, and the first signature and the second signature are both effective, if so, the verifiable representation is reliable, otherwise, the verifiable representation is unreliable.
Optionally, the claim requirement includes any one of adding a claim, deleting a claim, modifying a claim content, or modifying a claim order.
A chameleon hash distributed identity use system comprises a first generation check unit, a second generation check unit and an update check unit;
the first generation and inspection unit is used for generating verifiable certificates for the distributed identities by using a chameleon hash algorithm and verifying the reliability of the verifiable certificates;
the second generation verification unit is used for generating a verifiable expression according to the verifiable certificate and verifying the reliability of the verifiable expression;
the updating and checking unit is used for regenerating the verifiable certificate according to the statement requirement proposed by the distributed identity holder, obtaining the version-changed verifiable certificate and verifying the reliability of the version-changed verifiable certificate.
Optionally, the first generation verification unit comprises a first generation unit, and the first generation unit comprises an acquisition unit, a first calculation unit and a first signature unit;
the acquisition unit is used for acquiring a plurality of declarations provided by the distributed identity holder;
the first calculation unit is used for calculating a common hash value and a chameleon random number of the distributed identity, calculating a first chameleon hash value according to the common hash value and the chameleon random number, and calculating the chameleon random number corresponding to each statement according to each statement;
the first signature unit is used for signing the first chameleon hash value by using a private key of a verifiable certificate issuer to obtain a first signature.
Optionally, the first generation verification unit further comprises a first verification unit, and the first verification unit comprises a first verification unit, a second calculation unit and a first judgment unit;
the first verification unit is used for verifying the validity of the first signature;
the second calculating unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement;
the first judging unit is used for judging whether the second chameleon hash value is equal to the first chameleon hash value or not, the first signature is effective, if yes, the verifiable certificate is reliable, and otherwise, the verifiable certificate is unreliable.
Optionally, the second generation verification unit includes a second generation unit, and the second generation unit includes a data acquisition unit and a second signature unit;
the data acquisition unit is used for acquiring non-signature data of the verifiable expression, wherein the non-signature data comprises verifiable expression metadata and one or more verifiable certificates;
the second signature unit is used for signing the non-signature data by using a private key of a distributed identity holder to obtain a second signature.
Optionally, the second generation verification unit further comprises a second verification unit, and the second verification unit comprises a second verification unit, a third calculation unit and a second determination unit;
the second verifying unit is used for verifying the validity of the first signature and the second signature;
the third calculating unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement;
the second determination unit is configured to determine whether the second chameleon hash value is equal to the first chameleon hash value, and the first signature and the second signature are both valid, if so, the verifiable representation is reliable, otherwise, the verifiable representation is unreliable.
Compared with the prior art, the technical scheme provided by the invention has the following beneficial effects:
1. when the DID is used, the improved verifiable certificate structure removes the related part of a Merkle tree, the chameleon random number is added, the data structure of the verifiable certificate becomes simple, and all contents can be guaranteed not to be tampered; when the verifiable expression is presented according to the verifiable certificate, because the strict control of the related content of the Merkle tree on the sequence of the statement content is not provided, the improved verifiable certificate structure can perform any choice and any permutation and combination on the statement content, and can still pass the verification, thereby meeting the requirements of DID holders on privacy protection and simultaneously meeting the requirements on the reordering of the statements in more application scenes;
2. when the DID is used and the verifiable certificate issuer is required to regenerate the verifiable certificate due to newly adding, deleting, modifying and exchanging statement items, the improved verifiable certificate structure ensures that the verifiable certificate issuer does not need to recalculate the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby lightening the load of the verifiable certificate issuer.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a diagram illustrating relationships between roles in the first embodiment.
Detailed Description
The present invention will be described in further detail with reference to examples, which are illustrative of the present invention and are not to be construed as being limited thereto.
The terms in the examples explain:
a DID is a string of characters in a specific format that represents the digital identity of an entity. The identification format of the DID is: example:123456789abcdefghijk, wherein the prefix did is fixed and indicates that the character string is a did identification character string; the example in the middle is called a DID method, which is used to indicate which set of schemes (methods) is used for defining and operating the DID identifier, and the DID method can be customized; the last long string part is the unique identification string under the DID method.
The DID document is a document for storing the DID identity, generally relates DID related information, particularly establishes the relation between the DID and the public Key thereof, then takes the DID identification as Key, stores the DID document as Value into a block chain, and makes the DID verifier quickly access and acquire the public Key of the DID holder by utilizing the characteristics that the block chain can not be tampered and data can be shared.
The VC is short for veriable Claims or veriable Credentials, can be translated into a Verifiable statement or a Verifiable certificate, is a descriptive statement issued by endorsing some attributes of another DID by one DID, is added with a digital signature of the DID to prove the authenticity of the attributes, and is a digital certificate corresponding to a DID application scene.
VP is an abbreviation of veriable Presentation, which can be translated into a Verifiable representation, and is data indicating the identity of the VC holder to the verifier. In general, the full VC can be directly shown, but in some cases, we do not need to show the complete VC content for privacy protection, and only want to selectively disclose some attributes, at this time, the disclosed VC attributes can be shown in plaintext in VP, the undisclosed VC attributes can be shown in hash value, and the receiver of VP can compute the root of the Merkle tree according to the plaintext and the VC attributes of the hash value and then verify and get through the digital signature.
If the description of DID, DID document, VC, VP and related concepts and structures are not detailed enough, the application can refer to the industry's DID standard or actual implementation. For example, the first published work draft of DID was published by W3C (World Wide Web Consortium) in 2019: "Denntralized Identifiers (DIDs) v1.0".
Example one
As shown in fig. 1, a chameleon hash distributed identity using method includes the following steps: generating a verifiable certificate for the distributed identity by using a chameleon hash algorithm, and performing reliability verification on the verifiable certificate; specifically, the method for generating the verifiable certificate for the distributed identity by using the chameleon hash algorithm comprises the following steps: obtaining a plurality of declarations provided by a distributed identity holder; calculating a common hash value and a chameleon random number of the distributed identity, and calculating a first chameleon hash value according to the common hash value and the chameleon random number; the first chameleon hash value is signed using a verifiable credential issuer private key to obtain a first signature.
Further, the distributed identity holder submits several claims to the verifiable credential generator, which in this embodiment may be denoted as claim1 to claim mn, and one claim is an information item, such as "name: XX "," age: XX "," address: XX district XX road XX number "in XX city XX province, XX city, XX district, etc. can all be included in the information entry in the statement, and the specific content of the verifiable voucher statement and the corresponding certificate can be marked as { claim1, r1; claim2, r2; … …; claimi, ri; … …; claimN, rN, setting i to be more than or equal to 1 and less than or equal to N, and then calculating ri in the following way:
firstly, the distributed identity is used as chameleon information, a common hash value MD = H (DID) is calculated, chameleon random number RD = H (metadata) is selected, wherein the metadata is metadata of a verifiable certificate and contains fixed and unchangeable information such as DID, a release purpose, release time, a validity period and the like. Performing chameleon hashing on MD and RD to generate a first chameleon hash value CHD = CH (MD, RD and PKS), signing the first chameleon hash value CHD by using a private key SKS of a verifiable certificate issuer to obtain a first signature SIGD1, wherein a public key of the verifiable certificate issuer is marked as PKS, a public key used by the chameleon Long Haxi is PKS, the private key is used as a trap key of the chameleon hashing, then calculating a common hash MCi = H (claimi) of a new chameleon message claimi, and solving a chameleon random number by using the SKS, MD, RD and MCi by the verifiable certificate issuer to obtain the chameleon random number corresponding to MCi as ri. According to the chameleon hash characteristic, it can be verified that any member except the certificate issuer can not calculate to obtain ri.
Therefore, the data structure of the verifiable certificate is relatively complex due to the related content of the original Merkle tree in the verifiable certificate structure, the related part of the Merkle tree is removed from the improved verifiable certificate structure, the chameleon random number is added, and the data structure of the verifiable certificate is simpler.
After the verifiable certificate is generated, the verifiable certificate issuer sends the verifiable certificate to the distributed identity holder, and the reliability verification is carried out on the verifiable certificate, which specifically comprises the following steps: verifying the validity of the first signature; calculating a second chameleon hash value corresponding to each statement according to each statement; and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, and the first signature is valid, if so, verifying that the certificate is reliable, otherwise, verifying that the certificate is unreliable.
Further, the first signature is first verified using the public key of the verifiable credential issuer, if the signature passes, it indicates that the signature of the first chameleon hash value by the verifiable credential issuer is valid, and neither the distributed identity nor the metadata (metadata) has been tampered with, because if the signature passes, the MD or chameleon random number RD will be changed, and the MD or chameleon random number RD will in turn result in a change of the first chameleon hash value CHD, and the change of the first chameleon hash value CHD will eventually result in that the first signature cannot be verified, that is, the first signature is invalid; otherwise, it can be known that neither the distributed identity nor the metadata has been tampered.
On the other hand, it is also necessary to verify that each declared chameleon hash value, i.e. the second chameleon hash value CH (MCi, ri, PKS), in particular, whether CH (MCi, ri, PKS) is equal to CHD, if equal, indicates that MCi has not been modified by a member other than the verifiable credential issuer, but that the verifiable credential issuer is trusted not to modify MCi at will, so the distributed identity holder trusts MCi because, if MCi is tampered by a member other than the verifiable credential issuer, a change in the second chameleon hash value CH (MCi, ri, PKS) will result in a change in the second chameleon hash value CH (MCi, ri, PKS) which will not result in equality with the first chameleon hash value CHD; conversely, it can be known that the MCi has not been tampered with by a member other than the authenticatable credential issuer. The reason why the certificateable certificate issuer is trusted not to modify the MCi at will is that the certificateable certificate issuer is generally an authoritative institution, security safeguards are complete, and a private key of the certificateable certificate issuer is generally protected more perfectly, for example, under the common control of a plurality of administrators; in addition, a more sophisticated auditing mechanism may also exist to verify credential issuers.
After the verification steps of the first signature and the chameleon hash values of all the statements are passed, the distributed identity holder trusts the whole verifiable certificate, the verifiable certificate is reliable, and meanwhile, the improved verifiable certificate structure can ensure that all the contents cannot be tampered.
After the verifiable certificate is verified, the distributed identity holder can generate a verifiable expression according to the verifiable certificate and verify the reliability of the verifiable expression; specifically, generating a verifiable representation from a verifiable credential includes the steps of: obtaining non-signed data of the verifiable representation, wherein the non-signed data comprises verifiable representation metadata and one or more verifiable credentials; and signing the non-signed data by using a distributed identity holder private key to obtain a second signature.
For a distributed identity holder, in order to ensure the security of identity information, it is usually necessary to hide a part of sensitive information, and at this time, the distributed identity holder needs to generate a verifiable expression, and in this embodiment, specific contents and corresponding certificates of a certificate of verification setting may be recorded as { claim1, r1; claim2, r2; … …; the claims after claimi are sensitive information, and at this time, a private key of a distributed identity holder is needed to sign non-signed data to obtain a second signature, so that when the verifiable expression is presented according to the verifiable certificate, the hiding of the sensitive information is realized, namely, the improved verifiable certificate can arbitrarily accept or accept and arbitrarily arrange and combine the claim content, and the requirement of the distributed identity holder on privacy protection is met.
Meanwhile, the verifiable expression also needs to verify the reliability, and specifically comprises the following steps: verifying the validity of the first signature and the second signature; calculating a second chameleon hash value corresponding to each statement according to each statement; judging whether the second chameleon hash value is equal to the first chameleon hash value or not, and the first signature and the second signature are both valid, if so, the representation can be verified to be reliable, otherwise, the representation can be verified to be unreliable, and it needs to be stated that the method for verifying the validity of the second signature is the same as the method for verifying the validity of the first signature, which is not repeated herein.
On the other hand, when the second signature is verified to be valid, the public key of the distributed identity holder is used for verifying the second signature, the signature of the verifiable expression by the distributed identity holder is verified to be valid after the signature passes, and all parts of the verifiable expression are not tampered, so that the verifiable expression can be trusted by the distributed identity verifier, and the distributed identity verifier trusts the whole verifiable expression after all the verifications pass, so that the improved verifiable credential structure can still verify the passing after randomly arranging and combining the statement content when the verifiable expression is shown according to the verifiable credential.
Further, when the distributed identity holder provides the statement to the issuer of the verifiable credential, there may be one or more of an increase in the number of the statement, a decrease in the number of the statement, a modification of the content of the statement, or a modification of the sequence of the statement, and at this time, the verifiable credential is regenerated according to the statement requirement proposed by the distributed identity holder, so as to obtain a modified verifiable credential and verify the authenticity of the modified verifiable credential, wherein the statement requirement includes any one of an increase in the statement, a deletion of the statement, a modification of the content of the statement, or a modification of the sequence of the statement.
At this point, if the claim requirement is an incremental claim, the distributed identity holder generates an improved verifiable credential, as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
Claimi, ri
claim(i+1), r(i+1)
……
claimN, rN
// digital signature of the present VC
proof};
The method for obtaining r (i + 1) according to the client (i + 1) is the same as the above steps, the method for verifying the verifiable certificate is the same as the method for verifying the verifiable certificate, and in the prior art, due to the related content of the original Merkle tree in the structure of the verifiable certificate, the digital signature of the verifiable certificate and the related content of the Merkle tree need to be recalculated after any change occurs to the data structure of the verifiable certificate, so that the load of the issuer of the verifiable certificate is increased; the embodiment can require the verifiable certificate issuer to regenerate the verifiable certificate due to the newly added statement entry, the improved verifiable certificate structure only requires the verifiable certificate issuer to calculate the chameleon random number corresponding to the entry, the digital signature of the verifiable certificate and the related content of the Merkle tree do not need to be recalculated, and the workload of the verifiable certificate issuer is reduced.
If the claim requirement is a pruned claim, the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
claim(i-1),r(i-1)
claim(i+1), r(i+1)
……
claimN, rN
// digital signature of the present VC
proof};
The method of the verifiable certificate at the time of verification is also the same as the method of the verifiable certificate described above, and it can be seen from this step that: the original Merkle tree related content in the structure of the verifiable certificate is verified, so that the digital signature of the verifiable certificate and the related content of the Merkle tree need to be recalculated after the data structure of the verifiable certificate is changed; when the verifiable certificate is required to be regenerated by the distributed identity due to the deletion of the declaration entry, the improved verifiable certificate structure only needs the distributed identity to directly delete the entry without recalculating the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby reducing the load of the distributed identity.
If the claim requirement is a claim content modification, the distributed identity holder presents to the distributed identity issuer a modification of an existing claim in the verifiable credential: changing claimi to claimi', the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
Claimi’, ri’
……
claimN, rN
// digital signature of the present VC
proof};
The method for obtaining ri 'according to claimi' is the same as the above steps, and the method for verifying the verifiable certificate is the same as the method for verifying the verifiable certificate, and the steps show that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identity due to the modification of the declaration entry, the improved verifiable certificate structure only needs to calculate the chameleon random number corresponding to the entry by the distributed identity, the digital signature of the verifiable certificate and the related content of the Merkle tree do not need to be recalculated, and the load of the distributed identity is reduced.
If the claim requirement is a claim order modification, the distributed identity holder presents to the distributed identity issuer an order to exchange two existing claims in the verifiable credential: using claimi and claim (i + 1), the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2, r2
……
claim(i+1), r(i+1)
claimi,ri
……
claimN, rN
// digital signature of the present VC
proof};
The method of the verifiable certificate at the time of verification is also the same as the aforementioned verifiable certificate method, and it can be seen from this step that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identities due to the exchange of the sequence of the declaration entries, the improved verifiable certificate structure only needs the distributed identities to directly exchange the appointed entries without recalculating the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby reducing the load of the distributed identities.
Example two
A chameleon hash distributed identity use system comprises a first generation check unit, a second generation check unit and an update check unit; the first generation and inspection unit is used for generating verifiable certificates for the distributed identities by using a chameleon hash algorithm and performing reliability verification on the verifiable certificates; the first generation verification unit comprises a first generation unit, and the first generation unit comprises an acquisition unit, a first calculation unit and a first signature unit; the acquisition unit is used for acquiring a plurality of declarations provided by the distributed identity holders; the first calculation unit is used for calculating a common hash value and a chameleon random number of the distributed identity, calculating a first chameleon hash value according to the common hash value and the chameleon random number, and calculating the chameleon random number corresponding to each statement according to each statement; the first signature unit is used for signing the first chameleon hash value by using a private key of a verifiable certificate issuer to obtain a first signature.
Further, the distributed identity holder submits several claims, which in this embodiment may be denoted as claim 1-claimN, to the verifiable credential generator, and one claim is an information item, such as "name: XX "," age: XX "," address: XX district XX road XX number "in XX city XX province, XX city, XX district, etc. can all be included in the information entry in the statement, and the specific content of the verifiable voucher statement and the corresponding certificate can be marked as { claim1, r1; claim2, r2; … …; claimi, ri; … …; claimN, rN, and i is more than or equal to 1 and less than or equal to N, then ri is calculated in the following specific way:
firstly, a distributed identity is used as chameleon information, a common hash value MD = H (DID) is calculated, chameleon random number RD = H (metadata) is selected, chameleon hash is carried out to obtain a first chameleon hash value CHD = CH (MD, RD, PKS), a private key SKS of a verifiable certificate issuer is used for signing the first chameleon hash value CHD to obtain a first signature SIGD1, wherein a public key of the verifiable certificate issuer is marked as PKS, a public key used by the chameleon Long Haxi is PKS, the private key is used as a trap key of the chameleon hash, then common hash MCi = H (claimi) of new chameleon information claimi is calculated, the verifiable certificate issuer solves the chameleon random number by using SKS, MD, RD and MCi, and obtains the chameleon random number corresponding to MCi as ri. According to the characteristics of chameleon hash, it can be verified that ri cannot be calculated by any member except the credential issuer.
Therefore, the data structure of the verifiable voucher is relatively complex due to the related content of the original Merkle tree in the verifiable voucher structure, the related part of the Merkle tree is removed from the improved verifiable voucher structure, the chameleon random number is added, and the data structure of the verifiable voucher is simpler.
After the verifiable certificate is generated, the verifiable certificate issuer sends the verifiable certificate to the distributed identity holder, and the reliability of the verifiable certificate is verified, so that the first generation verification unit also comprises a first verification unit, and the first verification unit comprises a first verification unit, a second calculation unit and a first judgment unit; the first verifying unit is used for verifying the validity of the first signature; the second calculation unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement; the first judging unit is used for judging whether the second chameleon hash value is equal to the first chameleon hash value or not, the first signature is effective, if yes, the certificate can be verified to be reliable, and otherwise, the certificate can be verified to be unreliable.
Further, the first signature is first verified using the public key of the verifiable credential issuer, if the signature passes, it indicates that the signature of the first chameleon hash value by the verifiable credential issuer is valid, and neither the distributed identity nor the metadata (metadata) has been tampered with, because if the signature passes, the MD or chameleon random number RD will be changed, and the MD or chameleon random number RD will in turn result in a change of the first chameleon hash value CHD, and the change of the first chameleon hash value CHD will eventually result in that the first signature cannot be verified, that is, the first signature is invalid; otherwise, it can be known that neither the distributed identity nor the metadata has been tampered.
On the other hand, it is also necessary to verify that each declared chameleon hash value, i.e. the second chameleon hash value CH (MCi, ri, PKS), in particular, whether CH (MCi, ri, PKS) is equal to CHD, if equal, indicates that MCi has not been modified by a member other than the verifiable credential issuer, but that the verifiable credential issuer is trusted not to modify MCi at will, so the distributed identity holder trusts MCi because, if MCi is tampered by a member other than the verifiable credential issuer, a change in the second chameleon hash value CH (MCi, ri, PKS) will result in a change in the second chameleon hash value CH (MCi, ri, PKS) which will not result in equality with the first chameleon hash value CHD; conversely, it can be known that the MCi has not been tampered with by a member other than the authenticatable credential issuer.
After the verification steps of the first signature and the chameleon hash values of all the claims are passed, the distributed identity holder trusts the whole verifiable certificate, the verifiable certificate is reliable, and meanwhile, the improved verifiable certificate structure can ensure that all the contents cannot be tampered.
After the verifiable certificate is verified, the second generation and verification unit generates a verifiable expression according to the verifiable certificate and verifies the reliability of the verifiable expression; the second generation verification unit comprises a second generation unit, and the second generation unit comprises a data acquisition unit and a second signature unit; the data acquisition unit is used for acquiring non-signature data of the verifiable expression, wherein the non-signature data comprises verifiable expression metadata and one or more verifiable certificates; the second signature unit is used for signing the non-signature data by using a private key of the distributed identity holder to obtain a second signature.
For a distributed identity holder, in order to ensure the security of identity information, it is usually necessary to hide a part of sensitive information, and at this time, the distributed identity holder needs to generate a verifiable expression, and in this embodiment, specific contents and corresponding certificates of a certificate of verification setting may be recorded as { claim1, r1; claim2, r2; … …; the claims after claimi are sensitive information, and at this time, a private key of a distributed identity holder is needed to sign non-signed data to obtain a second signature, so that when the verifiable expression is presented according to the verifiable certificate, the hiding of the sensitive information is realized, namely, the improved verifiable certificate can arbitrarily accept or accept and arbitrarily arrange and combine the claim content, and the requirement of the distributed identity holder on privacy protection is met.
Meanwhile, the verifiable expression also needs to verify the reliability, so the second generation verification unit also comprises a second verification unit, and the second verification unit comprises a second verification unit, a third calculation unit and a second judgment unit; the second verifying unit is used for verifying the validity of the first signature and the second signature; the third calculating unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement; the second determination unit is configured to determine whether the second chameleon hash value is equal to the first chameleon hash value, and the first signature and the second signature are both valid, if so, the representation can be verified to be reliable, otherwise, the representation can be verified to be unreliable, and it needs to be described that the method for verifying the validity of the second signature is the same as the method for verifying the validity of the first signature, which is not repeated herein.
On the other hand, when the second signature is verified to be valid, the public key of the distributed identity holder is used for verifying the second signature, the signature of the verifiable expression by the distributed identity holder is verified to be valid after the signature passes, and all parts of the verifiable expression are not tampered, so that the verifiable expression can be trusted by the distributed identity verifier, and the distributed identity verifier trusts the whole verifiable expression after all the verifications pass, so that the improved verifiable credential structure can still verify the passing after randomly arranging and combining the statement content when the verifiable expression is shown according to the verifiable credential.
Further, when the distributed identity holder provides the declaration to the issuer of the verifiable certificate, there may be one or more of increase, decrease, modification of content of the declaration or modification of sequence of the declaration in comparison with the last time provided, at this time, the updating and verifying unit needs to regenerate the verifiable certificate according to the declaration requirement proposed by the distributed identity holder, obtain a modified version of the verifiable certificate, and verify the reliability of the modified version of the verifiable certificate, wherein the declaration requirement includes any one of adding the declaration, deleting the declaration, modification of content of the declaration or modification of sequence of the declaration.
At this point, if the claim requirement is an incremental claim, the distributed identity holder generates an improved verifiable credential, as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
Claimi, ri
claim(i+1), r(i+1)
……
claimN, rN
// digital signature of the present VC
proof};
The method for obtaining r (i + 1) according to the client (i + 1) is the same as the above steps, the method for verifying the verifiable certificate is the same as the method for verifying the verifiable certificate, and in the prior art, due to the related content of the original Merkle tree in the structure of the verifiable certificate, the digital signature of the verifiable certificate and the related content of the Merkle tree need to be recalculated after any change occurs to the data structure of the verifiable certificate, so that the load of the issuer of the verifiable certificate is increased; the embodiment can require the verifiable certificate issuer to regenerate the verifiable certificate due to the newly added statement entry, the improved verifiable certificate structure only requires the verifiable certificate issuer to calculate the chameleon random number corresponding to the entry, the digital signature of the verifiable certificate and the related content of the Merkle tree do not need to be recalculated, and the workload of the verifiable certificate issuer is reduced.
If the claim requirement is a pruned claim, the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
claim(i-1),r(i-1)
claim(i+1), r(i+1)
……
claimN, rN
// digital signature of this VC
proof};
The method of the verifiable certificate at the time of verification is also the same as the method of the verifiable certificate described above, and it can be seen from this step that: the original Merkle tree related content in the structure of the verifiable certificate is verified, so that the digital signature of the verifiable certificate and the related content of the Merkle tree need to be recalculated after the data structure of the verifiable certificate is changed; when the verifiable certificate is required to be regenerated by the distributed identity due to the deletion of the declaration entry, the improved verifiable certificate structure only needs the distributed identity to directly delete the entry without recalculating the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby reducing the load of the distributed identity.
If the claim requirement is a claim content modification, the distributed identity holder presents to the distributed identity issuer a modification of an existing claim in the verifiable credential: changing claimi to claimi', the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
Claimi’, ri’
……
claimN, rN
// digital signature of this VC
proof};
The method for obtaining ri 'according to claimi' is the same as the above steps, and the method for verifying the verifiable certificate is the same as the method for verifying the verifiable certificate, and the steps show that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identity due to the modification of the declaration entry, the improved verifiable certificate structure only needs to calculate the chameleon random number corresponding to the entry by the distributed identity, the digital signature of the verifiable certificate and the related content of the Merkle tree do not need to be recalculated, and the load of the distributed identity is reduced.
If the claim requirement is a claim order modification, the distributed identity holder presents to the distributed identity issuer an order of exchanging two existing claims in the verifiable credential: using claimi and claim (i + 1), the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2, r2
……
claim(i+1), r(i+1)
claimi,ri
……
claimN, rN
// digital signature of the present VC
proof};
The method of the verifiable certificate at the time of verification is also the same as the method of the verifiable certificate described above, and it can be seen from this step that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identities due to the exchange of the sequence of the declaration entries, the improved verifiable certificate structure only needs the distributed identities to directly exchange the appointed entries without recalculating the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby reducing the load of the distributed identities.
The units or modules described in the embodiments of the present application may be implemented by software or hardware. The described units or modules may also be provided in a processor, for example, each of the described units may be a software program provided in a computer or a mobile intelligent device, or may be a separately configured hardware device. Wherein the designation of a unit or module does not in some way constitute a limitation of the unit or module itself.
The foregoing description is only exemplary of the preferred embodiments of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements in which any combination of the above features or their equivalents is incorporated without departing from the spirit of the present application. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (9)
1. A chameleon hash distributed identity use method is characterized by comprising the following steps:
generating a verifiable credential for a distributed identity using a chameleon hash algorithm and verifying a reliability of the verifiable credential, wherein generating the verifiable credential for the distributed identity using the chameleon hash algorithm comprises: obtaining a plurality of claims provided by a distributed identity holder; calculating a common hash value and a chameleon random number of the distributed identity, and calculating a first chameleon hash value according to the common hash value and the chameleon random number; calculating chameleon random numbers corresponding to the statements according to the statements; signing the first chameleon hash value by using a private key of a verifiable certificate issuer to obtain a first signature;
generating a verifiable expression according to the verifiable certificate, and verifying the reliability of the verifiable expression;
and regenerating the verifiable certificate according to the statement requirement proposed by the distributed identity holder to obtain a modified verifiable certificate and verify the reliability of the modified verifiable certificate.
2. The chameleon hash distributed identity use method according to claim1, wherein the authenticity verification of the verifiable credential comprises the steps of:
verifying the validity of the first signature;
calculating a second chameleon hash value corresponding to each statement according to each statement;
and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, wherein the first signature is effective, if so, the verifiable certificate is reliable, and otherwise, the verifiable certificate is unreliable.
3. The chameleon hash distributed identity use method according to claim2, wherein generating a verifiable representation from the verifiable credentials comprises the steps of:
obtaining non-signed data of a verifiable representation, wherein the non-signed data comprises verifiable representation metadata and one or more verifiable credentials;
and signing the non-signed data by using a distributed identity holder private key to obtain a second signature.
4. The chameleon hash distributed identity use method according to claim 3, wherein verifying the authenticity of the verifiable representation comprises the steps of:
verifying the validity of the first and second signatures;
according to each statement, calculating a second chameleon hash value corresponding to each statement;
and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, and the first signature and the second signature are both effective, if so, the verifiable representation is reliable, otherwise, the verifiable representation is unreliable.
5. The chameleon hash DHD use method of claim1, wherein the claim requirement includes any one of adding claims, deleting claims, modifying claim content or modifying claim order.
6. A chameleon hash distributed identity use system is characterized by comprising a first generation and verification unit, a second generation and verification unit and an updating and verification unit;
the first generation verification unit is used for generating verifiable certificates for the distributed identities by using a chameleon hash algorithm and verifying the reliability of the verifiable certificates,
the first generation verification unit comprises a first generation unit, the first generation unit comprises an acquisition unit, a first calculation unit and a first signature unit, and the acquisition unit is used for acquiring a plurality of claims provided by distributed identity holders; the first calculation unit is used for calculating a common hash value and a chameleon random number of the distributed identity, calculating a first chameleon hash value according to the common hash value and the chameleon random number, and calculating the chameleon random number corresponding to each statement according to each statement; the first signature unit is used for signing the first chameleon hash value by using a private key of a verifiable certificate issuer to obtain a first signature;
the second generation verification unit is used for generating a verifiable expression according to the verifiable certificate and verifying the reliability of the verifiable expression;
the updating and checking unit is used for regenerating the verifiable certificate according to the statement requirement proposed by the distributed identity holder, obtaining the version-changed verifiable certificate and verifying the reliability of the version-changed verifiable certificate.
7. The chameleon hash distributed identity use system according to claim 6, wherein the first generation verification unit further comprises a first verification unit, and the first verification unit comprises a first verification unit, a second calculation unit, and a first determination unit;
the first verifying unit is used for verifying the validity of the first signature;
the second calculation unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement;
the first judging unit is used for judging whether the second chameleon hash value is equal to the first chameleon hash value or not, the first signature is effective, if yes, the verifiable certificate is reliable, and otherwise, the verifiable certificate is unreliable.
8. The chameleon hash distributed identity use system according to claim 7, wherein the second generation verification unit comprises a second generation unit, and the second generation unit comprises a data acquisition unit and a second signature unit;
the data acquisition unit is used for acquiring non-signature data of the verifiable expression, wherein the non-signature data comprises verifiable expression metadata and one or more verifiable certificates;
the second signature unit is used for signing the non-signature data by using a private key of a distributed identity holder to obtain a second signature.
9. The chameleon hash distributed identity use system according to claim 8, wherein the second generation verification unit further comprises a second verification unit, and the second verification unit comprises a second verification unit, a third calculation unit, and a second determination unit;
the second verifying unit is used for verifying the validity of the first signature and the second signature;
the third calculating unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement;
the second determination unit is configured to determine whether the second chameleon hash value is equal to the first chameleon hash value, and the first signature and the second signature are both valid, if so, the verifiable representation is reliable, otherwise, the verifiable representation is unreliable.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210782316.5A CN114866260B (en) | 2022-07-05 | 2022-07-05 | Chameleon hash distributed identity using method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210782316.5A CN114866260B (en) | 2022-07-05 | 2022-07-05 | Chameleon hash distributed identity using method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114866260A CN114866260A (en) | 2022-08-05 |
| CN114866260B true CN114866260B (en) | 2022-10-28 |
Family
ID=82625861
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210782316.5A Active CN114866260B (en) | 2022-07-05 | 2022-07-05 | Chameleon hash distributed identity using method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866260B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906780B (en) * | 2023-03-14 | 2023-06-23 | 杭州天谷信息科技有限公司 | Electronic document signature method, device and equipment capable of modifying format and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110086599A (en) * | 2019-04-24 | 2019-08-02 | 电子科技大学 | Hash calculation method and label decryption method based on homomorphism chameleon hash function |
| CN110298152A (en) * | 2019-06-28 | 2019-10-01 | 中国科学技术大学 | It is a kind of protection privacy of user and system safety line on identity management method |
| WO2019233951A1 (en) * | 2018-06-04 | 2019-12-12 | Worldline | A software application and a computer server for authenticating the identity of a digital content creator and the integrity of the creator's published content |
| CN111095327A (en) * | 2019-07-02 | 2020-05-01 | 阿里巴巴集团控股有限公司 | System and method for verifying verifiable claims |
| CN112446701A (en) * | 2019-09-03 | 2021-03-05 | 上海唯链信息科技有限公司 | Identity authentication method, equipment and storage device based on block chain |
| CN113918899A (en) * | 2021-08-31 | 2022-01-11 | 中国人民银行数字货币研究所 | Identity authentication method, certificate holding system and verification system |
| CN113922962A (en) * | 2021-09-10 | 2022-01-11 | 杭州溪塔科技有限公司 | Method and device for selectively disclosing digital identity attribute |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11587096B2 (en) * | 2015-10-14 | 2023-02-21 | Accreditrust Technologies, LLC | Systems and methods for interdependent identity based credential collection validation |
| LU101755B1 (en) * | 2020-04-28 | 2021-10-28 | Microsoft Technology Licensing Llc | Derived child verifiable credential with selective claims |
| CN113806699B (en) * | 2021-09-30 | 2023-12-01 | 中国人民解放军国防科技大学 | Cross-blockchain identity verification method and system in inter-cloud computing environment |
-
2022
- 2022-07-05 CN CN202210782316.5A patent/CN114866260B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019233951A1 (en) * | 2018-06-04 | 2019-12-12 | Worldline | A software application and a computer server for authenticating the identity of a digital content creator and the integrity of the creator's published content |
| CN110086599A (en) * | 2019-04-24 | 2019-08-02 | 电子科技大学 | Hash calculation method and label decryption method based on homomorphism chameleon hash function |
| CN110298152A (en) * | 2019-06-28 | 2019-10-01 | 中国科学技术大学 | It is a kind of protection privacy of user and system safety line on identity management method |
| CN111095327A (en) * | 2019-07-02 | 2020-05-01 | 阿里巴巴集团控股有限公司 | System and method for verifying verifiable claims |
| CN112446701A (en) * | 2019-09-03 | 2021-03-05 | 上海唯链信息科技有限公司 | Identity authentication method, equipment and storage device based on block chain |
| CN113918899A (en) * | 2021-08-31 | 2022-01-11 | 中国人民银行数字货币研究所 | Identity authentication method, certificate holding system and verification system |
| CN113922962A (en) * | 2021-09-10 | 2022-01-11 | 杭州溪塔科技有限公司 | Method and device for selectively disclosing digital identity attribute |
Non-Patent Citations (1)
| Title |
|---|
| 基于区块链技术的跨域认证方案;马晓婷等;《电子学报》;20181115(第11期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114866260A (en) | 2022-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11233657B2 (en) | Method and system for registering digital documents | |
| US6442689B1 (en) | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data | |
| US6097811A (en) | Tree-based certificate revocation system | |
| Li et al. | Privacy preserving cloud data auditing with efficient key update | |
| US6901509B1 (en) | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data | |
| US7065650B2 (en) | Method for indicating the integrity of a collection of digital objects | |
| JP2020517200A (en) | Block chain-based document management method using UTXO-based protocol and document management server using this method | |
| US6802002B1 (en) | Method and apparatus for providing field confidentiality in digital certificates | |
| US20050228999A1 (en) | Audit records for digitally signed documents | |
| EP3864794B1 (en) | Linking transactions | |
| US6757827B1 (en) | Autonomously secured image data | |
| CN113924748A (en) | Proof of knowledge | |
| CN114866260B (en) | Chameleon hash distributed identity using method and system | |
| CN114944937B (en) | Distributed digital identity verification method, system, electronic equipment and storage medium | |
| US11101989B2 (en) | Trusted ring | |
| CN111460499B (en) | Merkletree-based block chain user attribute set verification method for protecting privacy | |
| JP2023530594A (en) | Permitted Event Processing in Distributed Databases | |
| US20230093146A1 (en) | Cross-certification for secure binding of cryptographic systems | |
| CN115550060A (en) | Block chain based trusted certificate verification method, apparatus, device and medium | |
| US20210392002A1 (en) | Cross-certification for secure binding of cryptographic systems | |
| US20050138378A1 (en) | Method and computer system operated software application for digital signature | |
| CN111260528B (en) | Real estate information verification method based on asymmetric algorithm | |
| EP1164746B1 (en) | Tree-based certificate revocation system | |
| CN115499247B (en) | Zero-knowledge proof-based attribute certificate verification method and device | |
| JP2002006739A (en) | Authentication information generating device and data verifying device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |