CN110717760A - One-stop efficient PKI authentication service method based on block chain - Google Patents

One-stop efficient PKI authentication service method based on block chain Download PDF

Info

Publication number
CN110717760A
CN110717760A CN201911014480.6A CN201911014480A CN110717760A CN 110717760 A CN110717760 A CN 110717760A CN 201911014480 A CN201911014480 A CN 201911014480A CN 110717760 A CN110717760 A CN 110717760A
Authority
CN
China
Prior art keywords
user
certificate
node
miner
ticket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201911014480.6A
Other languages
Chinese (zh)
Inventor
冯涛
陈武阳
裴宏梅
方君丽
龚翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lanzhou University of Technology
Original Assignee
Lanzhou University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lanzhou University of Technology filed Critical Lanzhou University of Technology
Priority to CN201911014480.6A priority Critical patent/CN110717760A/en
Publication of CN110717760A publication Critical patent/CN110717760A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/045Payment circuits using payment protocols involving tickets
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Abstract

A one-stop efficient PKI authentication service method based on a block chain is characterized in that a miner node M1 carries out system initialization, corresponding system parameters are generated and published to the whole block chain, a user c initiates certificate registration/updating/revocation transaction to a supervision node, and the supervision node inquires and verifies a transaction initiator and then places qualified transactions into an unprocessed transaction Pool. And the miner node extracts corresponding transactions according to the sequence to finish the block-out operation, and correspondingly realizes the registration, updating or revocation of the user certificate. User c sends service id to miner nodeVAnd witness WcWhen the information is received, the miner node verifies and returns the session key and the service authorization ticket; then the user sends witness and service authorization bill to the third party service provider, namely initiates a service request, the session security between the user and the service provider is ensured by the session key, and the service provider verifiesAnd after the user identity passes the authentication, the user is provided with related services, and the one-stop authentication service is completed.

Description

One-stop efficient PKI authentication service method based on block chain
Technical Field
The invention relates to the technical field of block chain technology and public key identity authentication.
Background
Public Key Infrastructure (PKI) is a universal security Infrastructure that is established using the theory and technology of Public Key cryptosystems to provide information security services, enabling users to conduct communications and e-commerce transactions through a series of trust relationships based on certificates without knowing the identity of the other party or the distribution of the users. As the foundation and core of the current network security construction, PKI is the basic guarantee for the security development of electronic commerce. To ensure secure transmission of information, an effective PKI system must be secure and transparent. But the biggest problem faced by traditional centralized PKI in a distributed environment is the problem that the CA is not trusted, resulting in the identity of the entity being untrusted. The attack of the CA or the issuance of the certificate by the malicious CA brings about a great potential safety hazard to the information system, and a hacker can execute malicious operation by the CA trusted by the attack user so as to realize man-in-the-middle attack, such as the issuance of the user certificate containing false information. The user cannot verify the process of issuing the certificate by the CA, so that the problem of transparency of the certificate exists. In addition, due to the centralized CA management architecture, if a CA fails, the use of all user certificates is affected, and a single point of failure problem exists.
The block chain technology is an integrated application of distributed storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. Through the block chain distributed node verification and consensus mechanism, trust establishment among decentralized system nodes can be achieved, meanwhile, a shared, determined and unchangeable record is provided for a public account book, and data consistency and tampering resistance are guaranteed. Therefore, the block chain technology is used for solving the problems of counterfeiting, centralization, key management, certificate distribution and the like in the traditional identity authentication system, and a new thought is brought to the realization of decentralized PKI.
Disclosure of Invention
The invention aims to provide a block chain-based one-stop efficient PKI authentication service method.
The invention relates to a block chain-based one-stop efficient PKI authentication service method, which comprises the following steps:
(1) initialization: first a group of nodes elects miners' nodes according to a consensus mechanism such as DPOS,the miner node M1 with the highest weight creates a safety parameter n with the length of k-bit and an empty set AuLet us order
Figure BDA0002245240850000021
Setting initial participating member list L ═ { c ═ c1,…,cmAnd M is more than or equal to 1 and less than or equal to M, wherein M is a threshold value, namely at least one miner node is included. The following steps are then performed:
adaptive selection of miner node M1
Figure BDA0002245240850000022
Calculating β ═ σ λ mod Φ (n)2) And β ∈ T'. Uniform random selection
Figure BDA0002245240850000023
The public key PK of the dynamic accumulator is (n, beta), the private key SK is (sigma, lambda, gamma), and P is (PK, SK);
selecting
Figure BDA0002245240850000024
And (3) calculating:
Figure BDA0002245240850000025
Figure BDA0002245240850000026
Figure BDA0002245240850000027
Figure BDA0002245240850000028
outputting an initial accumulated value v0Auxiliary information acAnd Al=(y1,…,ym) (ii) a Wherein f (x) is (x-1)/n;
will initially accumulate value v0And auxiliary information ac、AlEqual-correlation parameter packingThe block is broadcasted to the whole network, other miner nodes and supervision nodes verify that the block is attached to the existing block chain, otherwise, the block-out right is continued to the next miner node M2, the whole node group achieves consensus, and initialization is completed;
(2) and (3) certificate generation: after the system is initialized, the accumulated users can calculate corresponding witnesses according to the information disclosed on the block chain, and can also initiate applications to the miners 'nodes, and the miners' nodes sign and issue corresponding witnesses, which comprises the following specific steps:
the miner node or the user queries to obtain the existing auxiliary information ac、AlThe parameter P is (PK, SK), and a set of m elements is randomly selected
Figure BDA0002245240850000029
And (3) calculating:
Figure BDA00022452408500000210
note Wi=(wi,ti) For user ciThe finding of (i ═ 1, …, m). Will (c)i=h(idi,ADi),Wi=(wi,ti),pki,vi) Quadruplets as users ciThe public key certificate of (1);
(3) and (3) verification: give user ciAnd witness WiAccumulated value v and accumulator public key PK, checking whetherAndif Yes, output Yes, i.e. verify user ciHas indeed been accumulated in v, otherwise No is output;
(4) the new user credentials are registered. New user ci +Submitting its own encrypted identity information ci、idi、ADiAnd the public key pkiInitiating a registration transaction request to a supervisory node, the supervisory node coreTo cA=h(idA,ADA) And initiating confirmation to the network address, receiving confirmation information, namely performing digital signature on the confirmed transaction after verifying that the transaction is legal, then recording the transaction into an unprocessed transaction Pool, and selecting a certain number of new user certificate registration transactions from the unprocessed transaction Pool by the miner node, and recording as a user set to be added
Figure BDA0002245240850000033
Then select
Figure BDA0002245240850000034
And collectionsAnd (3) calculating:
Figure BDA0002245240850000036
Figure BDA0002245240850000037
Figure BDA0002245240850000038
Figure BDA0002245240850000039
Figure BDA00022452408500000310
let T equal T ∪ T+,Au=Au∪{au},ac=acaumodn2Then a new accumulated value v' and new auxiliary information and new user c are obtainedi +Witness of
Figure BDA00022452408500000311
Then, similar to the initialization, the miner node marks corresponding informationBroadcasting the packet, and adding the new block into the block chain by other miner nodes; in addition, in practical applications, it is recommended that T 'be a value of T' ═ 216+1,…,n2};
(5) User certificate revocation: pre-revocation of users
Figure BDA00022452408500000312
Presenting self witnesses W to a supervising nodei=(wi,ti) And signing sigma, initiating an identity revocation transaction request, and after signature verification, also recording the identity revocation transaction request into an unprocessed transaction Pool; the miners node selects a certain amount of user identity revocation transactions from the unprocessed transaction Pool, and records the user identity revocation transactions as a set of users to be revoked
Figure BDA00022452408500000313
For a user identity revocation transaction, the supervision node firstly verifies the signature sigma to verify that the witness really belongs to the user, and then the step (3) is carried out to verify whether the user identity is accumulated;
if yes, selecting
Figure BDA00022452408500000314
And (3) calculating:
Figure BDA0002245240850000041
Figure BDA0002245240850000042
Figure BDA0002245240850000043
let ac=acaumodn2,Au=Au∪{auGet a new accumulated value v', a new auxiliary information acAnd au. Then, similarly to the initialization, the miner nodes pack and broadcast corresponding information, other miner nodes and the supervision node verify that the new blocks are added into the block chain, the certificate revocation affairs are recorded on the chain, and the W is witnessedi=(wi,ti) Expiration, i.e., the user credentials have expired;
(6) and (3) certificate updating: there are two methods for certificate renewal, the first is to renew only witnesses W, which is applicable to users who still use old keys but have a need for certificate renewal; at this time, user c is pre-updatediPresenting self witnesses W to a supervising nodei=(wi,ti) Signing sigma, initiating a certificate update transaction request, and counting the request into an unprocessed transaction Pool after verification; the miners node selects a certain amount of user certificate updating affairs from the unprocessed affair Pool and records the affairs as a user set to be updated
Figure BDA0002245240850000045
Then calculate w'i=wiaumod n2Get user ciIs witnessed W'i=(w′i,ti) (ii) a Wherein the user ciWitness of (W)iSecond part t ofiIs generated when the user is added to the accumulator, and tiThe value of (A) remains unchanged, only wiWill change with witness updates and other transactions; thus, tiCan also be used as ciA substitute identifier in the accumulator;
it should be noted that each certificate carries corresponding timestamp and accumulator related information; parameter a whenever a miner performs a certificate registration or deletionuIs updated once and is recorded in the set Au(ii) a When a user initiates a certificate update transaction, miners need to inquire the last certificate update/registration time of the user and find the set A corresponding to the time till nowuElement (1) of
Figure BDA0002245240850000046
k is the time a between the last certificate update of the user and the certificate update transactionuThe number of changes; computing
Figure BDA0002245240850000047
w′i=wiaumod n2Then the new witness W 'of the user'i=(w′i,ti) (ii) a Therefore, the user certificate updating is independent of the change of the accumulated value v, compared with other PKI systems applying accumulators, the scheme does not need to update the previous updating for all users according to the accumulated value updating every time when the certificate updating transaction is executed once, and the certificate updating efficiency is greatly improved;
the second is certificate update proposed when the user needs to use a new public and private key; user submission ci,Wi=(wi,ti),pki,pk′i,ADi,viOf which is pk'iIs a new public key; when the user sends out the request transaction of updating the key, the supervisory node firstly carries out the third step to verify whether the user is registered or not and verify the network address and the user ciThe consistency of (2); then, the latest certificate of the user is searched, and the public keys pk and pk of the certificate are verifiediWhether the public keys are consistent or not is used for preventing an adversary from maliciously updating the user certificate by using the old public key which is leaked by the user before; the user witness W 'is updated by the miner after the verification is passed'iThen, the new public key of the user and other information are packaged into blocks and then broadcast, and other nodes pass verification and uplink is carried out;
(7) user/service authentication exchange: service authorization Ticket exchange: user c sends c, service id hoped to access to TGS (Ticket-indexing Servers) Ticket authorization serverVAnd witness WcRequesting a service authorization Ticket SGT (Server-Granting Ticket), and returning a session key K after the miner verifies the Ticketc,VAnd service authorization Ticket TicketV(ii) a The specific description is as follows:
(1)c→Miner:c||Wc||idV||Authenticatorc
(2)Miner→c:c||TicketV||E(pkc,[Kc,V||idV||TS2])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS1])
wherein the AuthenticatorcThe method comprises the steps that a legal authentication bill generated for a user ensures that a bill owner is the same as an owner when the bill is issued to the TGS, and the legal authentication bill can be used only once and has a very short life cycle; TGS according to idcAnd WcQuerying to obtain corresponding pkcDecrypting the authentication ticket; kc,VThe session key is used for ensuring the safe information exchange between the user and the third-party service provider; ADcThe network address is used for preventing the bill from being used on a different workstation when the bill is applied; the Lifetime is used for preventing the bill from being used continuously after being expired; TS is a ticket issuing time stamp;
user/service authentication exchange: user c initiates a service request to a third party service provider and sends a TicketVAnd AuthenticatorcThe third party service provider provides service after verification; the specific description is as follows:
(3)c→V:c||Wc||TicketV||Authenticatorc
(4)V→c:E(Kc,V,[WV||TS3+1])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS3])
if mutual authentication is required, V should send a response message to c according to message (4); it is clear that the message is composed of a session key Kc,VEncryption, capable of ensuring that the message is generated only by V, and at the same time, capable of passing authentication WVAnd realizing the confirmation of the message source.
The invention has the advantages that:
(1) defending against selective element attacks by malicious adversaries: the invention can effectively defend against attack of selected elements of malicious enemies. The block chain-based one-stop efficient PKI authentication service method is based on the cryptology difficulty hypothesis es-RSA, is high in safety, and can prevent malicious adversaries from forging certificates, namely forging identities and witnesses.
(2) Resistance to Sybil attack: the Sybil attack refers to an attack that by creating multiple account identities in a malicious node, an adversary can control most of a network with few nodes to realize denial of transaction, forking, double payment and the like. The invention binds the user network address and the user identity, and meanwhile, the addition of the new node needs to be authenticated by the supervision node, so that an adversary cannot create a plurality of identities in one node, and Sybil attack cannot be carried out.
(3) Efficient one-stop authentication services; the invention realizes the high-efficiency updating and revocation of the user certificate by utilizing the block chain technology and the dynamic accumulator, so that the management of the certificate is more convenient and efficient. And further, the efficient one-stop authentication service can be provided for the user and the third-party service provider.
Detailed Description
The invention relates to a block chain-based one-stop efficient PKI authentication service method, which comprises the following steps:
(1) initialization: firstly, a node group elects miner nodes according to a consensus mechanism such as DPOS, and the miner node M1 with the highest weight creates a safety parameter n with the length of k-bit and an empty set AuLet us order
Figure BDA0002245240850000061
Setting initial participating member list L ═ { c ═ c1,...,cmAnd M is more than or equal to 1 and less than or equal to M, wherein M is a threshold value, namely at least one miner node is included. The following steps are then performed:
adaptive selection of miner node M1
Figure BDA0002245240850000062
Calculating β ═ σ λ mod Φ (n)2) And β ∈ T'. Uniform random selection
Figure BDA0002245240850000063
Let public key PK ═ n, β of dynamic accumulator, privateThe key SK ═ (σ, λ, γ), P ═ PK, SK;
selecting
Figure BDA0002245240850000064
And (3) calculating:
Figure BDA0002245240850000071
Figure BDA0002245240850000072
Figure BDA0002245240850000074
outputting an initial accumulated value v0Auxiliary information acAnd Al=(y1,…,ym) (ii) a Wherein f (x) is (x-1)/n;
will initially accumulate value v0And auxiliary information ac、AlThe related parameters are packaged into blocks to be broadcast to the whole network, other miner nodes and supervision nodes verify that the blocks are attached to the existing block chain, otherwise, the block-out right is continued to the next miner node M2, the whole node group achieves consensus, and initialization is completed;
(2) and (3) certificate generation: after the system is initialized, the accumulated users can calculate corresponding witnesses according to the information disclosed on the block chain, and can also initiate applications to the miners 'nodes, and the miners' nodes sign and issue corresponding witnesses, which comprises the following specific steps:
the miner node or the user queries to obtain the existing auxiliary information ac、AlThe parameter P is (PK, SK), and a set of m elements is randomly selected
Figure BDA0002245240850000075
And (3) calculating:
Figure BDA0002245240850000076
note Wi=(wi,ti) For user ciThe finding of (i ═ 1, …, m). Will (c)i=h(idi,ADi),Wi=(wi,ti),pki,vi) Quadruplets as users ciThe public key certificate of (1);
(3) and (3) verification: give user ciAnd witness WiAccumulated value v and accumulator public key PK, checking whether
Figure BDA0002245240850000077
And
Figure BDA0002245240850000078
if Yes, output Yes, i.e. verify user ciHas indeed been accumulated in v, otherwise No is output;
(4) the new user credentials are registered. New user ci +Submitting its own encrypted identity information ci、idi、ADiAnd the public key pkiInitiating a registration transaction request to a supervisory node, the supervisory node checking cA=h(idA,ADA) And initiating confirmation to the network address, receiving confirmation information, namely performing digital signature on the confirmed transaction after verifying that the transaction is legal, then recording the transaction into an unprocessed transaction Pool, and selecting a certain number of new user certificate registration transactions from the unprocessed transaction Pool by the miner node, and recording as a user set to be added
Figure BDA0002245240850000079
Then select
Figure BDA00022452408500000710
And collections
Figure BDA00022452408500000711
And (3) calculating:
Figure BDA0002245240850000082
Figure BDA0002245240850000083
Figure BDA0002245240850000084
Figure BDA0002245240850000085
let T equal T ∪ T+,Au=Au∪{au},ac=acaumodn2Then a new accumulated value v' and new auxiliary information and new user c are obtainedi +Witness of
Figure BDA0002245240850000086
Then, similarly to the initialization, the miner nodes pack and broadcast corresponding information, and other miner nodes add new blocks into the block chain; in addition, in practical applications, it is recommended that T 'be a value of T' ═ 216+1,…,n2};
(5) User certificate revocation: pre-revocation of users
Figure BDA0002245240850000087
Presenting self witnesses W to a supervising nodei=(wi,ti) And signing sigma, initiating an identity revocation transaction request, and after signature verification, also recording the identity revocation transaction request into an unprocessed transaction Pool; the miners node selects a certain amount of user identity revocation transactions from the unprocessed transaction Pool, and records the user identity revocation transactions as a set of users to be revokedFor a user identity revocation transaction, the supervisory node first verifies the signatureSigma, verifying that the witness really belongs to the user, and then carrying out the step (3) to verify whether the user identity is accumulated;
if yes, selectingAnd (3) calculating:
Figure BDA00022452408500000811
Figure BDA00022452408500000812
let ac=acaumodn2,Au=Au∪{auGet a new accumulated value v', a new auxiliary information acAnd au. Then, similarly to the initialization, the miner nodes pack and broadcast corresponding information, other miner nodes and the supervision node verify that the new blocks are added into the block chain, the certificate revocation affairs are recorded on the chain, and the W is witnessedi=(wi,ti) Expiration, i.e., the user credentials have expired;
(6) and (3) certificate updating: there are two methods for certificate renewal, the first is to renew only witnesses W, which is applicable to users who still use old keys but have a need for certificate renewal; at this time, user c is pre-updatediPresenting self witnesses W to a supervising nodei=(wi,ti) Signing sigma, initiating a certificate update transaction request, and counting the request into an unprocessed transaction Pool after verification; the miners node selects a certain amount of user certificate updating affairs from the unprocessed affair Pool and records the affairs as a user set to be updated
Figure BDA0002245240850000093
Then calculate w'i=wiaumod n2Get user ciIs witnessed W'i=(w′i,ti) (ii) a Wherein the user ciWitness of (W)iSecond part t ofiIs generated when the user is added to the accumulator, and tiThe value of (A) remains unchanged, only wiWill change with witness updates and other transactions; thus, tiCan also be used as ciA substitute identifier in the accumulator;
it should be noted that each certificate carries corresponding timestamp and accumulator related information; parameter a whenever a miner performs a certificate registration or deletionuIs updated once and is recorded in the set Au(ii) a When a user initiates a certificate update transaction, miners need to inquire the last certificate update/registration time of the user and find the set A corresponding to the time till nowuElement (1) of
Figure BDA0002245240850000091
k is the time a between the last certificate update of the user and the certificate update transactionuThe number of changes; computingw′i=wiaumod n2Then the new witness W 'of the user'i=(w′i,ti) (ii) a Therefore, the user certificate updating is independent of the change of the accumulated value v, compared with other PKI systems applying accumulators, the scheme does not need to update the previous updating for all users according to the accumulated value updating every time when the certificate updating transaction is executed once, and the certificate updating efficiency is greatly improved;
the second is certificate update proposed when the user needs to use a new public and private key; user submission ci,Wi=(wi,ti),pki,pk′i,ADi,viOf which is pk'iIs newA public key; when the user sends out the request transaction of updating the key, the supervisory node firstly carries out the third step to verify whether the user is registered or not and verify the network address and the user ciThe consistency of (2); then, the latest certificate of the user is searched, and the public keys pk and pk of the certificate are verifiediWhether the public keys are consistent or not is used for preventing an adversary from maliciously updating the user certificate by using the old public key which is leaked by the user before; the user witness W 'is updated by the miner after the verification is passed'iThen, the new public key of the user and other information are packaged into blocks and then broadcast, and other nodes pass verification and uplink is carried out;
(7) user/service authentication exchange: service authorization Ticket exchange: user c sends c, service id hoped to access to TGS (Ticket-indexing Servers) Ticket authorization serverVAnd witness WcRequesting a service authorization Ticket SGT (Server-Granting Ticket), and returning a session key K after the miner verifies the Ticketc,VAnd service authorization Ticket TicketV(ii) a The specific description is as follows:
(1)c→Miner:c||Wc||idV||Authenticatorc
(2)Miner→c:c||TicketV||E(pkc,[Kc,V||idV||TS2])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS1])
wherein the AuthenticatorcThe method comprises the steps that a legal authentication bill generated for a user ensures that a bill owner is the same as an owner when the bill is issued to the TGS, and the legal authentication bill can be used only once and has a very short life cycle; TGS according to idcAnd WcQuerying to obtain corresponding pkcDecrypting the authentication ticket; kc,VThe session key is used for ensuring the safe information exchange between the user and the third-party service provider; ADcThe network address is used for preventing the bill from being used on a different workstation when the bill is applied; the Lifetime is used for preventing the bill from being used continuously after being expired; TS is a ticket issuing time stamp; user/service authenticationExchange of certificates: user c initiates a service request to a third party service provider and sends a TicketVAnd AuthenticatorcThe third party service provider provides service after verification; the specific description is as follows:
(3)c→V:c||Wc||TicketV||Authenticatorc
(4)V→c:E(Kc,V,[WV||TS3+1])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS3])
if mutual authentication is required, V should send a response message to c according to message (4); it is clear that the message is composed of a session key Kc,VEncryption, capable of ensuring that the message is generated only by V, and at the same time, capable of passing authentication WVAnd realizing the confirmation of the message source.
Description of the symbols:
Wcwitness to witness
c: user' s
σ: signature
Kc,V: session key
v: accumulated value
idV: service ID ADc: network address
TS time stamp for issuing bill
Life time: preventing the bill from being used after being expired
Authenticatorc: user generated legality authentication ticket
TicketV: service authorization ticket
PK: accumulator public key
SK: private key
ac: additional messages
The following examples are used to further develop the invention.
The invention relates to a block chain-based one-stop efficient PKI authentication service method, which comprises the following specific implementation mode that firstly, a miner node initializes (k, M, L) → (P, a) a systemc,v0,AlThen, the new user initiates registration, the supervision node checks the registration transaction, the supervision node selects some transaction things from the pool through post-placement in the pool, and the miner node runs corresponding registration updating or revocation algorithm to complete registration of the user certificate (c)i +,idi,ADi,pki)→(au,ac,v′,Wi +) Update (c)i,Wi,σ)→(Wi') undo transaction (c)i -,Wi -,σ)→(au,acV'), the user may then initiate a corresponding authentication or service request (c, W)c,idV,Authenticatorc)→(Kc,V,TicketV) The service request is to request the miner node to obtain a service authorization ticket and a session key, and then the service request is initiated to a third-party service provider by using the session key and the service authorization ticket, and the third-party authentication passes the provision of the corresponding service.

Claims (1)

1. A block chain-based one-stop efficient PKI authentication service method is characterized by comprising the following steps:
(1) initialization: firstly, a node group elects miner nodes according to a consensus mechanism such as DPOS, and the miner node M1 with the highest weight creates a safety parameter n with the length of k-bit and an empty set AuLet us orderT′={3,…,n2And setting an initial participating member list L ═ c1,...,cmAnd M is more than or equal to 1 and less than or equal to M, wherein M is a threshold value, namely at least one miner node is included. The following steps are then performed:
adaptive selection of miner node M1
Figure FDA0002245240840000012
Calculating β ═ σ λ mod Φ (n)2) And β ∈ T'. Uniform random selection
Figure FDA0002245240840000013
The public key PK of the dynamic accumulator is (n, beta), the private key SK is (sigma, lambda, gamma), and P is (PK, SK);
selecting
Figure FDA0002245240840000014
And (3) calculating:
Figure FDA0002245240840000015
Figure FDA0002245240840000016
Figure FDA0002245240840000018
outputting an initial accumulated value v0Auxiliary information acAnd Al=(y1,…,ym) (ii) a Wherein f (x) is (x-1)/n;
will initially accumulate value v0And auxiliary information ac、AlThe related parameters are packaged into blocks to be broadcast to the whole network, other miner nodes and supervision nodes verify that the blocks are attached to the existing block chain, otherwise, the block-out right is continued to the next miner node M2, the whole node group achieves consensus, and initialization is completed;
(2) and (3) certificate generation: after the system is initialized, the accumulated users can calculate corresponding witnesses according to the information disclosed on the block chain, and can also initiate applications to the miners 'nodes, and the miners' nodes sign and issue corresponding witnesses, which comprises the following specific steps:
the miner node or the user queries to obtain the existing auxiliary information ac、AlThe parameter P is (PK, SK), and a set of m elements is randomly selectedAnd (3) calculating:
Figure FDA00022452408400000110
note Wi=(wi,ti) For user ciThe finding of (i ═ 1, …, m). Will (c)i=h(idi,ADi),Wi=(wi,ti),pki,vi) Quadruplets as users ciThe public key certificate of (1);
(3) and (3) verification: give user ciAnd witness WiAccumulated value v and accumulator public key PK, checking whether
Figure FDA0002245240840000021
And
Figure FDA0002245240840000022
if Yes, output Yes, i.e. verify user ciHas indeed been accumulated in v, otherwise No is output;
(4) the new user credentials are registered. New user ci +Submitting its own encrypted identity information ci、idi、ADiAnd the public key pkiInitiating a registration transaction request to a supervisory node, the supervisory node checking cA=h(idA,ADA) And initiating confirmation to the network address, receiving confirmation information, namely performing digital signature on the confirmed transaction after verifying that the transaction is legal, then recording the transaction into an unprocessed transaction Pool, and selecting a certain number of new user certificate registration transactions from the unprocessed transaction Pool by the miner node, and recording as a user set to be addedThen select
Figure FDA0002245240840000024
And collectionsAnd (3) calculating:
Figure FDA0002245240840000026
Figure FDA0002245240840000027
Figure FDA0002245240840000028
Figure FDA0002245240840000029
Figure FDA00022452408400000210
let T equal T ∪ T+,Au=Au∪{au},ac=acaumod n2Then a new accumulated value v' and new auxiliary information and new user c are obtainedi +Witness of
Figure FDA00022452408400000211
Then, similarly to the initialization, the miner nodes pack and broadcast corresponding information, and other miner nodes add new blocks into the block chain; in addition, in practical applications, it is recommended that T 'be a value of T' ═ 216+1,…,n2};
(5) User certificate revocation: pre-revocation of users
Figure FDA00022452408400000212
Presenting self witnesses W to a supervising nodei=(wi,ti) And signing sigma, initiating an identity revocation transaction request, and after signature verification, also recording the identity revocation transaction request into an unprocessed transaction Pool; the miners node selects a certain amount of user identity revocation transactions from the unprocessed transaction Pool, and records the user identity revocation transactions as a set of users to be revoked
Figure FDA00022452408400000213
For a user identity revocation transaction, the supervision node firstly verifies the signature sigma to verify that the witness really belongs to the user, and then the step (3) is carried out to verify whether the user identity is accumulated;
if yes, selecting
Figure FDA0002245240840000031
And (3) calculating:
Figure FDA0002245240840000032
Figure FDA0002245240840000033
Figure FDA0002245240840000035
let ac=acaumod n2,Au=Au∪{auGet a new accumulated value v', a new auxiliary information acAnd au. Then, similarly to the initialization, the miner nodes pack and broadcast corresponding information, other miner nodes and the supervision node verify that the new blocks are added into the block chain, the certificate revocation affairs are recorded on the chain, and the W is witnessedi=(wi,ti) Fail, i.e. useThe user credential has failed;
(6) and (3) certificate updating: there are two methods for certificate renewal, the first is to renew only witnesses W, which is applicable to users who still use old keys but have a need for certificate renewal; at this time, user c is pre-updatediPresenting self witnesses W to a supervising nodei=(wi,ti) Signing sigma, initiating a certificate update transaction request, and counting the request into an unprocessed transaction Pool after verification; the miners node selects a certain amount of user certificate updating affairs from the unprocessed affair Pool and records the affairs as a user set to be updated
Figure FDA0002245240840000036
Then calculate w'i=wiaumod n2Get user ciUpdate witness Wi′=(w′i,ti) (ii) a Wherein the user ciWitness of (W)iSecond part t ofiIs generated when the user is added to the accumulator, and tiThe value of (A) remains unchanged, only wiWill change with witness updates and other transactions; thus, tiCan also be used as ciA substitute identifier in the accumulator;
it should be noted that each certificate carries corresponding timestamp and accumulator related information; parameter a whenever a miner performs a certificate registration or deletionuIs updated once and is recorded in the set Au(ii) a When a user initiates a certificate update transaction, miners need to inquire the last certificate update/registration time of the user and find the set A corresponding to the time till nowuElement (1) of
Figure FDA0002245240840000037
k is the time a between the last certificate update of the user and the certificate update transactionuThe number of changes; computing
Figure FDA0002245240840000038
w′i=wiaumod n2Then it is toNew witness W of useri′=(w′i,ti) (ii) a Therefore, the user certificate updating is independent of the change of the accumulated value v, compared with other PKI systems applying accumulators, the scheme does not need to update the previous updating for all users according to the accumulated value updating every time when the certificate updating transaction is executed once, and the certificate updating efficiency is greatly improved;
the second is certificate update proposed when the user needs to use a new public and private key; user submission ci,Wi=(wi,ti),pki,pki′,ADi,viWherein pki' is a new public key; when the user sends out the request transaction of updating the key, the supervisory node firstly carries out the third step to verify whether the user is registered or not and verify the network address and the user ciThe consistency of (2); then, the latest certificate of the user is searched, and the public keys pk and pk of the certificate are verifiediWhether the public keys are consistent or not is used for preventing an adversary from maliciously updating the user certificate by using the old public key which is leaked by the user before; the miners update the user witness W after the verification is passedi' then packaging the new public key of the user and other information into blocks and broadcasting the blocks, and enabling other nodes to pass verification and uplink;
(7) user/service authentication exchange: service authorization Ticket exchange: user c sends c, service id hoped to access to TGS (Ticket-indexing Servers) Ticket authorization serverVAnd witness WcRequesting a service authorization Ticket SGT (Server-Granting Ticket), and returning a session key K after the miner verifies the Ticketc,VAnd service authorization Ticket TicketV(ii) a The specific description is as follows:
(1)c→Miner:c||Wc||idV||Authenticatorc
(2)Miner→c:c||TicketV||E(pkc,[Kc,V||idV||TS2])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS1])
wherein the AuthenticatorcThe method comprises the steps that a legal authentication bill generated for a user ensures that a bill owner is the same as an owner when the bill is issued to the TGS, and the legal authentication bill can be used only once and has a very short life cycle; TGS according to idcAnd WcQuerying to obtain corresponding pkcDecrypting the authentication ticket; kc,VThe session key is used for ensuring the safe information exchange between the user and the third-party service provider; ADcThe network address is used for preventing the bill from being used on a different workstation when the bill is applied; the Lifetime is used for preventing the bill from being used continuously after being expired; TS is a ticket issuing time stamp;
user/service authentication exchange: user c initiates a service request to a third party service provider and sends a TicketVAnd AuthenticatorcThe third party service provider provides service after verification; the specific description is as follows:
(3)c→V:c||Wc||TicketV||Authenticatorc
(4)V→c:E(Kc,V,[WV||TS3+1])
TicketV=E(pkV,[Kc,V||idc||ADc||TS2||Lifetime])
Authenticatorc=E(skc,[ADc||TS3])
if mutual authentication is required, V should send a response message to c according to message (4); it is clear that the message is composed of a session key Kc,VEncryption, capable of ensuring that the message is generated only by V, and at the same time, capable of passing authentication WVAnd realizing the confirmation of the message source.
CN201911014480.6A 2019-10-24 2019-10-24 One-stop efficient PKI authentication service method based on block chain Withdrawn CN110717760A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911014480.6A CN110717760A (en) 2019-10-24 2019-10-24 One-stop efficient PKI authentication service method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911014480.6A CN110717760A (en) 2019-10-24 2019-10-24 One-stop efficient PKI authentication service method based on block chain

Publications (1)

Publication Number Publication Date
CN110717760A true CN110717760A (en) 2020-01-21

Family

ID=69213196

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911014480.6A Withdrawn CN110717760A (en) 2019-10-24 2019-10-24 One-stop efficient PKI authentication service method based on block chain

Country Status (1)

Country Link
CN (1) CN110717760A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111654377A (en) * 2020-05-19 2020-09-11 鼎链数字科技(深圳)有限公司 SM 9-based block chain link point admission verification method and system
CN114826613A (en) * 2022-04-21 2022-07-29 微位(深圳)网络科技有限公司 Block chain-based identity information query method, device, equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111654377A (en) * 2020-05-19 2020-09-11 鼎链数字科技(深圳)有限公司 SM 9-based block chain link point admission verification method and system
CN114826613A (en) * 2022-04-21 2022-07-29 微位(深圳)网络科技有限公司 Block chain-based identity information query method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN106972931B (en) Method for transparentizing certificate in PKI
CN113194469B (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
CN109981639B (en) Block chain based distributed trusted network connection method
CN111372243A (en) Safe distributed aggregation and access system and method based on fog alliance chain
Ma et al. Redactable blockchain in decentralized setting
CN112784306B (en) Cross-chain escrow method and system based on key fragmentation and multi-signature
CN115378604A (en) Identity authentication method of edge computing terminal equipment based on credit value mechanism
CN113761582A (en) Group signature based method and system for protecting privacy of block chain transaction under supervision
US20230319103A1 (en) Identifying denial-of-service attacks
He et al. ROAchain: Securing route origin authorization with blockchain for inter-domain routing
Wang et al. Achieving fine-grained and flexible access control on blockchain-based data sharing for the Internet of Things
Sang et al. Pacm: Privacy-preserving authentication scheme with on-chain certificate management for vanets
CN110717760A (en) One-stop efficient PKI authentication service method based on block chain
CN113591103B (en) Identity authentication method and system between intelligent terminals of electric power Internet of things
Gao et al. An efficient certificateless public auditing scheme in cloud storage
Xie et al. Provable secure and lightweight blockchain-based V2I handover authentication and V2V broadcast protocol for VANETs
Longo et al. On the security of the blockchain BIX protocol and certificates
Zhou et al. An efficient identity authentication scheme with dynamic anonymity for VANETs
CN112039837B (en) Electronic evidence preservation method based on block chain and secret sharing
Feng et al. One-stop efficient PKI authentication service model based on blockchain
CN114866244B (en) Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption
CN113132094B (en) Decentralized digital authentication method and system
Mei et al. An authentication and key agreement scheme based on roadside unit cache for VANET
Lyu et al. JRS: A joint regulating scheme for secretly shared content based on blockchain
Yu et al. Blockchain-based distributed identity cryptography key management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200121