CN110661816B

CN110661816B - Cross-domain authentication method based on block chain and electronic equipment

Info

Publication number: CN110661816B
Application number: CN201911007278.0A
Authority: CN
Inventors: 李桐; 吴骏泽; 姜勇; 钟林; 解凯; 杨斌; 郭静如
Original assignee: Beihang University; Beijing Institute of Graphic Communication
Current assignee: Beihang University; Beijing Institute of Graphic Communication
Priority date: 2019-10-22
Filing date: 2019-10-22
Publication date: 2021-11-05
Anticipated expiration: 2039-10-22
Also published as: CN110661816A

Abstract

The embodiment of the invention provides a block chain-based cross-domain authentication method and electronic equipment, which are realized based on a given cross-domain authentication system, wherein the given cross-domain authentication system comprises a main authentication mechanism, a slave authentication mechanism, a user side and a verifier, and the method comprises the following steps: the master certification authority generates a public parameter, a master key and a master public key, and generates and distributes a slave key of the slave certification authority to the slave certification authority based on the master key; the slave certification authority signs a certificate to the user side according to the slave secret key, and the user side accepts the certificate if the certificate is verified to be valid; the certification authority promises and sends the certification to the user side, and the user side accepts the certification if the certification is valid; signing the promise by the slave certification authority and broadcasting the promise to the blockchain system, and storing other slave certification authorities if the signatures are verified to be valid; the user side sends the commitment and the verification information to the verifier, and the verifier receives the identity information of the user if the commitment is verified to be valid. The embodiment of the invention can realize high-efficiency cross-domain authentication and can strictly supervise the slave authentication mechanism.

Description

Cross-domain authentication method based on block chain and electronic equipment

Technical Field

The present invention relates to the field of information security technologies, and in particular, to a block chain-based cross-domain authentication method and an electronic device.

Background

The internet is an open system, and the openness of the system causes a plurality of security holes, threats and privacy problems. Various resources in the network are easily accessed illegally by attackers to cause economic loss and the like, so that the information service provider is very important to carry out the legality authentication on the identity of the network resource accessor.

Identity authentication is a process of determining the validity of the identity of an information service entity, and the process is a basic defense line of network security. As information service resources and information service types are more and more, users need to log in different information service systems to complete different tasks. These information services systems consist of multiple different trust domains, each with one or more independent certificate authorities. The current application requirements require that certificates issued by users in different trust domains can be authenticated in other trust domains, namely, cross-domain authentication is realized.

Public Key Infrastructure (PKI) is a general security Infrastructure that provides secure information services based on Public Key cryptography. In the PKI-based cross-domain authentication, a certificate is generated, issued, managed, archived, and the like by a trusted third party, i.e., a certificate authority. In addition, the trusted third party needs to provide security services for the work related to the certificate, such as authentication, authorization, encryption, decryption, signature, and the like for the network application. But the authentication process generates a large number of digital certificates, and the certificate management cost is huge.

In the identity-based cross-domain authentication technology, a string of character strings with characteristic information is generally used for representing a user and is used as a public key of the user, and a digital certificate is not needed for authenticating the user through the identity character string, so that huge certificate management is avoided. However, the public key of the user requires the certification authority to sign, and the certification process requires the participation of the certification authority. Thus, authentication requires that the certification authority, user, and information service provider be on-line at the same time to complete the task.

Under the development and popularization of 5G mobile wireless networks, wireless internet is rapidly developed, and most users in the internet are mobile users. In the current 5G mobile internet application scene, a network is divided into a plurality of pieces, and when a user moves rapidly among the pieces, the user is required to be capable of switching rapidly among different trust domains so as to acquire information services on the internet system through a wireless network.

However, due to the above limitations of the conventional identity authentication technology, it is obviously unable to meet the efficiency requirement in the new scenario, and meanwhile, the security and fairness of the authentication process are not guaranteed. Therefore, how to design a safer and faster cross-domain authentication technology is a key problem to be researched urgently.

Disclosure of Invention

In order to overcome the above problems or at least partially solve the above problems, embodiments of the present invention provide a block chain-based cross-domain authentication method and an electronic device, so as to effectively improve the processing efficiency and security of cross-domain authentication for a user.

In a first aspect, an embodiment of the present invention provides a block chain-based cross-domain authentication method, where the block chain-based cross-domain authentication method is implemented based on a given cross-domain authentication system, where the given cross-domain authentication system includes a master authentication mechanism, a slave authentication mechanism, a user side, and a verifier, and the block chain-based cross-domain authentication method includes:

selecting safety parameters to sequentially generate public parameters and a master public key and a master secret key of the master certification authority by using the master certification authority, generating a slave secret key of the slave certification authority based on the master secret key, and distributing the slave secret key to the slave certification authority;

generating a slave public key of the slave certification authority according to the slave secret key by using the slave certification authority, generating a certificate based on the slave public key, signing to the user side so that the user side can verify whether the certificate is valid, and accepting the certificate when the certificate is valid;

utilizing the slave certification authority to commit the certificate, sending the certificate commitment and verification information generated by the commitment to the user side so that the user side can verify whether the certificate commitment is valid or not, and accepting the certificate commitment and the verification information when the certificate commitment and the verification information are valid;

signing the certificate promise signature by utilizing the slave certification authority, broadcasting the promise signature generated by the signature into a blockchain system for other slave certification authorities to verify whether the promise signature is valid, and storing the promise signature into the blockchain system when the promise signature is valid;

the user side is utilized to send the certificate, the certificate acceptance and the verification information to the verifier so that the verifier can verify whether the certificate acceptance is valid or not, and when the certificate acceptance is valid, the identity information of the user corresponding to the user side is received;

and tracking the identity information of the slave certification authority by using the master certification authority, and extracting the certificate from the certificate commitment by using the master certification authority and the slave certification authority respectively to realize cross-domain certification.

Optionally, the step of selecting, by using the master certificate authority, a security parameter to generate a public parameter, a master public key and a master secret key of the master certificate authority, generating, based on the master secret key, a slave secret key of the slave certificate authority, and distributing to the slave certificate authority specifically includes: and the main authentication mechanism is utilized to complete the following processing flows in sequence:

selecting a safety parameter 1^λAnd based on the safety parameter 1^λGenerating a public parameter Param by adopting a system parameter generation algorithm SysGen;

generating a master public key gmpk and a master key gmsk of the master certification authority by adopting a key generation algorithm KGen based on a public parameter Param, and generating a slave key gsk of the slave certification authority by adopting a key generation algorithm KGen based on the master key gmsk;

the step of generating, by the slave certificate authority, a slave public key of the slave certificate authority from the slave key specifically includes: and generating a slave public key gpk of the slave certification authority by using a key generation algorithm KGen based on a slave key gsk of the slave certification authority by using the slave certification authority.

Optionally, the step of generating a certificate based on the slave public key and signing the certificate to the user side so that the user side can verify whether the certificate is valid, and accepting the certificate when the certificate is valid specifically includes:

utilizing the slave certification authority, based on the slave key gsk of the slave certification authority, the master public key gmpk of the master certification authority and the identity information ID of the user corresponding to the user end_jAdopting a group signature algorithm GSig to generate a certificate Cert to sign and send the certificate Cert to the user side;

utilizing the user side according to the master public key gmpk and the identity information ID of the user_jAnd a certificate Cert, which adopts a verification algorithm Gser to verify whether the certificate Cert is valid;

and if the output of the verification algorithm Gver is Valid, determining that the certificate Cert is Valid and accepting the certificate Cert, and if the output of the verification algorithm Gver is Invalid, determining that the certificate Cert is Invalid and rejecting the certificate Cert.

Optionally, the committing the certificate by using the secondary certification authority, and sending the certificate commitment and the verification information generated by the commitment to the user side, so that the user side verifies whether the certificate commitment is valid, and when the certificate commitment and the verification information are verified to be valid, the step of accepting the certificate commitment and the verification information specifically includes:

generating certificate acceptance and verification information (psi, pi) by using the slave certification authority according to the master public key gmpk of the master certification authority, the public key gpk of the slave certification authority and the certificate Cert by using an acceptance algorithm TECom, and sending the certificate acceptance and verification information (psi, pi) to the user side;

verifying whether the certificate acceptance psi is valid or not by using the user side through a verification algorithm TEVer according to the master public key gmpk of the master certification authority, the certificate Cert, the certificate acceptance and the verification information psi, pi;

if the output of the verification algorithm TEVer is Valid, it is determined that the certificate acceptance ψ is Valid and the certificate acceptance and verification information (ψ, π) is accepted, and if the output of the verification algorithm TEVer is Invalid, it is determined that the certificate acceptance ψ is Invalid and the certificate acceptance and verification information (ψ, π) is rejected.

Optionally, the signing the certificate commitment by using the slave certification authority, and broadcasting a commitment signature generated by the signing to the blockchain system, so that other slave certification authorities verify whether the commitment signature is valid, and when the commitment signature is valid, storing the commitment signature in the blockchain system specifically includes:

generating a commitment signature sigma by using the slave certification authority according to a slave key gssk of the slave certification authority, a master public key gmpk of the master certification authority and a certificate commitment psi by adopting a group signature algorithm GSig and broadcasting the commitment signature sigma into a blockchain system;

verifying whether the commitment signature sigma is valid or not by using the other slave certification authorities and adopting a verification algorithm Gver according to the master public key gmpk, the certificate commitment psi and the commitment signature sigma of the master certification authority;

and if the output of the verification algorithm Gver is Valid, determining that the commitment signature sigma is Valid and storing the commitment signature sigma into the blockchain system, and if the output of the verification algorithm Gver is Invalid, determining that the commitment signature sigma is Invalid and rejecting the commitment signature sigma.

Optionally, the step of sending, by using the user side, the certificate acceptance and the verification information to the verifier, so that the verifier verifies whether the certificate acceptance is valid, and when the certificate acceptance is valid, receiving the identity information of the user corresponding to the user side specifically includes:

sending a certificate Cert and certificate acceptance and verification information (ψ, π) to the verifier by using the user side;

verifying whether the certificate acceptance psi is valid or not by using the verifier according to the master public key gmpk of the master certification authority, the certificate Cert and the certificate acceptance and verification information psi, pi by adopting a verification algorithm TEVer;

and if the output of the verification algorithm TEVer is Valid, determining that the certificate acceptance psi is Valid and accepting the identity information of the user corresponding to the user side, and if the output of the verification algorithm TEVer is Invalid, determining that the certificate acceptance psi is Invalid and rejecting the identity information of the user corresponding to the user side.

Optionally, the step of tracking, by using the master certification authority, the identity information of the slave certification authority specifically includes: and tracking a slave key gsk of the slave certification authority by using the master certification authority according to a master key gmsk and a commitment signature sigma of the master certification authority by adopting a tracking algorithm Trace, and identifying the identity information of the slave certification authority based on the slave key gsk.

Optionally, the step of extracting the certificate from the certificate commitment to implement cross-domain authentication by using the master certification authority and the slave certification authority respectively includes:

extracting a certificate Cert by using the main certification authority and adopting an extraction algorithm Extract according to a main key gmsk of the main certification authority and a certificate commitment psi;

and extracting the certificate Cert by using the slave certification authority by adopting an extraction algorithm Extract according to the slave key gsk of the slave certification authority and the certificate acceptance psi.

In a second aspect, an embodiment of the present invention provides a block chain-based cross-domain authentication system, including a master authentication mechanism, a slave authentication mechanism, a user side, and a verifier, where:

the master certification authority is used for selecting safety parameters, sequentially generating public parameters and a master public key and a master secret key of the master certification authority based on the safety parameters, generating a slave secret key of the slave certification authority based on the master secret key, distributing the slave secret key to the slave certification authority, tracking identity information of the slave certification authority, and extracting the certificate from the certificate commitment to realize cross-domain certification;

the slave certification authority is used for generating a slave public key of the slave certification authority according to the slave secret key, generating a certificate based on the slave public key, signing the certificate to the user side, committing the certificate, sending the certificate commitment and verification information generated by the commitment to the user side, signing the certificate commitment, broadcasting the commitment signature generated by the signature to the block chain system, so that other slave certification authorities can verify whether the commitment signature is valid or not, storing the commitment signature to the block chain system when the commitment signature is valid, and extracting the certificate from the certificate commitment to realize cross-domain certification;

the user side is used for verifying whether the certificate is valid, accepting the certificate when the certificate is valid, verifying whether the certificate acceptance is valid, accepting the certificate acceptance and the verification information when the certificate acceptance is valid, and sending the certificate, the certificate acceptance and the verification information to the verifier;

the verifying party is used for verifying whether the certificate commitment is valid or not and receiving the identity information of the user corresponding to the user side when the certificate commitment is valid.

In a third aspect, an embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor, when executing the computer program, implements the steps of the block chain-based cross-domain authentication method according to the first aspect.

In a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium, on which computer instructions are stored, and when the computer instructions are executed by a computer, the steps of the block chain based cross-domain authentication method according to the first aspect are implemented.

According to the block chain-based cross-domain authentication method and the electronic device provided by the embodiment of the invention, the certificate issuance, the certificate acceptance and the acceptance signature in the cross-domain authentication process are realized by using the slave authentication mechanism, so that the cross-domain authentication is independent of the master authentication mechanism, and a user can quickly verify the identity information of the user only by verifying the certificate issued by the slave authentication mechanism, the acceptance of the certificate and the acceptance signature, thereby effectively improving the processing efficiency of the cross-domain authentication. Meanwhile, by broadcasting the commitment signature to the block chain system, strict supervision of a slave certification authority can be realized, and the safety and the fairness of the certification process are guaranteed.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.

Fig. 1 is a schematic structural diagram of a cross-domain authentication system according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of a block chain-based cross-domain authentication method according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating a block chain-based cross-domain authentication method according to another embodiment of the present invention;

fig. 4 is a schematic diagram of a basic cryptography tool in a block chain-based cross-domain authentication method according to an embodiment of the present invention;

fig. 5 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention without any creative efforts belong to the protection scope of the embodiments of the present invention.

Aiming at the problems of low cross-domain authentication efficiency and lack of supervision in the prior art, the embodiment of the invention realizes the certificate issuance, certificate acceptance and acceptance signature in the cross-domain authentication process by utilizing the slave authentication mechanism, so that the cross-domain authentication is independent of the master authentication mechanism, and a user can quickly verify the identity information of the user only by verifying the certificate issued by the slave authentication mechanism, the acceptance of the certificate and the acceptance signature, thereby effectively improving the processing efficiency of the cross-domain authentication. Meanwhile, by broadcasting the commitment signature to the block chain system, strict supervision of a slave certification authority can be realized, and the safety and the fairness of the certification process are guaranteed. Embodiments of the present invention will be described and illustrated with reference to various embodiments.

As an aspect of the embodiment of the present invention, an embodiment of the present invention provides a block chain-based cross-domain authentication method, which can be implemented based on a cross-domain authentication system, and as shown in fig. 1, is a schematic structural diagram of the cross-domain authentication system provided in the embodiment of the present invention, where the cross-domain authentication system includes a master authentication mechanism, a slave authentication mechanism, a user side, and a verifier. As shown in fig. 2, a schematic flow chart of a block chain-based cross-domain authentication method according to an embodiment of the present invention is provided, where the method includes:

s201, selecting safety parameters by using a master certification authority to sequentially generate public parameters, a master public key and a master secret key of the master certification authority, generating a slave secret key of the slave certification authority based on the master secret key, and distributing the slave secret key to the slave certification authority.

It can be understood that, in the embodiment of the present invention, by controlling each execution unit in the cross-domain authentication system to execute corresponding operations according to a certain execution order, the cross-domain authentication of the user is finally realized. In this execution sequence, the corresponding initialization operation is first performed with the master certification authority. Specifically, the security parameters are selected by the main certificate authority, and then the public parameters, the main public key of the main certificate authority and the main secret key are sequentially generated based on the security parameters. The master certification authority then generates a slave key for the slave certification authority from the master key of the master certification authority and distributes the slave key to the slave certification authority.

S202, generating a slave public key of the slave certification authority according to the slave secret key by using the slave certification authority, generating a certificate based on the slave public key, signing to the user side so that the user side can verify whether the certificate is valid, and receiving the certificate when the certificate is valid.

It is understood that, after monitoring the slave key of the slave certification authority sent by the master certification authority received from the certification authority, the slave certification authority generates the slave public key of the slave certification authority according to the slave key of the slave certification authority. Thereafter, a certificate is generated from the certificate authority and sent to the user terminal. And after receiving the certificate, the user side verifies whether the certificate is valid, and if so, the user side receives the certificate to start the next authentication process. Optionally, if the certificate is verified to be invalid, the user terminal rejects the certificate, and the authentication fails.

S203, using the subordinate certification authority to commit the certificate, and sending the certificate commitment and verification information generated by the commitment to the user side, so that the user side can verify whether the certificate commitment is valid, and when the certificate commitment and verification information are valid, the user side receives the certificate commitment and verification information.

It is understood that, after the user terminal is monitored to accept the certificate, the certificate is committed by the certificate authority, and the certificate commitment and the verification information generated by the commitment are transmitted to the user terminal. After receiving the certificate acceptance and the verification information, the user side verifies whether the certificate acceptance is valid, and if so, the user side receives the certificate acceptance and the verification information to start the next authentication process. Optionally, if the certificate acceptance is verified to be invalid, the user end rejects the certificate acceptance and verification information, and the authentication fails.

S204, the subordinate certification authority is used for signing the commitment of the certificate, the commitment signature generated by the signature is broadcasted to the blockchain system, so that other subordinate certification authorities can verify whether the commitment signature is valid or not, and when the commitment signature is valid, the commitment signature is stored in the blockchain system.

It is understood that, after the acceptance of the certificate acceptance and verification information by the user terminal is monitored, the acceptance certificate is signed by the certificate authority, and the acceptance signature generated by the signature is broadcasted to the blockchain system. The other slave certification authorities read the commitment signature from the blockchain system and verify whether the commitment signature is valid, and if so, the other slave certification authorities store the commitment signature in the blockchain system. Optionally, if the commitment signature is verified to be invalid, the other slave certification authorities reject the commitment signature, and the certification fails.

S205, the user side is utilized to send the certificate, the certificate acceptance and the verification information to the verifier, so that the verifier can verify whether the certificate acceptance is valid or not, and when the verification is valid, the identity information of the user corresponding to the user side is received.

It is to be understood that the certificate, certificate acceptance and verification information are sent to the verifier using the user side after monitoring other commitment signatures stored in the blockchain system from the certification authority. After receiving the certificate, the certificate acceptance and the verification information, the verifier verifies whether the certificate acceptance is valid or not, and if so, the verifier receives the identity information of the user corresponding to the user side to start the next authentication process. Optionally, if the verifier verifies that the certificate acceptance is invalid, the verifier rejects the certificate acceptance, and the authentication fails.

S206, tracking the identity information of the slave certification authority by using the master certification authority, and extracting the certificate from the certificate commitment by using the master certification authority and the slave certification authority respectively to realize cross-domain certification.

It can be understood that, in the embodiment of the present invention, after it is monitored that the verifier receives the identity information corresponding to the user side, the master certification authority is used to track the identity information of the slave certification authority, and the master certification authority and the tracked slave certification authority extract the certificate from the certificate acceptance to implement the cross-domain certification.

According to the block chain-based cross-domain authentication method provided by the embodiment of the invention, the certificate issuance, the certificate acceptance and the acceptance signature in the cross-domain authentication process are realized by using the slave authentication mechanism, so that the cross-domain authentication is independent of the master authentication mechanism, and a user can quickly verify the identity information of the user only by verifying the certificate issued by the slave authentication mechanism, the acceptance of the certificate and the acceptance signature, thereby effectively improving the processing efficiency of the cross-domain authentication. Meanwhile, by broadcasting the commitment signature to the block chain system, strict supervision of a slave certification authority can be realized, and the safety and the fairness of the certification process are guaranteed.

Optionally, according to the foregoing embodiments, the steps of selecting, by using the master certificate authority, the security parameter to generate the public parameter, the master public key and the master secret key of the master certificate authority, generating, based on the master secret key, the slave secret key of the slave certificate authority, and distributing to the slave certificate authority specifically include: the following processing flows are completed in sequence by using a main authentication mechanism:

and generating a master public key gmpk and a master key gmsk of the master certification authority by adopting a key generation algorithm KGen based on the public parameter Param, and generating a slave key gsk of the slave certification authority by adopting a key generation algorithm KGen based on the master key gmsk.

The step of generating, with the slave certification authority, a slave public key of the slave certification authority from the slave key specifically includes: the slave certification authority is used for generating a slave public key gpk of the slave certification authority by adopting a key generation algorithm KGen based on a slave key gsk of the slave certification authority.

It can be appreciated that since the PPCA scheme of embodiments of the present invention requires cross-domain authentication of certificates and tracking of certification authorities, a group signature algorithm is introduced to achieve this goal. The group signature is that the group members sign the message, the verifier can carry out effective verification, and the group administrator can also carry out identity tracking on the signer. Order (G)₁，G₁) Is a symmetric bilinear group pair, zeta is group G₁To group G₁Isomorphic mapping of (c), hash function H₀：{0，1}^*→Z_p. SDH complexity is assumed to be in bilinear groups (G)₁，G₁) The above holds, the decision linearity is assumed to be in group G₁In the above, e is (G)₁，G₁) Symmetric bilinear mapping of (c).

For the system parameter generation algorithm SysGen of the embodiment of the invention, the system security parameter is lambda, and the group membership is n. Group administrator in group G₁In randomly selecting generator g₂Let g₁←ζ(g₂). In group G₁In randomly selecting generator

Randomly selecting xi₁，

Let u, v ∈ G₁And satisfy

Random selection

Order to

For the key generation algorithm KGen of the present embodiment, the group administrator generates SDH doublet (a) of each member using γ_i，x_i) Random selection of

And order

The group public key (i.e., master public key) and the group private key (i.e., master secret key) of the group administrator are gmpk ═ g, respectively₁，g₂，h，u，v，ω)，gmsk＝(ξ₁，ξ₂) The private key (i.e., the slave key) of the group member is gsk_i＝(A_i，x_i)。

Specifically, the embodiment of the present invention implements initialization processing of authentication data by using a master authentication authority. The master certification authority selects a system security parameter lambda, which is generated as a bilinear group pair (G) using a BDH parameter generator G₁，G₁) Zeta is group G₁To group G₁Isomorphic mapping of (c). SDH complexity is assumed to be in bilinear groups (G)₁，G₁) The above holds, and the decision linearity is assumed to be in group G₁The above is true. The number of group members is n, e is a symmetric bilinear group (G)₁，G₁) Bilinear mapping of (c). H₀，H₁，H₂，H₃Is four hash functions, H₀：{0，1}ⁿ→Z_p，H₁：G₁→{0，1}ⁿ，H₂：{0，1}ⁿ→{0，1}ⁿ，

Master authenticationMechanism in group G₁In randomly selecting generator g₂Let g₁←ζ(g₂). In group G₁In randomly selecting generator

Random selection

Let u, v ∈ G₁And satisfy

Random selection

Order to

The master public key and the master private key of the master certificate authority are gmpk ═ (g), respectively₁，g₂，h，u，v，ω)，gmsk＝(ξ₁，ξ₂)。

The master certification authority randomly selects a private key, i.e. a slave key, for each slave certification authority using gamma

And order

Binary (A) over a secure channel_i，x_i) To the slave certification authority i. From the certification authority by x_iFor input, calculate

Therefore, any slave certification authority i, 1 ≦ i ≦ n slave public and private keys are gsk_i＝(A_i，x_i)，

1≤i≤n。

Optionally, according to the foregoing embodiments, the step of generating a certificate based on the public key and signing the certificate to the user side so that the user side verifies whether the certificate is valid, and accepting the certificate when the certificate is valid specifically includes:

using the slave certification authority, based on the slave key gsk of the slave certification authority, the master public key gmpk of the master certification authority and the identity information ID of the user corresponding to the user end_jAdopting a group signature algorithm GSig to generate a certificate Cert to sign and send the certificate Cert to a user side;

by using the user side, according to the master public key gmpk and the identity information ID of the user_jAnd a certificate Cert, which adopts a verification algorithm Gser to verify whether the certificate Cert is valid;

It will be appreciated that for the group signature algorithm GSig in embodiments of the present invention, a group public key gmpk is given (g ═ g)₁，g₂H, u, v, ω), the private key gsk of group member i_i＝(A_i，x_i) And message M ∈ {0, 1}^*Group membership i is calculated as follows:

firstly, a random number alpha, beta epsilon Z is selected_pAnd based on this, the following calculation is carried out: t is₁←u^α，T₂←v^β，T₃←A_i·h^α+β，δ₁←x_i·α，δ₂←x_i·β；

Next, a random number r is selected_α，r_β，r_x，

And based thereon the following calculations are made:

again, using a hash function, the challenge value c is calculated as follows: c ← H₀(M，T₁，T₂，T₃，R₁，R₂，R₃，R₄，R₅)∈Z_p；

Then, a random number r is used_α，r_β，

And challenge value c, calculated as follows:

finally, the output signature is σ, where

For the verification algorithm GVer in the embodiment of the invention, a group public key gmpk ═ (g) is given₁，g₂H, u, v, ω), message M, and group signature σ, the following verification process is performed:

first, calculate

Second, the detection equation

Whether or not this is true. If the equation is true, the signature is accepted, otherwise rejected.

Specifically, embodiments of the present invention first utilize issuing a certificate from a certificate authority. The slave certification authority i uses its private key gsk_i＝(A_i，x_i) And the master certification authority public key gmpk ═ g₁，g₂H, u, v, ω) and user-provided identity information ID_jFor input, the following calculations are made:

firstly, a random number alpha, beta epsilon Z is selected_pAnd calculating T as follows₁，T₂，T₃，δ₁，δ₂：T₁←u^α，T₂←v^β，T₃←A_i·h^α+β，δ₁←x_i·α，δ₂←x_i·β；

Next, a random number r is selected_α，r_β，

And separately calculate R₁，R₂，R₃，R₄，R₅The following were used:

thirdly, according to the identity information ID provided by the user_jThe challenge value c is calculated using a hash function: c ← H₀(ID_j，T₁，T₂，T₃，R₁，R₂，R₃，R₄，R₅)∈Z_p；

Then, a random number is used

And a challenge value c, calculating s_α，s_β，

Finally, the public key certificate is exported

And then, the embodiment of the invention utilizes the user terminal to verify the certificate. The user information is ID_jThe user end uses the public key gmpk ═ (g) of the main certification authority₁，g₂H, u, v, ω), its identity information ID_jAnd certificate Cert_i，jFor input, the following verification process is performed:

first, parameters are calculated respectively in the following calculation manner

Second, the detection equation

Whether or not this is true. If the equation is true, the legal certificate is accepted, otherwise refused and reapplied.

Optionally, according to the foregoing embodiments, the method for verifying whether the certificate acceptance is valid by using the subordinate certification authority, and sending the certificate acceptance and the verification information generated by the acceptance to the user side includes:

generating certificate acceptance and verification information (psi, pi) by using a acceptance algorithm TECCom according to a master public key gmpk of the master certification authority, a public key gpk of the slave certification authority and a certificate Cert by using the slave certification authority, and sending the certificate acceptance and verification information (psi, pi) to a user side;

verifying whether the certificate acceptance psi is valid or not by using a user side through a verification algorithm TEVer according to a main public key gmpk, a certificate Cert, a certificate acceptance and verification information psi and pi of a main certification authority;

It is understood that the commitment algorithm TECom is expressed as, among other things, in the message M e {0, 1}ⁿThe random number r belongs to Z^*And a random number rho epsilon {0, 1}ⁿAnd the public key pk₁，pk₂For input, the following calculations are performed:

the algorithm outputs a commitment psi ═ C₁，C₂，C₃，C₄，C₅) The verification information is pi ═ r (r, ρ).

The verification algorithm TEVer is expressed by a message M and a public key pk₁，pk₂And acceptance and verification information (ψ, π') as input, and the following calculation is performed:

let psi ═ C₁′，C₂′，C₃′，C₄′，C₅') and verifies if ψ is true. If so, the output is valid, otherwise the output is invalid.

Specifically, the embodiment of the present invention first obtains the certificate acceptance and verification information by utilizing the acceptance of the certificate from the certification authority. In the certificate acceptance process, a random number r ∈ Z is selected from the certification authority i^*And a random number rho epsilon {0, 1}ⁿLocal public key of main certification authority

Public key from certification authority i

And a certificate Cert_i，jCalculating C₁，C₂，C₃，C₄，C₅：

And thereby obtain certificate acceptance and verification information: psi_i，j＝(C₁，C₂，C₃，C₄，C₅)，π_i，j(r, ρ). The certificate acceptance and verification information (psi) is then transmitted from the certification authority i over the secure channel_i，j，π_i，j) Sent to the user as ID_jThe user terminal of (1).

And then, the embodiment of the invention utilizes the user terminal to verify the certificate acceptance. In the acceptance verification process, the user information is ID_jThe user end opens the promise to the verifier, and the verifier uses the local public key of the main certification authority

Slave certification authority i public key

Certificate acceptance and verification information (psi)_i，j，π′_i，j)，ψ_i，j＝(C₁，C₂，C₃，C₄，C₅)，π′_i，jWith (r ', ρ') as input, the following is calculated:

let psi'_i，j＝(C₁′，C₂′，C₃′，C₄′，C₅') and verify psi_i，j＝ψ′_i，jWhether or not this is true. If yes, the certifier promised by the certificate accepts the certificate, otherwise, the certificate is rejected.

Optionally, according to the foregoing embodiments, the signing the commitment of the certificate by using the slave certification authority, and broadcasting the commitment signature generated by the signature to the blockchain system, so that other slave certification authorities verify whether the commitment signature is valid, and when the commitment signature is valid, the storing the commitment signature in the blockchain system specifically includes:

generating a commitment signature sigma by using a group signature algorithm GSig according to a slave key gssk of the slave certification authority, a master public key gmpk of the master certification authority and a certificate commitment psi by using the slave certification authority, and broadcasting the commitment signature sigma into a block chain system;

verifying whether the commitment signature sigma is valid or not by using other slave certification authorities and adopting a verification algorithm Gver according to the master public key gmpk, the certificate commitment psi and the commitment signature sigma of the master certification authority;

Specifically, in the embodiment of the present invention, any slave certification authority is first used to sign the commitment of the certificate, so as to obtain the commitment signature. In the commitment signature process, the slave certification authority i uses its private key gsk_iPublic key gmpk and certificate acceptance psi of the main certification authority_i，jFor input, the following calculations are made:

first, a random number is selected

And calculated as follows

Secondly, a random number is selected

And calculate

The following were used:

thirdly, according to the certificate commitment psi_i，jComputing challenge values using a hash function

Then, a random number is used

And challenge value

Computing

Finally, the commitment signature σ is output_i，jWherein

The commitment signature pair (psi) is signed from the certification authority i_i，j，σ_i，j) Submitted to the blockchain system for storage.

Thereafter, embodiments of the present invention utilize other slave certification authorities in the blockchain system to verify the commitment signature. During signature verification, miners (i.e., other slave certification authorities) in the blockchain system use the public key gmpk and commitment signature pair (ψ) of the master certification authority_i，j，σ_i，j) For input, the commitment signature is verified as follows:

Second, the detection equation

Whether or not this is true. Miners in the blockchain system (i.e., others from the certification authority) accept the signature of the commitment and store it in the blockchain system if the equation is true, and refuse and delete it otherwise.

Optionally, according to the foregoing embodiments, the step of sending the certificate, the certificate acceptance and the verification information to the verifier by using the user side to verify whether the certificate acceptance is valid or not by the verifier, and when the certificate acceptance is valid, receiving the identity information of the user corresponding to the user side specifically includes:

sending the certificate Cert and the certificate acceptance and verification information (psi, pi) to a verifier by using the user side;

verifying whether the certificate acceptance psi is valid or not by using a verifying party according to a main public key gmpk, a certificate Cert and certificate acceptance and verification information psi, pi of a main certification authority by adopting a verification algorithm TEVer;

Specifically, the embodiment of the present invention implements authentication of the user identity by verifying the certificate commitment provided by the user side by using the verifier. In the identity authentication process, the user ID_jOpening a commitment to the verifier, and then the verifier uses the local public key of the main certification authority

Slave certification authority i public key

And certificate acceptance and verification information (psi)_i，j，π′_i，j)，ψ_i，j＝(C₁，C₂，C₃，C₄，C₅)，π′_i，jWith (r ', ρ') as input, the following is calculated:

let psi'_i，j＝(C₁′，C₂′，C₃′，C₄′，C₅') and verify psi_i，j＝ψ′_i，jAnd if so, determining whether the current time is up or down. The verifier verifying the commitment accepts the certificate, otherwise the certificate is rejected.

Optionally, according to the foregoing embodiments, the step of tracking, by using the master authentication mechanism, the identity information of the slave authentication mechanism specifically includes: and tracking the slave key gsk of the slave certification authority by using a tracking algorithm Trace according to the master key gmsk and the commitment signature sigma of the master certification authority by using the master certification authority, and identifying the identity information of the slave certification authority based on the slave key gsk.

Specifically, embodiments of the present invention utilize the master certificate authority to track the identity information of the slave certificate authority through the tracking of the slave certificate authority signatures. In the commitment signature tracking process, the master certification authority becomes (ξ) with the master key gmsk₁，ξ₂) And commitment signature σ_i，jFor input, a slave key of the slave certification authority, i.e. a private key:

thus, the master certificate authority possesses partial private keys { A } of all slave certificate authorities₁，...，A_nCan be according to A_iAnd recovering the corresponding identity of the slave certification authority.

Wherein for traceabilityTrace, given a group public key gmpk ═ g₁，g₂H, u, v, ω), group administrator's private key gmsk ═ ξ₁，ξ₂) Signature, system and method

And a message M. First a verification algorithm is used to verify whether the signature is valid. If not, rejecting, otherwise, calculating as follows:

if the group administrator has partial private key of the group member A₁，...，A_nThe group administrator can recover the identity A of the group member through the group signature_i。

Optionally, according to the foregoing embodiments, the step of extracting a certificate from a certificate acceptance to implement cross-domain authentication by using a master certification authority and a slave certification authority respectively includes: extracting a certificate Cert by using a main certification authority and adopting an extraction algorithm Extract according to a main key gmsk of the main certification authority and a certificate acceptance psi; the certificate Cert is extracted by the slave certification authority using an extraction algorithm Extract according to the slave key gsk and the certificate acceptance ψ of the slave certification authority.

Specifically, the embodiments of the present invention utilize a master certification authority and a slave certification authority to extract certificates in cross-domain authentication. In the process of promise extraction, the main certification authority uses a local main key xi₁And certificate acceptance psi_i，j＝(C₁，C₂，C₃，C₄，C₅) For input, calculate

And on the basis of the above-mentioned detection equation

Whether or not this is true. If the equation is true, the user public key certificate Cert is output_i，jOtherwise, rejecting.

The certification authority i can extract the public key certificate of the user from the certificate acceptance and can authenticate the userCertificate authority i with local private key x_iThe main certification authority and the local public key

And certificate commitment as input, calculating

On the basis of the above equation, the equation is detected

Whether or not this is true. If the equation is true, the public key certificate Cert of the user is output_i，jOtherwise, rejecting.

To further illustrate the technical solutions of the embodiments of the present invention, the embodiments of the present invention provide the following specific processing flows according to the above embodiments, but do not limit the scope of the embodiments of the present invention.

As shown in fig. 3, a schematic flow chart of a block chain-based cross-domain authentication method according to another embodiment of the present invention is provided, where the method includes the following processing flows:

first, initialization of data is performed.

In the initialization process, the main authentication mechanism takes a safety parameter lambda as input and outputs a system public parameter Param: param ← SysGen (1)^λ)。

In the key generation process, the master certification authority takes a public parameter Param as input and outputs a master key and a public key (gmpk, gmsk): (gmpk, gmsk) ← KGen (param).

The master certification authority takes the system public parameter Param and the master key gmsk as input and outputs a slave key gsk of the slave certification authority_i：gsk_iAnd (c) either ≦ i ≦ n ≦ 1 ≦ KGen (Param, gmsk), and transmitting the slave key to the slave certification authority over the secure channel.

Each slave certification authority shares a system public parameter Param and a slave key gsk_iFor input, the corresponding slave public key gpk is output_i：gpk_i←KGen(Param，gsk_i)，1≤i≤n。

Next, certificate generation and verification are performed.

In the certificate generation process, the slave certification authority i uses its slave key gsk_iA master public key gmpk of a master certification authority and identity information ID provided by a user_jExporting user public key certificates for import

And sends to the user ID_jThe user terminal of (1).

User ID_jThe user side uses the master public key gmpk and the user ID of the master certification authority_jIdentity information and certificate of_i，jInputting, outputting validity judgment: Valid/Invalid ← Gser_gmpk(ID_j，Cert_i，j)。

If the formula output is valid, the user side accepts the legal certificate, otherwise, the user side refuses and reappears.

And thirdly, certificate acceptance and verification are carried out.

In the certificate acceptance process, the slave certification authority i uses the master public key gmpk of the master certification authority and the public key gpk of the slave certification authority i_iAnd certificate Cert_i，jExporting certificate acceptance and verification information for import

Thereafter, certificate acceptance and verification information (ψ) is transmitted from the certification authority i through a secure channel_i，j，π_i，j) Send to the user ID_jThe user terminal of (1).

During commitment validation, user ID_jThe user end opens a promise to the verifier, and the verifier uses a master public key gmpk of a master certification authority and a public key gpk of a slave certification authority_iAnd certificate acceptance and verification information (psi)_i，j，π_i，j) Inputting, outputting validity judgment:

if the validity judgment formula is valid, the verifier verifying the acceptance of the certificate, otherwise, the certificate is rejected.

Then, the commitment signature and verification are carried out.

In the commitment signature process, the slave certification authority i uses the slave key gsk_iA public key gmpk of the main certification authority and a certificate acceptance psi_i，jOutputting commitment signatures for input

And sign the commitment pair (psi)_i，j，σ_i，j) Submitted to the blockchain system for storage.

During signature verification, miners (i.e., other slave certification authorities) in the blockchain system use the public key gmpk and commitment signature pair (ψ) of the master certification authority_i，j，σ_i，j) Outputting validity judgment of the commitment signature for input: Valid/Invalid ← Gser_gmpk(ψ_i，j，σ_i，j). Miners (i.e., other secondary certification authorities) in the blockchain system accept the signature of the commitment and store it in the blockchain system if the validity judgment formula output is valid, otherwise refuse and delete it.

Then, identity authentication is performed.

In the process of authentication of the admission, the user ID_jThe user end opens a promise to the verifier, and the verifier uses the master public key gmpk of the master certification authority and the public key gpk of the slave certification authority i_iCertificate acceptance and verification information (psi)_i，j，π_i，j) For input, judging validity:

if the validity judgment formula output is valid, the verifier verifying the acceptance of the certificate is accepted, otherwise the certificate is rejected.

Then, signature tracing is performed.

In the signature tracing process, the master certification authority signs sigma with the master key gmsk and the commitment_i，jFor input, the slave key gsk of the slave certification authority is output_i：gsk_i←Trace_gmsk(σ_i，j)。

Finally, certificate extraction is performed.

In the certificate extraction process, the masterThe certification authority takes the master key gmsk and commitment as input and outputs the user public key certificate Cert_i，j：Cert_i，j←Extract_gmsk(ψ_i，j)。

Furthermore, the slave certification authority i can also extract the user public key certificate from the certificate acceptance, and the slave certification authority i uses the slave key gsk thereof_iAnd a commitment psi_i，jExporting user public key certificates for import

It is to be understood that the basic cryptographic tool used in the embodiment of the present invention includes a group signature and an extractable commitment algorithm with two extractors, and as shown in fig. 4, is a schematic diagram of the basic cryptographic tool in the block chain based cross-domain authentication method provided in the embodiment of the present invention, which includes a group signature and an extractable commitment algorithm with two extractors. For an extractable commitment algorithm with dual extractors, the following is introduced:

for the system parameter generation algorithm SysGen, a BDH parameter generator is used

Generating a group G₁，g₁Is a group G₁The random generator of (1). e is (G)₁，G₁) Symmetric bilinear mapping, H₁，H₂，H₃Three hash functions: h₁：G₁→{0，1}ⁿ，H₂：{0，1}ⁿ→{0，1}ⁿ，

For the key generation algorithm KGen, a random integer x ∈ Z is selected^*Calculating

The public key and the private key are respectively: pk₁＝X，sk₁X. Selecting another random integer y ∈ Z^*Calculating

Then the other pair of public key and private key is: pk₂＝Y，sk₂＝y。

For the commitment algorithm TECom, with message M e {0, 1}ⁿThe random number r belongs to Z^*And a random number rho epsilon {0, 1}ⁿAnd the public key pk₁，pk₂To input, calculate:

the output commitment is psi ═ (C)₁，C₂，C₃，C₄，C₅) The verification information is pi ═ r (r, ρ).

For the verification algorithm TEVer, the message M and the public key pk are used₁，pk₂And acceptance and verification information (ψ, π') as inputs, calculating:

let psi ═ C₁′，C₂′，C₃′，C₄′，C₅'). If ψ' the output is valid, otherwise it is rejected.

For the extraction algorithm Extract, the commitment ψ (C) is used₁，C₂，C₃，C₄，C₅) And the commitment key sk₁X is input, calculate:

then detecting equation C₅＝H₃(ρ，M，C₃，C₄，e(C₁，C₂)^x) If the message M is not accepted, outputting the message M, otherwise rejecting the message M.

Using certificate to commit psi ═ C₁，C₂，C₃，C₄，C₅) And the commitment key sk₂As input, calculate:

thereafter, equation C is detected₅＝H₃(ρ，M，C₃，C₄，e(C₁，C₂)^y) If the message M is not accepted, outputting the message M, otherwise rejecting the message M.

Based on the same inventive concept, embodiments of the present invention provide a block chain based cross-domain authentication system according to the above embodiments, where the system is used to implement block chain based cross-domain authentication in the above embodiments. Therefore, the description and definition in the block chain-based cross-domain authentication method in the embodiments above may be used for understanding each execution module in the embodiments of the present invention, and specific reference may be made to the embodiments above, which are not described herein again.

As shown in fig. 1, the block chain-based cross-domain authentication system according to the embodiment of the present invention includes 3 types of entities: a master certification authority, a slave certification authority, a user side and a verifier (wherein the verifier is also a user). The master key and the master public key of the master certification authority are (gmsk, gmpk), and the private key and the public key of the slave certification authority are (gsk, gpk). In FIG. 1 (psi)₁，π₁，point₁) And (psi)₁，π₁，point₁) Represents certificate commitment, authentication information and a pointer, H () represents a hash function, Pre: h () represents the hash function value calculated for the last block, and Cerfiticate represents the Merkle root of the transaction order, i.e., the hash function is calculated for a plurality of transaction orders, and a final hash function value is calculated.

The block chain-based cross-domain authentication system provided by the embodiment of the invention is formed by setting corresponding entities, and utilizes the slave authentication mechanism to realize certificate issuance, certificate acceptance and acceptance signature in the cross-domain authentication process, so that cross-domain authentication is independent of the master authentication mechanism, and a user only needs to verify the certificate issued by the slave authentication mechanism, the acceptance of the certificate and the acceptance signature, so that a verifier can quickly verify the identity information of the user, and the processing efficiency of the cross-domain authentication can be effectively improved. Meanwhile, by broadcasting the commitment signature to the block chain system, strict supervision of a slave certification authority can be realized, and the safety and the fairness of the certification process are guaranteed.

It is understood that, in the embodiment of the present invention, the entity components in the system of the foregoing embodiments may be implemented by a hardware processor (hardware processor). Moreover, the block chain based cross-domain authentication system according to the embodiment of the present invention is composed of the entities, and can implement the block chain based cross-domain authentication process according to the above-mentioned method embodiments, and when the system according to the embodiment of the present invention is used for implementing the block chain based cross-domain authentication according to the above-mentioned method embodiments, the beneficial effects produced by the system according to the embodiment of the present invention are the same as those of the corresponding above-mentioned method embodiments, and the above-mentioned method embodiments may be referred to, and details are not repeated here.

As a further aspect of the embodiments of the present invention, the present embodiment provides an electronic device according to the above embodiments, where the electronic device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the steps of the block chain-based cross-domain authentication method according to the above embodiments are implemented.

Further, the electronic device of the embodiment of the present invention may further include a communication interface and a bus. Referring to fig. 5, an entity structure diagram of an electronic device provided in an embodiment of the present invention includes: at least one memory 501, at least one processor 502, a communication interface 503, and a bus 504.

The memory 501, the processor 502 and the communication interface 503 complete mutual communication through the bus 504, and the communication interface 503 is used for information transmission between the electronic device and the cross-domain authentication system; the memory 501 stores a computer program that can be executed on the processor 502, and when the processor 502 executes the computer program, the steps of the block chain-based cross-domain authentication method according to the embodiments described above are implemented.

It is understood that the electronic device at least includes a memory 501, a processor 502, a communication interface 503 and a bus 504, and the memory 501, the processor 502 and the communication interface 503 are connected in communication with each other through the bus 504, and can complete communication with each other, for example, the processor 502 reads program instructions of a block chain-based cross-domain authentication method from the memory 501. In addition, the communication interface 503 may also implement communication connection between the electronic device and the cross-domain authentication system, and may complete mutual information transmission, such as implementing sending of a control instruction through the communication interface 503.

When the electronic device is running, the processor 502 calls the program instructions in the memory 501 to perform the methods provided by the above-described method embodiments, including for example: selecting safety parameters to sequentially generate public parameters, a master public key and a master secret key of the master certification authority by using the master certification authority, generating a slave secret key of the slave certification authority based on the master secret key, and distributing the slave secret key to the slave certification authority; generating a slave public key of the slave certification authority according to the slave secret key by using the slave certification authority, generating a certificate based on the slave public key, signing the certificate to the user side so that the user side can verify whether the certificate is valid or not, and receiving the certificate when the certificate is valid; the subordinate certification authority is used for committing the certificate, and the certificate commitment and verification information generated by the commitment are sent to the user side so that the user side can verify whether the certificate commitment is valid or not, and when the certificate commitment and the verification information are verified to be valid, the certificate commitment and the verification information are received; signing the commitment of the certificate by using the slave certification authority, broadcasting the commitment signature generated by the signature into the blockchain system so as to enable other slave certification authorities to verify whether the commitment signature is valid or not, and storing the commitment signature into the blockchain system when the commitment signature is valid; the method comprises the steps that a user side is utilized to send a certificate, certificate commitment and verification information to a verifier, so that the verifier can verify whether the certificate commitment is valid or not, and receives identity information of a user corresponding to the user side when the certificate commitment is valid; and tracking the identity information of the slave certification authority by using the master certification authority, and extracting the certificate from the certificate commitment by using the master certification authority and the slave certification authority respectively to realize cross-domain certification and the like.

The program instructions in the memory 501 may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand-alone product. Alternatively, all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, where the program may be stored in a computer-readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

Embodiments of the present invention further provide a non-transitory computer-readable storage medium according to the above embodiments, on which computer instructions are stored, and when the computer instructions are executed by a computer, the steps of the block chain-based cross-domain authentication method according to the above embodiments are implemented, for example, including: selecting safety parameters to sequentially generate public parameters, a master public key and a master secret key of the master certification authority by using the master certification authority, generating a slave secret key of the slave certification authority based on the master secret key, and distributing the slave secret key to the slave certification authority; generating a slave public key of the slave certification authority according to the slave secret key by using the slave certification authority, generating a certificate based on the slave public key, signing the certificate to the user side so that the user side can verify whether the certificate is valid or not, and receiving the certificate when the certificate is valid; the subordinate certification authority is used for committing the certificate, and the certificate commitment and verification information generated by the commitment are sent to the user side so that the user side can verify whether the certificate commitment is valid or not, and when the certificate commitment and the verification information are verified to be valid, the certificate commitment and the verification information are received; signing the commitment of the certificate by using the slave certification authority, broadcasting the commitment signature generated by the signature into the blockchain system so as to enable other slave certification authorities to verify whether the commitment signature is valid or not, and storing the commitment signature into the blockchain system when the commitment signature is valid; the method comprises the steps that a user side is utilized to send a certificate, certificate commitment and verification information to a verifier, so that the verifier can verify whether the certificate commitment is valid or not, and receives identity information of a user corresponding to the user side when the certificate commitment is valid; and tracking the identity information of the slave certification authority by using the master certification authority, and extracting the certificate from the certificate commitment by using the master certification authority and the slave certification authority respectively to realize cross-domain certification and the like.

In the electronic device and the non-transitory computer readable storage medium provided in the embodiments of the present invention, by performing the steps of the block chain based cross-domain authentication method described in each of the embodiments, the certificate issuance, the certificate acceptance and the acceptance signature in the cross-domain authentication process are implemented by the slave certificate authority, so that the cross-domain authentication is not dependent on the master certificate authority, and the user only needs to verify the certificate issued by the slave certificate authority, the acceptance of the certificate, and the signature of the acceptance, so that the verifier can quickly verify the identity information of the user, thereby effectively improving the processing efficiency of the cross-domain authentication. Meanwhile, by broadcasting the commitment signature to the block chain system, strict supervision of a slave certification authority can be realized, and the safety and the fairness of the certification process are guaranteed.

It is to be understood that the above-described embodiments of the apparatus, the electronic device and the storage medium are merely illustrative, and that elements described as separate components may or may not be physically separate, may be located in one place, or may be distributed on different network elements. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on such understanding, the technical solutions mentioned above may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a usb disk, a removable hard disk, a ROM, a RAM, a magnetic or optical disk, etc., and includes several instructions for causing a computer device (such as a personal computer, a server, or a network device, etc.) to execute the methods described in the method embodiments or some parts of the method embodiments.

In addition, it should be understood by those skilled in the art that in the specification of the embodiments of the present invention, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.

In the description of the embodiments of the invention, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description. Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects.

However, the disclosed method should not be interpreted as reflecting an intention that: that is, the claimed embodiments of the invention require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of an embodiment of this invention.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the embodiments of the present invention, and not to limit the same; although embodiments of the present invention have been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A block chain-based cross-domain authentication method is characterized in that the block chain-based cross-domain authentication method is implemented based on a given cross-domain authentication system, the given cross-domain authentication system comprises a master authentication mechanism, a slave authentication mechanism, a user side and a verifier, and the block chain-based cross-domain authentication method comprises the following steps:

step 1, selecting safety parameters to sequentially generate public parameters and a master public key and a master secret key of a master certification authority by using the master certification authority, generating a slave secret key of the slave certification authority based on the master secret key, and distributing the slave secret key to the slave certification authority;

step 2, generating a slave public key of the slave certification authority according to the slave secret key by using the slave certification authority, generating a certificate based on the slave public key, signing to the user side so that the user side can verify whether the certificate is valid, and receiving the certificate when the certificate is valid;

step 3, utilizing the slave certification authority to commit the certificate, and sending the certificate commitment and verification information generated by the commitment to the user side so that the user side can verify whether the certificate commitment is valid, and receiving the certificate commitment and the verification information when the certificate commitment and the verification information are valid;

step 4, utilizing the slave certification authority to sign the certificate commitment, broadcasting a commitment signature generated by the signature to the blockchain system so that other slave certification authorities can verify whether the commitment signature is valid, and storing the commitment signature in the blockchain system when the commitment signature is valid;

step 5, the user side is utilized to send the certificate, the certificate acceptance and the verification information to the verifier, so that the verifier can verify whether the certificate acceptance is valid or not, and when the verification is valid, the identity information of the user corresponding to the user side is received;

step 6, tracking the identity information of the slave certification authority by using the master certification authority, and extracting the certificate from the certificate commitment by using the master certification authority and the slave certification authority respectively to realize cross-domain certification;

wherein the content of the first and second substances,

the specific operation of step 3 is: generating certificate acceptance and verification information (psi, pi) by using the slave certification authority according to the master public key gmpk of the master certification authority, the public key gpk of the slave certification authority and the certificate Cert by using an acceptance algorithm TECom, and sending the certificate acceptance and verification information (psi, pi) to the user side; verifying whether the certificate acceptance psi is valid or not by adopting a verification algorithm TEVer according to the master public key gmpk of the master certification authority, the certificate Cert, the certificate acceptance and the verification information psi, pi;

the specific operation of step 4 is to generate a commitment signature sigma by using the slave certification authority and according to a slave key gssk of the slave certification authority, a master public key gmpk of the master certification authority and a certificate commitment psi by using a group signature algorithm GSig, and broadcast the commitment signature sigma to a block chain system; and verifying whether the commitment signature sigma is valid or not by using the other slave certification authorities and adopting a verification algorithm Gver according to the master public key gmpk, the certificate commitment psi and the commitment signature sigma of the master certification authority.

2. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of selecting a security parameter to generate a public parameter and a master public key and a master secret key of the master certificate authority by using the master certificate authority, and generating a slave secret key of the slave certificate authority based on the master secret key, and distributing the slave secret key to the slave certificate authority specifically comprises:

and the main authentication mechanism is utilized to complete the following processing flows in sequence:

3. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of generating a certificate based on the slave public key and issuing the certificate to the user end for the user end to verify whether the certificate is valid, and accepting the certificate when the certificate is valid specifically includes:

4. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of committing the certificate by the slave authentication authority and sending a certificate commitment and verification information generated by the commitment to the user terminal so that the user terminal can verify whether the certificate commitment is valid, and when the certificate commitment and the verification information are valid, accepting the certificate commitment and the verification information further comprises:

5. The blockchain-based cross-domain authentication method according to claim 1, wherein the signing the certificate commitment with the slave certification authority and broadcasting the commitment signature generated by the signing into the blockchain system for other slave certification authorities to verify whether the commitment signature is valid, and when the commitment signature is valid, storing the commitment signature into the blockchain system further comprises:

6. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of sending the certificate, the certificate acceptance and the verification information to the verifier by using the user side for the verifier to verify whether the certificate acceptance is valid, and when the certificate acceptance is valid, accepting identity information of a user corresponding to the user side specifically comprises:

7. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of tracking, by the master authentication mechanism, the identity information of the slave authentication mechanism specifically comprises:

and tracking a slave key gsk of the slave certification authority by using the master certification authority according to a master key gmsk and a commitment signature sigma of the master certification authority by adopting a tracking algorithm Trace, and identifying the identity information of the slave certification authority based on the slave key gsk.

8. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of extracting the certificate from the certificate commitment by using the master certification authority and the slave certification authority respectively to implement cross-domain authentication specifically comprises:

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the block chain based cross-domain authentication method according to any one of claims 1 to 8 when executing the computer program.

10. A non-transitory computer readable storage medium having stored thereon computer instructions, wherein the computer instructions, when executed by a computer, implement the steps of the blockchain based cross-domain authentication method according to any one of claims 1 to 8.