CN110717760A - One-stop efficient PKI authentication service method based on block chain - Google Patents
One-stop efficient PKI authentication service method based on block chain Download PDFInfo
- Publication number
- CN110717760A CN110717760A CN201911014480.6A CN201911014480A CN110717760A CN 110717760 A CN110717760 A CN 110717760A CN 201911014480 A CN201911014480 A CN 201911014480A CN 110717760 A CN110717760 A CN 110717760A
- Authority
- CN
- China
- Prior art keywords
- user
- certificate
- node
- miner
- ticket
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/045—Payment circuits using payment protocols involving tickets
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Abstract
A one-stop efficient PKI authentication service method based on a block chain is characterized in that a miner node M1 carries out system initialization, corresponding system parameters are generated and published to the whole block chain, a user c initiates certificate registration/updating/revocation transaction to a supervision node, and the supervision node inquires and verifies a transaction initiator and then places qualified transactions into an unprocessed transaction Pool. And the miner node extracts corresponding transactions according to the sequence to finish the block-out operation, and correspondingly realizes the registration, updating or revocation of the user certificate. User c sends service id to miner nodeVAnd witness WcWhen the information is received, the miner node verifies and returns the session key and the service authorization ticket; then the user sends witness and service authorization bill to the third party service provider, namely initiates a service request, the session security between the user and the service provider is ensured by the session key, and the service provider verifiesAnd after the user identity passes the authentication, the user is provided with related services, and the one-stop authentication service is completed.
Description
Technical Field
The invention relates to the technical field of block chain technology and public key identity authentication.
Background
Public Key Infrastructure (PKI) is a universal security Infrastructure that is established using the theory and technology of Public Key cryptosystems to provide information security services, enabling users to conduct communications and e-commerce transactions through a series of trust relationships based on certificates without knowing the identity of the other party or the distribution of the users. As the foundation and core of the current network security construction, PKI is the basic guarantee for the security development of electronic commerce. To ensure secure transmission of information, an effective PKI system must be secure and transparent. But the biggest problem faced by traditional centralized PKI in a distributed environment is the problem that the CA is not trusted, resulting in the identity of the entity being untrusted. The attack of the CA or the issuance of the certificate by the malicious CA brings about a great potential safety hazard to the information system, and a hacker can execute malicious operation by the CA trusted by the attack user so as to realize man-in-the-middle attack, such as the issuance of the user certificate containing false information. The user cannot verify the process of issuing the certificate by the CA, so that the problem of transparency of the certificate exists. In addition, due to the centralized CA management architecture, if a CA fails, the use of all user certificates is affected, and a single point of failure problem exists.
The block chain technology is an integrated application of distributed storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. Through the block chain distributed node verification and consensus mechanism, trust establishment among decentralized system nodes can be achieved, meanwhile, a shared, determined and unchangeable record is provided for a public account book, and data consistency and tampering resistance are guaranteed. Therefore, the block chain technology is used for solving the problems of counterfeiting, centralization, key management, certificate distribution and the like in the traditional identity authentication system, and a new thought is brought to the realization of decentralized PKI.
Disclosure of Invention
The invention aims to provide a block chain-based one-stop efficient PKI authentication service method.
The invention relates to a block chain-based one-stop efficient PKI authentication service method, which comprises the following steps:
(1) initialization: first a group of nodes elects miners' nodes according to a consensus mechanism such as DPOS,the miner node M1 with the highest weight creates a safety parameter n with the length of k-bit and an empty set AuLet us orderSetting initial participating member list L ═ { c ═ c1,…,cmAnd M is more than or equal to 1 and less than or equal to M, wherein M is a threshold value, namely at least one miner node is included. The following steps are then performed:
adaptive selection of miner node M1Calculating β ═ σ λ mod Φ (n)2) And β ∈ T'. Uniform random selectionThe public key PK of the dynamic accumulator is (n, beta), the private key SK is (sigma, lambda, gamma), and P is (PK, SK);
outputting an initial accumulated value v0Auxiliary information acAnd Al=(y1,…,ym) (ii) a Wherein f (x) is (x-1)/n;
will initially accumulate value v0And auxiliary information ac、AlEqual-correlation parameter packingThe block is broadcasted to the whole network, other miner nodes and supervision nodes verify that the block is attached to the existing block chain, otherwise, the block-out right is continued to the next miner node M2, the whole node group achieves consensus, and initialization is completed;
(2) and (3) certificate generation: after the system is initialized, the accumulated users can calculate corresponding witnesses according to the information disclosed on the block chain, and can also initiate applications to the miners 'nodes, and the miners' nodes sign and issue corresponding witnesses, which comprises the following specific steps:
the miner node or the user queries to obtain the existing auxiliary information ac、AlThe parameter P is (PK, SK), and a set of m elements is randomly selectedAnd (3) calculating:
note Wi=(wi,ti) For user ciThe finding of (i ═ 1, …, m). Will (c)i=h(idi,ADi),Wi=(wi,ti),pki,vi) Quadruplets as users ciThe public key certificate of (1);
(3) and (3) verification: give user ciAnd witness WiAccumulated value v and accumulator public key PK, checking whetherAndif Yes, output Yes, i.e. verify user ciHas indeed been accumulated in v, otherwise No is output;
(4) the new user credentials are registered. New user ci +Submitting its own encrypted identity information ci、idi、ADiAnd the public key pkiInitiating a registration transaction request to a supervisory node, the supervisory node coreTo cA=h(idA,ADA) And initiating confirmation to the network address, receiving confirmation information, namely performing digital signature on the confirmed transaction after verifying that the transaction is legal, then recording the transaction into an unprocessed transaction Pool, and selecting a certain number of new user certificate registration transactions from the unprocessed transaction Pool by the miner node, and recording as a user set to be addedThen selectAnd collectionsAnd (3) calculating:
let T equal T ∪ T+,Au=Au∪{au},ac=acaumodn2Then a new accumulated value v' and new auxiliary information and new user c are obtainedi +Witness ofThen, similar to the initialization, the miner node marks corresponding informationBroadcasting the packet, and adding the new block into the block chain by other miner nodes; in addition, in practical applications, it is recommended that T 'be a value of T' ═ 216+1,…,n2};
(5) User certificate revocation: pre-revocation of usersPresenting self witnesses W to a supervising nodei=(wi,ti) And signing sigma, initiating an identity revocation transaction request, and after signature verification, also recording the identity revocation transaction request into an unprocessed transaction Pool; the miners node selects a certain amount of user identity revocation transactions from the unprocessed transaction Pool, and records the user identity revocation transactions as a set of users to be revokedFor a user identity revocation transaction, the supervision node firstly verifies the signature sigma to verify that the witness really belongs to the user, and then the step (3) is carried out to verify whether the user identity is accumulated;
let ac=acaumodn2,Au=Au∪{auGet a new accumulated value v', a new auxiliary information acAnd au. Then, similarly to the initialization, the miner nodes pack and broadcast corresponding information, other miner nodes and the supervision node verify that the new blocks are added into the block chain, the certificate revocation affairs are recorded on the chain, and the W is witnessedi=(wi,ti) Expiration, i.e., the user credentials have expired;
(6) and (3) certificate updating: there are two methods for certificate renewal, the first is to renew only witnesses W, which is applicable to users who still use old keys but have a need for certificate renewal; at this time, user c is pre-updatediPresenting self witnesses W to a supervising nodei=(wi,ti) Signing sigma, initiating a certificate update transaction request, and counting the request into an unprocessed transaction Pool after verification; the miners node selects a certain amount of user certificate updating affairs from the unprocessed affair Pool and records the affairs as a user set to be updatedThen calculate w'i=wiaumod n2Get user ciIs witnessed W'i=(w′i,ti) (ii) a Wherein the user ciWitness of (W)iSecond part t ofiIs generated when the user is added to the accumulator, and tiThe value of (A) remains unchanged, only wiWill change with witness updates and other transactions; thus, tiCan also be used as ciA substitute identifier in the accumulator;
it should be noted that each certificate carries corresponding timestamp and accumulator related information; parameter a whenever a miner performs a certificate registration or deletionuIs updated once and is recorded in the set Au(ii) a When a user initiates a certificate update transaction, miners need to inquire the last certificate update/registration time of the user and find the set A corresponding to the time till nowuElement (1) ofk is the time a between the last certificate update of the user and the certificate update transactionuThe number of changes; computingw′i=wiaumod n2Then the new witness W 'of the user'i=(w′i,ti) (ii) a Therefore, the user certificate updating is independent of the change of the accumulated value v, compared with other PKI systems applying accumulators, the scheme does not need to update the previous updating for all users according to the accumulated value updating every time when the certificate updating transaction is executed once, and the certificate updating efficiency is greatly improved;
the second is certificate update proposed when the user needs to use a new public and private key; user submission ci,Wi=(wi,ti),pki,pk′i,ADi,viOf which is pk'iIs a new public key; when the user sends out the request transaction of updating the key, the supervisory node firstly carries out the third step to verify whether the user is registered or not and verify the network address and the user ciThe consistency of (2); then, the latest certificate of the user is searched, and the public keys pk and pk of the certificate are verifiediWhether the public keys are consistent or not is used for preventing an adversary from maliciously updating the user certificate by using the old public key which is leaked by the user before; the user witness W 'is updated by the miner after the verification is passed'iThen, the new public key of the user and other information are packaged into blocks and then broadcast, and other nodes pass verification and uplink is carried out;
(7) user/service authentication exchange: service authorization Ticket exchange: user c sends c, service id hoped to access to TGS (Ticket-indexing Servers) Ticket authorization serverVAnd witness WcRequesting a service authorization Ticket SGT (Server-Granting Ticket), and returning a session key K after the miner verifies the Ticketc,VAnd service authorization Ticket TicketV(ii) a The specific description is as follows:
(1)c→Miner:c||Wc||idV||Authenticatorc
(2)Miner→c:c||TicketV||E(pkc,[Kc,V||idV||TS2])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS1])
wherein the AuthenticatorcThe method comprises the steps that a legal authentication bill generated for a user ensures that a bill owner is the same as an owner when the bill is issued to the TGS, and the legal authentication bill can be used only once and has a very short life cycle; TGS according to idcAnd WcQuerying to obtain corresponding pkcDecrypting the authentication ticket; kc,VThe session key is used for ensuring the safe information exchange between the user and the third-party service provider; ADcThe network address is used for preventing the bill from being used on a different workstation when the bill is applied; the Lifetime is used for preventing the bill from being used continuously after being expired; TS is a ticket issuing time stamp;
user/service authentication exchange: user c initiates a service request to a third party service provider and sends a TicketVAnd AuthenticatorcThe third party service provider provides service after verification; the specific description is as follows:
(3)c→V:c||Wc||TicketV||Authenticatorc
(4)V→c:E(Kc,V,[WV||TS3+1])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS3])
if mutual authentication is required, V should send a response message to c according to message (4); it is clear that the message is composed of a session key Kc,VEncryption, capable of ensuring that the message is generated only by V, and at the same time, capable of passing authentication WVAnd realizing the confirmation of the message source.
The invention has the advantages that:
(1) defending against selective element attacks by malicious adversaries: the invention can effectively defend against attack of selected elements of malicious enemies. The block chain-based one-stop efficient PKI authentication service method is based on the cryptology difficulty hypothesis es-RSA, is high in safety, and can prevent malicious adversaries from forging certificates, namely forging identities and witnesses.
(2) Resistance to Sybil attack: the Sybil attack refers to an attack that by creating multiple account identities in a malicious node, an adversary can control most of a network with few nodes to realize denial of transaction, forking, double payment and the like. The invention binds the user network address and the user identity, and meanwhile, the addition of the new node needs to be authenticated by the supervision node, so that an adversary cannot create a plurality of identities in one node, and Sybil attack cannot be carried out.
(3) Efficient one-stop authentication services; the invention realizes the high-efficiency updating and revocation of the user certificate by utilizing the block chain technology and the dynamic accumulator, so that the management of the certificate is more convenient and efficient. And further, the efficient one-stop authentication service can be provided for the user and the third-party service provider.
Detailed Description
The invention relates to a block chain-based one-stop efficient PKI authentication service method, which comprises the following steps:
(1) initialization: firstly, a node group elects miner nodes according to a consensus mechanism such as DPOS, and the miner node M1 with the highest weight creates a safety parameter n with the length of k-bit and an empty set AuLet us orderSetting initial participating member list L ═ { c ═ c1,...,cmAnd M is more than or equal to 1 and less than or equal to M, wherein M is a threshold value, namely at least one miner node is included. The following steps are then performed:
adaptive selection of miner node M1Calculating β ═ σ λ mod Φ (n)2) And β ∈ T'. Uniform random selectionLet public key PK ═ n, β of dynamic accumulator, privateThe key SK ═ (σ, λ, γ), P ═ PK, SK;
outputting an initial accumulated value v0Auxiliary information acAnd Al=(y1,…,ym) (ii) a Wherein f (x) is (x-1)/n;
will initially accumulate value v0And auxiliary information ac、AlThe related parameters are packaged into blocks to be broadcast to the whole network, other miner nodes and supervision nodes verify that the blocks are attached to the existing block chain, otherwise, the block-out right is continued to the next miner node M2, the whole node group achieves consensus, and initialization is completed;
(2) and (3) certificate generation: after the system is initialized, the accumulated users can calculate corresponding witnesses according to the information disclosed on the block chain, and can also initiate applications to the miners 'nodes, and the miners' nodes sign and issue corresponding witnesses, which comprises the following specific steps:
the miner node or the user queries to obtain the existing auxiliary information ac、AlThe parameter P is (PK, SK), and a set of m elements is randomly selectedAnd (3) calculating:
note Wi=(wi,ti) For user ciThe finding of (i ═ 1, …, m). Will (c)i=h(idi,ADi),Wi=(wi,ti),pki,vi) Quadruplets as users ciThe public key certificate of (1);
(3) and (3) verification: give user ciAnd witness WiAccumulated value v and accumulator public key PK, checking whetherAndif Yes, output Yes, i.e. verify user ciHas indeed been accumulated in v, otherwise No is output;
(4) the new user credentials are registered. New user ci +Submitting its own encrypted identity information ci、idi、ADiAnd the public key pkiInitiating a registration transaction request to a supervisory node, the supervisory node checking cA=h(idA,ADA) And initiating confirmation to the network address, receiving confirmation information, namely performing digital signature on the confirmed transaction after verifying that the transaction is legal, then recording the transaction into an unprocessed transaction Pool, and selecting a certain number of new user certificate registration transactions from the unprocessed transaction Pool by the miner node, and recording as a user set to be addedThen selectAnd collectionsAnd (3) calculating:
let T equal T ∪ T+,Au=Au∪{au},ac=acaumodn2Then a new accumulated value v' and new auxiliary information and new user c are obtainedi +Witness ofThen, similarly to the initialization, the miner nodes pack and broadcast corresponding information, and other miner nodes add new blocks into the block chain; in addition, in practical applications, it is recommended that T 'be a value of T' ═ 216+1,…,n2};
(5) User certificate revocation: pre-revocation of usersPresenting self witnesses W to a supervising nodei=(wi,ti) And signing sigma, initiating an identity revocation transaction request, and after signature verification, also recording the identity revocation transaction request into an unprocessed transaction Pool; the miners node selects a certain amount of user identity revocation transactions from the unprocessed transaction Pool, and records the user identity revocation transactions as a set of users to be revokedFor a user identity revocation transaction, the supervisory node first verifies the signatureSigma, verifying that the witness really belongs to the user, and then carrying out the step (3) to verify whether the user identity is accumulated;
if yes, selectingAnd (3) calculating:
let ac=acaumodn2,Au=Au∪{auGet a new accumulated value v', a new auxiliary information acAnd au. Then, similarly to the initialization, the miner nodes pack and broadcast corresponding information, other miner nodes and the supervision node verify that the new blocks are added into the block chain, the certificate revocation affairs are recorded on the chain, and the W is witnessedi=(wi,ti) Expiration, i.e., the user credentials have expired;
(6) and (3) certificate updating: there are two methods for certificate renewal, the first is to renew only witnesses W, which is applicable to users who still use old keys but have a need for certificate renewal; at this time, user c is pre-updatediPresenting self witnesses W to a supervising nodei=(wi,ti) Signing sigma, initiating a certificate update transaction request, and counting the request into an unprocessed transaction Pool after verification; the miners node selects a certain amount of user certificate updating affairs from the unprocessed affair Pool and records the affairs as a user set to be updatedThen calculate w'i=wiaumod n2Get user ciIs witnessed W'i=(w′i,ti) (ii) a Wherein the user ciWitness of (W)iSecond part t ofiIs generated when the user is added to the accumulator, and tiThe value of (A) remains unchanged, only wiWill change with witness updates and other transactions; thus, tiCan also be used as ciA substitute identifier in the accumulator;
it should be noted that each certificate carries corresponding timestamp and accumulator related information; parameter a whenever a miner performs a certificate registration or deletionuIs updated once and is recorded in the set Au(ii) a When a user initiates a certificate update transaction, miners need to inquire the last certificate update/registration time of the user and find the set A corresponding to the time till nowuElement (1) ofk is the time a between the last certificate update of the user and the certificate update transactionuThe number of changes; computingw′i=wiaumod n2Then the new witness W 'of the user'i=(w′i,ti) (ii) a Therefore, the user certificate updating is independent of the change of the accumulated value v, compared with other PKI systems applying accumulators, the scheme does not need to update the previous updating for all users according to the accumulated value updating every time when the certificate updating transaction is executed once, and the certificate updating efficiency is greatly improved;
the second is certificate update proposed when the user needs to use a new public and private key; user submission ci,Wi=(wi,ti),pki,pk′i,ADi,viOf which is pk'iIs newA public key; when the user sends out the request transaction of updating the key, the supervisory node firstly carries out the third step to verify whether the user is registered or not and verify the network address and the user ciThe consistency of (2); then, the latest certificate of the user is searched, and the public keys pk and pk of the certificate are verifiediWhether the public keys are consistent or not is used for preventing an adversary from maliciously updating the user certificate by using the old public key which is leaked by the user before; the user witness W 'is updated by the miner after the verification is passed'iThen, the new public key of the user and other information are packaged into blocks and then broadcast, and other nodes pass verification and uplink is carried out;
(7) user/service authentication exchange: service authorization Ticket exchange: user c sends c, service id hoped to access to TGS (Ticket-indexing Servers) Ticket authorization serverVAnd witness WcRequesting a service authorization Ticket SGT (Server-Granting Ticket), and returning a session key K after the miner verifies the Ticketc,VAnd service authorization Ticket TicketV(ii) a The specific description is as follows:
(1)c→Miner:c||Wc||idV||Authenticatorc
(2)Miner→c:c||TicketV||E(pkc,[Kc,V||idV||TS2])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS1])
wherein the AuthenticatorcThe method comprises the steps that a legal authentication bill generated for a user ensures that a bill owner is the same as an owner when the bill is issued to the TGS, and the legal authentication bill can be used only once and has a very short life cycle; TGS according to idcAnd WcQuerying to obtain corresponding pkcDecrypting the authentication ticket; kc,VThe session key is used for ensuring the safe information exchange between the user and the third-party service provider; ADcThe network address is used for preventing the bill from being used on a different workstation when the bill is applied; the Lifetime is used for preventing the bill from being used continuously after being expired; TS is a ticket issuing time stamp; user/service authenticationExchange of certificates: user c initiates a service request to a third party service provider and sends a TicketVAnd AuthenticatorcThe third party service provider provides service after verification; the specific description is as follows:
(3)c→V:c||Wc||TicketV||Authenticatorc
(4)V→c:E(Kc,V,[WV||TS3+1])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS3])
if mutual authentication is required, V should send a response message to c according to message (4); it is clear that the message is composed of a session key Kc,VEncryption, capable of ensuring that the message is generated only by V, and at the same time, capable of passing authentication WVAnd realizing the confirmation of the message source.
Description of the symbols:
Wcwitness to witness
c: user' s
σ: signature
Kc,V: session key
v: accumulated value
idV: service ID ADc: network address
TS time stamp for issuing bill
Life time: preventing the bill from being used after being expired
Authenticatorc: user generated legality authentication ticket
TicketV: service authorization ticket
PK: accumulator public key
SK: private key
ac: additional messages
The following examples are used to further develop the invention.
The invention relates to a block chain-based one-stop efficient PKI authentication service method, which comprises the following specific implementation mode that firstly, a miner node initializes (k, M, L) → (P, a) a systemc,v0,AlThen, the new user initiates registration, the supervision node checks the registration transaction, the supervision node selects some transaction things from the pool through post-placement in the pool, and the miner node runs corresponding registration updating or revocation algorithm to complete registration of the user certificate (c)i +,idi,ADi,pki)→(au,ac,v′,Wi +) Update (c)i,Wi,σ)→(Wi') undo transaction (c)i -,Wi -,σ)→(au,acV'), the user may then initiate a corresponding authentication or service request (c, W)c,idV,Authenticatorc)→(Kc,V,TicketV) The service request is to request the miner node to obtain a service authorization ticket and a session key, and then the service request is initiated to a third-party service provider by using the session key and the service authorization ticket, and the third-party authentication passes the provision of the corresponding service.
Claims (1)
1. A block chain-based one-stop efficient PKI authentication service method is characterized by comprising the following steps:
(1) initialization: firstly, a node group elects miner nodes according to a consensus mechanism such as DPOS, and the miner node M1 with the highest weight creates a safety parameter n with the length of k-bit and an empty set AuLet us orderT′={3,…,n2And setting an initial participating member list L ═ c1,...,cmAnd M is more than or equal to 1 and less than or equal to M, wherein M is a threshold value, namely at least one miner node is included. The following steps are then performed:
adaptive selection of miner node M1Calculating β ═ σ λ mod Φ (n)2) And β ∈ T'. Uniform random selectionThe public key PK of the dynamic accumulator is (n, beta), the private key SK is (sigma, lambda, gamma), and P is (PK, SK);
outputting an initial accumulated value v0Auxiliary information acAnd Al=(y1,…,ym) (ii) a Wherein f (x) is (x-1)/n;
will initially accumulate value v0And auxiliary information ac、AlThe related parameters are packaged into blocks to be broadcast to the whole network, other miner nodes and supervision nodes verify that the blocks are attached to the existing block chain, otherwise, the block-out right is continued to the next miner node M2, the whole node group achieves consensus, and initialization is completed;
(2) and (3) certificate generation: after the system is initialized, the accumulated users can calculate corresponding witnesses according to the information disclosed on the block chain, and can also initiate applications to the miners 'nodes, and the miners' nodes sign and issue corresponding witnesses, which comprises the following specific steps:
the miner node or the user queries to obtain the existing auxiliary information ac、AlThe parameter P is (PK, SK), and a set of m elements is randomly selectedAnd (3) calculating:
note Wi=(wi,ti) For user ciThe finding of (i ═ 1, …, m). Will (c)i=h(idi,ADi),Wi=(wi,ti),pki,vi) Quadruplets as users ciThe public key certificate of (1);
(3) and (3) verification: give user ciAnd witness WiAccumulated value v and accumulator public key PK, checking whetherAndif Yes, output Yes, i.e. verify user ciHas indeed been accumulated in v, otherwise No is output;
(4) the new user credentials are registered. New user ci +Submitting its own encrypted identity information ci、idi、ADiAnd the public key pkiInitiating a registration transaction request to a supervisory node, the supervisory node checking cA=h(idA,ADA) And initiating confirmation to the network address, receiving confirmation information, namely performing digital signature on the confirmed transaction after verifying that the transaction is legal, then recording the transaction into an unprocessed transaction Pool, and selecting a certain number of new user certificate registration transactions from the unprocessed transaction Pool by the miner node, and recording as a user set to be addedThen selectAnd collectionsAnd (3) calculating:
let T equal T ∪ T+,Au=Au∪{au},ac=acaumod n2Then a new accumulated value v' and new auxiliary information and new user c are obtainedi +Witness ofThen, similarly to the initialization, the miner nodes pack and broadcast corresponding information, and other miner nodes add new blocks into the block chain; in addition, in practical applications, it is recommended that T 'be a value of T' ═ 216+1,…,n2};
(5) User certificate revocation: pre-revocation of usersPresenting self witnesses W to a supervising nodei=(wi,ti) And signing sigma, initiating an identity revocation transaction request, and after signature verification, also recording the identity revocation transaction request into an unprocessed transaction Pool; the miners node selects a certain amount of user identity revocation transactions from the unprocessed transaction Pool, and records the user identity revocation transactions as a set of users to be revokedFor a user identity revocation transaction, the supervision node firstly verifies the signature sigma to verify that the witness really belongs to the user, and then the step (3) is carried out to verify whether the user identity is accumulated;
let ac=acaumod n2,Au=Au∪{auGet a new accumulated value v', a new auxiliary information acAnd au. Then, similarly to the initialization, the miner nodes pack and broadcast corresponding information, other miner nodes and the supervision node verify that the new blocks are added into the block chain, the certificate revocation affairs are recorded on the chain, and the W is witnessedi=(wi,ti) Fail, i.e. useThe user credential has failed;
(6) and (3) certificate updating: there are two methods for certificate renewal, the first is to renew only witnesses W, which is applicable to users who still use old keys but have a need for certificate renewal; at this time, user c is pre-updatediPresenting self witnesses W to a supervising nodei=(wi,ti) Signing sigma, initiating a certificate update transaction request, and counting the request into an unprocessed transaction Pool after verification; the miners node selects a certain amount of user certificate updating affairs from the unprocessed affair Pool and records the affairs as a user set to be updatedThen calculate w'i=wiaumod n2Get user ciUpdate witness Wi′=(w′i,ti) (ii) a Wherein the user ciWitness of (W)iSecond part t ofiIs generated when the user is added to the accumulator, and tiThe value of (A) remains unchanged, only wiWill change with witness updates and other transactions; thus, tiCan also be used as ciA substitute identifier in the accumulator;
it should be noted that each certificate carries corresponding timestamp and accumulator related information; parameter a whenever a miner performs a certificate registration or deletionuIs updated once and is recorded in the set Au(ii) a When a user initiates a certificate update transaction, miners need to inquire the last certificate update/registration time of the user and find the set A corresponding to the time till nowuElement (1) ofk is the time a between the last certificate update of the user and the certificate update transactionuThe number of changes; computingw′i=wiaumod n2Then it is toNew witness W of useri′=(w′i,ti) (ii) a Therefore, the user certificate updating is independent of the change of the accumulated value v, compared with other PKI systems applying accumulators, the scheme does not need to update the previous updating for all users according to the accumulated value updating every time when the certificate updating transaction is executed once, and the certificate updating efficiency is greatly improved;
the second is certificate update proposed when the user needs to use a new public and private key; user submission ci,Wi=(wi,ti),pki,pki′,ADi,viWherein pki' is a new public key; when the user sends out the request transaction of updating the key, the supervisory node firstly carries out the third step to verify whether the user is registered or not and verify the network address and the user ciThe consistency of (2); then, the latest certificate of the user is searched, and the public keys pk and pk of the certificate are verifiediWhether the public keys are consistent or not is used for preventing an adversary from maliciously updating the user certificate by using the old public key which is leaked by the user before; the miners update the user witness W after the verification is passedi' then packaging the new public key of the user and other information into blocks and broadcasting the blocks, and enabling other nodes to pass verification and uplink;
(7) user/service authentication exchange: service authorization Ticket exchange: user c sends c, service id hoped to access to TGS (Ticket-indexing Servers) Ticket authorization serverVAnd witness WcRequesting a service authorization Ticket SGT (Server-Granting Ticket), and returning a session key K after the miner verifies the Ticketc,VAnd service authorization Ticket TicketV(ii) a The specific description is as follows:
(1)c→Miner:c||Wc||idV||Authenticatorc
(2)Miner→c:c||TicketV||E(pkc,[Kc,V||idV||TS2])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS1])
wherein the AuthenticatorcThe method comprises the steps that a legal authentication bill generated for a user ensures that a bill owner is the same as an owner when the bill is issued to the TGS, and the legal authentication bill can be used only once and has a very short life cycle; TGS according to idcAnd WcQuerying to obtain corresponding pkcDecrypting the authentication ticket; kc,VThe session key is used for ensuring the safe information exchange between the user and the third-party service provider; ADcThe network address is used for preventing the bill from being used on a different workstation when the bill is applied; the Lifetime is used for preventing the bill from being used continuously after being expired; TS is a ticket issuing time stamp;
user/service authentication exchange: user c initiates a service request to a third party service provider and sends a TicketVAnd AuthenticatorcThe third party service provider provides service after verification; the specific description is as follows:
(3)c→V:c||Wc||TicketV||Authenticatorc
(4)V→c:E(Kc,V,[WV||TS3+1])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS3])
if mutual authentication is required, V should send a response message to c according to message (4); it is clear that the message is composed of a session key Kc,VEncryption, capable of ensuring that the message is generated only by V, and at the same time, capable of passing authentication WVAnd realizing the confirmation of the message source.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911014480.6A CN110717760A (en) | 2019-10-24 | 2019-10-24 | One-stop efficient PKI authentication service method based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911014480.6A CN110717760A (en) | 2019-10-24 | 2019-10-24 | One-stop efficient PKI authentication service method based on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110717760A true CN110717760A (en) | 2020-01-21 |
Family
ID=69213196
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911014480.6A Withdrawn CN110717760A (en) | 2019-10-24 | 2019-10-24 | One-stop efficient PKI authentication service method based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110717760A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111654377A (en) * | 2020-05-19 | 2020-09-11 | 鼎链数字科技(深圳)有限公司 | SM 9-based block chain link point admission verification method and system |
CN114826613A (en) * | 2022-04-21 | 2022-07-29 | 微位(深圳)网络科技有限公司 | Block chain-based identity information query method, device, equipment and storage medium |
-
2019
- 2019-10-24 CN CN201911014480.6A patent/CN110717760A/en not_active Withdrawn
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111654377A (en) * | 2020-05-19 | 2020-09-11 | 鼎链数字科技(深圳)有限公司 | SM 9-based block chain link point admission verification method and system |
CN114826613A (en) * | 2022-04-21 | 2022-07-29 | 微位(深圳)网络科技有限公司 | Block chain-based identity information query method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106972931B (en) | Method for transparentizing certificate in PKI | |
CN113194469B (en) | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain | |
CN109981639B (en) | Block chain based distributed trusted network connection method | |
CN111372243A (en) | Safe distributed aggregation and access system and method based on fog alliance chain | |
Ma et al. | Redactable blockchain in decentralized setting | |
CN112784306B (en) | Cross-chain escrow method and system based on key fragmentation and multi-signature | |
CN115378604A (en) | Identity authentication method of edge computing terminal equipment based on credit value mechanism | |
CN113761582A (en) | Group signature based method and system for protecting privacy of block chain transaction under supervision | |
US20230319103A1 (en) | Identifying denial-of-service attacks | |
He et al. | ROAchain: Securing route origin authorization with blockchain for inter-domain routing | |
Wang et al. | Achieving fine-grained and flexible access control on blockchain-based data sharing for the Internet of Things | |
Sang et al. | Pacm: Privacy-preserving authentication scheme with on-chain certificate management for vanets | |
CN110717760A (en) | One-stop efficient PKI authentication service method based on block chain | |
CN113591103B (en) | Identity authentication method and system between intelligent terminals of electric power Internet of things | |
Gao et al. | An efficient certificateless public auditing scheme in cloud storage | |
Xie et al. | Provable secure and lightweight blockchain-based V2I handover authentication and V2V broadcast protocol for VANETs | |
Longo et al. | On the security of the blockchain BIX protocol and certificates | |
Zhou et al. | An efficient identity authentication scheme with dynamic anonymity for VANETs | |
CN112039837B (en) | Electronic evidence preservation method based on block chain and secret sharing | |
Feng et al. | One-stop efficient PKI authentication service model based on blockchain | |
CN114866244B (en) | Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption | |
CN113132094B (en) | Decentralized digital authentication method and system | |
Mei et al. | An authentication and key agreement scheme based on roadside unit cache for VANET | |
Lyu et al. | JRS: A joint regulating scheme for secretly shared content based on blockchain | |
Yu et al. | Blockchain-based distributed identity cryptography key management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200121 |