CN115189882A - Distributed identity authentication method based on block chain in group knowledge perception - Google Patents
Distributed identity authentication method based on block chain in group knowledge perception Download PDFInfo
- Publication number
- CN115189882A CN115189882A CN202210369735.6A CN202210369735A CN115189882A CN 115189882 A CN115189882 A CN 115189882A CN 202210369735 A CN202210369735 A CN 202210369735A CN 115189882 A CN115189882 A CN 115189882A
- Authority
- CN
- China
- Prior art keywords
- block chain
- node
- task
- cluster head
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000008447 perception Effects 0.000 title claims description 17
- 241000854291 Dianthus carthusianorum Species 0.000 claims abstract description 94
- 230000006870 function Effects 0.000 claims description 32
- 238000012795 verification Methods 0.000 claims description 32
- 230000008569 process Effects 0.000 claims description 19
- 230000001960 triggered effect Effects 0.000 claims description 2
- 238000012544 monitoring process Methods 0.000 description 5
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000007613 environmental effect Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000011160 research Methods 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 230000003542 behavioural effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000012358 sourcing Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000005284 excitation Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 230000008566 social perception Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/24—Connectivity information management, e.g. connectivity discovery or connectivity update
- H04W40/32—Connectivity information management, e.g. connectivity discovery or connectivity update for defining a routing cluster membership
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a distributed identity authentication method based on a block chain in crowd sensing, which is characterized in that participants are divided into common nodes and cluster head nodes in a crowd sensing system, the common nodes are arranged on a private block chain for authentication, and the cluster head nodes are arranged on the public block chain for authentication; where the participants are authenticated with a zero knowledge proof. The invention has the advantages that: the crowd sensing network is divided into a private block chain and a public block chain, and after a common user and a cluster head node user are respectively registered on the private block chain and the public block chain, the authentication of the common user identity and the authentication of the cluster head node user are realized through a zero-knowledge proof mode, so that the privacy protection and the reliable authentication of the equipment identity authentication in the crowd sensing are realized.
Description
Technical Field
The invention relates to the field of block chain technology (combination of private chain and public chain) and group knowledge perception, in particular to an identity authentication method based on zero knowledge proof of a block chain in group knowledge perception.
Background
Crowd-sourcing awareness mainly collects data from sensors in a pervasive manner through various smart devices (such as smartphones, music players, tablets, wearable devices, and vehicle-mounted sensors) and directs the data to specific MCS servers, contributing to the internet of things (IoT) ecosystem. MCS is currently applied in many areas of smart cities. For example, various sensors in a smart phone (such as satellite navigation, microphone, camera, light sensor, accelerometer, compass and gyroscope) are used for sensing city air temperature, noise environment detection monitoring, social group behavior analysis, health condition monitoring and the like. A plurality of sensors and wireless devices are also installed on vehicles in the intelligent traffic system, and the sensors and the wireless devices comprise cameras, GPS (global positioning system), transverse acceleration sensors, vehicle-mounted devices and the like, are used for sensing urban congestion conditions, automobile arrival time, available parking spaces and the like, and bring great convenience to life of people. From a large application direction, the application scenario of the MCS mainly includes several aspects of environmental monitoring, providing common basic services and social perception.
The crowd sensing brings great convenience to the life of people, however, the traditional crowd sensing system has the threats of single point failure and the like due to the dependence on a centralized server for task issuing and sensing data collection. The block chain is a novel distributed system technology, accords with the distributed characteristic of crowd sensing, and provides a new method for solving the safety problem in crowd sensing. However, crowd-sourcing aware security and blockchain are still in the exploration phase, and many problems still exist with the existing blockchain-based approaches.
In the current crowd sensing security research, the related work of the block chain mainly comprises the crowd sensing system architecture, an incentive mechanism, privacy protection and the like. The block chain-based crowd sensing system architecture research mainly focuses on the distribution characteristics of participants in crowd sensing and how well the participants are adapted to the topological structure of the block chain, so that the unification of the logic structures of the participants and the block chain is realized, and the block chain can better serve the safety of crowd sensing. The block chain-based excitation mechanism research mainly considers how to utilize the distributed characteristics to mobilize the enthusiasm of participants, and utilizes an intelligent contract to design better task distribution and reward and punishment systems. Privacy protection based on the block chain is mainly designed through a task allocation mode and an incentive mechanism to achieve protection of user privacy information in the process of sensing data uploading.
However, these crowd sensing solutions do not consider participant identity authentication and privacy protection before performing the sensing task.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides a distributed identity authentication method based on a block chain in the crowd sensing, and realizes the privacy protection of identity authentication by adopting zero-knowledge proof to authenticate the identity of crowd sensing participants.
In order to achieve the purpose, the invention adopts the technical scheme that: a distributed identity authentication method based on a block chain in crowd sensing is characterized in that participants are divided into common nodes and cluster head nodes in a crowd sensing system, the common nodes are arranged on a private block chain for authentication, and the cluster head nodes are arranged on the public block chain for authentication; where the participants are authenticated with a zero knowledge proof.
In the group-log perception, the participants also comprise task requesters, the task requesters and the cluster head nodes are registered on a public block chain, and the common nodes are registered on a private block chain;
a task requester establishes a sensing task on a block chain, and randomly selects a group of verifiers on a public block chain according to an encryption sorting algorithm to authenticate cluster head nodes; after the cluster head node is successfully authenticated, downloading a sensing task from the public blockchain, distributing the sensing task to common nodes on the blockchain, sending a message requesting participation in the sensing task by the common nodes which want to participate in the sensing task, triggering a sensing task intelligent contract, sharing the generated secret function to the common nodes registered on the private chain, and authenticating;
when any node fails in authentication, the information of the authentication failure is sent to the block chain, and then the node which fails in the authentication is logged out in the block chain.
Registering crowd sensing devices on a blockchain includes:
step S1.1: firstly, a node applies for an account on an Etherhouse, and then a public key and a private key of the account are obtained to carry out signature sha256 operation to be used as an id registered by a user;
s1.2, the node submits a registration request message and triggers an intelligent contract registered on a public link;
s1.3, inquiring node id stored in the public block chain according to the registration request message;
s1.4, if the id of the node already exists, returning a False to the node to tell the node that the user id already exists and the registration fails; otherwise, registration is carried out, the id of the task requester is stored in the block chain, the user type is changed into the corresponding node type, the registration success state needs to be changed into True, the True is returned to the node, the node is indicated to be successfully registered on the block chain, and the registration information is already stored in the block chain.
The cluster head node authentication is that once a task requester establishes a sensing task on a block chain, a group of verifiers are randomly selected on a public block chain according to an encryption sorting algorithm to authenticate cluster head nodes, the cluster head nodes which fail authentication modify the state values, cancel the nodes and modify the state values of all common nodes of the cluster head nodes.
The task requester issues a perception task intelligent contract when establishing a perception task, wherein the task information comprises perception task type, completion time and task state, and a secret function H is generated σ For node identity authentication, a secret function is shared with a cluster head node which is successfully registered on a public blockchain, and the cluster head node generates witness and proof prof to authenticate itself.
In a setting stage before cluster head node authentication, a task requester creates a Proving key and a Verifying key from a public reference character string CRS for creating and Verifying a Proof. When the Proving key is sent to the registered cluster head node, the Verfier key is sent to a block chain intelligent contract created for the identity verification of the cluster head node;
the cluster head node is registered and receives the identity verification element and then starts a certification generation phase, the cluster head node generates a certification at the phase, and the cluster head node has a valid certification
The cluster head node will prove through a pseudonymous address
And when the information is transmitted to the authentication intelligent contract on the public chain, the authentication is carried out from the selected j authenticators.
After the cluster head node is successfully authenticated, the sensing task is downloaded from the public block chain, the sensing task is distributed to the common nodes on the block chain, the common nodes which want to participate in the sensing task send out a message requesting to participate in the sensing task, the intelligent contract of the sensing task is triggered, the generated secret function is shared to the common nodes registered on the private chain, and the process of authenticating the identity of the common nodes by adopting a zero-knowledge proof mode is started.
The common node identity authentication comprises the following steps: task requester generated secret function H τ Sharing with registered participants so that the participants can generate witness and proof to prove themselves, the task requester further creates a proof key and a verification key from the CRS for creating and verifying proof, and when the proving key is sent to the participants, the verfier key is sent to the intelligent contract for block chain authentication; the participant registers and receives the authentication element, and the participant starts an evidence generation phase, and the participant generates an evidence at the phase; the proof sigma of participant node sends the proof sigma to the intelligent contract of identity verification on private chain through a pseudonym address, and the intelligent contract of identity verificationIf the contract is successfully verified, the information of the contract is stored locally. And if the verification is unsuccessful, the user is regarded as a malicious user, and the exist field is modified to be false.
The invention has the advantages that: the crowd sensing network is divided into a private block chain and a public block chain, and after a common user and a cluster head node user are respectively registered on the private block chain and the public block chain, the authentication of the identity of the common user and the authentication of the cluster head node user are realized through a zero-knowledge proof mode, so that the privacy protection and the reliable authentication of the equipment identity authentication in the crowd sensing are realized.
Drawings
The contents of the expressions in the various figures of the present specification and the labels in the figures are briefly described as follows:
FIG. 1 Mixed blockchain network model
FIG. 2 scheme flow chart
FIG. 3 node registration flow
FIG. 4 is a diagram of an authentication setup process between a common block chain and cluster head nodes
FIG. 5 proof of generation process diagram between common block chain and cluster head nodes
FIG. 6 is a verification process diagram of an authentication process between a common blockchain and a cluster head node
FIG. 7 is a flowchart of authentication between a common node and a cluster head node
FIG. 8 node deregistration flow diagram
Detailed Description
The following description of preferred embodiments of the invention will be made in further detail with reference to the accompanying drawings.
As shown in fig. 1, a distributed identity authentication method based on a block chain in crowd sensing includes, firstly, dividing the block chain into a public block chain and a private block chain in a hierarchical manner to implement hierarchical authentication, dividing participant devices of crowd sensing into common nodes and cluster head nodes, arranging the common nodes on the private block chain for authentication, and arranging the cluster head nodes on the public block chain for authentication; where the participants are authenticated with a zero knowledge proof.
In the cluster awareness, the parameter comprises a task requester, a common node and a cluster head node, wherein the task requester and the cluster head node are registered on a public block chain, and the common node is registered on a private block chain; after the crowd sensing task is issued, identity authentication needs to be performed on the participant equipment of the cluster head node and the participant equipment of the common node by respectively adopting zero knowledge proof.
In the present application, the task requester: task requesters need to complete data acquisition tasks, such as indoor positioning, intelligent traffic, environmental monitoring, behavioral awareness, and the like. They do not have sufficient capacity to perform their tasks themselves. The form and requirement of the needed perception data are defined as perception tasks and are issued on the block chain through intelligent contracts. The ordinary worker: common workers are nodes willing to contribute less computing power for sensing various data. Each common node belongs to only one cluster head network. The common nodes can only sense and transmit simple data, have weak calculation and storage capacity and limited energy, and cannot perform complex operation and data processing. The cluster head node should be a device with strong computing power, and the device needs to process data uploaded by the ordinary node.
Registering in a public block chain or a private block chain at user sensing equipment, entering an authentication step after the registration is finished, firstly setting, setting and issuing a sensing task intelligent contract by a task requester, setting and issuing task information including sensing task type, completion time and task state, and generating a secret function H σ For node identity authentication, and then a secret function H σ Sharing the cluster head node and the common node, then sending the generated proof into an intelligent contract of the node for verification and proof through a computing witness (witness) and a proof (proof), and after the proof is passed, successfully authenticating the identity and receiving a perception task; otherwise, the authentication fails, and the node is cancelled.
A task requester establishes a sensing task on a block chain, and randomly selects a group of verifiers on a public block chain according to an encryption sorting algorithm to authenticate cluster head nodes; after the cluster head node is successfully authenticated, downloading a sensing task from the public block chain, distributing the sensing task to common nodes on the block chain, sending a message requesting to participate in the sensing task by the common nodes which want to participate in the sensing task to trigger an intelligent contract of the sensing task, sharing the generated secret function to the common nodes registered on the private chain, and authenticating;
when any node fails in authentication, the information of the authentication failure is sent to the block chain, and then the node which fails in the authentication is logged out in the block chain.
Registering a crowd sensing device on a blockchain includes:
step S1.1: firstly, a node applies for an account on an Etherhouse, and then a public key and a private key of the account are obtained to perform a signature sha256 operation to be used as an id registered by a user;
s1.2, the node submits a registration request message and triggers an intelligent contract registered on a public link;
s1.3, inquiring node id stored in the public block chain according to the registration request message;
s1.4, if the id of the node already exists, returning a False to the node to tell the node that the user id already exists and the registration fails; otherwise, registration is carried out, the id of the task requester is stored in the block chain, the user type is changed into the corresponding node type, the registration success state needs to be changed into True, the True is returned to the node, the node is indicated to be successfully registered on the block chain, and the registration information is already stored in the block chain.
The cluster head node authentication is that once a task requester establishes a sensing task on a block chain, a group of verifiers are randomly selected on a public block chain according to an encryption sorting algorithm to authenticate cluster head nodes, the cluster head nodes which fail authentication modify the state values, cancel the nodes and modify the state values of all common nodes of the cluster head nodes.
The invention provides a participant hierarchical authentication model based on a mixed block chain, which can solve the problem that a participant authenticates the identity before executing a task and can protect some privacy data such as the position of the participant.
First, a multi-participant model is designed. There are many sensing devices in crowd sensing, and according to participation will, participants are divided into common nodes, and hierarchical authentication is performed on cluster head nodes, so that cooperation among the nodes is facilitated. A hybrid blockchain model is presented. In order to better adapt to a multi-participant hierarchical authentication model, authentication of common nodes is deployed on a local block chain, and cluster head nodes are deployed on a common block chain for authentication to form a mixed block chain model. And finally, authenticating the participants at different levels by using zero knowledge proof. The common node is authenticated by the cluster head node in the local block chain, the cluster head node is authenticated by the common block chain verifier, and the authentication on the calculation chain under the chain is realized by using a zokrates model, so that the workload of the block chain is greatly reduced.
Optionally, the public blockchain may select an ethernet house or a super ledger.
Optionally, the private blockchain may also be selected from an ethernet house or a super book.
The common node is the user's own equipment, and can be a mobile phone, a computer, an inductor and the like.
The cluster head node should be a device with strong computing power, and the device needs to process data uploaded by the ordinary node.
Using the zokrates model, code may be written in either language itself, depending on some API interface provided by the official website, and then a zero knowledge proof intelligent contract is generated, which is written in the solid language.
Optionally, the nodes are deployed in the blockchain by registering the nodes in the blockchain using an intelligent contract, and the intelligent contract may be written in a solid language or a chainode language.
The multi-participant model is not only a one-to-many model but also a one-to-many model, wherein only one common node is deployed on one private network, and the one private network can manage a plurality of common nodes. Meanwhile, a plurality of private link networks can be arranged to form a cluster. Each cluster head node manages a private chain network.
And identity authentication, namely verifying whether the identity of the participant meets the requirement according to the zero-knowledge verification intelligent contract. If so, the participant may proceed with task receipt. If the participant is found to be an attacker, the participant may be logged off if it is determined that the participant is an attacker.
As shown in fig. 1, a participant node hierarchical authentication model is designed according to different participation intentions of participants in a crowd sensing network, a mixed block chain is deployed according to the model, and a zookrates flow in non-interactive zero knowledge proof zksnrarks is introduced to realize hierarchical authentication. The model mainly comprises three entities: blockchains, task requesters and participants. As shown in fig. 2, the distributed identity authentication scheme based on the block chain in the group awareness includes the following steps:
step S1: firstly, sensing equipment is selected and divided into three node equipment, namely a task requester, an agent and a common worker, and the sensing equipment is registered on a block chain. Task requesters and agents are registered on a common blockchain. The generic worker registers onto the private block chain.
Step S2: a task requester establishes a sensing task on a block chain, and a group of verifiers are randomly selected on a public block chain according to an encryption sorting algorithm to authenticate cluster head nodes. After the cluster head node is successfully authenticated, the sensing task is downloaded from the public blockchain, the sensing task is distributed to the common nodes on the blockchain, the common nodes which want to participate in the sensing task send out a message requesting to participate in the sensing task to trigger the intelligent contract of the sensing task, and the generated secret function is shared to the common nodes registered on the private chain
And step S3: once one of the nodes fails to authenticate, the information of authentication failure is sent to the block chain, and then the node which fails to authenticate is logged off in the block chain.
Further, the method for selecting the sensing device in step S1 includes:
the task requester: task requesters need to complete data acquisition tasks, such as indoor positioning, intelligent traffic, environmental monitoring, behavioral awareness, and the like. They do not have sufficient capacity to perform their tasks themselves. The form and requirement of the required sensing data are defined as sensing tasks and are issued on the block chain through an intelligent contract.
The agent: the agent is mainly used for simply processing and forwarding sensing data from common nodes in the network, and is a node willing to contribute stronger computing and storage capacity.
The ordinary worker: common workers are nodes willing to contribute less computing power for sensing various data. Each common node belongs to only one cluster head network. The common nodes can only sense and transmit simple data, have weak calculation and storage capacity and limited energy, and cannot perform complex operation and data processing.
Further, the registration of the device is sensed in step S1, and the registration step as shown in fig. 3 is described as follows:
step S1.1, firstly, a node applies for an account on an Ether house, and then a public key and a private key of the account are obtained to perform a signature sha256 operation to be used as an id registered by a user.
S1.2 node submits registration request message, triggers public chain registration intelligent contract
And S1.3, inquiring the node id stored in the public block chain according to the registration request message.
And S1.4, if the id of the node is found to exist, returning a False to the node to tell the node that the user id exists, the user id cannot be used again, and the registration fails.
And S1.5, if the id of the task requester does not exist, the node is not registered and used on the blockchain, and registration can be carried out. The id of the task requester needs to be stored in the blockchain, and the user type (True: indicating the type of the task requester, false representing not the type of the task requester) needs to be changed to the corresponding node type, and the registration success state needs to be changed to True (False: indicating that the registration is not successful, true: indicating that the registration is successful). And finally returning and returning the True to the node, wherein the node is successfully registered on the blockchain, and the registration information is already stored in the blockchain.
The cluster head node authentication described in step S2 is that once the task requester establishes a sensing task on the blockchain, a group of verifiers (the probability is proportional to their funds on the blockchain) is randomly selected on the public blockchain according to an encryption sorting algorithm to authenticate the cluster head node, and the cluster head node that fails in authentication modifies its state value, revokes the node, and modifies all the common node state values of the cluster head node to which it belongs.
Step S2.1 the setup phase of the authentication process, as shown in fig. 2 and 4, describes the following steps:
step S2.1.1 the task requester issues a perception task intelligent contract, the task information includes perception task type, completion time, task state, and generates a secret function H σ For node identity authentication, G σ =sha 256(prk c | timestamp), where prk C A private key, timeStamp, representing the node that generated the secret function; the secret function is shared with cluster head nodes that have successfully registered on the public blockchain, which certify themselves by generating witnesses (witness) and certificates (proof). Finding a variable that satisfies the condition of the secret function is called witness (witness), and occurs during the proof-of-generation phase.
Step S2.1.2 in the setup phase, the task requester also creates a Proof key and a verification key from the public reference string (CRS) for creating and Verifying the Proof. When the Proving key is sent to the registered cluster head node, the Verfier key is sent to a block chain intelligent contract created for the identity verification of the cluster head node.
Step S2.2, the process of generating the certification by the cluster head node is described as follows as shown in fig. 5:
step S2.2.1: once the cluster head node is registered and receives the authentication elements (which are the secret function and the attestation key), it initiates an attestation generation phase in which the cluster head node generates attestation to attest to the secret function H τ To understand. The constraint set cst generating the proof is already compiled locally.
Step S2.2.2: the cluster head node begins the process by assigning a set of variables that satisfy the secret function parameters. Suppose that a cluster head node knows H τ And thus can provide a satisfactory value. Such variable assignments are referred to as generative witnesses. The cluster head node provides the public input PubInp = (timestamp), and the private input PriInp(prk c ) (here, the input mode provided by the zero-knowledge proof includes public input and private input, the public input can be changed, the private input cannot be changed, and the input is mainly used for verification. Where public input represents the timestamp of the input and private input represents the public key of the node of the input). We get witness ψ 1= witnessgen (cst, pubInp, priInp) (witness)), followed by a variable also representing witness, witness gen representing the function that generated the witness, cst: representing a set of constraints that generate a proof). Next, using the witness and attestation key P (P attestation key), the cluster head node generates a zk-snarks attestation
(zk-snarks are the proof of knowledge representing zero, proofGen is the function that generated the proof, the variable preceding the equal sign is the proof that generated)
Step S2.3 verification of the authentication process, as shown in fig. 6, the steps are described as follows:
step S2.3.1: at this time, the cluster head node has a valid certificate
(σ and
are all proof of representation, but for different nodes, proof: collectively, the other two are variables). The cluster head node will prove through a pseudonymous address
And when the information is transmitted to an authentication intelligent contract (authentication intelligent contract: representing an intelligent contract used for node authentication; task-aware intelligent contract: representing an intelligent contract which a node receives a task) on the public chain, performing verification from the selected j verifiers.
Step S2.3.2: we need to ensure that the selected verifier must have a sufficient balance in their blockchain account for subsequent penalties. In selecting verifiers with sufficient balances, we use the encryption ranking algorithm VRF to randomly select a set of verifiers based on their balances. Having the authenticator selection process execute securely on the public blockchain in a non-interactive and random manner prevents denial of service (DoS) attacks because the attacker cannot know in advance which authenticator to select later.
Step S2.3.3: specifically, the currency in each validator node blockchain account is quantified as a number of currency units, denoted as w. A probability binomial distribution of exactly j selected from w monetary units:
p is the systematic probability of selecting a currency unit
w represents the monetary unit possessed by the verifier. To determine the exact number of currency units selected by the validator, probabilities are used
A set of contiguous intervals within a construct range of [0,1 ]
Here, a random value t ∈ [0,1) is mapped to a specific interval I j Still with the same probability as B (j; w, p), the value j corresponding to the interval to which t belongs can then be used to represent the number of selected monetary units.
To make the above sorting process verifiable over the blockchain, t is defined by a verifiable random function VRF [29 ]]Computing, in particular
Wherein hash is using sd and authenticationThe key sk of the device is the pseudo-random hash value output from the VRF, len being the bit length of the hash. Note that when the hashes are evenly distributed between 0 and len, t falls randomly in [0,1). Furthermore, the hash given by the verifier can be verified by the VRF using its public verification key pk, so t can be regenerated in a verifiable manner on the smart contract. After performing the local encryption sequencing process, each validator learns a value j, which indicates how many of the owned currency units were selected, if j>0, the verifier sends a proof of ordering (hash, π) to the smart contract to participate in the authentication task. (hash, π) will be verified by VRF examination that VRF = (Gen, eval, pro, verify) generates a publicly verifiable pseudorandom value. Given a security parameter λ, a probabilistic key generator gen (1 λ) generates a secret key sk and a publicly verifiable key pk. With sk and information x, the evaluator Evalsk (x) outputs a pseudo-random value y, and a proof program Provesk (x) generates a proof pi, which proves that y is consistent with pk. Finally, the verifier verifies the proof from Verifypk (π, x, y) as input. Repeating the sorting process after verification to obtain a value j, if the regenerated value j is obtained>0, then the smart contract will record the authenticator's identity and the value j. And the selected verifier executes the verification task, and if the verification is successful, the related information is stored on the public chain and the verifier is paid with a certain fund. If the verification fails: and (4) canceling the cluster head node, and selecting a new cluster head node according to the account balance. The value of j is the amount of currency selected in the selected validator, and is used as a criterion for selecting the validator. The selected verifier executes the authentication intelligent contract, and the judgment basis of successful verification is the verification result of the generated zk-SNARKs certificate.
Step S2.4 authentication between the common node and the cluster head node is described as follows as shown in fig. 7:
and S2.4.1, downloading the sensing task from the public block chain after the cluster head node is successfully authenticated, distributing the sensing task to the common nodes on the block chain, and sending a message requesting to participate in the sensing task by the common nodes which want to participate in the sensing task to trigger the intelligent contract of the sensing task to share the generated secret function to the common nodes registered on the private chain. And starting the identity authentication process of the common node.
Step S2.4.2 binary set in this step, we implement a secret function H that proves difficult enough τ It requires the prover to prove its knowledge of the hash function primitive. The difficulty in providing an invalid input to solve the secret function is therefore to generate a τ ', e.g. τ' ≠ τ and H τ′ =H τ . (secret function denoted here as tau', an example being enumerated)
Task requester generates a secret function H τ =sha 256(puk u | timestamp) is shared with the registered participants so that the participants can generate witness and proof to themselves. The task requester also creates a certification key verfier key and a verification key verfier key from the Common Reference String (CRS) for use in creating and verifying the certification. When the provisioning key is sent to the participant, the verfier key is sent to the blockchain authentication intelligence contract.
Step S2.4.3 generating proof once a participant registers and receives an authentication element, it initiates an evidence generation phase in which the participant generates proof to prove to secret function H τ To understand. Participant nodes utilize a common input timestamp PubInp (timestamp) to prevent replay attacks. Private input PrInp (prk) n ). Witnesses were calculated using the function witness ψ 2= witnessgen (P2, Ψ 2), circuit proof key P2, user generated zk-snarks proof σ = proofGen (PubInp, priInp). (witness and witness to represent ordinary nodes, above witness and witness to cluster head nodes)
Step S2.4.3 at this point the participant node has a proof of proof σ. And sending the proof sigma to the identity verification intelligent contract on the private chain through a pseudonymous address, and storing the belonged information and the like locally if the identity verification intelligent contract is successfully verified. And if the verification is unsuccessful, the user is regarded as a malicious user, and the exist field is modified to be false.
Finally, S3, the node that failed in verification logs off in the block chain, as shown in fig. 8, the steps are as follows:
step S3.1: if the identity authentication of the common participant node fails, the intelligent contract deployed on the cluster head node executes a node logout program, and the exist field of the node is modified.
Step S3.2: if the verifier receives the authentication failure of the certificate generated by the cluster head node, the user is regarded as a malicious user, the intelligent contract executes a node logout program, and the external field of the modified node is false.
It is clear that the specific implementation of the invention is not restricted to the above-described embodiments, but that various insubstantial modifications of the inventive process concept and technical solutions are within the scope of protection of the invention.
Claims (8)
1. A distributed identity authentication method based on a block chain in the group knowledge sensing is characterized in that: dividing participants into common nodes and cluster head nodes in a swarm intelligence perception system, arranging the common nodes on a private block chain for authentication, and arranging the cluster head nodes on a public block chain for authentication; where the participants are authenticated with a zero knowledge proof.
2. The distributed identity authentication method based on the block chain in the awareness of the group as claimed in claim 1, wherein: in the group-oriented sensing, the participants also comprise task requesters, the task requesters and the cluster head nodes are registered on a public block chain, and the common nodes are registered on a private block chain;
a task requester establishes a sensing task on a block chain, and randomly selects a group of verifiers on a public block chain according to an encryption sorting algorithm to authenticate cluster head nodes; after the cluster head node is successfully authenticated, downloading a sensing task from the public block chain, distributing the sensing task to common nodes on the block chain, sending a message requesting to participate in the sensing task by the common nodes which want to participate in the sensing task to trigger an intelligent contract of the sensing task, sharing the generated secret function to the common nodes registered on the private chain, and authenticating;
when any node fails in authentication, the information of the authentication failure is sent to the block chain, and then the node which fails in the authentication is logged out in the block chain.
3. The distributed identity authentication method based on the block chain in the knowledge awareness according to claim 1 or 2, wherein: registering a crowd sensing device on a blockchain includes:
step S1.1: firstly, a node applies for an account on an Etherhouse, and then a public key and a private key of the account are obtained to perform a signature sha256 operation to be used as an id registered by a user;
s1.2, the node submits a registration request message and triggers an intelligent contract registered on a public link;
s1.3, inquiring node id stored in the public block chain according to the registration request message;
s1.4, if the id of the node already exists, returning a False to the node to tell the node that the user id already exists and the registration fails; otherwise, registration is carried out, the id of the task requester is stored in the block chain, the user type is changed into the corresponding node type, the registration success state needs to be changed into True, the True is returned to the node, the node is indicated to be successfully registered on the block chain, and the registration information is already stored in the block chain.
4. The distributed identity authentication method based on the block chain in the knowledge awareness according to claim 1 or 2, wherein: the cluster head node authentication is that once a task requester establishes a sensing task on a block chain, a group of verifiers are randomly selected on a public block chain according to an encryption sorting algorithm to authenticate cluster head nodes, the cluster head nodes which fail authentication modify the state values, cancel the nodes and modify the state values of all common nodes of the cluster head nodes.
5. The distributed identity authentication method based on the block chain in the knowledge awareness according to any one of claims 1 to 4, wherein: the task requester issues a perception task intelligent contract when establishing a perception task, wherein the task information comprises perception task type, completion time and task state, and a secret function H is generated σ For node identity authentication, a secret function is shared with cluster head nodes which are successfully registered on a public block chain, and the cluster head nodes are connectedWitness and proof of proof have been generated to prove oneself.
6. The distributed identity authentication method based on the block chain in the awareness of the group as claimed in claim 5, wherein: in a setting stage before cluster head node authentication, a task requester creates a Proving key and a Verifying key from a public reference character string CRS for creating and Verifying a Proof. When the Proving key is sent to the registered cluster head node, the Verfier key is sent to a block chain intelligent contract created for the identity verification of the cluster head node;
the cluster head node is registered and receives the identity verification element and then starts a certification generation phase, the cluster head node generates a certification at the phase, and the cluster head node has an effective certification proof
The cluster head node will prove through a pseudonymous address
And when the information is transmitted to the authentication intelligent contract on the public chain, the authentication is carried out from the selected j authenticators.
7. The distributed identity authentication method based on the block chain in the awareness of the group according to any one of claims 1 to 6, wherein: after the cluster head node is successfully authenticated, the sensing task is downloaded from the public block chain, the sensing task is distributed to the common nodes on the block chain, the common nodes which want to participate in the sensing task send out a message requesting to participate in the sensing task, the intelligent contract of the sensing task is triggered, the generated secret function is shared to the common nodes registered on the private chain, and the process of authenticating the identity of the common nodes in a zero-knowledge proof mode is started.
8. The distributed identity authentication method based on the block chain in the awareness of the group as claimed in claim 7, wherein: the common node identity authentication comprises the following steps: task requester generated secret function H τ Sharing with registered participants so that the participants can generate witness and proof to prove themselves, the task requester further creates a proof key and a verification key from the CRS for creating and verifying proof, and when the proving key is sent to the participants, the verfier key is sent to the intelligent contract for block chain authentication; the participant registers and receives the authentication element, and the participant starts an evidence generation phase, and the participant generates an evidence at the phase; and the proof sigma of the participant node sends the proof sigma to an identity verification intelligent contract on a private chain through a pseudonym address, and the information of the identity verification intelligent contract is stored locally if the identity verification intelligent contract is successfully verified. And if the verification is unsuccessful, the user is regarded as a malicious user, and the exist field is modified to be false.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210369735.6A CN115189882B (en) | 2022-04-08 | 2022-04-08 | Block chain-based distributed identity authentication method in crowd sensing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210369735.6A CN115189882B (en) | 2022-04-08 | 2022-04-08 | Block chain-based distributed identity authentication method in crowd sensing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115189882A true CN115189882A (en) | 2022-10-14 |
| CN115189882B CN115189882B (en) | 2024-04-30 |
Family
ID=83512471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210369735.6A Active CN115189882B (en) | 2022-04-08 | 2022-04-08 | Block chain-based distributed identity authentication method in crowd sensing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115189882B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20200087913A (en) * | 2019-01-11 | 2020-07-22 | 서강대학교산학협력단 | System and method for providing secret electronic voting service based on blockchain |
| CN112291354A (en) * | 2020-10-31 | 2021-01-29 | 南京工业大学 | Privacy protection method for participants of crowd sensing MCS based on block chain |
| CN114158037A (en) * | 2021-11-19 | 2022-03-08 | 国网冀北电力有限公司 | Internet of things equipment identity authentication method and system based on hierarchical block chain |
-
2022
- 2022-04-08 CN CN202210369735.6A patent/CN115189882B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20200087913A (en) * | 2019-01-11 | 2020-07-22 | 서강대학교산학협력단 | System and method for providing secret electronic voting service based on blockchain |
| CN112291354A (en) * | 2020-10-31 | 2021-01-29 | 南京工业大学 | Privacy protection method for participants of crowd sensing MCS based on block chain |
| CN114158037A (en) * | 2021-11-19 | 2022-03-08 | 国网冀北电力有限公司 | Internet of things equipment identity authentication method and system based on hierarchical block chain |
Non-Patent Citations (2)
| Title |
|---|
| WEISHENG WEN ET.AL: "Data security management of logistics network based on blockchain technology", 《2021 IEEE 4TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS AND COMPUTER AIDED EDUCATION (ICISCAE)》, 11 November 2021 (2021-11-11) * |
| 张利华;胡方舟;黄阳;万源华;李晶晶;: "基于联盟链的微电网身份认证协议", 应用科学学报, no. 01, 30 January 2020 (2020-01-30) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115189882B (en) | 2024-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Baza et al. | B-ride: Ride sharing with privacy-preservation, trust and fair payment atop public blockchain | |
| Dwivedi et al. | Blockchain-based secured IPFS-enable event storage technique with authentication protocol in VANET | |
| Huang et al. | Secure automated valet parking: A privacy-preserving reservation scheme for autonomous vehicles | |
| Guo et al. | Proof-of-event recording system for autonomous vehicles: A blockchain-based solution | |
| Jabbar et al. | Blockchain for the Internet of Vehicles: How to use blockchain to secure vehicle-to-everything (V2X) communication and payment? | |
| Wang et al. | Challenges and solutions in autonomous driving: A blockchain approach | |
| CN110311899A (en) | Multiservice system access method, device and server | |
| Feng et al. | Blockchain-based data management and edge-assisted trusted cloaking area construction for location privacy protection in vehicular networks | |
| EP3895105A1 (en) | Communication network node, methods, and a mobile terminal | |
| Shivers et al. | Ride-hailing for autonomous vehicles: Hyperledger fabric-based secure and decentralize blockchain platform | |
| Hataba et al. | Security and privacy issues in autonomous vehicles: A layer-based survey | |
| Lee et al. | Design of a two layered blockchain-based reputation system in vehicular networks | |
| CN110910110B (en) | Data processing method and device and computer storage medium | |
| Rudra | Impact of Blockchain for internet of Things Security | |
| Olakanmi | SAPMS: a secure and anonymous parking management system for autonomous vehicles | |
| Zhang et al. | Secure and reliable parking protocol based on blockchain for VANETs | |
| Wang et al. | An Efficient Data Sharing Scheme for Privacy Protection Based on Blockchain and Edge Intelligence in 6G‐VANET | |
| Profentzas et al. | Iotlogblock: Recording off-line transactions of low-power iot devices using a blockchain | |
| CN111241188A (en) | Consensus method in block chain network, node and storage medium | |
| CN117375797A (en) | Anonymous authentication and vehicle-mounted information sharing method based on blockchain and zero knowledge proof | |
| Yan et al. | Reputation consensus-based scheme for information sharing in internet of vehicles | |
| Kaurav et al. | Blockchain for emergency vehicle routing in healthcare services: An integrated secure and trustworthy system | |
| CN111866993A (en) | Wireless local area network connection management method, device, software program and storage medium | |
| Tang et al. | PSSBP: A privacy-preserving scope-query searchable encryption scheme based on blockchain for parking lots sharing in vehicular networks | |
| CN116389478A (en) | Four-network fusion data sharing method based on blockchain and federal learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |