CN116827528B - Authentication and key management method based on blockchain and Chebyshev chaotic mapping - Google Patents
Authentication and key management method based on blockchain and Chebyshev chaotic mapping Download PDFInfo
- Publication number
- CN116827528B CN116827528B CN202310782433.6A CN202310782433A CN116827528B CN 116827528 B CN116827528 B CN 116827528B CN 202310782433 A CN202310782433 A CN 202310782433A CN 116827528 B CN116827528 B CN 116827528B
- Authority
- CN
- China
- Prior art keywords
- kgc
- group
- blockchain
- authentication
- tid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 19
- 230000000739 chaotic effect Effects 0.000 title claims abstract description 13
- 238000013507 mapping Methods 0.000 title claims abstract description 8
- 238000004891 communication Methods 0.000 claims abstract description 27
- 238000004364 calculation method Methods 0.000 claims abstract description 14
- 238000000034 method Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 7
- 238000007689 inspection Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 2
- 238000005265 energy consumption Methods 0.000 abstract description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Abstract
The invention discloses an authentication and key management method based on a blockchain and a Chebyshev chaotic map, which mainly comprises three parts: namely an internet of things Device (DE), a Key Generation Center (KGC) and a blockchain. The internet of things device is a general node, configured with specific computing resources and having mobility capabilities. Each KGC, like a trusted group administrator, holds rich computing storage resources that are tasked with generating and distributing keys, and managing group communication tasks. Each KGC manages one or more groups, each group having several DE's in each group. The invention uses the blockchain to store the identity information of the Internet of things equipment, so that the distributed key generation center can realize flexible management of keys or identities; and the Chelboff chaotic mapping is used, so that the safety is achieved, and meanwhile, the energy consumption expenditure in the aspects of calculation and communication is reduced.
Description
Technical Field
The invention belongs to the field of industrial Internet of things, and particularly relates to an authentication and key management method based on blockchain and Chebyshev chaotic mapping.
Background
Industrial internet of things (IoT) and network physical system (CPS) are two important components that drive industry 5.0. Wherein communication between a set of machines, sensors, and other devices is enabled to achieve a common goal. However, as the number of connected devices increases, it requires a large amount of energy to power the machines and devices, which places higher demands on improving communication efficiency and reducing power consumption.
Group communication allows information to be transferred to all team members with less resources where the information is broadcast only once within the group, rather than being sent to all team members in sequence. However, private and sensitive information of members of the group of private and sensitive information groups of members may constitute a serious security problem. Key management, an important part of providing security for group communications, enables a group of entities that are not trusted to establish a group key to facilitate secure group communications. In particular, all panelists need to be authenticated, while legitimate panelists may encrypt the transmitted information. A legitimate team member may encrypt the transmitted information with a team key and encrypt the transmitted information with a group key, while other members having the same group key have the same group key are able to decrypt the information.
In recent years, various authentication and key management schemes have been proposed to design group communications. For example, a learner may set forth a three-factor anonymous authentication and key agreement protocol. The protocol implements secure communications by fusing smart card, password and biometric authentication techniques, adding a password and biometric update phase and a smart card update distribution phase, and utilizing the computational Diffie-Hellman (CDH) assumption on elliptic curves for information interaction ("a three-factor anonymous authentication and key agreement protocol", zhang Pingdeng, computer application, 2021).
In addition, an patent of an invention (publication No. CN103391205 a) of the company of the abb group is directed to a method for transmitting group communication information, a client, and a group server, in which when the IM client at the transmitting end recognizes that the group communication information input by the user includes a predetermined roll call identifier, the IM client at the receiving end transmits the group communication information to the group user listed after the roll call identifier, when the IM client at the receiving end recognizes that the received group communication information includes the roll call identifier, the IM client at the receiving end displays the group communication information including the roll call identifier in a highlighted manner, and transmits the group communication information replied by the user to the user listed after the roll call identifier other than the IM client and the user who transmitted the group communication information, and the IM client can distinguish the transmission or the reception of the group communication information to which the specified reception object is performed and the confidentiality of the group communication information.
However, most of the prior art solutions have various limitations. First, providing anonymity and flexible key management requires consuming a large amount of resources, and thus most schemes tend to expose the identity of the participants. Second, most schemes are still sufficiently lightweight, requiring the consumption of significant computational or communication resources to perform mutual authentication. Furthermore, relying on a Trusted Authority (TA) to periodically issue certificates for new internet of things devices may present a range of security risks (e.g., single point of failure). As one approach to solving the problem of limited computing and storage resources, blockchains have wide application in distributed scenarios. However, due to the isomerism, mobility and geographical distribution of the devices of the internet of things, combining blockchains with key management of the internet of things remains a challenge to be solved.
In summary, the authentication and key management protocol based on the blockchain and the chebyshev chaotic map is designed to have a certain help in solving the problem of distributed security group communication.
Disclosure of Invention
The invention aims to provide an authentication and key management method based on a blockchain and a Chebyshev chaotic map, which aims to solve some technical problems existing in the prior art described in the background art.
In order to achieve the above object, the present invention provides the following solutions:
the authentication and key management method based on the blockchain and the chebyshev chaotic mapping comprises the steps of constructing an authentication and key management protocol based on the blockchain and the chebyshev chaotic mapping, wherein the construction of the protocol mainly comprises three parts: namely the internet of things DE, the key generation center KGC and the blockchain. The protocol can be divided into three phases: an initialization phase, an authentication phase and a group key generation phase.
(1) Initialization phase
For each KGC, the system administrator j Generating unique identity ID j A random number x epsilon (- ≡) is selected, +++) as seeds for the chebyf polynomial, selecting a large prime number q and an anti-collision hash function h: {0,1} * And parameter information { ID }, is combined with j Issue of x, q, h to KGC j . When KGC j After receiving the parameter information, selecting a random numberCalculation ofAnd will { ID } j ,pk j ,wt j ,s j Upload to the blockchain. Finally, the system administrator permanently exits the system.
(2) Authentication phase
The authentication phase comprises the following four steps:
step 1: DE (DE) i First, a random number is generatedSelecting a current timestamp T 1 Calculating alpha i =h(ID i ||sk i ||a i ),/>v i =h(HID i ||wt i ||z i ||T 1 ) Building message M 1 ={TIDi,zi,vi,T 1 And send it to KGC j 。
Step 2: when receiving message M 1 ,KGC j First select the current timestamp T 2 Check if |T 2 -T 1 I < DeltaT. If it passes the inspection, it is based on TID i Searching for certificate CT from blockchain i If CT i In the absence of description DE i Is an illegal node, and needs to punish and record the information to the blockchain. Then KGC j Calculation ofAnd is connected with v i Comparison is made if->Integrity and DE of received message i The authenticity of (1) is authenticated.
Step 3: in DE i Is KGC j After authentication, KGC j Generating a random numberCalculation of alpha j =h(ID j ||sk j ||b j ),/>β j =s i ·h(ID j ||wt j ),/>Then KGC j Generating a random numberCalculate-> Constructing messagesAnd send to DE i 。
Step 4: when receiving message M 2 ,DE i First select the current timestamp T 3 Check if |T 3 -T 2 I < DeltaT. If pass the check, then calculate beta i =s j ·h(HID i ||wt i ), And is connected with v j Comparison was performed. If->DE (DE) i Completion of KGC j Authentication of (1) use->Updating temporary identity TIDs i 。
(3) Group key generation phase
The group key generation phase includes the following two steps:
step 1: when all group nodes pass KGC j KGC for authentication of (a) j Generating a random numberSelecting a current timestamp T 4 Using the relevant parameters TID obtained by the verification process i ,wt i ,z i ,α i ,s i Several important auxiliary parameters are calculated +.>B i =h(TID i ||HID i ||D i ||wt i ||s i ),/>λ i =h(TID i ||HID i ||D i ||B 1 ||B 2 ||...||B n ||T 4 ) And constructs a message M 3 ={<TID 1 ,B 1 ,λ 1 ,W 1 >,<TID 2 ,B 2 ,λ 2 ,W 2 >,...,<TID n ,B n ,λ n ,W n >,T 4 And then broadcast it to all group nodes DEs.
Step 2: when receiving message M 3 DE first selects the current timestamp T 5 Check if |T 5 -T 4 I < DeltaT. If it passes the check, the parameter z obtained by the verification process is used j ,α i Calculation of And will->And lambda is i Comparing, if equal, calculatingFinally, the group key is calculated +.>Once GK is calculated, all panelists can use GK for secure communications.
The invention has the beneficial effects that: the invention provides an authentication and key management method based on a blockchain and Chebyshev chaotic map, which is used for security group communication in the industrial Internet of things; the invention uses the blockchain to store the identity information of the Internet of things equipment, so that the distributed key generation center can realize flexible management of keys or identities; in addition, the invention uses the Chebyf chaotic mapping, which can effectively reduce the energy consumption expenditure in the aspects of calculation and communication while having the safety.
Drawings
FIG. 1 illustrates a network model diagram in one embodiment of the invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the attached drawings, so that the objects, features and advantages of the present invention will be more clearly understood. It should be understood that the embodiments shown in the drawings are not intended to limit the scope of the invention, but rather are merely illustrative of the true spirit of the invention.
In the following description, for the purposes of explanation of various disclosed embodiments, certain specific details are set forth in order to provide a thorough understanding of the various disclosed embodiments. One skilled in the relevant art will recognize, however, that an embodiment may be practiced without one or more of the specific details. In other instances, well-known devices, structures, and techniques associated with this application may not be shown or described in detail to avoid unnecessarily obscuring the description of the embodiments.
Reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
In the following description, for the purposes of clarity of presentation of the structure and manner of operation of the present invention, the description will be made with the aid of directional terms, but such terms as "forward," "rearward," "left," "right," "outward," "inner," "outward," "inward," "upper," "lower," etc. are to be construed as convenience, and are not to be limiting.
Example 1:
the network model of the present invention mainly involves three components: namely an internet of things Device (DE), a Key Generation Center (KGC) and a blockchain, as shown in fig. 1. The internet of things devices are general nodes that are configured with specific computing resources and have mobility capabilities. Each KGC, like a trusted community manager, typically has a rich variety of resources, its tasks are generating and distributing keys, and community communication task management. Each KGC manages one or more groups, each group having several DE's in each group. It should be noted that each group is dynamic and that the DE may join or leave a group at any time.
The workflow of the invention is mainly divided into three stages: an initialization phase, an authentication phase and a group key generation phase. In the present invention, the internet of things device through the registration process will be assigned a temporary identity which will be further used for authentication and generation of group keys. The temporary identity of the internet of things device will change after the authentication phase is completed and be updated onto the blockchain, which ensures that if an intruder grasps the temporary identity of one internet of things device, it will become useless as it will be updated in the next session.
The method comprises the following steps:
(1) Initialization phase
For each KGC, the system administrator j Generating unique identity ID j A random number x epsilon (- ≡) is selected, +++) as seeds for the chebyf polynomial, selecting a large prime number q and an anti-collision hash function h: {0,1} * And parameter information { ID }, is combined with j Issue of x, q, h to KGC j . When KGC j After receiving the parameter information, selecting a random numberCalculation ofAnd will { ID } j ,pk j ,wt j ,s j Upload to the blockchain. Finally, the system administrator permanently exits the system.
(2) Authentication phase
The authentication phase comprises the following four steps:
step 1: DE (DE) i First, a random number is generatedSelecting a current timestamp T 1 Calculating alpha i =h(ID i ||sk i ||a i ),/>v i =h(HID i ||wt i ||z i ||T 1 ) Building message M 1 ={TID i ,z i ,v i ,T 1 And send it to KGC j 。
Step 2: when receiving message M 1 ,KGC j First select the current timestamp T 2 Check if |T 2 -T 1 I < DeltaT. If it passes the inspection, it is based on TID i Searching for certificate CT from blockchain i If CT i In the absence of description DE i Is an illegal node, and needs to punish and record the information to the blockchain. Then KGC j Calculation ofAnd is connected with v i Comparison is made if->Integrity and DE of received message i The authenticity of (1) is authenticated.
Step 3: in DE i Is KGC j After authentication, KGC j Generating a random numberCalculation of alpha j =h(ID j ||sk j ||b j ),/>β j =s i ·h(ID j ||wt j ),/>Then KGC j Generating a random numberCalculate-> Constructing messagesAnd send to DE i 。
Step 4: when receiving message M 2 ,DE i First select the current timestamp T 3 Check if |T 3 -T 2 I < DeltaT. If pass the check, then calculate beta i =s j ·h(HID i ||wt i ), And is connected with v j Comparison was performed. If->DE (DE) i Completion of KGC j Authentication of (1) use->Updating temporary identity TIDs i 。
(3) Group key generation phase
The group key generation phase includes the following two steps:
step 1: when all group nodes pass KGC j KGC for authentication of (a) j Generating a random numberSelecting a current timestamp T 4 Using the relevant parameters TID obtained by the verification process i ,wt i ,z i ,α i ,s i Several important auxiliary parameters are calculated +.>B i =h(TID i ||HID i ||D i ||wt i ||s i ),/>λ i =h(TID i ||HID i ||D i ||B 1 ||B 2 ||...||B n ||T 4 ) And constructs a message M 3 ={<TID 1 ,B 1 ,λ 1 ,W 1 >,<TID 2 ,B 2 ,λ 2 ,W 2 >,...,<TID n ,B n ,λ n ,W n >,T 4 And then broadcast it to all group nodes DEs.
Step 2: when receiving message M 3 DE first selects the current timestamp T 5 Check if |T 5 -T 4 I < DeltaT. If it passes the check, the parameter z obtained by the verification process is used j ,α i Calculation of And will->And lambda is i Comparing, if equal, calculatingFinally, the group key is calculated +.>Once GK is calculated, all panelists can use GK for secure communications.
The foregoing has shown and described the basic principles and main features of the present invention and the advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (1)
1. An authentication and key management method based on blockchain and Chebyf chaotic mapping is characterized in that: the method is characterized in that: the method comprises the steps of constructing an authentication and key management protocol based on a blockchain and Chebyf chaotic map, wherein the construction of the protocol involves three parts: namely the internet of things device DE, a key generation center KGC and a blockchain; the task of each KGC is to generate and distribute keys, and group communication task management; each KGC manages one or more groups, each group having several DE's in each group; each group is dynamic, and the DE can join or leave a group at any time; the protocol is divided into three phases: an initialization phase, an authentication phase and a group key generation phase;
wherein the initialization phase comprises: for each KGC, the system administrator j Generating unique identity ID j A random number x epsilon (- ≡) is selected, +++) as seeds for the chebyf polynomial, selecting a large prime number q and an anti-collision hash function h: {0,1} * And parameter information { ID }, is combined with j Issue of x, q, h to KGC j The method comprises the steps of carrying out a first treatment on the surface of the When KGC j After receiving the parameter information, selecting a random numberCalculation ofAnd will { ID } j ,pk j ,wt j ,s j Uploading to the blockchain; finally, the system administrator permanently exits the system;
the specific implementation of the authentication phase comprises the following steps:
step 1: DE (DE) i First, a random number is generatedSelecting a current timestamp T 1 Calculating alpha i =h(ID i ||sk i ||a i ),/>v i =h(HID i ||wt i ||z i ||T 1 ) Building message M 1 ={TID i ,z i ,v i ,T 1 And send it to KGC j ;
Step 2: when receiving message M 1 ,KGC j First select the current timestamp T 2 Check if |T 2 -T 1 I < DeltaT; if it passes the inspection, it is based on TID i Searching for certificate CT from blockchain i If CT i In the absence of description DE i Is an illegal node, and needs punishment and records the information to a blockchain; then KGC j Calculation ofAnd is connected with v i Comparison is made if->Integrity and DE of received message i The authenticity of (1) is authenticated;
step 3: in DE i Is KGC j After authentication, KGC j Generating a random numberCalculation of alpha j =h(ID j ||sk j ||b j ),β j =s i ·h(ID j ||wt j ),/>Then KGC j Generating a random numberCalculate-> Constructing messagesAnd send to DE i ;
Step 4: when receiving message M 2 ,DE i First select the current timestamp T 3 Check if |T 3 -T 2 I < DeltaT; if pass the check, then calculate beta i =s j ·h(HID i ||wt i ), And is connected with v j Comparing; if->DE (DE) i Completion of KGC j Authentication of (1) use->Updating temporary identity TIDs i ;
Verifying the identity of the sender of the information is by calculating h (delta i )=h(δ j ) The realization is as follows:
due to the internet of things device DE i Possessing parameter information s j ,β i ,wt i Delta can be calculated i And then getAnd will->Same v j In contrast, if the same, the message is legal, DE i Completion of KGC j Is to be authenticated;
the group key generation phase comprises the following steps:
step 1: when all group nodes pass KGC j KGC for authentication of (a) j Generating a random numberSelecting a current timestamp T 4 Using the relevant parameters TID obtained by the verification process i ,wt i ,z i ,α i ,s i Several important auxiliary parameters are calculated +.>B i =h(TID i ||HID i ||D i ||wt i ||s i ),/>λ i =h(TID i ||HID i ||D i ||B 1 ||B 2 ||...||B n ||T 4 ) And constructs a message M 3 ={<TID 1 ,B 1 ,λ 1 ,W 1 >,<TID 2 ,B 2 ,λ 2 ,W 2 >,...,<TID n ,B n ,λ n ,W n >,T 4 Then broadcast it to all group nodes DEs;
step 2: when receiving message M 3 DE first selects the current timestamp T 5 Check if |T 5 -T 4 I < DeltaT; if it passes the check, the parameter z obtained by the verification process is used j ,α i Calculation of And will->And lambda is i Comparing, if equal, calculatingFinally, the group key is calculated +.>Once GK is calculated, it can be used by all panelists for secure communications;
message integrity verification in the group key generation phase is performed by computingThe realization is as follows:
because each internet of things device DE corresponds to the parameter information z j ,α i Can calculateAnd add it to->In contrast, if the same, the message is legitimate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310782433.6A CN116827528B (en) | 2023-06-29 | 2023-06-29 | Authentication and key management method based on blockchain and Chebyshev chaotic mapping |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310782433.6A CN116827528B (en) | 2023-06-29 | 2023-06-29 | Authentication and key management method based on blockchain and Chebyshev chaotic mapping |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116827528A CN116827528A (en) | 2023-09-29 |
| CN116827528B true CN116827528B (en) | 2024-02-13 |
Family
ID=88116343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310782433.6A Active CN116827528B (en) | 2023-06-29 | 2023-06-29 | Authentication and key management method based on blockchain and Chebyshev chaotic mapping |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116827528B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602698A (en) * | 2019-09-02 | 2019-12-20 | 安徽大学 | Chaotic mapping-based car networking complete session key negotiation method |
| CN114362932A (en) * | 2021-12-02 | 2022-04-15 | 四川大学 | Chebyshev polynomial multiple registration center anonymous authentication key agreement protocol |
| CN115001721A (en) * | 2022-08-08 | 2022-09-02 | 北京科技大学 | Safety authentication method and system of smart power grid based on block chain |
-
2023
- 2023-06-29 CN CN202310782433.6A patent/CN116827528B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602698A (en) * | 2019-09-02 | 2019-12-20 | 安徽大学 | Chaotic mapping-based car networking complete session key negotiation method |
| CN114362932A (en) * | 2021-12-02 | 2022-04-15 | 四川大学 | Chebyshev polynomial multiple registration center anonymous authentication key agreement protocol |
| CN115001721A (en) * | 2022-08-08 | 2022-09-02 | 北京科技大学 | Safety authentication method and system of smart power grid based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116827528A (en) | 2023-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xue et al. | A dynamic secure group sharing framework in public cloud computing | |
| US6901510B1 (en) | Method and apparatus for distributing and updating group controllers over a wide area network using a tree structure | |
| US7502927B2 (en) | Directory enabled secure multicast group communications | |
| US6941457B1 (en) | Establishing a new shared secret key over a broadcast channel for a multicast group based on an old shared secret key | |
| US7103185B1 (en) | Method and apparatus for distributing and updating private keys of multicast group managers using directory replication | |
| US7660983B1 (en) | Method and apparatus for creating a secure communication channel among multiple event service nodes | |
| US7181014B1 (en) | Processing method for key exchange among broadcast or multicast groups that provides a more efficient substitute for Diffie-Hellman key exchange | |
| US6987855B1 (en) | Operational optimization of a shared secret Diffie-Hellman key exchange among broadcast or multicast groups | |
| CN109936509B (en) | Equipment group authentication method and system based on multi-identity | |
| Xi et al. | ZAMA: A ZKP-based anonymous mutual authentication scheme for the IoV | |
| Li et al. | Energy-efficient and secure communication toward UAV networks | |
| Chen et al. | Efficient certificateless online/offline signcryption scheme for edge IoT devices | |
| CN113364578A (en) | Chaos mapping-based internet of things three-party authentication key agreement protocol | |
| CN116599659B (en) | Certificate-free identity authentication and key negotiation method and system | |
| Xiong et al. | Privacy-preserving authentication scheme with revocability for multi-WSN in industrial IoT | |
| WO2023116027A1 (en) | Cross-domain identity verification method in secure multi-party computation, and server | |
| CN116827528B (en) | Authentication and key management method based on blockchain and Chebyshev chaotic mapping | |
| CN110572788B (en) | Wireless sensor communication method and system based on asymmetric key pool and implicit certificate | |
| Rawat et al. | PAS-TA-U: PASsword-based threshold authentication with password update | |
| Chung | The design of authentication key protocol in certificate‐free public key cryptosystem | |
| Mulkey et al. | Towards an efficient protocol for privacy and authentication in wireless networks | |
| Liu et al. | A Key Management Scheme of Mobile Ad Hoc Network | |
| Nassermostofi | Authentication in P2P Environment Based on Multi Dimensional Administration Graph | |
| Lee et al. | SEAL: A secure communication library for building dynamic group key agreement applications | |
| Xu et al. | Efficient and secure certificateless authentication and key agreement protocol for hybrid P2P network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |