WO2020227920A1 - Authentification de consensus distribuée acceptable sans vérification pour une identité en tant que clé publique - Google Patents

Authentification de consensus distribuée acceptable sans vérification pour une identité en tant que clé publique Download PDF

Info

Publication number
WO2020227920A1
WO2020227920A1 PCT/CN2019/086799 CN2019086799W WO2020227920A1 WO 2020227920 A1 WO2020227920 A1 WO 2020227920A1 CN 2019086799 W CN2019086799 W CN 2019086799W WO 2020227920 A1 WO2020227920 A1 WO 2020227920A1
Authority
WO
WIPO (PCT)
Prior art keywords
idpk
agreeable
structured data
trustlessly
distributed consensus
Prior art date
Application number
PCT/CN2019/086799
Other languages
English (en)
Inventor
Wenxiang Wang
Original Assignee
Daolicloud Information Technology (Beijing) Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Daolicloud Information Technology (Beijing) Co., Ltd. filed Critical Daolicloud Information Technology (Beijing) Co., Ltd.
Priority to PCT/CN2019/086799 priority Critical patent/WO2020227920A1/fr
Publication of WO2020227920A1 publication Critical patent/WO2020227920A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • aspects of the present disclosure provide a method and apparatus for securing information using identity based public key cryptography with authentication assertion “This ID is a Public Key” (IDPK) being trustlessly agreeable in a distributed consensus ledger.
  • IDPK identity based public key cryptography with authentication assertion “This ID is a Public Key” (IDPK) being trustlessly agreeable in a distributed consensus ledger.
  • At least one example in accordance with the present disclosure relates to securing information using identity based public key cryptography and distributed consensus ledger mechanisms.
  • the foundation for securing data is authentication: that the data which is received/retrieved by a first entity was actually sent/stored by a second entity which purports to have sent/stored the data.
  • Authentication of a public cryptographic key is a known art. Authentication of a public key can be based on trusting one or few centralized authorities such as Certification Authorities in Public Key Infrastructure (PKI) , or a Private Key Generator (PKG) in Identity Based Cryptography (IBC) . The need of unconditional trusting few centralized authorities is becoming less and less acceptable for future pervasive use of public keys.
  • PKI Public Key Infrastructure
  • IBC Identity Based Cryptography
  • Authentication of a public key can also be based on distributed consensus, e.g., in Bitcoin or a blockchain, where a random looking address of a digital wallet relates to a random public key. That a public key is random inconveniences open-system uses of public key cryptography in absence of open-system wise trustlessly agreeable authentication.
  • a method for establishing an agreeable assertion “This ID is a public key” with authentication depending on zero trust and in a distributed consensus ledger is provided.
  • the method comprises: cryptographic procedures for constructing, cryptographic procedures for trustlessly agreeing the validity of, distributed consensus procedures for establishing authentication, and security application procedures for using, an ID as a public key.
  • an entity possessing an identity is a registrant device, or the bearer of the registrant device.
  • the registrant device executes a cryptographic procedure, on inputting an ID, outputs an ID based public key (IDPK) .
  • IDPK ID based public key
  • the registrant device completes construction of an IDPK being the cryptographic procedure’s output on inputting an ID, sends to a registrar servicing device structured data ⁇ ID, IDPK> being registration request.
  • At least one servicing entity being a registrar device receives a registration request containing structured data ⁇ ID, IDPK> , from a registrant device, for to be provided with registration service.
  • the registrar device upon receipt a registration request containing structured data ⁇ ID, IDPK> , checks the uniqueness of the ID.
  • the registrar device further checks for evidence that the registrant device is indeed the owner of the ID.
  • the registrar device upon receipt registration request containing structured data ⁇ ID, IDPK> , executes some online interactions with the purported registrant device to confirm the ownership possession and binding between the registrant device and the ID of the received registration request.
  • the registrar device executes a openly executable cryptographic procedure for verifying a trustlessly agreeable criterion for structured data ⁇ ID, IDPK> .
  • the registrar device executes a deterministic procedure inputting structured data ⁇ ID, IDPK> efficiently outputting an assertion that the IDPK is deterministically associated to the ID, and that the pair of data structure constitutes a valid public key being cryptography worthy for securing data in cryptographic applications and/or protocols.
  • the validity that the outputting assertion of the registrar device is trustlessly agreeable according to an established truth in the study and knowledge of cryptography.
  • the registrar device upon establishing trustlessly agreeable validity of structured data ⁇ ID, IDPK> registration request, and upon establishing the uniqueness of the ID, and further upon establishing the ownership possession of the ID being truly uniquely identified registrant device or its bearer, enters structured data ⁇ ID, IDPK> in a distributed consensus ledger, e.g., a blockchain.
  • a distributed consensus ledger e.g., a blockchain.
  • the distributed consensus ledger executes a distributed consensus procedure to establish authentication for a recorded structured data ⁇ ID, IDPK> to qualify it into an authentication record.
  • the distributed consensus procedure includes a timestamp in an authentication record.
  • the quality of an authentication record follows the established truth in the study of distributed computing.
  • the quality of an authentication record follows distributed consensus algorithms on, including, proof-of-work basis, or proof-of-stake basis, or any other consensus mechanism basis being used in, including, a blockchain.
  • the quality of an authentication record in the distributed consensus ledger record cannot be altered retroactively without alteration of all subsequent ledger records.
  • the method for establishing a trustlessly agreeable assertion on an identity being cryptography worthy also comprises a client being an asking device querying an ID for to be responded with its authentication registration status, and at least one server being an answering device to receive ID queries from, and to return an answer to, the asking device.
  • the asking device queries an ID for to be responded with knowledge whether or not the queried ID has a distributed consensus authentication in association with some identity based public key.
  • the answering device upon finding in the distributed consensus ledger record containing structured data ⁇ ID, IDPK> qualifying the distributed consensus authentication, returns the ledger record to the asking device.
  • the asking device upon being responded of a queried ID with a ledger record containing structured data ⁇ ID, IDPK> , can alone validate the trustlessly agreeable criterion whether or not the pair has the distributed consensus authentication quality, and upon establishing the validity, reckons authentication of the pair and uses the IDPK to securely process data in security applications or protocols.
  • validation of structured data ⁇ ID, IDPK> qualifying trustlessly agreeable criterion can be conducted openly by any, including least privileged, entity in the open system.
  • validation of the trustlessly agreeable distributed consensus authentication quality for structured data ⁇ ID, IDPK> relies on handling no any secret.
  • servicing entities including a registrar device or an answering device can be widely distributed in the open system to completely eliminate any risk of single point of failure.
  • FIG. 1 illustrates a block diagram of functional interactions between a registrant as a registration request device, and a registrar as an instance of a plurality of distributed IDPK registration servicing devices, according to an embodiment
  • FIG. 2 illustrates a process of functional interactions between an asking entity as an IDPK cryptographic application or protocol execution device, and an answering entity as an instance of a plurality of distributed IDPK servicing devices, according to an embodiment.
  • references to “or” may be construed as inclusive so that any terms described using “or” may indicate any of a single, more than one, and all of the described terms.
  • the term usage in the incorporated features is supplementary to that of this document; for irreconcilable differences, the term usage in this document controls.
  • G 1 and G 2 be two bilinear pairing friendly computable elliptic additive groups of a prime order q.
  • G T be a multiplicative group of integers having the same prime order q.
  • G T be an asymmetric bilinear pairing mapping for which,
  • quotation marking means a bit string.
  • Alice be the possessor or bearer of a registrant device.
  • k Alice ⁇ q be a randomly generated integer to be of exclusive use in the function of the private key of the registrant device or of the bearer Alice.
  • k Alice can be an already existing private key of Alice for an established system, e.g., the private key of Alice’s wallet-like device of a blockchain.
  • M 1 be a deterministic function mapping from an arbitrary bit string to an elliptic curve point in G 1 .
  • M 2 be a deterministic function mapping from an arbitrary bit string to an elliptic curve point in G 2 .
  • An ID e.g., “Alice” of Alice
  • An ID can be an arbitrary bit string as long as it can uniquely identify a user, e.g., Alice, in an open system.
  • a useful ID bit string should avoid being random or looking random.
  • a recommended example in the present disclosure for composing an ID is letting it include, better a number of, well-known communications systems addressable identities, e.g., a mobile phone number, an email address, asocial media account identity, etc.
  • an ID needs to be setup or registered by its owner being a registrant registering with a service being a registrar.
  • standard challenge response mechanisms can be used for a registrar to challenge a registrant in some puzzle solving online or timely interactions wherein the challenge is sent to an address as a communication identity component in the registrant purportedly owned ID.
  • proof of an ID ownership can be verified by the challenger being a registrar service upon seeing correctly and timely returned response.
  • Mapping bit string to an elliptic curve point in terminology “map-to-curve” , can have different and useful formulations.
  • map-to-curve is achieved by first hashing to an x or ay coordinate, followed by using one coordinate to solve the elliptic curve equation for the other coordinate.
  • map-to-curve is achieved by inputting some fixed and constant curve points, e.g., P ⁇ G 1 and/or e.g., Q ⁇ G 2 , and letting h be a hash function, then an ID map-to-curve point is defined being scalar multiplying a hash function output as scalar multiplier to the fixed and constant curve points P and/or Q as follows:
  • a scalar multiplier method to map-to-curve uses a hash function output, e.g., h ( “Alice” ) , being an arithmetic operand component in the construction of scalar multipliers.
  • h “Alice”
  • map-to-curve is a deterministic function inputting ID, mathematically being an arbitrary bit string, outputting a fixed elliptic curve point, whether or not the hash function output value is: a curve point coordinate, a scalar multiplier, or an arithmetic or algebraic component in the scalar multiplier.
  • the output will be uniformly denoted either M 1 ( “Alice” ) in G 1 or M 2 ( “Alice” ) in G 2 for the case of ID being “Alice” .
  • the IDPK of Alice includes Alice’s ID map-to-curve points and the output curve points of scalar multiplying Alice’s private key k Alice to Alice’s ID map-to-curve points M 1 ( “Alice” ) in G 1 , and M 2 ( “Alice” ) in G 2 as follows:
  • Alice may use different IDs map-to-curve points to generate her different IDPKs by scalar multiplying her single private key k Alice to these different IDs map-to-curve points.
  • IDPKs are also curve points in these two different curve groups.
  • an IDPK in either of these two curve groups can be used.
  • IDPK is the fact that the discrete logarithm of [k Alice ] M 1, 2 ( “Alice i ” ) with respect to the basis M 1, 2 ( “Alice i ” ) is Alice’s private key k Alice which is private key worthy for being used in e.g., decryption or signature cryptographic functions.
  • any decision making entity does not need to know Alice’s private key k Alice , i.e., the unique and deciding discrete logarithm of [k Alice ] M 1, 2 ( “Alice i ” ) with respect to the basis M 1, 2 ( “Alice i ” ) .
  • decision on whether or not a quadruple of elliptic curve points is BPDHQ can be openly conducted by any, including least privileged, entity in an open system. It is equivalent to state: decision on whether or not a quadruple of bilinear pairing friendly computable elliptic points constitutes a valid IDPK in G 1 , and a valid IDPK in G 2 , is trustlessly agreeable.
  • a paring friendly computable pairing mapping is homomorphic.
  • a homomorphism preserves arithmetic and/or algebraic computations. Therefore, for various arithmetic and/or algebraic formulations of using hash function output bit string as operand component in a scalar multiplier, the map-to-curve points M 1, 2 ( “Alice i ” ) and [k Alice ] M 1, 2 ( “Alice i ” ) will also trustlessly agreeable manifest in the multiplicative group G T the homomorphic formulations of the arithmetic and/or algebraic formulations of using a hash function output bit string to scalar multiply a fixed point P in G 1 and/or to scalar multiply a fixed point Q in G 2 as consistent variant BPDHQ formulations. That is, various formulations of map-to-curve to G 1 and/or to G 2 will show up in trustlessly agreeable manner in respective homomorphic formulations to the multiplicative group G T , and thus will also demonstrate
  • At least one servicing entity in the open system in the role of a registrar device, can provide service of recording Alice’s registration of her established trustlessly agreeable BPDHQ tuples:
  • ID map-to-curve points M 1 ( “Alice i ” ) , M 2 ( “Alice j ” ) can be openly constructed using the input of the respective IDs, and since the other two elliptic curve points in the quadruple are meant to be IDPK, in the remainder description of the present disclosure, a registration request containing ID and ID derived IDPK is abbreviated into ⁇ ID, IDPK> , and referred to as “structured data ⁇ ID, IDPK> ” .
  • the registrar servicing device Upon receipt Alice’s request for registering her ID for ID based cryptographic uses, the registrar servicing device should check the uniqueness of the ID, i.e., “Alice” , “Alice i ” , “Alice j ” , wherein the uniqueness is within the scope and space of the open system.
  • the ID being composed of a plural number of Alice’s practical sub-identities such as “Alice i ” being her mobile phone number, “Alice j ” being her email address, and/or “Alice z ” being her social media account ID, etc., then the uniqueness requirement should also be met for each of the sub-identities.
  • the registrar device Upon establishing the uniqueness of the ID, the registrar device should further perform cryptographic verification for the trustlessly agreeable correctness of the IDPK. Upon establishment of the correctness, the registrar device can record the ID and trustlessly agreeably correct IDPK in the distributed consensus ledger.
  • the registrar device can maintain a hash tree, e.g., Merkle Tree, to efficiently compress a plurality of registrant devices’ IDPK registrations into one hash tree root, wherein the plurality of registrant devices’ IDPK registration requests take place within a specified length of time, e.g., within one day.
  • Recording registrants IDPKs in the distributed consensus ledger can be in the unit of per hash tree root per block basis.
  • the registrar device’s servicing function involves handling no secret whatsoever, and the cryptographic verification outputs a trustlessly agreeable assertion being self-evident on the correctness of the verification, the registrar device’s servicing function can be easily and widely replicated in scale to completely eliminate any risk of single point failure.
  • the IDPK system in the present disclosure thus qualifies zero trust on the registrar device.
  • the trustless registrar server can make use of a distributed consensus ledger service, such as a blockchain to record an established trustlessly agreeable authentication structured data ⁇ ID, IDPK> .
  • the distributed consensus procedure includes a timestamp in an authentication record.
  • the quality of an authentication record follows the established truth in the study of distributed computing.
  • the quality of an authentication record follows distributed consensus algorithms on, including, proof-of-work basis, or proof-of-stake basis, or any other consensus mechanism basis being used in, including, a blockchain.
  • the quality of an authentication record in the distributed consensus ledger record cannot be altered retroactively without alteration of all subsequent ledger records.
  • a client in the open system may make a query to a server for an ID’s identity based cryptographic registration status.
  • a server answering an ID query to a client is one of the distributed trustless registrar devices.
  • the server as an answering device Upon finding the ID having been registered in its registrant database as structured data ⁇ ID, IDPK> with distributed consensus ledger fixed evidence, the server as an answering device returns structured data ⁇ ID, IDPK> with the ledger fixation evidence to the client.
  • Trustlessly agreeable distributed consensus authentication for the returned structured data ⁇ ID, IDPK> can be verified by the asking device alone.
  • the asking device can also validate the distributed consensus based correctness of the ledger record in accordance with the ledger’s specification and servicing terms.
  • the answering device records historical ⁇ asking-ID, answering-IDPK> instances in the distributed consensus ledger, wherein the asking-answering history for the asking-ID encountered no occurrence of complaint on identity error, either from any asking device, nor from the owner of the asking-ID.
  • the public key cryptography worthiness of authentication established structured data ⁇ ID, IDPK> for public-key encryption/decryption, digital signature generation and verification, or for agreeing symmetric session key, is well established in identity based cryptography.
  • Fig. 1 illustrates a process 100 of implementing ID registration between two communicants: an IDPK registrant or registration servicee, and an IDPK registrar, or registration service, according to an embodiment.
  • ID as a public key registrar handles no any secret.
  • no-secret handling service devices can physically be widely replicated in distribution to have elastic servicing capacity processing a vast large number of ID registration requests.
  • the physically replicated services however logically has an atomic single state illustrated in the process 100.
  • the process 100 is NOT a centralized device.
  • the process 100 may be executed responsive to it sending registration request containing structured data ⁇ ID, IDPK> , and viewed by an IDPK registrar device, the process 100 may be executed responsive to it receiving a registration request containing ⁇ ID, IDPK> .
  • a registrant device and a registrar device in communication interactions checking necessary properties of an ID to be registered. Necessary properties of a registration ID include ownership belonging to the registrant device, and uniqueness management by the registrar logic.
  • the registering request structured data ⁇ ID, IDPK> are verified to establish whether or not it satisfies trustlessly agreeable authentication.
  • the verification is to check if a quadruple of pairing friendly computable elliptic curve points in structured data ⁇ ID, IDPK> is a BPDHQ.
  • the verification is conducted by evaluation bilinear pairing formulations and checking an equation between these evaluations.
  • structured data ⁇ ID, IDPK> which is established trustlessly agreeable authentication is entered in distributed consensus ledger for unalterable recording.
  • a ledger fixed unalterable record has trustlessly agreeable distributed consensus authentication property.
  • a registrar device can hash-tree a plurality of many registration requests’ structured data ⁇ IDs, IDPKs> into one hash-tree root and enter the hash-tree root in distributed consensus ledger.
  • the distributed ledger upon entering a block timestamps the hash-root record to manifest time of data recording.
  • Fig. 2 illustrates a process 200 of implementing ID registration between two communicants: a client of an ID based cryptographic application or protocol device being an ID as a public key (IDaaPK) asking entity, and an IDaaPK registration service provider being an answering entity, according to an embodiment.
  • IDaaPK answering entity handles no any secret.
  • no-secret handling IDaaPK answering entity can physically be widely replicated in distribution to have elastic servicing capacity processing a vast large number of IDaaPK asking queries.
  • the physically replicated IDaaPK service devices however logically has an atomic single state illustrated in the process 200.
  • the process 200 is NOT a centralized device.
  • the process 200 may be executed responsive to it sending an ID query for its IDaaPK registration status, and viewed by an IDaaPK answering device, the process 200 may be executed responsive to it receiving an ID query for its IDaaPK registration status.
  • an ID is queried by a client, and received by an IDaaPK answering device, for the two communicants to establish its IDaaPK registration status.
  • the answering device searches its IDaaPK registrant database with the queried ID being the search key. If the search returns structured data ⁇ ID, IDPK> the server state transfers to act 203, otherwise, the server state transfers to act 205.
  • the server further verifies structured data ⁇ ID, IDPK> trustlessly agreeable distributed consensus authentication validity. If the verification establishes the validity, the server state transfers to act 204, otherwise, the server state transfers to act 205.
  • the IDaaPK answering server generates structured data ⁇ ID, IDPK> with distributed consensus ledger validity evidence, and respond the asking device the client these data.
  • the IDaaPK answering server respond the asking client device an error message.
  • establishing trustlessly agreeable distributed consensus authentication of IDaaPK requires no any entity to be trusted, or to act as a “Guarantor” , or “Certification Authority” , or “Private Key Generator” , or a “God” , on behalf of, or to speak for, others.
  • establishing trustlessly agreeable distributed consensus authentication ofIDaaPK requires no any entity or device to play any centralized or any pivotal or any more-important-than-other role.
  • a method of establishing trustlessly agreeable distributed consensus authentication for identity as a public key including:
  • ID uniquely identifiable identity
  • each scalar multiplying result being a deterministic ID public key IDPK of the first device or of its bearer;
  • bilinear-pairing verifying establish-ability, by the second device, responsive to checking establishment ID ownership and uniqueness, structured data ⁇ ID, IDPK> satisfying a prespecified trustlessly agreeable Bilinear Pairing Diffie-Hellman Quadruple (BPDHQ) formulation;
  • entering in distributed consensus ledger established trustlessly agreeable authentication for structured data ⁇ ID, IDPK> includes distributed ledger nodes executing consensus algorithms on basis of, including, proof-of-work, or proof-of-stake, or any other distributed consensus mechanism, with executing concluding a consensus for the ledger to be added structured data ⁇ ID, IDPK> in its unalterable chain.
  • hash-tree compressing, by the second device, a plurality of registration requests’ respective structured data ⁇ IDs, IDPKs> of a plurality of the first devices, into a hash-tree root;
  • initiating private key includes using an already existing private key in an already existing method that the first device or its bearer have authorized use of the already existing private key.
  • mapping ID to paring friendly computable elliptic curve group point includes using a hash function output for either forming a deterministic coordinate of a curve point from which the other deterministic coordinate of the curve point can be solved by applying the elliptic curve equation definition, or forming a deterministic arithmetic and/or algebraic operand component in a scalar multiplier to be scalar multiplied to a predetermined elliptic curve point.
  • checking establish-ability ID being owned by the first device or by its bearer includes applying a challenge-response mechanism, sending a challenge from the second device to the first device, with the challenge being addressed to a communicating identity in the ID, for the first device to respond back to the second device in timely manner and in challenge-response required formulation.
  • bilinear-pairing verifying establish-ability structured data ⁇ ID, IDPK> satisfying trustlessly agreeable BPDHQ formulation includes inputting to the bilinear pairing evaluation equation a quadruple of elliptic curve points containing ID map-to-curve points, and respective IDPK curve points, and outputting establishment decision whether or not the inputting quadruple satisfies prespecified trustlessly agreeable BPDHQ formulation.
  • a system for establishing trustlessly agreeable distributed consensus authentication for identity as a public key comprising:
  • a receiving registrar device being configured to be comminicatively coupled with the registrant device
  • the registrant device and the receiving registrar device are configured to:
  • bilinear-pairing verify establish-ability, by the receiving registrar device, responsive to checking establishment ID ownership and uniqueness, trustlessly agreeable BPDHQ formulation for structured data ⁇ ID, IDPK> ;
  • distributed consensus ledger establishing trustlessly agreeable authentication for structured data ⁇ ID, IDPK> includes to execute, by distributed nodes of the ledger, distributed consensus algorithms on basis of, including, proof-of-work, or proof-of-stake, or any other distributed consensus mechanism, to achieve unalterable recording structured data ⁇ ID, IDPK> in the ledger.
  • hash-tree compress, by the receiving registrar device, a plurality of registration requests respective structured data ⁇ IDs, IDPKs> of a plurality of registrant devices, into a hash-tree root;
  • asking device and the answering device are configured to:
  • search registration status establish-ability, by the answering device, queried ID in its database of registrants’ record containing structured data ⁇ ID, IDPK> and with distributed consensus ledger record supported validity evidence;
  • the registrant device initiating private key includes to use an already existing private key in an already existing system that the registrant device or its bearer have authorization to use the already existing private key.
  • the registrant device mapping ID to paring friendly computable elliptic curve group point includes to use a hash function output for either forming a deterministic coordinate of a curve point from which the other deterministic coordinate of the curve point can be solved by applying the elliptic curve equation definition, or forming a deterministic arithmetic operand component in a scalar multiplier to be scalar multiplied to a predetermined elliptic curve point.
  • the receiving registrar device checking the ID being owned by the registrant device or by its bearer includes to apply a challenge-response mechanism, send a challenge to the registrant device, with the challenge being addressed to a communicating identity in the ID, for the registrant device to respond back in timely manner and in challenge-response required formulation.
  • the receiving registrar device bilinear-pairing verifying structured data ⁇ ID, IDPK> satisfying trustlessly agreeable BPDHQ formulation includes to input to the bilinear pairing evaluation equation a quadruple of elliptic curve points containing ID map-to-curve points, and respective IDPK curve points, and accepts an establishment decision whether or not the inputting quadruple satisfies prespecified trustlessly agreeable BPDHQ formulation.

Abstract

Des aspects de la présente invention concernent un procédé et un appareil permettant de sécuriser des informations à l'aide d'une cryptographie à clé publique basée sur l'identité grâce à une assertion d'authentification « Cet identifiant est une clé publique » (IDPK) qui est acceptable sans vérification dans un registre de consensus distribué. L'invention concerne également un procédé d'établissement d'une authentification de consensus distribuée acceptable sans vérification pour une identité en tant que clé publique, le procédé consistant : à lancer, par un premier dispositif, un nombre entier aléatoire suffisamment grand comme la clé privée du premier dispositif ou de son porteur ; à mapper avec un point facilement calculable de courbe elliptique d'appariement bilinéaire, par le premier dispositif, une identité (ID) identifiable de manière unique du premier dispositif ou de son porteur à au moins un point facilement calculable de groupe de courbes elliptiques d'appariement bilinéaire déterministe comme le point d'application identique sur la courbe ; à multiplier par un scalaire, par le premier dispositif, ladite clé privée ou d'une formulation arithmétique prédéfinie de ladite clé privée à chaque point d'application identique sur la courbe, chaque résultat de la multiplication par un scalaire étant une clé publique d'identité déterministe (IDPK) du premier dispositif ou de son porteur ; et à communiquer, par le premier dispositif, à un second dispositif. La communication consiste : à envoyer une demande d'enregistrement, par le premier dispositif, avec une demande contenant des données structurées <ID, IDPK>, au second dispositif ; à contrôler la capacité d'établissement, par le second dispositif, de la propriété de l'identité appartenant au premier dispositif ou à son porteur et l'unicité de l'identité ; à vérifier, par appariement bilinéaire de la capacité d'établissement, par le second dispositif, en réponse au contrôle de la propriété et de l'unicité d'identité d'établissement, que des données structurées <ID, IDPK> vérifient une formulation quadruple de Diffie-Hellman à appariement bilinéaire (BPDHQ) acceptable sans vérification prédéfinie ; et à entrer dans un registre de consensus distribué, par le second dispositif, en réponse à une formulation BPDHQ acceptable sans vérification d'établissement de vérification d'appariement bilinéaire, une authentification acceptable sans vérification établie pour des données structurées <ID, IDPK> ; à entrer le résultat comme l'établissement d'une authentification de consensus distribuée acceptable sans vérification pour des données structurées <ID, IDPK>.
PCT/CN2019/086799 2019-05-14 2019-05-14 Authentification de consensus distribuée acceptable sans vérification pour une identité en tant que clé publique WO2020227920A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/086799 WO2020227920A1 (fr) 2019-05-14 2019-05-14 Authentification de consensus distribuée acceptable sans vérification pour une identité en tant que clé publique

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/086799 WO2020227920A1 (fr) 2019-05-14 2019-05-14 Authentification de consensus distribuée acceptable sans vérification pour une identité en tant que clé publique

Publications (1)

Publication Number Publication Date
WO2020227920A1 true WO2020227920A1 (fr) 2020-11-19

Family

ID=73289039

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/086799 WO2020227920A1 (fr) 2019-05-14 2019-05-14 Authentification de consensus distribuée acceptable sans vérification pour une identité en tant que clé publique

Country Status (1)

Country Link
WO (1) WO2020227920A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098157A (zh) * 2009-12-10 2011-06-15 塔塔咨询服务有限公司 一种基于无证书公共密钥基础结构用于加强客户/服务器通讯协议安全性的系统和方法
CN102624528A (zh) * 2012-03-02 2012-08-01 中国人民解放军总参谋部第六十一研究所 一种基于身份的认证密钥协商方法
CN106027239A (zh) * 2016-06-30 2016-10-12 西安电子科技大学 基于椭圆曲线的无密钥托管问题的多接收者签密方法
WO2018189657A1 (fr) * 2017-04-11 2018-10-18 nChain Holdings Limited Consensus distribué rapide sur une chaîne de blocs
CN109583893A (zh) * 2018-11-21 2019-04-05 北京航空航天大学 可追踪的基于区块链的数字货币交易系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098157A (zh) * 2009-12-10 2011-06-15 塔塔咨询服务有限公司 一种基于无证书公共密钥基础结构用于加强客户/服务器通讯协议安全性的系统和方法
CN102624528A (zh) * 2012-03-02 2012-08-01 中国人民解放军总参谋部第六十一研究所 一种基于身份的认证密钥协商方法
CN106027239A (zh) * 2016-06-30 2016-10-12 西安电子科技大学 基于椭圆曲线的无密钥托管问题的多接收者签密方法
WO2018189657A1 (fr) * 2017-04-11 2018-10-18 nChain Holdings Limited Consensus distribué rapide sur une chaîne de blocs
CN109583893A (zh) * 2018-11-21 2019-04-05 北京航空航天大学 可追踪的基于区块链的数字货币交易系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HOU, HUIFANG ET AL.: "CPK-based Authentication and Key Agreement Protocols with Anonymity for Wireless Network", 2009 INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY, 31 December 2009 (2009-12-31), pages 347 - 350, XP031594111, DOI: 20200212164035A *

Similar Documents

Publication Publication Date Title
Zhang et al. Efficient ID-based public auditing for the outsourced data in cloud storage
US10903991B1 (en) Systems and methods for generating signatures
Islam A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack
Li et al. OACerts: Oblivious attribute certificates
US11405365B2 (en) Method and apparatus for effecting a data-based activity
Chuang et al. Towards generalized ID‐based user authentication for mobile multi‐server environment
Han et al. An ID‐based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem
CN1937496A (zh) 可延展伪名证书系统和方法
US11374910B2 (en) Method and apparatus for effecting a data-based activity
Li et al. Oacerts: Oblivious attribute certificates
Neji et al. Distributed key generation protocol with a new complaint management strategy
Mishra Design and analysis of a provably secure multi-server authentication scheme
Tseng et al. Strongly secure ID‐based authenticated key agreement protocol for mobile multi‐server environments
Meshram et al. A subtree‐based transformation model for cryptosystem using chaotic maps under cloud computing environment for fuzzy user data sharing
Li et al. Practical deniable authentication for pervasive computing environments
US11637817B2 (en) Method and apparatus for effecting a data-based activity
Li et al. A heterogeneous user authentication and key establishment for mobile client–server environment
Mishra Efficient and secure two-factor dynamic ID-based password authentication scheme with provable security
Jin et al. Heterogeneous deniable authentication and its application to e-voting systems
Patonico et al. Elliptic curve‐based proxy re‐signcryption scheme for secure data storage on the cloud
Wen et al. Provably secure authenticated key exchange protocols for low power computing clients
Liu et al. Identity-based remote data integrity checking of cloud storage from lattices
Ibrahim et al. Attribute-based authentication on the cloud for thin clients
Wang et al. Privacy‐preserving data search and sharing protocol for social networks through wireless applications
Luo et al. An authentication and key agreement mechanism for multi-domain wireless networks using certificateless public-key cryptography

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19928760

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19928760

Country of ref document: EP

Kind code of ref document: A1