CN114301604A - A distributed public key infrastructure method based on blockchain and attribute signatures - Google Patents

A distributed public key infrastructure method based on blockchain and attribute signatures Download PDF

Info

Publication number
CN114301604A
CN114301604A CN202111651828.XA CN202111651828A CN114301604A CN 114301604 A CN114301604 A CN 114301604A CN 202111651828 A CN202111651828 A CN 202111651828A CN 114301604 A CN114301604 A CN 114301604A
Authority
CN
China
Prior art keywords
certificate
user
applicant
node
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111651828.XA
Other languages
Chinese (zh)
Other versions
CN114301604B (en
Inventor
阚海斌
袁和昕
刘百祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fudan University
Original Assignee
Fudan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fudan University filed Critical Fudan University
Priority to CN202111651828.XA priority Critical patent/CN114301604B/en
Publication of CN114301604A publication Critical patent/CN114301604A/en
Application granted granted Critical
Publication of CN114301604B publication Critical patent/CN114301604B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明属于密码的技术领域,具体为一种基于区块链和属性签名的分布式公钥基础设施方法。本发明将传统公钥基础设施的单节点CA变成布置在区块链上的协同进行证书颁发/验证的多节点CA,并引入了基于属性的签名与零知识证明等密码学算法,使得证书代表的身份更为细粒度;本发明方法包括:系统初始化,用户初始化,签名颁发证书,证书验证,证书撤销等步骤;本发明是通用的方案,适用于各种基于证书的身份认证场景,并利用属性所涵盖的广度使得身份更为立体,同时整个方法具有细粒度的身份认证以及一定的容错性,本发明结合非交互式零知识证明实现了证书的不可否认性,扩展了本发明的应用广度。

Figure 202111651828

The invention belongs to the technical field of cryptography, in particular to a distributed public key infrastructure method based on block chain and attribute signature. The invention transforms the single-node CA of the traditional public key infrastructure into a multi-node CA that is arranged on the blockchain for collaborative certificate issuance/verification, and introduces cryptographic algorithms such as attribute-based signature and zero-knowledge proof, so that the certificate The identity of the representative is more fine-grained; the method of the present invention includes: system initialization, user initialization, signature issuance of certificate, certificate verification, certificate revocation and other steps; the present invention is a general scheme, suitable for various certificate-based identity authentication scenarios, and The breadth covered by the attributes makes the identity more three-dimensional, and the whole method has fine-grained identity authentication and certain fault tolerance. The invention combines non-interactive zero-knowledge proof to realize the non-repudiation of the certificate and expands the application of the invention breadth.

Figure 202111651828

Description

一种基于区块链和属性签名的分布式公钥基础设施方法A distributed public key infrastructure method based on blockchain and attribute signatures

技术领域technical field

本发明属于密码学技术领域,具体涉及一种基于区块链和属性签名的分布式 公钥基础设施方法。The invention belongs to the technical field of cryptography, and in particular relates to a distributed public key infrastructure method based on block chain and attribute signature.

背景技术Background technique

灵活有效的身份认证/管理方案一直是信息时代的核心需求之一,通过灵活 有效的身份认证/管理方案,我们可以唯一确定互联网中每个实体的身份。公钥 基础设施是典型代表之一,PKI通过管理数字证书,从而能够解决不同实体之间 的信任问题,是当前互联网的重要基石之一。然而传统的中心化PKI存在诸多 问题,其中最大的缺陷是CA必须完全可信,当CA被攻击或者CA自己就是作 恶节点时,其颁发证书对应实体的身份要么无法认证、要么不可信,这样会对互 联网的身份认证体制造成冲击。A flexible and effective identity authentication/management scheme has always been one of the core requirements of the information age. Through a flexible and effective identity authentication/management scheme, we can uniquely determine the identity of each entity in the Internet. Public key infrastructure is one of the typical representatives. PKI can solve the trust problem between different entities by managing digital certificates, and it is one of the important cornerstones of the current Internet. However, there are many problems in the traditional centralized PKI. The biggest flaw is that the CA must be completely trusted. When the CA is attacked or the CA itself is a malicious node, the identity of the entity corresponding to the certificate issued by it cannot be authenticated or is not trusted. Impact on the identity authentication system of the Internet.

区块链的去中心化、用于同步的共识机制、防篡改等性质,对PKI的发展 提供了新思路,针对中心化的身份认证体制存在的问题,发明人查阅发现许多方 案将传统的CA布置在区块链的多个节点上以实现分布式的认证。区块链的引入 带来了很多好处:第一,区块链的共识机制原生支持多节点的数据同步;可以利 用运行在区块链上的高级编程语言智能合约将相关数据存储于区块链,这样用户 可以在多节点下进行证书申请与查询;第二,区块链因其去中心化与不可篡改的 性质,其下的通信具有信任基础,不同用户可以进行安全的信息交互。The decentralization of the blockchain, the consensus mechanism for synchronization, and tamper resistance provide new ideas for the development of PKI. In view of the problems existing in the centralized identity authentication system, the inventor found that many schemes use traditional CA Arranged on multiple nodes of the blockchain to achieve distributed authentication. The introduction of blockchain has brought many benefits: first, the consensus mechanism of blockchain natively supports data synchronization of multiple nodes; related data can be stored in the blockchain by using high-level programming language smart contracts running on the blockchain , so that users can apply for and query certificates under multiple nodes; second, because of the decentralization and immutable nature of the blockchain, the communication under it has a trust basis, and different users can exchange information securely.

发明人发现已有的方案仍然存在一些问题,包括计算开销大、抗攻击能力不 足、忽略证书不可否认性等等,同时了解到基于属性的密码学,由于可以提供细 粒度的灵活的访问控制,亦为PKI提供了新的发展方向。身份可以由一组属性 组成,只要用户的属性集与所要求的属性集的误差在一定范围都可以认为是认证 成功。属性密码学的引入使得认证实体身份更为立体,实体的身份可以由多种属 性构成(例如标识信息、组织关系等),更符合真实世界的身份机制。The inventor found that the existing solutions still have some problems, including high computational overhead, insufficient anti-attack ability, ignoring certificate non-repudiation, etc. At the same time, they learned that attribute-based cryptography can provide fine-grained and flexible access control, It also provides a new development direction for PKI. An identity can be composed of a set of attributes, as long as the error between the user's attribute set and the required attribute set is within a certain range, the authentication can be considered successful. The introduction of attribute cryptography makes the identity of the authentication entity more three-dimensional. The identity of the entity can be composed of various attributes (such as identification information, organizational relationship, etc.), which is more in line with the real-world identity mechanism.

发明人设计了一种新型的基于区块链和属性签名的分布式公钥基础设施方 法,具有通用、性能良好、身份机制灵活且细粒度、不可否认性等特点。The inventor has designed a new distributed public key infrastructure method based on blockchain and attribute signature, which has the characteristics of generality, good performance, flexible and fine-grained identity mechanism, and non-repudiation.

参考文献:references:

(1)Eberhardt J,Tai S.ZoKrates-Scalable Privacy-Preserving Off-ChainComputations[C]//2018 IEEE International Conference on Internet of Things(iThings) and IEEE Green Computing and Communications(GreenCom)and IEEECyber,Physical and Social Computing(CPSCom)and IEEE Smart Data(SmartData).IEEE,2018.Aumasson J P,Neves S,Wilcox-O’Hearn Z,et al.BLAKE2:simpler,smaller,fast as MD5[C]//International Conference on Applied Cryptography andNetwork Security. Springer,Berlin,Heidelberg,2013:119-135;(1) Eberhardt J, Tai S. ZoKrates-Scalable Privacy-Preserving Off-ChainComputations[C]//2018 IEEE International Conference on Internet of Things(iThings) and IEEE Green Computing and Communications(GreenCom) and IEEECyber,Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 2018. Aumasson J P, Neves S, Wilcox-O'Hearn Z, et al. BLAKE2:simpler,smaller,fast as MD5[C]//International Conference on Applied Cryptography and Network Security. Springer, Berlin, Heidelberg, 2013: 119-135;

(2)Fiat A,Shamir A.How To Prove Yourself:Practical Solutions toIdentification and Signature Problems[C]//Proceedings on Advances incryptology---CRYPTO'86. 1999.GB/T 32918,信息安全技术SM2椭圆曲线公钥密码算法[S];(2) Fiat A, Shamir A. How To Prove Yourself: Practical Solutions toIdentification and Signature Problems[C]//Proceedings on Advances incryptology---CRYPTO'86. 1999.GB/T 32918, Information Security Technology SM2 Elliptic Curve Public key cryptographic algorithm [S];

(3)魏亮,黄振杰,陈群山.去中心基于属性不可否认签名[J].计算机工程与 科学,2020,42(6):9。(3) Wei Liang, Huang Zhenjie, Chen Qunshan. Decentralized attribute-based non-repudiation signature [J]. Computer Engineering and Science, 2020, 42(6): 9.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于提供一种基于区块链和属性签名的分布式公钥基础设施 方法。The purpose of the present invention is to provide a distributed public key infrastructure method based on blockchain and attribute signature.

本发明设计的是通用的基于属性签名的分布式公钥基础设施方法,基于此方 法实现的系统中,用户可以通过公开的API(application programming interface,应用程序编程接口)任意申请本系统的CA机构颁发的证书以及对 证书进行验证。The present invention designs a general distributed public key infrastructure method based on attribute signature. In the system implemented based on this method, users can freely apply for the CA organization of the system through the open API (application programming interface, application programming interface). Certificates are issued and certificates are verified.

本发明以区块链和智能合约作为载体,由于区块链节点与节点公钥一一对应 的特性,能让节点间通过智能合约发起安全的秘密通信,同时所有节点可以通过 智能合约获取区块链上的数据(包括但不限于属性签名与零知识证明的公共参 数),所有节点需将初始化产生的公钥、加密产生的密文等内容公开上链,所有 区块链上的数据(包括证书库等)会通过区块链的共识机制进行同步。The invention uses blockchain and smart contracts as carriers. Due to the one-to-one correspondence between blockchain nodes and node public keys, it enables nodes to initiate secure and secret communication through smart contracts, and all nodes can obtain blocks through smart contracts. For the data on the chain (including but not limited to the public parameters of attribute signature and zero-knowledge proof), all nodes need to publicly upload the public key generated by initialization, the ciphertext generated by encryption, etc., and all data on the blockchain (including Certificate library, etc.) will be synchronized through the consensus mechanism of the blockchain.

本发明提出的一种基于区块链和属性签名的分布式公钥基础设施方法,所述 方法基于属性签名、区块链、零知识证明技术,包括:系统初始化,用户初始化, 签名颁发证书,证书验证和证书撤销;具体步骤如下:A distributed public key infrastructure method based on block chain and attribute signature proposed by the present invention, the method is based on attribute signature, block chain, and zero-knowledge proof technology, including: system initialization, user initialization, signature issuing certificate, Certificate verification and certificate revocation; the specific steps are as follows:

(1)系统初始化;系统初始化去中心不可否认属性签名的相关参数化,并 公开上传至区块链,同时系统初始化零知识证明ZoKrates的相关参数,并公开 上链,代表属性的权威机构CA节点的初始化,CA随机生成属性的私钥CSK, 并由私钥计算出公钥CPK,将CPK等信息公开上链;(1) System initialization: The system initializes the relevant parameterization of the decentralized non-repudiation attribute signature, and uploads it to the blockchain publicly. At the same time, the system initializes the relevant parameters of the zero-knowledge proof ZoKrates, and publicly uploads it to the chain, representing the authority CA node of the attribute. Initialization, CA randomly generates the private key CSK of the attribute, and calculates the public key CPK from the private key, and publicly puts the CPK and other information on the chain;

(2)用户初始化;User(用户)的初始化,除了注册区块链所需的信息,UserApplicant,u(申请证书的用户u)还需要随机生成秘密值Su,使得所计算的 ID标识UIDu是区块链上全局唯一的,User向若干个CA节点申请属性,获 得User的属性私钥A Ku,i与公钥APKu,i(2) User initialization; User initialization, in addition to the information required to register the blockchain, User Applicant, u (user u applying for a certificate) also needs to randomly generate a secret value S u , so that the calculated ID identifies the UID u is globally unique on the blockchain, User applies for attributes from several CA nodes, and obtains User's attribute private key AK u, i and public key APK u, i ;

(3)签名颁发证书;期望申请特定n个CA签发证书的UserApplicant,u拥 有n个属性中的若干属性,通过区块链网络向数字证书注册中心RA (registration authority)发送入网请求证书服务,UserApplicant,u提交证书 所需的各种信息,RA通过各种方式(包括但不限于线下认证)确认信息,如果 信息有误,则拒绝该节点请求,否则将信息发送给n个CA,CA协同对证书进 行签名,RA收集签名消息生成签名,并存储于区块链的证书库中,区块链会将 证书库自动同步;随后UserApplicant,u执行ZoKrates的生成证明算法,生成证 书的不可否认的证明;(3) Signing and issuing certificates; User Applicants who expect to apply for specific n CA-issued certificates, u has several attributes in n attributes, and sends network access request certificate services to the digital certificate registration center RA (registration authority) through the blockchain network, User Applicant, u submits various information required for the certificate, RA confirms the information in various ways (including but not limited to offline authentication), if the information is incorrect, the node request is rejected, otherwise the information is sent to n CAs, The CA cooperates to sign the certificate, the RA collects the signature message to generate the signature, and stores it in the certificate store of the blockchain . non-repudiation proof;

(4)证书验证:期望验证UserApplicant,u身份的UserVerifier,s(验证证书 的用户s),它对UserApplicant,u发起验证请求,UserApplicant,u,首先去RA获 取自己的证书,并将证书发送给UserVerifier,s,UserVerifier,s对证书进行验证; 看证书是否是合法的CA签发,查看UserApplicant,u的证书是否被撤销,查看证 书的有效期限并查看是否是所要求的n个CA节点签发的;如果证书已过期、被 撤销、或者证书不是合法的节点签发,则身份认证失败,否则对证书进行认证, 验证包括签名验证与零知识证明ZoKrates验证,验证通过即验证成功UserApplicant,u的身份;(4) Certificate verification: User Verifier, s , which is expected to verify the identity of User Applicant, u ( user s who verify the certificate), initiates a verification request to User Applicant, u, User Applicant, u , first goes to RA to obtain its own certificate, and Send the certificate to User Verifier, s , User Verifier, s to verify the certificate; see if the certificate is issued by a legitimate CA, see if the certificate of User Applicant, u is revoked, check the validity period of the certificate and see if it is required. Issued by n CA nodes; if the certificate has expired, been revoked, or the certificate is not issued by a legitimate node, the identity authentication fails, otherwise the certificate is authenticated. The verification includes signature verification and zero-knowledge proof ZoKrates verification. User Applicant, the identity of u ;

(5)证书撤销;证书撤销分为过期撤销与UserApplicant主动撤销,证书吊 销列表(certificate revocation list,CRL)会被RA周期性的更新; UserApplicant,u如果向RA发送关于自身证书撤销的请求,RA验证零知识证明以 确认UserApplicant,u身份,验证通过将证书添加入CRL。(5) Certificate revocation; certificate revocation is divided into expired revocation and User Applicant 's active revocation, and the certificate revocation list (CRL) will be periodically updated by RA; User Applicant, if u sends a request for revocation of its own certificate to RA , the RA verifies the zero-knowledge proof to confirm the User Applicant, u identity, by adding the certificate to the CRL.

本发明中,步骤(3)中签名颁发证书方法为:In the present invention, in step (3), the method for issuing certificates by signature is:

不妨假设有期望申请证书的UserApplicant,u,其期望申请属性集Ω= {Attr1,Attr2,...,Attrn}对应的证书,UserApplicant,u拥有其中的t个属性; UserApplicant,u可视为区块链中的普通节点,其通过区块链网络向RA节点发送 入网请求证书服务,UserApplicant,u提交证书所需的各种信息m(包括UIDu), RA通确认信息,如果信息有误,则拒绝该节点请求,否则将信息发送给n个 CA节点:It may be assumed that there is a User Applicant, u who expects to apply for a certificate, and it expects to apply for a certificate corresponding to the attribute set Ω = {Attr 1 , Attr 2 , ..., Attr n }, User Applicant, u has t attributes among them; User Applicant , u can be regarded as an ordinary node in the blockchain, which sends the network access request certificate service to the RA node through the blockchain network, User Applicant, u submits various information m (including UID u ) required for the certificate, RA confirms information, if the information is wrong, reject the node request, otherwise send the information to n CA nodes:

(1)Sign(m,Su,UIDu,Ω,{APKu,i,ASKu,i},{CPKi,CSKi})→Pn-t(x),σ.(1) Sign(m, Su, UIDu, Ω, {APK u, i , ASK u, i }, {CPK i , CSK i })→P nt (x), σ.

UserApplicant,u具有t个属性,此时PKI的n个CA节点收到m(包括 UIDu),开始对证书消息m∈{0,1}*进行签名;User Applicant, u has t attributes. At this time, n CA nodes of PKI receive m (including UID u ) and start to sign the certificate message m∈{0,1} * ;

(i)对于UserApplicant,u拥有属性的CA节点Attri,不妨令其为 i=1,...,t,Attri随机选取ti∈Zp*,计算:(i) For User Applicant, the CA node Attr i of which u has attributes, let it be i=1,...,t, Attr i randomly select t i ∈ Zp * and calculate:

ei=H1(Attri,APKu,i,UIDu,CPKi),e i =H 1 (Attr i , APK u,i , UID u , CPK i ),

si=ASKu,i+eiCSKis i =ASK u,i +e i CSK i ,

Figure BDA0003444983220000041
Figure BDA0003444983220000041

Attri将Ri通过安全的秘密信道发送给RA节点; Attri sends Ri to the RA node through a secure secret channel;

(ii)对于UserApplicant,u不拥有属性的CA节点Attri,不妨令其为 i=t+1,...,n,Attri随机选取

Figure BDA0003444983220000042
随机生成APKu,i∈G,计算:(ii) For User Applicant, the CA node Attr i for which u does not have attributes may be randomly selected as i=t+1,...,n, Attr i
Figure BDA0003444983220000042
Randomly generate APK u, i ∈ G, compute:

ei=H1(Attri,APKu,i,UIDu,CPKi),e i =H 1 (Attr i , APK u,i , UID u , CPK i ),

Figure BDA0003444983220000043
Figure BDA0003444983220000043

Figure BDA0003444983220000044
Figure BDA0003444983220000044

Attri将<ci,di,APKu,i,Ri>通过安全的秘密信道发送给RA节点;Attr i sends <ci , d i , APK u, i , R i > to the RA node through a secure secret channel;

(iii)RA节点将Ri,i=1,...,n发送给UserApplicant,u,UserApplicant,u计算:(iii) The RA node sends R i , i=1, . . . , n to User Applicant, u , User Applicant, u calculates:

Figure BDA0003444983220000051
Figure BDA0003444983220000051

(iv)并返回给RA节点,RA节点计算:(iv) and return to the RA node, the RA node calculates:

c=H2(m,T1,...,Tn,UIDu).c=H 2 (m, T 1 , . . . , T n , UID u ).

(v)随后用n-t+1个点(0,c),(t+1,ct+1),...,(n,cn)构造n-t次拉 格朗日插值多项式Pn-t(x):(v) Then use n-t+1 points (0, c), (t+1, c t+1 ), ..., (n, c n ) to construct a Lagrangian interpolation polynomial Pn- t(x):

Figure BDA0003444983220000052
Figure BDA0003444983220000052

(vi)将Pn-t(x)发送给UserApplicant,u拥有属性的CA节点Attri,i= 1,...,t.CA计算:(vi) Send P nt (x) to User Applicant, u own CA node Attr i with attributes, i = 1, ..., t. CA calculation:

ci=Pn-t(i),di=ti-cisi,i=1,...,t.c i =P nt ( i ), d i =t i -ci s i , i=1, . . . , t.

Attri将<ci,di>通过安全的秘密信道发送给RA节点;Attr i sends < ci , d i > to the RA node through a secure secret channel;

(vii)RA输出多项式Pn-t(x)和签名:(vii) RA outputs the polynomial P nt (x) and the signature:

σ=<ci,di,Ti,APKu,i,UIDu>,i=1,2,...,n.σ=< ci , d i , T i , APK u,i , UID u >, i=1, 2, ..., n.

(viii)RA将Pn-t(x)和σ附在证书信息m后,生成证书M,将其通过 安全的秘密信道发送给UserApplicant,u,并把UIDu与时间戳的拼接作为key, 证书内容作为value保存在证书库中,多个证书库进行自动同步备份;(viii) RA appends P nt (x) and σ to certificate information m, generates certificate M, sends it to User Applicant, u through a secure secret channel, and uses the concatenation of UID u and timestamp as the key, certificate The content is stored in the certificate store as value, and multiple certificate stores are automatically synchronized and backed up;

(2)zkProveGen(zkParams,w,x,ML)→πu.(2) zkProveGen(zkParams, w, x, M L )→π u .

UserApplicant,u执行ZoKrates的生成证明算法 Prove(zkParams,w,x,ML),其中输入参数中,证据:User Applicant, u executes ZoKrates' generating proof algorithm Prove(zkParams, w, x, M L ), where among the input parameters, the proof:

Figure BDA0003444983220000053
ei= H1(Attri,APKu,i,UIDu,CPKi)>,
Figure BDA0003444983220000053
e i = H 1 (Attr i , APK u, i , UID u , CPK i )>,

生成的证明πu采用Fiat-Shamir Heurisitc的形式,具体的,πu可证明UserApplicant,u知道离散对数Su满足

Figure RE-GDA0003486906730000052
Figure RE-GDA0003486906730000053
UserApplicant,u将证明πu, 命题x与图灵机算法ML传输上链方便查询。The generated proof π u takes the form of Fiat-Shamir Heurisitc. Specifically, π u can prove that User Applicant, u knows that the discrete logarithm S u satisfies
Figure RE-GDA0003486906730000052
and
Figure RE-GDA0003486906730000053
User Applicant, u will prove π u , proposition x and Turing machine algorithm ML transmission on the chain to facilitate query.

本发明中,步骤(4)中证书验证方法为:In the present invention, the certificate verification method in step (4) is:

不妨假设有期望验证UserApplicant,u身份的UserVerifier,s,它期望验证 UserApplicant,u的身份.UserApplicant,u首先去RA节点获取自己的证书,并将 证书发送给UserVerifier,s,UserVerifier,s对证书进行验证,看证书是否是合法的 DPKI的CA节点签发,查看UserApplicant,u的证书是否被撤销,查看证书的有 效期限;如果证书已过期、被撤销、或者证书不是合法的节点签发,则身份认证 失败,否则对证书进行签名认证;It may be assumed that there is a User Verifier, s that expects to verify the identity of User Applicant, u , and it expects to verify the identity of User Applicant, u . User Applicant, u first goes to the RA node to obtain his own certificate, and sends the certificate to User Verifier, s , User Verifier, s verifies the certificate to see if the certificate is issued by a legitimate DPKI CA node, check whether the certificate of User Applicant, u has been revoked, and check the validity period of the certificate; if the certificate has expired, been revoked, or the certificate is not legal If the node is issued, the identity authentication fails, otherwise the certificate is signed and authenticated;

Verify(m,σ,Pn-t(x),πu)→True/False.Verify(m, σ, P nt (x), π u )→True/False.

(i)验证(i) Verification

Figure BDA0003444983220000061
Figure BDA0003444983220000061

以上如果有一个不通过,则签名为无效签名;If one of the above fails, the signature is invalid;

(ii)以上各项验证通过后,UserVerifier,s在区块链上获取证明πu以及 ZoKrates相关参数,执行ZoKrates的验证算法Verify(zkParams,x,ML,πu), 如果验证不通过,则签名为无效签名;如果验证通过,则签名为有效签名。(ii) After the above verifications are passed, User Verifier, s obtains the proof π u and ZoKrates related parameters on the blockchain, and executes the ZoKrates verification algorithm Verify(zkParams, x, M L , π u ), if the verification fails , the signature is an invalid signature; if the verification passes, the signature is a valid signature.

本发明在实际实验测试中也有良好的性能表现,所以本发明具有实际的应用 可行性。本发明是一种灵活且细粒度的身份认证机制,利用去中心不可否认属性 签名的属性所涵盖的广度使得身份更为立体,同时使得整个方法具有细粒度的身 份认证以及一定的容错性,通过属性签名与门限算法实现信息关系细粒度动态管 理维护与可信保持并引入了零知识证明确保了证书的不可否认性。The present invention also has good performance in actual experimental tests, so the present invention has practical application feasibility. The present invention is a flexible and fine-grained identity authentication mechanism, which utilizes the breadth covered by the attributes of the decentralized non-repudiation attribute signature to make the identity more three-dimensional, and at the same time enables the whole method to have fine-grained identity authentication and certain fault tolerance. The attribute signature and threshold algorithm realize the fine-grained dynamic management and maintenance of information relationship and the trustworthiness maintenance, and introduce zero-knowledge proof to ensure the non-repudiation of the certificate.

附图说明Description of drawings

图1为方法架构示例。Figure 1 shows an example of the method architecture.

图2为申请证书返回字段示例。Figure 2 is an example of fields returned from applying for a certificate.

图3为证书签名字段示例。Figure 3 is an example of a certificate signature field.

图4为验证证书返回结果示例。Figure 4 is an example of the returned result of the verification certificate.

图5为模拟5000用户并发访问示例。Figure 5 is an example of simulating 5000 users concurrent access.

具体实施方式Detailed ways

下面通过具体实施例进一步描述本发明,以便相关领域的技术人员能更好地 理解本发明技术和功能特点,但本发明的保护范围不限于下述实施例。The present invention is further described below through specific embodiments, so that those skilled in the relevant fields can better understand the technology and functional characteristics of the present invention, but the protection scope of the present invention is not limited to the following embodiments.

实施例1:在本实施例中,编程语言为Golang,浏览器为Chrome。Embodiment 1: In this embodiment, the programming language is Golang, and the browser is Chrome.

图1为系统架构图示,具体流程为:Figure 1 is a schematic diagram of the system architecture, and the specific process is:

1、系统初始化:1. System initialization:

(1)GlobalSetup(λ)→Params.(1)GlobalSetup(λ)→Params.

选择一个循环群G,其素数阶N=p,其生成元为g.对应分布式公钥基 础设施的n个CA节点,我们有属性总体Ω={Attr1,Attr2,...,Attrn},另外 还需要选择2个哈希函数H1

Figure BDA0003444983220000071
H2
Figure BDA0003444983220000072
将公共参数Params=<G,p,g,Ω,H1,H2>打包上传至区块链;Select a cyclic group G, whose prime order N=p, and its generator is g. Corresponding to n CA nodes of distributed public key infrastructure, we have attribute population Ω={Attr 1 , Attr 2 ,..., Attr n }, and also need to choose 2 hash functions H 1 :
Figure BDA0003444983220000071
H2 :
Figure BDA0003444983220000072
Pack and upload the public parameters Params=<G, p, g, Ω, H 1 , H 2 > to the blockchain;

(2)CASetup(Params)→CSK,CPK.(2) CASetup(Params)→CSK, CPK.

n个CA节点,即属性的权威机构Attri,随机生成自己的私钥

Figure BDA0003444983220000073
Figure BDA0003444983220000074
并计算出公钥
Figure BDA0003444983220000075
并将CPKi公开上链; n CA nodes, namely the attribute authority Attri, randomly generate their own private keys
Figure BDA0003444983220000073
Figure BDA0003444983220000074
and calculate the public key
Figure BDA0003444983220000075
And publicly list CPK i on the chain;

(3)ZKSetup(1n)→zkParams.(3) ZKSetup(1 n )→zkParams.

通过ZoKrates自带的Setup(1n)算法进行公共参数zkParams的初始 化,并将zkParams公开上链。The public parameters zkParams are initialized through the Setup(1 n ) algorithm that comes with ZoKrates, and zkParams are publicly uploaded to the chain.

2、用户初始化:2. User initialization:

(1)USetup(λu)→Su,UIDu.(1) USetup(λ u )→S u , UID u .

UserApplicant,u随机生成秘密值

Figure BDA0003444983220000076
使得所计算的ID标识
Figure BDA0003444983220000077
是区块链上全局唯一的;User Applicant, u randomly generates a secret value
Figure BDA0003444983220000076
so that the calculated ID identifies
Figure BDA0003444983220000077
is globally unique on the blockchain;

(2)UAttrSetup(UIDu,Attri)→ASKu,i,APKu,i.(2) UAttrSetup(UID u , Attr i )→ASK u, i , APK u, i .

UserApplicant,u通过各种方式(包括但不限于线下申请)向属性权威机构 Attri申请属性,并由属性权威机构进行确认,Attri随机选取

Figure BDA0003444983220000078
作为UserApplicant,u的属性Attri的私钥,并计算
Figure BDA0003444983220000079
作为 UserApplicant,u的属性公钥,将<APKu,i,ASKu,i>通过安全的秘密信道发送给 UserApplicant,u并将APKu,i公开上链。User Applicant, u applies for attributes to the attribute authority Attri through various methods (including but not limited to offline application), and is confirmed by the attribute authority, and Attri randomly selects
Figure BDA0003444983220000078
As the User Applicant, the private key of the attribute Attr i of u, and calculate
Figure BDA0003444983220000079
As the attribute public key of User Applicant, u , send <APK u, i , ASK u, i > to User Applicant, u through a secure secret channel, and publicly upload APK u, i to the chain.

3、签名颁发证书:不妨假设有期望申请证书的UserApplicant,u,其期望申 请属性集Ω={Attr1,Attr2,...,Attrn}对应的证书,UserApplicant,u拥有其中 的t个属性。UserApplicant,u可视为区块链中的普通节点,其通过区块链网络向 RA节点发送入网请求证书服务,UserApplicant,u提交证书所需的各种信息m (包括UIDu),RA通过各种方式(包括但不限于线下认证)确认信息,如果信 息有误,则拒绝该节点请求,否则将信息发送给n个CA节点:3. Sign and issue certificates: It may be assumed that there is a User Applicant, u who expects to apply for a certificate, and he expects to apply for a certificate corresponding to the attribute set Ω={Attr 1 , Attr 2 , ..., Attr n }, and User Applicant, u has one of them. t attributes. User Applicant, u can be regarded as an ordinary node in the blockchain, which sends a network access request certificate service to the RA node through the blockchain network, User Applicant, u submits various information m (including UID u ) required for the certificate, RA Confirm the information in various ways (including but not limited to offline authentication), if the information is wrong, reject the node request, otherwise send the information to n CA nodes:

(1)Sign(m,Su,UIDu,Ω,{APKu,i,ASKu,i},{CPKi,CSKi})→Pn-t(x),σ.(1) Sign(m, Su, UIDu, Ω, {APK u, i , ASK u, i }, {CPK i , CSK i })→P nt (x), σ.

UserApplicant,u具有t个属性,此时PKI的n个CA节点收到m(包括 UIDu),开始对证书消息m∈{0,1}*进行签名;User Applicant, u has t attributes. At this time, n CA nodes of PKI receive m (including UID u ) and start to sign the certificate message m∈{0,1} * ;

(i)对于UserApplicant,u拥有属性的CA节点Attri,不妨令其为 i=1,...,t,Attri随机选取ti∈Zp*,计算:(i) For User Applicant, the CA node Attr i of which u has attributes, let it be i=1,...,t, Attr i randomly select t i ∈ Zp * and calculate:

ei=H1(Attri,APKu,i,UIDu,CPKi),e i =H 1 (Attr i , APK u,i , UID u , CPK i ),

si=ASKu,i+eiCSKis i =ASK u,i +e i CSK i ,

Figure BDA0003444983220000081
Figure BDA0003444983220000081

Attri将Ri通过安全的秘密信道发送给RA节点; Attri sends Ri to the RA node through a secure secret channel;

(ii)对于UserApplicant,u不拥有属性的CA节点Attri,不妨令其为 i=t+1,...,n,Attri随机选取

Figure BDA0003444983220000082
随机生成APKu,i∈G,计算:(ii) For User Applicant, the CA node Attr i for which u does not have attributes may be randomly selected as i=t+1,...,n, Attr i
Figure BDA0003444983220000082
Randomly generate APK u, i ∈ G, compute:

ei=H1(Attri,APKu,i,UIDu,CPKi),e i =H 1 (Attr i , APK u,i , UID u , CPK i ),

Figure BDA0003444983220000083
Figure BDA0003444983220000083

Figure BDA0003444983220000084
Figure BDA0003444983220000084

Attri将<ci,di,APKu,i,Ri>通过安全的秘密信道发送给RA节点;Attr i sends <ci , d i , APK u, i , R i > to the RA node through a secure secret channel;

(iii)RA节点将Ri,i=1,...,n发送给UserApplicant,u, UserApplicant,u计算:(iii) The RA node sends R i , i=1, . . . , n to User Applicant, u , User Applicant, u computes:

Figure BDA0003444983220000085
Figure BDA0003444983220000085

(iv)并返回给RA节点,RA节点计算:(iv) and return to the RA node, the RA node calculates:

c=H2(m,T1,...,Tn,UIDu).c=H 2 (m, T 1 , . . . , T n , UID u ).

(v)随后用n-t+1个点(0,c),(t+1,ct+1),...,(n,cn)构造n-t次拉 格朗日插值多项式Pn-t(x):(v) Then use n-t+1 points (0, c), (t+1, c t+1 ), ..., (n, c n ) to construct a Lagrangian interpolation polynomial Pn- t(x):

Figure BDA0003444983220000091
Figure BDA0003444983220000091

(vi)将Pn-t(x)发送给UserApplicant,u拥有属性的CA节点Attri,i= 1,...,t.CA计算:(vi) Send P nt (x) to User Applicant, u own CA node Attr i with attributes, i = 1, ..., t. CA calculation:

ci=Pn-t(i),di=ti-cisi,i=1,...,t.c i =P nt ( i ), d i =t i -ci s i , i=1, . . . , t.

Attri将<ci,di>通过安全的秘密信道发送给RA节点;Attr i sends < ci , d i > to the RA node through a secure secret channel;

(vii)RA输出多项式Pn-t(x)和签名:(vii) RA outputs the polynomial P nt (x) and the signature:

σ=<ci,di,Ti,APKu,i,UIDu>,i=1,2,...,n.σ=< ci , d i , T i , APK u,i , UID u >, i=1, 2, ..., n.

(viii)RA将Pn-t(x)和σ附在证书信息m后,生成证书M,将其通过 安全的秘密信道发送给UserApplicant,u,并把UIDu与时间戳的拼接作为key, 证书内容作为value保存在证书库中,多个证书库进行自动同步备份;(viii) RA appends P nt (x) and σ to certificate information m, generates certificate M, sends it to User Applicant, u through a secure secret channel, and uses the concatenation of UID u and timestamp as the key, certificate The content is stored in the certificate store as value, and multiple certificate stores are automatically synchronized and backed up;

(2)zkProveGen(zkParams,w,x,ML)→πu.(2) zkProveGen(zkParams, w, x, M L )→π u .

UserApplicant,u执行ZoKrates的生成证明算法 Prove(zkParams,w,x,ML),其中输入参数中,证据:User Applicant, u executes ZoKrates' generating proof algorithm Prove(zkParams, w, x, M L ), where among the input parameters, the proof:

Figure BDA0003444983220000092
ei= H1(Attri,APKu,i,UIDu,CPKi)>,
Figure BDA0003444983220000092
e i = H 1 (Attr i , APK u, i , UID u , CPK i )>,

生成的证明πu采用Fiat-Shamir Heurisitc的形式,具体的,πu可证明UserApplicant,u知道离散对数Su满足

Figure RE-GDA0003486906730000091
Figure RE-GDA0003486906730000092
UserApplicant,u将证明πu, 命题x与图灵机算法ML传输上链方便查询。The generated proof π u takes the form of Fiat-Shamir Heurisitc. Specifically, π u can prove that User Applicant, u knows that the discrete logarithm S u satisfies
Figure RE-GDA0003486906730000091
and
Figure RE-GDA0003486906730000092
User Applicant, u will prove π u , proposition x and Turing machine algorithm ML transmission on the chain to facilitate query.

4、证书验证:不妨假设有期望验证UserApplicant,u身份的UserVerifier,s,它 期望验证UserApplicant,u的身份.UserApplicant,u首先去RA节点获取自己的 证书,并将证书发送给UserVerifier,s,UserVerifier,s对证书进行验证.首先看 证书是否是合法的DPKI的CA节点签发,查看UserApplicant,u的证书是否被 撤销,查看证书的有效期限.如果证书已过期、被撤销、或者证书不是合法的节 点签发,则身份认证失败,否则对证书进行签名认证;4. Certificate verification: It may be assumed that there is a User Verifier, s that expects to verify the identity of User Applicant, u . It expects to verify the identity of User Applicant, u . User Applicant, u first goes to the RA node to obtain its own certificate, and sends the certificate to User Verifier, s , User Verifier, s verifies the certificate. First, check whether the certificate is issued by a valid DPKI CA node, check whether the certificate of User Applicant, u has been revoked, and check the validity period of the certificate. If the certificate has expired and been revoked , or the certificate is not issued by a legitimate node, the identity authentication fails, otherwise the certificate is signed and authenticated;

Verify(m,σ,Pn-t(x),πu)→True/False.Verify(m, σ, P nt (x), π u )→True/False.

(i)验证(i) Verification

Figure BDA0003444983220000101
Figure BDA0003444983220000101

以上如果有一个不通过,则签名为无效签名.If one of the above fails, the signature is invalid.

(ii)以上各项验证通过后,UserVerifier,s在区块链上获取证明πu以及 ZoKrates相关参数,执行ZoKrates的验证算法Verify(zkParams,x,ML,πu), 如果验证不通过,则签名为无效签名;如果验证通过,则签名为有效签名。(ii) After the above verifications are passed, User Verifier, s obtains the proof π u and ZoKrates related parameters on the blockchain, and executes the ZoKrates verification algorithm Verify(zkParams, x, M L , π u ), if the verification fails , the signature is an invalid signature; if the verification passes, the signature is a valid signature.

5、证书撤销:UserApplicant,u向RA节点发送某个特定证书M的撤销请求。5. Certificate revocation: User Applicant, u sends a revocation request for a specific certificate M to the RA node.

Revoke(M,πu,UIDu)→True/False.Revoke(M, π u , UID u )→True/False.

RA在区块链上获取证明πu,执行ZoKrates的验证算法 Verify(zkParams,x,ML,πu),如果验证不通过,则签名为无效签名;如果验证 通过,向n个CA节点发送证书撤销请求,否则返回错误信息。CA节点销毁生 成的相关中间参数的信息,并向RA节点返回撤销成功的撤销证书Ceri.RA收集 n个撤销证书Ceri合成吊销证书存入CRL,并将UserApplicant,u的证书从证 书库撤销。随后区块链中的多个证书库与CRL进行自动同步。RA obtains the proof π u on the blockchain, and executes ZoKrates' verification algorithm Verify(zkParams, x, M L , π u ). If the verification fails, the signature is invalid; if the verification passes, it is sent to n CA nodes. Certificate revocation request, otherwise return an error message. The CA node destroys the generated information about the relevant intermediate parameters, and returns the revoked certificate Cer i with successful revocation to the RA node. The RA collects n revoked certificates Cer i to synthesize the revocation certificate and stores it in the CRL, and removes the certificate of User Applicant, u from the certificate store. revoke. Multiple certificate repositories in the blockchain are then automatically synchronized with the CRL.

本方法为一种提供API接口的基础设施,可以对其发送请求来进行相应的 操作,图2为申请证书返回字段示例,其中包括证书序列号、签名等信息,图3 为证书签名字段示例,由多个CA(本例中为100个)协同签发,图4为验证证 书返回字段示例,证书验证成功与否都会提示,图5为模拟5000用户并发申请/ 验证证书示例,可以看出本发明的开销较为低,性能良好。This method is an infrastructure that provides an API interface, and can send a request to it to perform corresponding operations. Figure 2 is an example of the returned fields for applying for a certificate, including the certificate serial number, signature and other information. Figure 3 is an example of the certificate signature field. It is jointly issued by multiple CAs (100 in this example). Figure 4 is an example of the returned fields of the verification certificate. It will prompt whether the certificate verification is successful or not. Figure 5 is an example of simulating 5000 users to apply/verify certificates concurrently. It can be seen that the present invention The overhead is relatively low and the performance is good.

Claims (3)

1. A distributed public key infrastructure method based on block chains and attribute signatures, the method is based on attribute signature, block chains and zero knowledge proof technology, and the method comprises the following steps: initializing a system, initializing a user, signing and issuing a certificate, verifying the certificate and revoking the certificate; the method comprises the following specific steps:
(1) initializing a system; the system initializes the relevant parameterization of center-removing non-repudiation attribute signature, publicly uploads the parameterization to a block chain, simultaneously initializes zero knowledge to prove the relevant parameters of ZoKrates, publicly links the chain, represents the initialization of an authority CA node of the attribute, randomly generates a private key CSK of the attribute by the CA, calculates a public key CPK by the private key, and publicly links the CPK information;
(2) initializing a user; user initialization, User in addition to information required to register blockchainsApplicant,u(user u applying for the certificate) also needs to randomly generate secret value SuSo that the calculated ID identifies the UIDuThe block chain is globally unique, and the User applies for attributes from a plurality of CA nodes to obtain an attribute private key ASK of the Useru,iAnd public key APKu,i
(3) Signing the issued certificate; user desiring to apply for a particular n number of CAs to issue a certificateApplicant,uHaving several n attributes, sending a network access request certificate service, User, to a digital certificate registry RA via a blockchain networkApplicant,uSubmitting various information required by the certificate, confirming the information by RA, rejecting the node request if the information is wrong, otherwise sending the information to n CA, carrying out signature on the certificate by CA in cooperation, collecting signature information by RA to generate a signature, storing the signature in a certificate library of a block chain, and automatically synchronizing the certificate library by the block chain; then UserApplicant,uExecuting a proof-of-generation algorithm of ZoKrates, generating a non-repudiatable proof of the certificate;
(4) and (4) certificate verification: expected authentication UserApplicant,uUser of identityVerifier,s(User s of certificate of authenticity), it is for UserApplicant,uInitiating an authentication request, UserApplicant,uFirstly, go RA to obtain its own certificate and send the certificate to UserVerifier,s,UserVerifier,sVerifying the certificate; firstly, whether the certificate is legal CA issuance or not is checked, and the User is checkedApplicant,uWhether the certificate is revoked, checking the validity period of the certificate and checking whether the certificate is issued by the required n CA nodes; if the certificate is expired, revoked or not signed by a legal node, the identity authentication fails, otherwise, the certificate is authenticated, the authentication comprises signature authentication and zero knowledge proof ZoKrates authentication, and the authentication is successful, namely the User is authenticatedApplicant,uThe identity of (a);
(5) certificate revocation; certificate revocation is divided into expired revocation and UserApplicantActive withdrawingPinning, the Certificate Revocation List (CRL) will be periodically updated by RA; userApplicant,uIf a request for self certificate revocation is sent to the RA, the RA verifies the zero knowledge proof to validate the UserApplicant,uIdentity, verification is by adding a certificate to the CRL.
2. The distributed public key infrastructure method based on blockchain and attribute signatures of claim 1, wherein: the method for issuing the certificate by signing in the step (3) comprises the following steps:
no assumption is made that there is a User desiring to apply for a certificateApplicant,uIt expects an application attribute set Ω ═ { Attr1,Attr2,...,AttrnCorresponding certificate, UserApplicant,uT attributes are possessed; userApplicant,uCan be regarded as a common node in the block chain, which sends a network access request certificate service, User, to the RA node through the block chain networkApplicant,uVarious information m (including UID) required to submit a certificateu) And the RA confirms the information, if the information is wrong, the node request is rejected, otherwise, the information is sent to n CA nodes:
(1)Sign(m,Su,UIDu,Ω,{APKu,i,ASKu,i},{CPKi,CSKi})→Pn-t(x),σ.
UserApplicant,uhas t attributes, when n CA nodes of PKI receive m (including UID)u) Begin for the certificate message m e {0, 1}*Carrying out signature;
(i) for UserApplicant,uCA node Attr with attributeiLet it be i ═ 1., t, AttriRandomly choosing ti∈Zp*And calculating:
ei=H1(Attri,APKu,i,UIDu,CPKi),
si=ASKu,i+eiCSKi
Figure RE-FDA0003486906720000021
Attrir is to beiSending the information to the RA node through a secure secret channel;
(ii) for UserApplicant,uCA node Attr without attributeiLet it be i ═ t +1iRandom selection
Figure RE-FDA0003486906720000022
Random generation of APKu,iE G, calculating:
ei=H1(Attri,APKu,i,UIDu,CPKi),
Figure RE-FDA0003486906720000023
Figure RE-FDA0003486906720000024
Attriwill be provided with<ci,di,APKu,i,Ri>Sending the information to the RA node through a secure secret channel;
(iii) RA node combines R with RiN is sent to UserApplicant,u,UserApplicant,uAnd (3) calculating:
Figure RE-FDA0003486906720000031
(iv) and returning to the RA node, and calculating by the RA node:
c=H2(m,T1,...,Tn,UIDu).
(v) subsequently, n-t +1 points (0, c), (t +1, c) are usedt+1),...,(n,cn) Constructing an n-t Lagrange interpolation polynomial Pn-t (x):
Figure RE-FDA0003486906720000032
(vi) will Pn-t(x) Is sent to a UserApplicant,uCA node Attr with attributeiI 1.., t.ca calculation:
ci=Pn-t(i),di=ti-Cisi,i=1,...,t.
Attriwill be provided with<ci,di>Sending the information to the RA node through a secure secret channel;
(vii) RA output polynomial Pn-t(x) And signature:
σ=<ci,di,Ti,APKu,i,UIDu>,i=1,2,...,n.
(viii) RA will Pn-t(x) And sigma is attached to the certificate information M to generate a certificate M, and the certificate M is sent to the User through a secure secret channelApplicant,uAnd handle UIDuSplicing with the time stamp to be used as a key, storing the certificate content as a value in the certificate libraries, and automatically and synchronously backing up the plurality of certificate libraries;
(2)zkProveGen(zkParams,w,x,ML)→πu.
UserApplicant,uperforming the Prove (zkParams, w, x, M) proof of Generation algorithm for ZoKratesL) Wherein, in the input parameters, the evidence:
Figure RE-FDA0003486906720000033
proof of formationuIn the form of Fiat-Shamir Heuristic, in particular,. pi.uCan prove UserApplicant,uKnowing the discrete logarithm SuSatisfy the requirement of
Figure RE-FDA0003486906720000034
And is
Figure RE-FDA0003486906720000035
UserApplicant,uWill prove piuProposition x and Turing machine algorithm MLTransmitting the uplink facilitates the query.
3. The distributed public key infrastructure method based on blockchain and attribute signatures of claim 1, wherein: the certificate verification method in the step (4) comprises the following steps:
no assumptions are made about the expected authentication UserApplicant,uUser of identityVerifier,sIt expects to authenticate UserApplicant,uUserApplicant,uFirstly, the RA node obtains its own certificate and sends the certificate to the UserVerifier,s,UserVerifier,sVerifying the certificate, checking whether the certificate is issued by the CA node of the legal DPKI, and checking the UserApplicant,uWhether the certificate is revoked or not, checking the validity period of the certificate; if the certificate is expired, revoked or not signed and issued by a legal node, the identity authentication fails, otherwise, the certificate is signed and authenticated;
Verify(m,σ,Pn-t(x),πu)→True/False.
(i) authentication
Figure FDA0003444983210000043
If one fails, the signature is an invalid signature;
(ii) after the above items are verified, the UserVerifier,sObtaining a proof pi on a blockchainuAnd ZoKrates-related parameters, performing the authentication algorithm Verify (zkParams, x, M) of ZoKratesL,πu) If the verification is not passed, the signature is an invalid signature; if the verification is passed, the signature is a valid signature.
CN202111651828.XA 2021-12-30 2021-12-30 A construction method of distributed public key infrastructure based on blockchain and attribute signatures Active CN114301604B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111651828.XA CN114301604B (en) 2021-12-30 2021-12-30 A construction method of distributed public key infrastructure based on blockchain and attribute signatures

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111651828.XA CN114301604B (en) 2021-12-30 2021-12-30 A construction method of distributed public key infrastructure based on blockchain and attribute signatures

Publications (2)

Publication Number Publication Date
CN114301604A true CN114301604A (en) 2022-04-08
CN114301604B CN114301604B (en) 2023-09-29

Family

ID=80972858

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111651828.XA Active CN114301604B (en) 2021-12-30 2021-12-30 A construction method of distributed public key infrastructure based on blockchain and attribute signatures

Country Status (1)

Country Link
CN (1) CN114301604B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826618A (en) * 2022-05-06 2022-07-29 珠海复旦创新研究院 Certificate distribution and access control integrated system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450645A (en) * 2018-11-29 2019-03-08 中国电子科技集团公司第三十研究所 It is a kind of that anonymous authentication method is supervised based on zero-knowledge proof
US20190215159A1 (en) * 2018-01-10 2019-07-11 Tmail Inc. System and computer program product for certified confidential data collaboration using blockchains
US10547457B1 (en) * 2016-10-21 2020-01-28 Wells Fargo Bank N.A. Systems and methods for notary agent for public key infrastructure names
CN112187455A (en) * 2020-09-24 2021-01-05 西南交通大学 Method for constructing distributed public key infrastructure based on editable block chain
CN113129518A (en) * 2021-04-28 2021-07-16 北方工业大学 Electric vehicle charging system and resource management method thereof
CN113469827A (en) * 2021-07-23 2021-10-01 电子科技大学 Insurance claim settlement device and method based on hybrid intelligent contract

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10547457B1 (en) * 2016-10-21 2020-01-28 Wells Fargo Bank N.A. Systems and methods for notary agent for public key infrastructure names
US20190215159A1 (en) * 2018-01-10 2019-07-11 Tmail Inc. System and computer program product for certified confidential data collaboration using blockchains
CN109450645A (en) * 2018-11-29 2019-03-08 中国电子科技集团公司第三十研究所 It is a kind of that anonymous authentication method is supervised based on zero-knowledge proof
CN112187455A (en) * 2020-09-24 2021-01-05 西南交通大学 Method for constructing distributed public key infrastructure based on editable block chain
CN113129518A (en) * 2021-04-28 2021-07-16 北方工业大学 Electric vehicle charging system and resource management method thereof
CN113469827A (en) * 2021-07-23 2021-10-01 电子科技大学 Insurance claim settlement device and method based on hybrid intelligent contract

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈泽宁等: "基于区块链和去中心属性密码的访问控制身份方案", 中国科学(信息科学), no. 008, pages 1345 - 1359 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826618A (en) * 2022-05-06 2022-07-29 珠海复旦创新研究院 Certificate distribution and access control integrated system

Also Published As

Publication number Publication date
CN114301604B (en) 2023-09-29

Similar Documents

Publication Publication Date Title
Zhang et al. Efficient ID-based public auditing for the outsourced data in cloud storage
Au et al. Malicious KGC attacks in certificateless cryptography
CN113507458B (en) Cross-domain identity authentication method based on block chain
Zhang et al. BTCAS: A blockchain-based thoroughly cross-domain authentication scheme
US8433897B2 (en) Group signature system, apparatus and storage medium
CN110061851A (en) A kind of across trust domain authentication method and system of decentralization
JP2004129303A (en) Recovery-type and appendix-type electronic signature methods, key-exchange method and recovery-type public and blind electronic signature methods
Badshah et al. LAKE-BSG: Lightweight authenticated key exchange scheme for blockchain-enabled smart grids
CN113824563A (en) Cross-domain identity authentication method based on block chain certificate
JP4932168B2 (en) New fair blind signing process
Zhang et al. IPad: ID-based public auditing for the outsourced data in the standard model
US20230006836A1 (en) Multi-party and multi-use quantum resistant signatures and key establishment
Long et al. Blockchain-based anonymous authentication and key management for internet of things with Chebyshev chaotic maps
CN115242388B (en) A group key negotiation method based on dynamic attribute permissions
CN114301604B (en) A construction method of distributed public key infrastructure based on blockchain and attribute signatures
Zheng et al. [Retracted] An Anonymous Authentication Scheme in VANETs of Smart City Based on Certificateless Group Signature
Liu et al. ATRC: An anonymous traceable and revocable credential system using blockchain for VANETs
CN108234504A (en) Identity-based proxy data integrity detection method in cloud storage
CN113112268A (en) Anonymous multiple signature method, computer device, and storage medium
Luo et al. An Efficient Consensus Algorithm for Blockchain-Based Cross-Domain Authentication in Bandwidth-Constrained Wide Area IoT Networks
Wang et al. A novel blockchain identity authentication scheme implemented in fog computing
Tian et al. A systematic method to design strong designated verifier signature without random oracles
Wang et al. Towards synchronized privacy-preserving authentication for MDTEN-driven VANETs
CN116015648A (en) A cross-domain privacy-preserving message authentication method for industrial internet of things
Zhou A Certificate‐Based Provable Data Possession Scheme in the Standard Model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant