CN111090840B - Method for user service authentication by using block chain pre-registration information - Google Patents

Method for user service authentication by using block chain pre-registration information Download PDF

Info

Publication number
CN111090840B
CN111090840B CN201911120862.7A CN201911120862A CN111090840B CN 111090840 B CN111090840 B CN 111090840B CN 201911120862 A CN201911120862 A CN 201911120862A CN 111090840 B CN111090840 B CN 111090840B
Authority
CN
China
Prior art keywords
user
service
authentication
algorithm
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911120862.7A
Other languages
Chinese (zh)
Other versions
CN111090840A (en
Inventor
黄步添
陈建海
刘振广
周伟华
林昶廷
杨正清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Yunxiang Network Technology Co Ltd
Original Assignee
Hangzhou Yunxiang Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Yunxiang Network Technology Co Ltd filed Critical Hangzhou Yunxiang Network Technology Co Ltd
Priority to CN201911120862.7A priority Critical patent/CN111090840B/en
Publication of CN111090840A publication Critical patent/CN111090840A/en
Application granted granted Critical
Publication of CN111090840B publication Critical patent/CN111090840B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a method for carrying out user service authentication by using block chain pre-registration information. Through the unique system structure and the design of the verification algorithm, the authentication information registered on the block chain can be used for carrying out identity verification on the user for multiple times without the identity verification information of the user, meanwhile, a safe pseudo-random function is embedded into the verification algorithm, the system can be prevented from being attacked by cheating, and the efficiency and the safety of service authentication can be effectively improved.

Description

Method for user service authentication by using block chain pre-registration information
Technical Field
The present invention relates to a service authentication method, and more particularly, to a method for performing service authentication using blockchain pre-registration information.
Background
The information physical system is a next generation intelligent system integrating calculation, communication and control, and can combine calculation, network and physical processes together, i.e. the network collects and calculates the information fed back by the physical process controlled by the network, and the physical process receives the control and supervision of the network. With the development of cyber-physical systems, there is a trend to promote product evolution. In the context of the ongoing development of cyber-physical systems, analyzing real-world data accumulated in cyberspace can improve the efficiency and productivity of various social systems, however, cyber-physical systems require a large amount of real-space data for good analysis.
Therefore, internet of things devices are attracting attention. As the internet of things industry develops, the number of internet of things devices is increasing, and it is expected that these devices will collect more data. By providing internet of things services to the whole society, large data can be obtained, but it is difficult to provide services by an independent organization. In contrast, if different organizations collaborate, a large amount of data is collected. Another important aspect is that from a security point of view, after data is sent from the internet of things device to the database in the cloud, there is a risk of data tampering.
A blockchain is a distributed ledger technique. In essence, a blockchain is a system that registers information, such as transactions, in a ledger, called a blockchain, whose transparency is maintained through sharing among all system participating nodes. When a new block is generated, all participating nodes verify the generated new block through a consensus mechanism (such as workload certification, rights and interests certification, a practical Byzantine algorithm and the like) to execute consistency construction. For the above reasons, it is difficult to rewrite data registered on the block chain.
By registering data from internet of things devices on the same blockchain platform, secure data sharing may be achieved between multiple organizations. Further, to trust data, a service may wish to authenticate a user providing the data and confirm the owner of the internet of things device. Generally, when a service authenticates a user, a server needs to store authentication information to be authenticated. If the authentication-related data is registered on the blockchain, the verification data is not required for each service. Currently, scholars propose a system architecture including authentication using a blockchain, however, specific authentication algorithms, verification algorithms and authentication information executed on the blockchain are not provided in the design schemes of the system proposed so far, and the system application has certain limitations.
In order to solve the above problems, the present invention designs a specific verification algorithm and proposes a new scheme for performing service authentication by using block chain pre-registration information, and the new scheme includes two important features: firstly, the authentication service does not need the authentication information of the user, and secondly, the authentication service can repeatedly verify the identity of the user.
Disclosure of Invention
In order to solve the above problems, the present invention provides a method for performing service authentication by using block chain pre-registration information, and simultaneously considers a system pre-planning stage and a real-time control stage to obtain an optimal operation strategy of the system.
The technical scheme of the invention comprises the following steps:
(1) and constructing an authentication service system framework comprising the user terminal, the server and the block chain.
(2) And designing an embedded algorithm of the authentication service system.
(3) And verifying the correctness of the authentication scheme through mathematical operation.
(4) The security of the authentication scheme is ensured by using the security of the pseudorandom function, and the deception attack is avoided.
The construction of the authentication service system framework including the user terminal, the server and the block chain in the step 1) is as follows:
the system framework comprises a user terminal, a server and a block chain, and the respective roles and roles of the user terminal, the server and the block chain are as follows:
the user: registers its own authentication information on the blockchain and has a secure and private communication link to the service.
A server: the user requesting authentication is authenticated. Authentication is performed using registration information on the blockchain and confidential information sent by the user. The service uses only this information to authenticate the applicable user.
Block chains: the contract is generated correctly.
The system scheme is characterized in that: (1) the service does not require authentication information of the user. (2) The service may authenticate the user multiple times.
The service flow for constructing the authentication service system framework including the user terminal, the server and the block chain in the step 1) is as follows:
there are a total of 7 traffic flows between the user terminal, the server and the blockchain. The service flow 1 is that a user registers personal information on a block chain; the service flow 2 is to request the server to perform identity authentication when the user needs to use the corresponding service; service flow 3 is that the server requires the user to submit a piece of encrypted information for user authentication; the service flow 4 is that the user submits a piece of encrypted information to the server for authentication; service flow 5 is that the server challenges the block chain for the validity of the user identity; traffic flow 6 is the response of the blockchain answer server; the service flow 7 is corresponding to the authentication of the user identity by the server, and provides corresponding service if the authentication is successful, and does not provide service if the authentication is failed.
The step 2) is to design an embedded algorithm of the authentication service system, which specifically comprises the following steps:
six algorithms are designed in the scheme of the authentication system to support the system to complete the authentication service, which are called as Setup, GenTag, Challenge, GenPublicProfo, GenPrivaProof, and VerifyProof algorithms respectively. Wherein, the Setup algorithm is used for generating a secret key by a user; the GenTag algorithm is used for partitioning a given file in blocks; the Challenge algorithm is used for determining the number of file blocks and generating two random values; the role of the GenPublicProof algorithm is to perform a defined calculation for the block chain when a challenge from the service is received; the function of the GenPrivateProof is that a user can send confidential information to a service through the GenPrivateProof, so as to avoid cheating attacks initiated by adversaries obtaining the confidential information; the verifyprofo algorithm performs a defined computation upon receiving a response from a challenge.
The logic method for designing the Setup algorithm in the step 2) comprises the following steps:
Figure GDA0002417888660000031
wherein k represents a secret key,
Figure GDA0002417888660000032
representing a finite multiplicative group of order q, the process of the Setup algorithm is to randomly select an element from the finite multiplicative group of order q as a key.
The logic method for designing the GenTag algorithm in the step 2) comprises the following steps:
1) dividing a complete file F into F 1 ~F m Sub-files, F 1 ~F m The sub-files are sequentially connected end to form a complete file F;
2) subfile F 1 Continue to divide into i,1 ~s i,n Sub-segments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F 1
3) A user executing the GenTag algorithm may divide a complete document F into F 1 ~F m Sub-file, will F 1 ~F m The sub-files are connected end to end in sequence to form a complete file F, and the sub-files can be connected by utilizing the Gentag algorithm againF 1 Continue to divide into i,1 ~s i,n Sub-fragments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F 1 It can be expressed as:
GenTag(F)=F 1 ||F 2 ||…||F m ||
GenTag(F i )=s i,1 ||s i,2 ||…||s i,n ||
wherein, | | represents that two file heads and tails are connected with each other.
4) Next, the user generates the flag τ of the file F, and calculates the tag Ti of the subfile Fi:
τ ═ ID | | m | | | n, where m represents the number of subfiles, n is a selected random value, and ID is the subfile identifier.
Selecting
Figure GDA0002417888660000033
g id =δ k (ID),T i The generation method comprises the following steps:
Figure GDA0002417888660000034
wherein, delta is a pseudo-random function,
Figure GDA0002417888660000041
h is a hash function of the data to be stored,
Figure GDA0002417888660000042
after the file label is obtained through calculation, the user sends a data packet consisting of the flag bit tau, the file F and the label T thereof<τ,F,T>Registered on a block chain, wherein T ═ { T ═ T 1 ,T 2 ,…,T m }。
The logic method for designing the Challenge algorithm in the step 2) comprises the following steps:
selecting a number c (1. ltoreq. c. ltoreq.m) representing the number of blocks determined by the service; randomly selecting two elements from a finite multiplicative group of order q as a key,
Figure GDA0002417888660000043
the number of blocks c and the key k 1 、k 2 The data packet (c, k) formed 1 ,k 2 >And sending the block chain.
The logic method for designing the GenPublicProfof algorithm in the step 2) comprises the following steps:
when challenged from an authentication service, the blockchain performs the following calculations:
for 1 ≦ t ≦ c, (c represents the number of blocks, i.e., the following calculation is performed in all blocks)
Figure GDA0002417888660000044
Permuting the function for a pseudo-random permutation; phi (-) is a pseudo-random computational function;
Figure GDA0002417888660000045
for 1. ltoreq. t.ltoreq.n, (n is the random number chosen in the GenTag algorithm, i.e. the following calculation is performed in case 1. ltoreq. t.ltoreq.n is satisfied)
Figure GDA0002417888660000046
(
Figure GDA0002417888660000047
Is the l-th of file F t J sub-segment in the sub-file)
The block chain forms the sigma and the rho into a data packet (sigma, rho)>Sending to the service, where ρ ═ { ρ } 12 ,…,ρ n }。
The GenPrivatetProof algorithm designed in the step 2) is as follows:
user will encrypt information < r 1 ,r 2 ,…,r n },g id >The encrypted information is sent to the service in an encrypted communication mode, so that the encrypted information is prevented from being obtained by a competitor and being subjected to deception attack.
The logic method for designing the VerifyProof algorithm in the step 2) comprises the following steps:
upon receiving a response according to the challenge, the service performs the following calculation:
for 1 ≦ t ≦ c, (c represents the number of blocks, i.e., the following calculation is performed in all blocks)
Figure GDA0002417888660000048
Permuting the function for a pseudo-random permutation; phi (-) is a pseudo-random computational function;
Figure GDA0002417888660000049
is a hash function.
When sigma is formed, the user passes the authentication, the service sends 'success' to the user, otherwise, the user authentication fails, and the service sends 'failure' to the user.
In the authentication algorithm, k needs to be selected without repetition 1 ,k 2 And c, the fulfillment service may perform a user challenge using the information corresponding to the challenge
Figure GDA0002417888660000051
Sub-authentication (
Figure GDA0002417888660000052
Is an euler function).
The correctness of the authentication scheme is verified through mathematical operation in the step 3), specifically, the following method is adopted to perform matching judgment of the signature and the ciphertext:
the service calculates σ as follows, and in contrast to σ' returned by the blockchain in the verifyprofof algorithm, it can be seen that as long as the blockchain correctly generates the signature ρ j The user gives the correct ciphertext r j The user passes the verification, which proves the correctness of the service authentication method by using the block chain pre-registration information.
Figure GDA0002417888660000053
In the step 4), the security of the authentication scheme is ensured by using the security of the pseudorandom function, so as to avoid spoofing attack, and the implementation method comprises the following steps:
assuming a context of the launch of a spoofing attack: the information registered on the blockchain is (F, T), and the adversary attempts to retrieve the secret information from (F, T) to verify the secret information sent by the user<{r 1 ,…,r n },g id >. Wherein T is the label of the file F and consists of random values r and s, s is the file F, the identification code ID and g id A part of (a). From the GenTag algorithm, it can be known that the generation method of the tag T of the file F is as follows:
Figure GDA0002417888660000054
it can be seen that (r) is j ·s i,j +H(ID||g id I) s) in (ii), s i,j Is a random value r j And (4) covering. H (ID | | g) id I) is ID, g id I hash value. Since the ID is obtained from τ and i is the index number, the adversary can obtain these values. However, g id Is the output of a pseudorandom function entered as the key k and ID, so if the pseudorandom function is secure, the adversary cannot obtain g id . Thus, the adversary cannot acquire H (ID | g) due to the use of the cryptographic hash function id I), therefore, (r) j ·s i,j +H(ID||g id I)) appears to an adversary as a random number at T i In (g) id Quilt (r) j ·s i,j +H(ID||g id I)) is masked. Adversary can not pass through T i Backtracking
Figure GDA0002417888660000061
For the above reasons, an adversary cannot obtain confidential information from the network for verification<{r 1 ,…,r n },g id >It is not possible to launch spoofing attacks on the inventive solution. Thus, on block chainsThe registered user authentication information is secure and the service can authenticate the user using it. Thus, when a service wants to authenticate a user, the service does not need the user's authentication information.
The invention has the beneficial effects that:
the invention can use the authentication information registered on the block chain to carry out identity authentication on the user for many times without the user identity authentication information, and meanwhile, the embedded safe pseudo-random function in the authentication algorithm can avoid the system from being attacked by deception and can effectively improve the efficiency and the safety of service authentication.
Drawings
FIG. 1 is a system model of the present invention
FIG. 2 is a flow chart of implementation of the scheme of the present invention
Detailed Description
The invention is described in further detail below with reference to the figures and the embodiments.
The specific embodiment of the invention is as follows:
firstly, an authentication service system framework comprising a user terminal, a server and a block chain is constructed, wherein the service flow comprises the following steps:
as shown in the system model of fig. 1, there are a total of 7 traffic flows between the user terminal, the server and the blockchain. The service flow 1 is that a user registers personal information on a block chain; the service flow 2 is to request the server to perform identity authentication when the user needs to use the corresponding service; service flow 3 is that the server requires the user to submit a piece of encrypted information for user authentication; the service flow 4 is that the user submits a piece of encrypted information to the server for authentication; service flow 5 is that the server challenges the block chain for the validity of the user identity; traffic flow 6 is the response of the blockchain answer server; the service flow 7 is corresponding to the authentication of the user identity by the server, and provides corresponding service if the authentication is successful, and does not provide service if the authentication is failed.
In this embodiment, a local area network including 7 PCs is used to verify the feasibility and effectiveness of the present invention, and the types of PCs used are: daire (DELL), 3667-R1838/R2848 commercial desktop computer complete machine, i5-6400 CPU, 8G memory. Wherein, 5 PCs (sequentially marked as L1, L2, L3, L4, L5) act as an information pre-registration system, and commonly maintain a block chain containing the user pre-registration information, and the system adopts a simple common identification mechanism, when 3 or more than 3 PCs agree to the user pre-registration, the pre-registration information of the user can be written into the block chain. 1 PC plays the role of a user node, which is marked as U1; the other 1 PC acts as a server providing a specific service to the user, denoted S1.
Secondly, designing an embedded algorithm of the authentication service system, which specifically comprises the following steps:
as shown in the flowchart of fig. 2, six algorithms are designed in the scheme of the authentication system to support the system to complete the authentication service, which are respectively called Setup, GenTag, Challenge, GenPublicProof, GenPrivateProof, and VerifyProof algorithms.
Wherein, the Setup algorithm is used for generating a secret key by a user; the mathematical description of the Setup algorithm is:
Figure GDA0002417888660000071
wherein k represents a secret key,
Figure GDA0002417888660000072
representing a finite multiplicative group of order q, the process of the Setup algorithm is to randomly select an element from the finite multiplicative group of order q as a key.
The step 2) designs an embedded algorithm of the authentication service system, and the mathematical description of the GenTag algorithm is as follows:
GenTag(F)=F 1 ||F 2 ||…||F m ||
GenTag(F i )=s i,1 ||s i,2 ||…||s i,n ||
wherein, | | represents the connection of two files, and a complete file F can be divided into F by the Gentag algorithm 1 ~F m Sub-file, will F 1 ~F m The sub-files are connected end to end in sequence to form a complete file F, and Genta is utilized againThe g algorithm may also be used to convert subfile F to subfile F 1 Continue to divide into i,1 ~s i,n Sub-segments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F 1 . Next, the user generates τ, selects n random values, and calculates F i Tag T of i
τ ═ ID | | | m | | | n, where ID is an identifier.
Selecting
Figure GDA0002417888660000073
g id =δ k (ID),T i The generation method comprises the following steps:
Figure GDA0002417888660000074
wherein, delta is a pseudo-random function,
Figure GDA0002417888660000075
h is a hash function of the data to be stored,
Figure GDA0002417888660000076
the user will<τ,F,T>Registered on a block chain, wherein T ═ { T ═ T 1 ,T 2 ,…,T m }。
The GenTag algorithm is used for partitioning a given file in blocks; the Gentag algorithm may also be used to sub-file F 1 Continue to divide into i,1 ~s i,n Sub-segments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F 1 . Next, the user generates τ, selects n random values, and calculates F i Tag T of i
τ ═ ID | | | m | | | n, where ID is an identifier.
Selecting
Figure GDA0002417888660000077
g id =δ k (ID),T i The generation method comprises the following steps:
Figure GDA0002417888660000081
wherein, delta is a pseudo-random function,
Figure GDA0002417888660000082
h is a hash function of the data to be stored,
Figure GDA0002417888660000083
the user will<τ,F,T>Registered on the block chain, wherein T ═ T { [ T ] 1 ,T 2 ,…,T m }。
The Challenge algorithm is used for determining the number of file blocks and generating two random values; the mathematical description is as follows:
selecting a number c (c is more than or equal to 1 and less than or equal to m), and calculating
Figure GDA0002417888660000084
Will be provided with<c,k 1 ,k 2 >And sending the block chain.
The role of the GenPublicProof algorithm is that the blockchain performs defined computations when challenged from the service; the mathematical description is as follows:
when challenged from an authentication service, the blockchain performs the following calculations:
for 1. ltoreq. t. ltoreq.c,
Figure GDA0002417888660000085
Figure GDA0002417888660000086
for t ≦ 1 ≦ n,
Figure GDA0002417888660000087
block chainWill be provided with<σ,ρ>Sending to the service, where ρ ═ { ρ } 12 ,…,ρ n }。
The function of GenPrivateProof is that the user will encrypt information<{r 1 ,r 2 ,…,r n },g id >And sending to a service, if the encrypted information is obtained by a competitor, the encrypted information is possibly subjected to a spoofing attack, and therefore the encrypted information of the user should be transmitted in an encrypted communication mode.
The verifyprofo algorithm, upon receiving a response to a challenge, the service performs a defined calculation whose mathematical description is:
upon receiving a response according to the challenge, the service performs the following calculation:
for 1. ltoreq. t. ltoreq.c,
Figure GDA0002417888660000088
Figure GDA0002417888660000089
if sigma is true, the user passes the authentication, the service sends 'success' to the user, otherwise, the user authentication fails, and the service sends 'failure' to the user.
In the authentication algorithm, the same challenge should not be sent. Therefore, in the challenge algorithm of the present invention, k needs to be chosen without repetition 1 ,k 2 And c. In this way, the service can perform a challenge to the user using information corresponding to the challenge
Figure GDA0002417888660000091
Sub-authentication (
Figure GDA0002417888660000092
Is an euler function).
The correctness of the authentication scheme is verified through mathematical operation in the step 3), and the specific calculation method comprises the following steps:
Figure GDA0002417888660000093
it can be seen that if the blockchain correctly generates the signature, the user gives the correct ciphertext, the user is authenticated.
The registration information on the blockchain is open to all the participating nodes and is difficult to tamper. Therefore, unless the secret information to be authenticated can be reconstructed from the information registered on the blockchain, the authenticated user is a legitimate user. To verify the security of the inventive scheme, an adversary model of the following conditions is assumed:
(1) the user is not registered on the blockchain, but attempts to authenticate.
(2) Attempt to retrieve confidential information to be verified from the information registered on the blockchain.
And finally, the security of the authentication scheme is ensured by utilizing the security of the pseudorandom function, the deception attack is avoided, and the principle is as follows:
the information registered on the blockchain is (F, T). The adversary attempts to retrieve confidential information from (F, T) for verification<{r 1 ,…,r n },g id >. T is a label for F, consisting of random values r and s, where s is F, an identifier ID and g id A part of (a).
Figure GDA0002417888660000094
In (r) j ·s i,j +H(ID||g id I) s) in (ii), s i,j Is a random value r j And (4) covering. H (ID | | g) id I) is ID, g id I hash value. Since the ID is obtained from τ and i is the index number, the adversary can obtain these values. However, g id Is the output of a pseudorandom function entered as the key k and ID, so if the pseudorandom function is secure, the adversary cannot obtain g id . In this way, an adversary cannot acquire H (ID | | | g) due to the use of the cryptographic hash function id I), therefore, (r) j ·s i,j +H(ID||g id | i)) in an opponentIt appears as a random number at T i In (g) id Quilt (r) j ·s i,j +H(ID||g id I)) is masked. Adversary can not pass through T i Backtracking
Figure GDA0002417888660000102
For the above reasons, an adversary cannot obtain confidential information from the network for verification<{r 1 ,…,r n },g id >It is not possible to launch a spoofing attack on the inventive scheme.
In the embodiment, the pseudo-random function (i.e., δ (-)) is implemented by a Mattset rotation algorithm, which comprises the following three steps:
(1) initializing n states: according to a given seed point x 0 Generating subsequent n-1 states x by shifting, XOR, multiplication, addition, etc 1 To x n-1
(2) Generating a pseudo-random number: and generating a random number by shifting, AND, XOR operation according to the current state.
(3) Updating n states: after each n random numbers are generated, the state is updated before the next random number is generated.
The execution code that may be referenced is:
Figure GDA0002417888660000101
Figure GDA0002417888660000111
first, a method feasibility experiment was performed. The specific experimental groups are as follows:
group 1: u1 registers identity information on the blockchain and gets a pass. The U1 requests a service from S1.
Group 2: the U1 registers identity information on the blockchain and does not get a pass (pull out 3 or more PC network cables from L1 to L5). The U1 requests a service from S1.
Group 3: the U1 does not perform the Setup algorithm. The U1 requests a service from S1.
Group 4: the U1 does not implement the GenTag algorithm. The U1 requests a service from S1.
Group 5: u1 does not execute the GenPrivateProof algorithm. The U1 requests a service from S1.
Group 6: s1 does not perform the challenge algorithm. The U1 requests service from S1.
Group 7: the blockchain does not implement the GenPublicProof algorithm. The U1 requests a service from S1.
Group 8: s1 does not perform the verifyprofof algorithm. The U1 requests a service from S1.
The results and analysis are shown in table 1.
TABLE 1 analysis of feasibility test results and reasons for the methods
Figure GDA0002417888660000112
Figure GDA0002417888660000121
Secondly, a method safety experiment was performed:
group 9: a pseudo-random function based on a Matteset rotation algorithm is selected, a system network is good, U1 registers identity information on a block chain in advance, and Setup, GenTag, GenPrivate proof, challenge, GenPublic proof and Verifyproof algorithms are strictly executed by U1, S1 and L1-L5. Attempting to acquire and tamper with g id A spoofing attack is performed.
Group 10: selecting a pseudo-random function (delta (-)) with poor safety based on a linear congruence method for comparison, wherein the principle is that a recursion relation X is utilized n+1 =(aX n + c) modm to generate a random number sequence. The parameters a-11, c-0, m-8, X may be chosen 0 When the random function is the least secure, a simple repeating sequence of m, n, m. The system network is good, the U1 registers identity information on the block chain, and the U1, S1 and L1 to L5 strictly execute Setup, Gentag, GenPrivateProof, challenge, GenPublicProfof, VerifyProof algorithms. Due to poor security of the existing congruence method, g is tried to be obtained and tampered id A spoofing attack is performed.
The results and analysis are shown in Table 2.
TABLE 2 method safety test results and reason analysis
Figure GDA0002417888660000122
The foregoing detailed description is intended to illustrate and not limit the invention, which is intended to be within the spirit and scope of the appended claims, and any changes and modifications that fall within the true spirit and scope of the invention are intended to be covered by the following claims.

Claims (4)

1. A method for user service authentication using blockchain pre-registration information, comprising the steps of:
(1) constructing an authentication service system framework comprising a user terminal, a server and a block chain;
(2) the embedded algorithm of the design authentication service system comprises Setup, GenTag, Challenge, GenPublicProfo, GenPrivaProof and VerifyProof algorithms to support the system to complete the authentication service; the design authentication service system is specifically as follows:
3.1 the Setup algorithm is used for generating a secret key by a user, and the logical method of the Setup algorithm is as follows:
Figure FDA0003681583890000011
wherein k represents a secret key,
Figure FDA0003681583890000012
representing a finite multiplicative group of q orders, wherein the process of the Setup algorithm is to randomly select an element from the finite multiplicative group of q orders as a secret key;
3.2 the GenTag Algorithm, the logical approach of which is:
1) execution of GenTag Algorithm divides an entire document F into F 1 ~F m Sub-files, F 1 ~F m The sub-files are sequentially connected end to form a complete file F;
2) subfile F is again transformed using Gentag algorithm i Continue to divide into i,1 ~s i,n Sub-segments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F i (ii) a Expressed as:
GenTag(F)=F 1 ||F 2 ||…||F m ||
GenTag(F i )=s i,1 ||s i,2 ||…||s i,n ||
wherein, | | represents that the two file heads and tails are connected with each other;
3) next, the user generates the flag bit tau of the file F, calculates the label Ti of the subfile Fi, and after the file label is obtained through calculation, the user combines the flag bit tau, the file F and the label T to form a data packet<τ,F,T>Registered on a block chain, wherein T ═ { T ═ T 1 ,T 2 ,…,T m };
3.3, the Challenge algorithm is used for determining the number of blocks and generating two random values, and the logic method of the Challenge algorithm is as follows: selecting a number c (1. ltoreq. c. ltoreq.m) as a block amount indicating the number of blocks determined by the service; randomly selecting two elements from a finite multiplicative group of order q as a key,
Figure FDA0003681583890000021
the block number c and the key k 1 、k 2 The formed data packet<c,k 1 ,k 2 >Sending the block chain to a block chain;
3.4 the role of the GenPublicProof algorithm, whose logical approach is:
1) when challenged from an authentication service, for a chunk quantity t satisfying 1 ≦ t ≦ c, the following calculation is performed in all chunks:
Figure FDA0003681583890000022
pi (-) is a pseudorandomArranging a permutation function; phi (-) is a pseudo-random computational function; wherein the blockchain returns the value to the server
Figure FDA0003681583890000023
2) For 1 ≦ t ≦ n, where n is the random number chosen in the GenTag algorithm, i.e., the following calculation is performed if 1 ≦ t ≦ n:
another value returned by the blockchain to the service
Figure FDA0003681583890000024
Wherein
Figure FDA0003681583890000025
Is the l-th of file F t The jth sub-segment in the sub-file;
3) the block chain forms sigma and rho into a data packet<σ,ρ>Sending to the service, where ρ ═ { ρ ═ 12 ,…,ρ n };
3.5 the GenPrivateProof algorithm is: the user will encrypt the information<{r 1 ,r 2 ,…,r n },g id >Sending to the service in encrypted communication, preventing the encrypted information from being obtained by a competitor and from being subjected to a spoofing attack, wherein g id The method is the output of a pseudorandom function with the input of a secret key k and an ID, wherein the encrypted information is the user input information encrypted by the pseudorandom function, the security of an authentication scheme is ensured, the deception attack is avoided, and the encrypted information sent by a user<{r 1 ,…,r n },g id >To the chain; adding a label T to registration information F on a block chain, wherein the label T consists of random values r and s, and s is a file F, an identification code ID and g id Part of (1), blocking backtracking of the corresponding g by tag T id The safety of the pseudo-random function is ensured;
3.6 VerifyProof Algorithm, upon receiving a response according to a challenge, the service performs a defined computation, the logical method of which is:
upon receiving a response to the challenge, for 1 ≦ t ≦ c, in all chunksThe following calculations are performed:
Figure FDA0003681583890000031
pi (·) is a pseudo-randomly permutated function; phi (-) is a pseudo-random computational function;
Figure FDA0003681583890000032
wherein ID is subfile identification code, H (-) is a hash function;
when sigma is formed, the user passes the authentication, the service sends 'success' to the user, otherwise, the user authentication fails, and the service sends 'failure' to the user.
2. The method for performing user service authentication by using block chain pre-registration information according to claim 1, wherein the system framework constructed in step (1) specifically comprises:
the system comprises a user terminal, a server and a triangular flat system structure of a block chain, wherein the triangular flat system structure comprises 7 service flows, and the service flow 1 is that a user registers personal information on the block chain; the service flow 2 is to request the server to perform identity authentication when the user needs to use the corresponding service; service flow 3 is that the server requires the user to submit a piece of encrypted information for user authentication; the service flow 4 is that the user submits a piece of encrypted information to the server for authentication; service flow 5 is that the server challenges the block chain for the validity of the user identity; traffic flow 6 is the response of the blockchain answer server; the service flow 7 is the response of the server to the user identity authentication, if the authentication is successful, the corresponding service is provided, and if the authentication is failed, the service is not provided.
3. The method of claim 1 for user service authentication using blockchain pre-registration information, wherein: in the verifyprofo algorithm in step 3.6, the key k needs to be selected without repetition 1 ,k 2 And a block amount c, enabling the service to perform on the user using the information corresponding to the challenge
Figure FDA0003681583890000033
Sub-identity authentication (
Figure FDA0003681583890000034
Is an euler function) where q is the order of a finite multiplicative group and m is the number of subfiles.
4. The method for authenticating the user service by using the block chain pre-registration information according to claim 1, wherein the correctness of the authentication scheme is verified by performing matching judgment of a signature and a ciphertext through mathematical operation, and the specific steps are as follows:
and deducing the value sigma returned to the server by the block chain according to the generated signature and the ciphertext provided by the user, and comparing the value sigma 'returned by the block chain in the VerifyProof algorithm, when the block chain generates the signature correctly and the user provides correct ciphertext when the result sigma is equal to sigma'.
CN201911120862.7A 2019-11-15 2019-11-15 Method for user service authentication by using block chain pre-registration information Active CN111090840B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911120862.7A CN111090840B (en) 2019-11-15 2019-11-15 Method for user service authentication by using block chain pre-registration information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911120862.7A CN111090840B (en) 2019-11-15 2019-11-15 Method for user service authentication by using block chain pre-registration information

Publications (2)

Publication Number Publication Date
CN111090840A CN111090840A (en) 2020-05-01
CN111090840B true CN111090840B (en) 2022-09-13

Family

ID=70393590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911120862.7A Active CN111090840B (en) 2019-11-15 2019-11-15 Method for user service authentication by using block chain pre-registration information

Country Status (1)

Country Link
CN (1) CN111090840B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114070586A (en) * 2021-10-19 2022-02-18 中诚区块链研究院(南京)有限公司 Cooperative working method of block chain and Internet of things

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106790311A (en) * 2017-03-31 2017-05-31 青岛大学 Cloud Server stores integrality detection method and system
US10397328B2 (en) * 2017-05-17 2019-08-27 Nec Corporation Method and system for providing a robust blockchain with an integrated proof of storage
CN108809996B (en) * 2018-06-15 2021-02-12 青岛大学 Integrity auditing method for duplicate deletion stored data with different popularity
CN109889497B (en) * 2019-01-15 2021-09-07 南京邮电大学 Distrust-removing data integrity verification method
CN110225012B (en) * 2019-05-30 2021-09-24 电子科技大学 Method for checking and updating ownership of outsourced data based on alliance chain

Also Published As

Publication number Publication date
CN111090840A (en) 2020-05-01

Similar Documents

Publication Publication Date Title
EP3563553B1 (en) Method for signing a new block in a decentralized blockchain consensus network
KR102409819B1 (en) Distributed transaction propagation and verification system
CN111914027B (en) Block chain transaction keyword searchable encryption method and system
Wei et al. Security and privacy for storage and computation in cloud computing
CN110741600A (en) Computer-implemented system and method for providing a decentralized protocol to retrieve encrypted assets
CN110830244B (en) Anti-quantum computing Internet of vehicles method and system based on identity secret sharing and alliance chain
CN112565264B (en) Cloud storage data integrity detection method based on block chain
Zhao et al. Distributed machine learning oriented data integrity verification scheme in cloud computing environment
Guo et al. Dynamic proof of data possession and replication with tree sharing and batch verification in the cloud
El Kassem et al. More efficient, provably-secure direct anonymous attestation from lattices
Yu et al. Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof
Yu et al. An efficient revocable and searchable MA-ABE scheme with blockchain assistance for C-IoT
Xue et al. Blockchain-based fair and fine-grained data trading with privacy preservation
Xu et al. Secure fuzzy identity-based public verification for cloud storage
Wu et al. Privacy-enhanced remote data integrity checking with updatable timestamp
Dolev et al. SodsBC: a post-quantum by design asynchronous blockchain framework
Sun et al. Public data integrity auditing without homomorphic authenticators from indistinguishability obfuscation
Yan et al. Blockchain-based verifiable and dynamic multi-keyword ranked searchable encryption scheme in cloud computing
CN111090840B (en) Method for user service authentication by using block chain pre-registration information
Turesson et al. Privacy preserving data mining as proof of useful work: Exploring an AI/Blockchain design
Sakho et al. Privacy protection issues in blockchain technology
CN112887281B (en) Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application
Wang et al. Enabling Integrity and Compliance Auditing in Blockchain-based GDPR-compliant Data Management
Song et al. Enabling Transparent Deduplication and Auditing for Encrypted Data in Cloud
Zhang et al. Blockchain-based Dynamic Time-encapsulated Data Auditing for Outsourcing Storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant