CN111090840B - Method for user service authentication by using block chain pre-registration information - Google Patents
Method for user service authentication by using block chain pre-registration information Download PDFInfo
- Publication number
- CN111090840B CN111090840B CN201911120862.7A CN201911120862A CN111090840B CN 111090840 B CN111090840 B CN 111090840B CN 201911120862 A CN201911120862 A CN 201911120862A CN 111090840 B CN111090840 B CN 111090840B
- Authority
- CN
- China
- Prior art keywords
- user
- service
- authentication
- algorithm
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Collating Specific Patterns (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a method for carrying out user service authentication by using block chain pre-registration information. Through the unique system structure and the design of the verification algorithm, the authentication information registered on the block chain can be used for carrying out identity verification on the user for multiple times without the identity verification information of the user, meanwhile, a safe pseudo-random function is embedded into the verification algorithm, the system can be prevented from being attacked by cheating, and the efficiency and the safety of service authentication can be effectively improved.
Description
Technical Field
The present invention relates to a service authentication method, and more particularly, to a method for performing service authentication using blockchain pre-registration information.
Background
The information physical system is a next generation intelligent system integrating calculation, communication and control, and can combine calculation, network and physical processes together, i.e. the network collects and calculates the information fed back by the physical process controlled by the network, and the physical process receives the control and supervision of the network. With the development of cyber-physical systems, there is a trend to promote product evolution. In the context of the ongoing development of cyber-physical systems, analyzing real-world data accumulated in cyberspace can improve the efficiency and productivity of various social systems, however, cyber-physical systems require a large amount of real-space data for good analysis.
Therefore, internet of things devices are attracting attention. As the internet of things industry develops, the number of internet of things devices is increasing, and it is expected that these devices will collect more data. By providing internet of things services to the whole society, large data can be obtained, but it is difficult to provide services by an independent organization. In contrast, if different organizations collaborate, a large amount of data is collected. Another important aspect is that from a security point of view, after data is sent from the internet of things device to the database in the cloud, there is a risk of data tampering.
A blockchain is a distributed ledger technique. In essence, a blockchain is a system that registers information, such as transactions, in a ledger, called a blockchain, whose transparency is maintained through sharing among all system participating nodes. When a new block is generated, all participating nodes verify the generated new block through a consensus mechanism (such as workload certification, rights and interests certification, a practical Byzantine algorithm and the like) to execute consistency construction. For the above reasons, it is difficult to rewrite data registered on the block chain.
By registering data from internet of things devices on the same blockchain platform, secure data sharing may be achieved between multiple organizations. Further, to trust data, a service may wish to authenticate a user providing the data and confirm the owner of the internet of things device. Generally, when a service authenticates a user, a server needs to store authentication information to be authenticated. If the authentication-related data is registered on the blockchain, the verification data is not required for each service. Currently, scholars propose a system architecture including authentication using a blockchain, however, specific authentication algorithms, verification algorithms and authentication information executed on the blockchain are not provided in the design schemes of the system proposed so far, and the system application has certain limitations.
In order to solve the above problems, the present invention designs a specific verification algorithm and proposes a new scheme for performing service authentication by using block chain pre-registration information, and the new scheme includes two important features: firstly, the authentication service does not need the authentication information of the user, and secondly, the authentication service can repeatedly verify the identity of the user.
Disclosure of Invention
In order to solve the above problems, the present invention provides a method for performing service authentication by using block chain pre-registration information, and simultaneously considers a system pre-planning stage and a real-time control stage to obtain an optimal operation strategy of the system.
The technical scheme of the invention comprises the following steps:
(1) and constructing an authentication service system framework comprising the user terminal, the server and the block chain.
(2) And designing an embedded algorithm of the authentication service system.
(3) And verifying the correctness of the authentication scheme through mathematical operation.
(4) The security of the authentication scheme is ensured by using the security of the pseudorandom function, and the deception attack is avoided.
The construction of the authentication service system framework including the user terminal, the server and the block chain in the step 1) is as follows:
the system framework comprises a user terminal, a server and a block chain, and the respective roles and roles of the user terminal, the server and the block chain are as follows:
the user: registers its own authentication information on the blockchain and has a secure and private communication link to the service.
A server: the user requesting authentication is authenticated. Authentication is performed using registration information on the blockchain and confidential information sent by the user. The service uses only this information to authenticate the applicable user.
Block chains: the contract is generated correctly.
The system scheme is characterized in that: (1) the service does not require authentication information of the user. (2) The service may authenticate the user multiple times.
The service flow for constructing the authentication service system framework including the user terminal, the server and the block chain in the step 1) is as follows:
there are a total of 7 traffic flows between the user terminal, the server and the blockchain. The service flow 1 is that a user registers personal information on a block chain; the service flow 2 is to request the server to perform identity authentication when the user needs to use the corresponding service; service flow 3 is that the server requires the user to submit a piece of encrypted information for user authentication; the service flow 4 is that the user submits a piece of encrypted information to the server for authentication; service flow 5 is that the server challenges the block chain for the validity of the user identity; traffic flow 6 is the response of the blockchain answer server; the service flow 7 is corresponding to the authentication of the user identity by the server, and provides corresponding service if the authentication is successful, and does not provide service if the authentication is failed.
The step 2) is to design an embedded algorithm of the authentication service system, which specifically comprises the following steps:
six algorithms are designed in the scheme of the authentication system to support the system to complete the authentication service, which are called as Setup, GenTag, Challenge, GenPublicProfo, GenPrivaProof, and VerifyProof algorithms respectively. Wherein, the Setup algorithm is used for generating a secret key by a user; the GenTag algorithm is used for partitioning a given file in blocks; the Challenge algorithm is used for determining the number of file blocks and generating two random values; the role of the GenPublicProof algorithm is to perform a defined calculation for the block chain when a challenge from the service is received; the function of the GenPrivateProof is that a user can send confidential information to a service through the GenPrivateProof, so as to avoid cheating attacks initiated by adversaries obtaining the confidential information; the verifyprofo algorithm performs a defined computation upon receiving a response from a challenge.
The logic method for designing the Setup algorithm in the step 2) comprises the following steps:
wherein k represents a secret key,representing a finite multiplicative group of order q, the process of the Setup algorithm is to randomly select an element from the finite multiplicative group of order q as a key.
The logic method for designing the GenTag algorithm in the step 2) comprises the following steps:
1) dividing a complete file F into F 1 ~F m Sub-files, F 1 ~F m The sub-files are sequentially connected end to form a complete file F;
2) subfile F 1 Continue to divide into i,1 ~s i,n Sub-segments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F 1 ;
3) A user executing the GenTag algorithm may divide a complete document F into F 1 ~F m Sub-file, will F 1 ~F m The sub-files are connected end to end in sequence to form a complete file F, and the sub-files can be connected by utilizing the Gentag algorithm againF 1 Continue to divide into i,1 ~s i,n Sub-fragments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F 1 It can be expressed as:
GenTag(F)=F 1 ||F 2 ||…||F m ||
GenTag(F i )=s i,1 ||s i,2 ||…||s i,n ||
wherein, | | represents that two file heads and tails are connected with each other.
4) Next, the user generates the flag τ of the file F, and calculates the tag Ti of the subfile Fi:
τ ═ ID | | m | | | n, where m represents the number of subfiles, n is a selected random value, and ID is the subfile identifier.
after the file label is obtained through calculation, the user sends a data packet consisting of the flag bit tau, the file F and the label T thereof<τ,F,T>Registered on a block chain, wherein T ═ { T ═ T 1 ,T 2 ,…,T m }。
The logic method for designing the Challenge algorithm in the step 2) comprises the following steps:
selecting a number c (1. ltoreq. c. ltoreq.m) representing the number of blocks determined by the service; randomly selecting two elements from a finite multiplicative group of order q as a key,the number of blocks c and the key k 1 、k 2 The data packet (c, k) formed 1 ,k 2 >And sending the block chain.
The logic method for designing the GenPublicProfof algorithm in the step 2) comprises the following steps:
when challenged from an authentication service, the blockchain performs the following calculations:
for 1 ≦ t ≦ c, (c represents the number of blocks, i.e., the following calculation is performed in all blocks)
Permuting the function for a pseudo-random permutation; phi (-) is a pseudo-random computational function;
for 1. ltoreq. t.ltoreq.n, (n is the random number chosen in the GenTag algorithm, i.e. the following calculation is performed in case 1. ltoreq. t.ltoreq.n is satisfied)
The block chain forms the sigma and the rho into a data packet (sigma, rho)>Sending to the service, where ρ ═ { ρ } 1 ,ρ 2 ,…,ρ n }。
The GenPrivatetProof algorithm designed in the step 2) is as follows:
user will encrypt information < r 1 ,r 2 ,…,r n },g id >The encrypted information is sent to the service in an encrypted communication mode, so that the encrypted information is prevented from being obtained by a competitor and being subjected to deception attack.
The logic method for designing the VerifyProof algorithm in the step 2) comprises the following steps:
upon receiving a response according to the challenge, the service performs the following calculation:
for 1 ≦ t ≦ c, (c represents the number of blocks, i.e., the following calculation is performed in all blocks)
Permuting the function for a pseudo-random permutation; phi (-) is a pseudo-random computational function;
When sigma is formed, the user passes the authentication, the service sends 'success' to the user, otherwise, the user authentication fails, and the service sends 'failure' to the user.
In the authentication algorithm, k needs to be selected without repetition 1 ,k 2 And c, the fulfillment service may perform a user challenge using the information corresponding to the challengeSub-authentication (Is an euler function).
The correctness of the authentication scheme is verified through mathematical operation in the step 3), specifically, the following method is adopted to perform matching judgment of the signature and the ciphertext:
the service calculates σ as follows, and in contrast to σ' returned by the blockchain in the verifyprofof algorithm, it can be seen that as long as the blockchain correctly generates the signature ρ j The user gives the correct ciphertext r j The user passes the verification, which proves the correctness of the service authentication method by using the block chain pre-registration information.
In the step 4), the security of the authentication scheme is ensured by using the security of the pseudorandom function, so as to avoid spoofing attack, and the implementation method comprises the following steps:
assuming a context of the launch of a spoofing attack: the information registered on the blockchain is (F, T), and the adversary attempts to retrieve the secret information from (F, T) to verify the secret information sent by the user<{r 1 ,…,r n },g id >. Wherein T is the label of the file F and consists of random values r and s, s is the file F, the identification code ID and g id A part of (a). From the GenTag algorithm, it can be known that the generation method of the tag T of the file F is as follows:
it can be seen that (r) is j ·s i,j +H(ID||g id I) s) in (ii), s i,j Is a random value r j And (4) covering. H (ID | | g) id I) is ID, g id I hash value. Since the ID is obtained from τ and i is the index number, the adversary can obtain these values. However, g id Is the output of a pseudorandom function entered as the key k and ID, so if the pseudorandom function is secure, the adversary cannot obtain g id . Thus, the adversary cannot acquire H (ID | g) due to the use of the cryptographic hash function id I), therefore, (r) j ·s i,j +H(ID||g id I)) appears to an adversary as a random number at T i In (g) id Quilt (r) j ·s i,j +H(ID||g id I)) is masked. Adversary can not pass through T i BacktrackingFor the above reasons, an adversary cannot obtain confidential information from the network for verification<{r 1 ,…,r n },g id >It is not possible to launch spoofing attacks on the inventive solution. Thus, on block chainsThe registered user authentication information is secure and the service can authenticate the user using it. Thus, when a service wants to authenticate a user, the service does not need the user's authentication information.
The invention has the beneficial effects that:
the invention can use the authentication information registered on the block chain to carry out identity authentication on the user for many times without the user identity authentication information, and meanwhile, the embedded safe pseudo-random function in the authentication algorithm can avoid the system from being attacked by deception and can effectively improve the efficiency and the safety of service authentication.
Drawings
FIG. 1 is a system model of the present invention
FIG. 2 is a flow chart of implementation of the scheme of the present invention
Detailed Description
The invention is described in further detail below with reference to the figures and the embodiments.
The specific embodiment of the invention is as follows:
firstly, an authentication service system framework comprising a user terminal, a server and a block chain is constructed, wherein the service flow comprises the following steps:
as shown in the system model of fig. 1, there are a total of 7 traffic flows between the user terminal, the server and the blockchain. The service flow 1 is that a user registers personal information on a block chain; the service flow 2 is to request the server to perform identity authentication when the user needs to use the corresponding service; service flow 3 is that the server requires the user to submit a piece of encrypted information for user authentication; the service flow 4 is that the user submits a piece of encrypted information to the server for authentication; service flow 5 is that the server challenges the block chain for the validity of the user identity; traffic flow 6 is the response of the blockchain answer server; the service flow 7 is corresponding to the authentication of the user identity by the server, and provides corresponding service if the authentication is successful, and does not provide service if the authentication is failed.
In this embodiment, a local area network including 7 PCs is used to verify the feasibility and effectiveness of the present invention, and the types of PCs used are: daire (DELL), 3667-R1838/R2848 commercial desktop computer complete machine, i5-6400 CPU, 8G memory. Wherein, 5 PCs (sequentially marked as L1, L2, L3, L4, L5) act as an information pre-registration system, and commonly maintain a block chain containing the user pre-registration information, and the system adopts a simple common identification mechanism, when 3 or more than 3 PCs agree to the user pre-registration, the pre-registration information of the user can be written into the block chain. 1 PC plays the role of a user node, which is marked as U1; the other 1 PC acts as a server providing a specific service to the user, denoted S1.
Secondly, designing an embedded algorithm of the authentication service system, which specifically comprises the following steps:
as shown in the flowchart of fig. 2, six algorithms are designed in the scheme of the authentication system to support the system to complete the authentication service, which are respectively called Setup, GenTag, Challenge, GenPublicProof, GenPrivateProof, and VerifyProof algorithms.
Wherein, the Setup algorithm is used for generating a secret key by a user; the mathematical description of the Setup algorithm is:
wherein k represents a secret key,representing a finite multiplicative group of order q, the process of the Setup algorithm is to randomly select an element from the finite multiplicative group of order q as a key.
The step 2) designs an embedded algorithm of the authentication service system, and the mathematical description of the GenTag algorithm is as follows:
GenTag(F)=F 1 ||F 2 ||…||F m ||
GenTag(F i )=s i,1 ||s i,2 ||…||s i,n ||
wherein, | | represents the connection of two files, and a complete file F can be divided into F by the Gentag algorithm 1 ~F m Sub-file, will F 1 ~F m The sub-files are connected end to end in sequence to form a complete file F, and Genta is utilized againThe g algorithm may also be used to convert subfile F to subfile F 1 Continue to divide into i,1 ~s i,n Sub-segments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F 1 . Next, the user generates τ, selects n random values, and calculates F i Tag T of i :
τ ═ ID | | | m | | | n, where ID is an identifier.
the user will<τ,F,T>Registered on a block chain, wherein T ═ { T ═ T 1 ,T 2 ,…,T m }。
The GenTag algorithm is used for partitioning a given file in blocks; the Gentag algorithm may also be used to sub-file F 1 Continue to divide into i,1 ~s i,n Sub-segments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F 1 . Next, the user generates τ, selects n random values, and calculates F i Tag T of i :
τ ═ ID | | | m | | | n, where ID is an identifier.
the user will<τ,F,T>Registered on the block chain, wherein T ═ T { [ T ] 1 ,T 2 ,…,T m }。
The Challenge algorithm is used for determining the number of file blocks and generating two random values; the mathematical description is as follows:
selecting a number c (c is more than or equal to 1 and less than or equal to m), and calculatingWill be provided with<c,k 1 ,k 2 >And sending the block chain.
The role of the GenPublicProof algorithm is that the blockchain performs defined computations when challenged from the service; the mathematical description is as follows:
when challenged from an authentication service, the blockchain performs the following calculations:
for 1. ltoreq. t. ltoreq.c,
for t ≦ 1 ≦ n,
block chainWill be provided with<σ,ρ>Sending to the service, where ρ ═ { ρ } 1 ,ρ 2 ,…,ρ n }。
The function of GenPrivateProof is that the user will encrypt information<{r 1 ,r 2 ,…,r n },g id >And sending to a service, if the encrypted information is obtained by a competitor, the encrypted information is possibly subjected to a spoofing attack, and therefore the encrypted information of the user should be transmitted in an encrypted communication mode.
The verifyprofo algorithm, upon receiving a response to a challenge, the service performs a defined calculation whose mathematical description is:
upon receiving a response according to the challenge, the service performs the following calculation:
for 1. ltoreq. t. ltoreq.c,
if sigma is true, the user passes the authentication, the service sends 'success' to the user, otherwise, the user authentication fails, and the service sends 'failure' to the user.
In the authentication algorithm, the same challenge should not be sent. Therefore, in the challenge algorithm of the present invention, k needs to be chosen without repetition 1 ,k 2 And c. In this way, the service can perform a challenge to the user using information corresponding to the challengeSub-authentication (Is an euler function).
The correctness of the authentication scheme is verified through mathematical operation in the step 3), and the specific calculation method comprises the following steps:
it can be seen that if the blockchain correctly generates the signature, the user gives the correct ciphertext, the user is authenticated.
The registration information on the blockchain is open to all the participating nodes and is difficult to tamper. Therefore, unless the secret information to be authenticated can be reconstructed from the information registered on the blockchain, the authenticated user is a legitimate user. To verify the security of the inventive scheme, an adversary model of the following conditions is assumed:
(1) the user is not registered on the blockchain, but attempts to authenticate.
(2) Attempt to retrieve confidential information to be verified from the information registered on the blockchain.
And finally, the security of the authentication scheme is ensured by utilizing the security of the pseudorandom function, the deception attack is avoided, and the principle is as follows:
the information registered on the blockchain is (F, T). The adversary attempts to retrieve confidential information from (F, T) for verification<{r 1 ,…,r n },g id >. T is a label for F, consisting of random values r and s, where s is F, an identifier ID and g id A part of (a).
In (r) j ·s i,j +H(ID||g id I) s) in (ii), s i,j Is a random value r j And (4) covering. H (ID | | g) id I) is ID, g id I hash value. Since the ID is obtained from τ and i is the index number, the adversary can obtain these values. However, g id Is the output of a pseudorandom function entered as the key k and ID, so if the pseudorandom function is secure, the adversary cannot obtain g id . In this way, an adversary cannot acquire H (ID | | | g) due to the use of the cryptographic hash function id I), therefore, (r) j ·s i,j +H(ID||g id | i)) in an opponentIt appears as a random number at T i In (g) id Quilt (r) j ·s i,j +H(ID||g id I)) is masked. Adversary can not pass through T i BacktrackingFor the above reasons, an adversary cannot obtain confidential information from the network for verification<{r 1 ,…,r n },g id >It is not possible to launch a spoofing attack on the inventive scheme.
In the embodiment, the pseudo-random function (i.e., δ (-)) is implemented by a Mattset rotation algorithm, which comprises the following three steps:
(1) initializing n states: according to a given seed point x 0 Generating subsequent n-1 states x by shifting, XOR, multiplication, addition, etc 1 To x n-1 。
(2) Generating a pseudo-random number: and generating a random number by shifting, AND, XOR operation according to the current state.
(3) Updating n states: after each n random numbers are generated, the state is updated before the next random number is generated.
The execution code that may be referenced is:
first, a method feasibility experiment was performed. The specific experimental groups are as follows:
group 1: u1 registers identity information on the blockchain and gets a pass. The U1 requests a service from S1.
Group 2: the U1 registers identity information on the blockchain and does not get a pass (pull out 3 or more PC network cables from L1 to L5). The U1 requests a service from S1.
Group 3: the U1 does not perform the Setup algorithm. The U1 requests a service from S1.
Group 4: the U1 does not implement the GenTag algorithm. The U1 requests a service from S1.
Group 5: u1 does not execute the GenPrivateProof algorithm. The U1 requests a service from S1.
Group 6: s1 does not perform the challenge algorithm. The U1 requests service from S1.
Group 7: the blockchain does not implement the GenPublicProof algorithm. The U1 requests a service from S1.
Group 8: s1 does not perform the verifyprofof algorithm. The U1 requests a service from S1.
The results and analysis are shown in table 1.
TABLE 1 analysis of feasibility test results and reasons for the methods
Secondly, a method safety experiment was performed:
group 9: a pseudo-random function based on a Matteset rotation algorithm is selected, a system network is good, U1 registers identity information on a block chain in advance, and Setup, GenTag, GenPrivate proof, challenge, GenPublic proof and Verifyproof algorithms are strictly executed by U1, S1 and L1-L5. Attempting to acquire and tamper with g id A spoofing attack is performed.
Group 10: selecting a pseudo-random function (delta (-)) with poor safety based on a linear congruence method for comparison, wherein the principle is that a recursion relation X is utilized n+1 =(aX n + c) modm to generate a random number sequence. The parameters a-11, c-0, m-8, X may be chosen 0 When the random function is the least secure, a simple repeating sequence of m, n, m. The system network is good, the U1 registers identity information on the block chain, and the U1, S1 and L1 to L5 strictly execute Setup, Gentag, GenPrivateProof, challenge, GenPublicProfof, VerifyProof algorithms. Due to poor security of the existing congruence method, g is tried to be obtained and tampered id A spoofing attack is performed.
The results and analysis are shown in Table 2.
TABLE 2 method safety test results and reason analysis
The foregoing detailed description is intended to illustrate and not limit the invention, which is intended to be within the spirit and scope of the appended claims, and any changes and modifications that fall within the true spirit and scope of the invention are intended to be covered by the following claims.
Claims (4)
1. A method for user service authentication using blockchain pre-registration information, comprising the steps of:
(1) constructing an authentication service system framework comprising a user terminal, a server and a block chain;
(2) the embedded algorithm of the design authentication service system comprises Setup, GenTag, Challenge, GenPublicProfo, GenPrivaProof and VerifyProof algorithms to support the system to complete the authentication service; the design authentication service system is specifically as follows:
3.1 the Setup algorithm is used for generating a secret key by a user, and the logical method of the Setup algorithm is as follows:wherein k represents a secret key,representing a finite multiplicative group of q orders, wherein the process of the Setup algorithm is to randomly select an element from the finite multiplicative group of q orders as a secret key;
3.2 the GenTag Algorithm, the logical approach of which is:
1) execution of GenTag Algorithm divides an entire document F into F 1 ~F m Sub-files, F 1 ~F m The sub-files are sequentially connected end to form a complete file F;
2) subfile F is again transformed using Gentag algorithm i Continue to divide into i,1 ~s i,n Sub-segments, likewise s i,1 ~s i,n The sub-fragments are connected end to form a sub-file F i (ii) a Expressed as:
GenTag(F)=F 1 ||F 2 ||…||F m ||
GenTag(F i )=s i,1 ||s i,2 ||…||s i,n ||
wherein, | | represents that the two file heads and tails are connected with each other;
3) next, the user generates the flag bit tau of the file F, calculates the label Ti of the subfile Fi, and after the file label is obtained through calculation, the user combines the flag bit tau, the file F and the label T to form a data packet<τ,F,T>Registered on a block chain, wherein T ═ { T ═ T 1 ,T 2 ,…,T m };
3.3, the Challenge algorithm is used for determining the number of blocks and generating two random values, and the logic method of the Challenge algorithm is as follows: selecting a number c (1. ltoreq. c. ltoreq.m) as a block amount indicating the number of blocks determined by the service; randomly selecting two elements from a finite multiplicative group of order q as a key,the block number c and the key k 1 、k 2 The formed data packet<c,k 1 ,k 2 >Sending the block chain to a block chain;
3.4 the role of the GenPublicProof algorithm, whose logical approach is:
1) when challenged from an authentication service, for a chunk quantity t satisfying 1 ≦ t ≦ c, the following calculation is performed in all chunks:
pi (-) is a pseudorandomArranging a permutation function; phi (-) is a pseudo-random computational function; wherein the blockchain returns the value to the server
2) For 1 ≦ t ≦ n, where n is the random number chosen in the GenTag algorithm, i.e., the following calculation is performed if 1 ≦ t ≦ n:
another value returned by the blockchain to the serviceWhereinIs the l-th of file F t The jth sub-segment in the sub-file;
3) the block chain forms sigma and rho into a data packet<σ,ρ>Sending to the service, where ρ ═ { ρ ═ 1 ,ρ 2 ,…,ρ n };
3.5 the GenPrivateProof algorithm is: the user will encrypt the information<{r 1 ,r 2 ,…,r n },g id >Sending to the service in encrypted communication, preventing the encrypted information from being obtained by a competitor and from being subjected to a spoofing attack, wherein g id The method is the output of a pseudorandom function with the input of a secret key k and an ID, wherein the encrypted information is the user input information encrypted by the pseudorandom function, the security of an authentication scheme is ensured, the deception attack is avoided, and the encrypted information sent by a user<{r 1 ,…,r n },g id >To the chain; adding a label T to registration information F on a block chain, wherein the label T consists of random values r and s, and s is a file F, an identification code ID and g id Part of (1), blocking backtracking of the corresponding g by tag T id The safety of the pseudo-random function is ensured;
3.6 VerifyProof Algorithm, upon receiving a response according to a challenge, the service performs a defined computation, the logical method of which is:
upon receiving a response to the challenge, for 1 ≦ t ≦ c, in all chunksThe following calculations are performed:pi (·) is a pseudo-randomly permutated function; phi (-) is a pseudo-random computational function;
when sigma is formed, the user passes the authentication, the service sends 'success' to the user, otherwise, the user authentication fails, and the service sends 'failure' to the user.
2. The method for performing user service authentication by using block chain pre-registration information according to claim 1, wherein the system framework constructed in step (1) specifically comprises:
the system comprises a user terminal, a server and a triangular flat system structure of a block chain, wherein the triangular flat system structure comprises 7 service flows, and the service flow 1 is that a user registers personal information on the block chain; the service flow 2 is to request the server to perform identity authentication when the user needs to use the corresponding service; service flow 3 is that the server requires the user to submit a piece of encrypted information for user authentication; the service flow 4 is that the user submits a piece of encrypted information to the server for authentication; service flow 5 is that the server challenges the block chain for the validity of the user identity; traffic flow 6 is the response of the blockchain answer server; the service flow 7 is the response of the server to the user identity authentication, if the authentication is successful, the corresponding service is provided, and if the authentication is failed, the service is not provided.
3. The method of claim 1 for user service authentication using blockchain pre-registration information, wherein: in the verifyprofo algorithm in step 3.6, the key k needs to be selected without repetition 1 ,k 2 And a block amount c, enabling the service to perform on the user using the information corresponding to the challengeSub-identity authentication (Is an euler function) where q is the order of a finite multiplicative group and m is the number of subfiles.
4. The method for authenticating the user service by using the block chain pre-registration information according to claim 1, wherein the correctness of the authentication scheme is verified by performing matching judgment of a signature and a ciphertext through mathematical operation, and the specific steps are as follows:
and deducing the value sigma returned to the server by the block chain according to the generated signature and the ciphertext provided by the user, and comparing the value sigma 'returned by the block chain in the VerifyProof algorithm, when the block chain generates the signature correctly and the user provides correct ciphertext when the result sigma is equal to sigma'.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911120862.7A CN111090840B (en) | 2019-11-15 | 2019-11-15 | Method for user service authentication by using block chain pre-registration information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911120862.7A CN111090840B (en) | 2019-11-15 | 2019-11-15 | Method for user service authentication by using block chain pre-registration information |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111090840A CN111090840A (en) | 2020-05-01 |
CN111090840B true CN111090840B (en) | 2022-09-13 |
Family
ID=70393590
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911120862.7A Active CN111090840B (en) | 2019-11-15 | 2019-11-15 | Method for user service authentication by using block chain pre-registration information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111090840B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114070586A (en) * | 2021-10-19 | 2022-02-18 | 中诚区块链研究院(南京)有限公司 | Cooperative working method of block chain and Internet of things |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
US10397328B2 (en) * | 2017-05-17 | 2019-08-27 | Nec Corporation | Method and system for providing a robust blockchain with an integrated proof of storage |
CN108809996B (en) * | 2018-06-15 | 2021-02-12 | 青岛大学 | Integrity auditing method for duplicate deletion stored data with different popularity |
CN109889497B (en) * | 2019-01-15 | 2021-09-07 | 南京邮电大学 | Distrust-removing data integrity verification method |
CN110225012B (en) * | 2019-05-30 | 2021-09-24 | 电子科技大学 | Method for checking and updating ownership of outsourced data based on alliance chain |
-
2019
- 2019-11-15 CN CN201911120862.7A patent/CN111090840B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111090840A (en) | 2020-05-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3563553B1 (en) | Method for signing a new block in a decentralized blockchain consensus network | |
KR102409819B1 (en) | Distributed transaction propagation and verification system | |
CN111914027B (en) | Block chain transaction keyword searchable encryption method and system | |
Wei et al. | Security and privacy for storage and computation in cloud computing | |
CN110741600A (en) | Computer-implemented system and method for providing a decentralized protocol to retrieve encrypted assets | |
CN110830244B (en) | Anti-quantum computing Internet of vehicles method and system based on identity secret sharing and alliance chain | |
CN112565264B (en) | Cloud storage data integrity detection method based on block chain | |
Zhao et al. | Distributed machine learning oriented data integrity verification scheme in cloud computing environment | |
Guo et al. | Dynamic proof of data possession and replication with tree sharing and batch verification in the cloud | |
El Kassem et al. | More efficient, provably-secure direct anonymous attestation from lattices | |
Yu et al. | Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof | |
Yu et al. | An efficient revocable and searchable MA-ABE scheme with blockchain assistance for C-IoT | |
Xue et al. | Blockchain-based fair and fine-grained data trading with privacy preservation | |
Xu et al. | Secure fuzzy identity-based public verification for cloud storage | |
Wu et al. | Privacy-enhanced remote data integrity checking with updatable timestamp | |
Dolev et al. | SodsBC: a post-quantum by design asynchronous blockchain framework | |
Sun et al. | Public data integrity auditing without homomorphic authenticators from indistinguishability obfuscation | |
Yan et al. | Blockchain-based verifiable and dynamic multi-keyword ranked searchable encryption scheme in cloud computing | |
CN111090840B (en) | Method for user service authentication by using block chain pre-registration information | |
Turesson et al. | Privacy preserving data mining as proof of useful work: Exploring an AI/Blockchain design | |
Sakho et al. | Privacy protection issues in blockchain technology | |
CN112887281B (en) | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application | |
Wang et al. | Enabling Integrity and Compliance Auditing in Blockchain-based GDPR-compliant Data Management | |
Song et al. | Enabling Transparent Deduplication and Auditing for Encrypted Data in Cloud | |
Zhang et al. | Blockchain-based Dynamic Time-encapsulated Data Auditing for Outsourcing Storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |