CN115189882B - Block chain-based distributed identity authentication method in crowd sensing - Google Patents
Block chain-based distributed identity authentication method in crowd sensing Download PDFInfo
- Publication number
- CN115189882B CN115189882B CN202210369735.6A CN202210369735A CN115189882B CN 115189882 B CN115189882 B CN 115189882B CN 202210369735 A CN202210369735 A CN 202210369735A CN 115189882 B CN115189882 B CN 115189882B
- Authority
- CN
- China
- Prior art keywords
- blockchain
- node
- task
- cluster head
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 241000854291 Dianthus carthusianorum Species 0.000 claims abstract description 97
- 230000008447 perception Effects 0.000 claims abstract description 22
- 230000006870 function Effects 0.000 claims description 32
- 238000012795 verification Methods 0.000 claims description 28
- 230000008569 process Effects 0.000 claims description 16
- 230000001960 triggered effect Effects 0.000 claims description 2
- 238000012358 sourcing Methods 0.000 claims 6
- 238000012544 monitoring process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 230000007613 environmental effect Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000011160 research Methods 0.000 description 3
- 230000015572 biosynthetic process Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000003786 synthesis reaction Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000008451 emotion Effects 0.000 description 1
- 230000005284 excitation Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008566 social perception Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/24—Connectivity information management, e.g. connectivity discovery or connectivity update
- H04W40/32—Connectivity information management, e.g. connectivity discovery or connectivity update for defining a routing cluster membership
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a distributed identity authentication method based on a blockchain in crowd sensing, wherein participants are divided into common nodes and cluster head nodes in the crowd sensing system, the common nodes are arranged on a private blockchain for authentication, and the cluster head nodes are arranged on a public blockchain for authentication; wherein the participant is authenticated with zero knowledge proof. The invention has the advantages that: the group intelligent perception network is divided into a private block chain and a public block chain, and after the common user and the cluster head node user are respectively registered on the private block chain and the public block chain, authentication of the common user identity and authentication of the cluster head node user are realized through a zero knowledge proof mode, so that privacy protection and reliable authentication of equipment identity authentication in group intelligent perception are realized.
Description
Technical Field
The invention relates to the field of blockchain technology (combination of private chains and public chains) and group knowledge perception, in particular to an identity authentication method based on zero knowledge proof of blockchains in group intelligence perception.
Background
Crowd sensing mainly contributes to the internet of things (IoT) ecosystem by collecting data from sensors in a generalized manner through various smart devices such as smartphones, music players, tablet computers, wearable devices, and vehicle-mounted sensors, and directing the data to specific MCS servers. The MCS has been used in many areas of smart cities. For example, urban air temperature, noise environment detection monitoring, social group behavior analysis, health monitoring, and the like are perceived by using various sensors in smartphones (such as satellite navigation, microphones, cameras, light sensors, accelerometers, compasses, and gyroscopes). A plurality of sensors and wireless devices are also arranged on the vehicle in the intelligent transportation system, including cameras, GPS, lateral acceleration sensors, vehicle-mounted devices and the like, and are used for sensing urban congestion conditions, automobile arrival time, available parking spaces and the like, so that great convenience is brought to life of people. From a large application direction, the application scenario of the MCS mainly includes several aspects of environmental monitoring, providing public basic services and social perception.
Crowd sensing brings great convenience to life of people, however, because a centralized server is relied on to issue tasks and collect sensing data, the traditional crowd sensing system has single-point faults and other threats. The blockchain is used as a novel distributed system technology, accords with the distributed characteristics of crowd sensing, and provides a novel method for solving the safety problem in crowd sensing. However, crowd-aware security and blockchain are still under exploration, and existing blockchain-based approaches still suffer from a number of problems.
In the current crowd sensing security research, related works of the blockchain mainly comprise a crowd sensing system architecture, an incentive mechanism, privacy protection and the like. The architecture research of the crowd sensing system based on the blockchain mainly focuses on the distribution characteristics of participants in the crowd sensing and how to better adapt to the topological structure of the blockchain, so that the unification of the logic structures of the participants and the blockchain is realized, and the blockchain is enabled to better serve the safety of the crowd sensing. Blockchain-based incentive mechanism research mainly considers how to utilize distributed characteristics to mobilize enthusiasm of participants, and intelligent contracts to design better task allocation and rewards and punishments. The privacy protection based on the block chain mainly achieves the protection of user privacy information in the process of sensing data uploading through a task distribution mode and an excitation mechanism design.
However, these crowd-sourced solutions do not take into account the authentication and privacy protection of the participants before performing the awareness tasks.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a distributed identity authentication method based on a blockchain in crowd sensing, which is used for authenticating identities of crowd sensing participants by adopting zero knowledge proof so as to realize privacy protection of the identity authentication.
In order to achieve the above purpose, the technical scheme adopted by the invention is as follows: a distributed identity authentication method based on block chains in crowd sensing divides participants into common nodes and cluster head nodes in a crowd sensing system, the common nodes are arranged on private block chains for authentication, and the cluster head nodes are arranged on public block chains for authentication; wherein the participant is authenticated with zero knowledge proof.
In the group emotion perception, the participants also comprise task requesters, the task requesters and the cluster head nodes are registered on the public blockchain, and the common nodes are registered on the private blockchain;
The task requester establishes a perception task on a block chain, randomly selects a group of verifiers on a public block chain according to an encryption ordering algorithm, and authenticates the cluster head node; after the cluster head node is authenticated successfully, a sensing task is downloaded from a public blockchain, the sensing task is distributed to common nodes on the blockchain, and the common nodes which want to participate in the sensing task send a message requesting to participate in the sensing task to trigger a sensing task intelligent contract to share the generated secret function with common nodes registered on a private chain and authenticate;
When any node fails to authenticate, the information of authentication failure is sent to the blockchain, and then the node which fails to authenticate is logged off in the blockchain.
The crowd sensing device registering on the blockchain includes:
step S1.1: firstly, a node applies for an account on an Ethernet, then obtains a public key and a private key of the account to perform signature sha256 operation, and uses the public key and the private key as an id registered by a user;
s1.2, submitting a registration request message by a node, and triggering a registration intelligent contract on a public chain;
s1.3, inquiring node ids stored in a public blockchain according to a registration request message;
Step S1.4, if the id of the node already exists, returning a False to the node, and informing the node that the user id already exists and that the registration fails; otherwise, registering, storing the id of the task requester into the blockchain, changing the user type into the corresponding node type, changing the successful registration state into True, and returning True to the node, which means that the node is successfully registered on the blockchain, and the registration information is already stored in the blockchain.
The cluster head node authentication is that once a task requester establishes a perception task on a blockchain, a group of verifiers are randomly selected on a public blockchain according to an encryption ordering algorithm to authenticate the cluster head node, the cluster head node with failed authentication modifies the state value, cancels the node and modifies all the common node state values of the cluster head node to which the cluster head node belongs.
The task requester issues a perceived task intelligence contract when building a perceived task, the task information including perceived task type, completion time, task status, and generates a secret function H σ for node identity authentication, the secret function being shared with cluster head nodes that have been successfully registered on the common blockchain, the cluster head nodes proving themselves by generating witness witness and proving proof.
In the setup phase before cluster head node authentication, the task requester creates a certification key Proving key and a verification key VERIFYING KEY from the common reference string CRS for creating and verifying a certification Proof. Proving key to a registered cluster head node, VERFIER KEY to a blockchain smart contract created for cluster head node identity verification;
After the cluster head node is registered and receives the identity verification element, a certification generation stage is started, at which the cluster head node generates a certification, and the cluster head node has a valid certification The cluster head node will prove/>, by a pseudonymous addressAnd when the authentication intelligent contract is sent to the public chain, verifying from the j verifiers.
After the cluster head node is authenticated successfully, a sensing task is downloaded from a public blockchain, the sensing task is distributed to common nodes on the blockchain, the common nodes which want to participate in the sensing task send a message requesting to participate in the sensing task, the intelligent contract of the sensing task is triggered to share the generated secret function with the common nodes registered on the private chain, and the process of authenticating the identity of the common nodes in a zero knowledge proof mode is started.
The common node identity authentication comprises the following steps: the secret function H τ generated by the task requester is shared with the registered participants so that the participants can generate witness and proof to prove themselves, the task requester also creates a proof key VERFIER KEY and a verification key VERFIER KEY from the common reference string CRS for creating and verifying the proof, VERFIER KEY is sent to the blockchain authentication smart contract when proving key is sent to the participants; the participant registers and receives the authentication element, which initiates an evidence generation phase in which the participant generates a proof; the authentication proof sigma of the participant node sends the authentication proof sigma to the authentication intelligent contract on the private chain through a pseudonym address, and the information and the like are stored locally if the authentication intelligent contract is successfully authenticated. If the verification is unsuccessful, the user is considered as a malicious user, and the exist field is modified to be false.
The invention has the advantages that: the group intelligent perception network is divided into a private block chain and a public block chain, and after the common user and the cluster head node user are respectively registered on the private block chain and the public block chain, authentication of the common user identity and authentication of the cluster head node user are realized through a zero knowledge proof mode, so that privacy protection and reliable authentication of equipment identity authentication in group intelligent perception are realized.
Drawings
The contents of the drawings and the marks in the drawings of the present specification are briefly described as follows:
FIG. 1 hybrid blockchain network model
FIG. 2 is a flow chart of the scheme
FIG. 3 node registration flow
FIG. 4 is a diagram of an authentication setup procedure between a common blockchain and cluster head nodes
FIG. 5 is a diagram of a proof of generation process between a common blockchain and cluster head nodes
FIG. 6 is a verification process diagram of an authentication process between a common blockchain and cluster head nodes
FIG. 7 is a flow chart for authentication between a regular node and a cluster head node
FIG. 8 node cancellation flow chart
Detailed Description
The following detailed description of the invention refers to the accompanying drawings, which illustrate preferred embodiments of the invention in further detail.
As shown in FIG. 1, a distributed identity authentication method based on blockchain in crowd sensing is characterized in that firstly, a layering mode is adopted to divide blockchain into public blockchain and private blockchain to realize layering authentication, the crowd sensing participant equipment is divided into common nodes and cluster head nodes, the common nodes are arranged on the private blockchain to perform authentication, and the cluster head nodes are deployed on the public blockchain to perform authentication; wherein the participant is authenticated with zero knowledge proof.
In the group log sensing, the parameter comprises a task requester, a common node and a cluster head node, wherein the task requester and the cluster head node are registered on a public block chain, and the common node is registered on a private block chain; after the group intelligence perception task is released, the identity authentication of the cluster head node and the participant equipment of the common node is required to be carried out by adopting zero knowledge proof.
In the present application, the task requester: task requesters need to complete data acquisition tasks such as indoor positioning, intelligent traffic, environmental monitoring, behavior perception, etc. But they do not have sufficient capacity to complete their own tasks. The form and requirements of the needed sense data are defined as sense tasks, published approximately on the blockchain through intelligent synthesis. Ordinary workers: the average worker is a node willing to contribute less computing power for perceiving various data. Each common node belongs to only one cluster head network. The common node can only sense and transmit simple data, has weak computing and storage capacity and limited energy, and cannot perform complex operation and data processing. The cluster head node should be a device with a very high computational power, which needs to process the data uploaded by the regular node.
After the user sensing equipment is registered in a public blockchain or a private blockchain, an authentication step is carried out, firstly, setting is needed, a task requester sets and issues a sensing task intelligent contract, task information comprises a sensing task type, a finishing time and a task state, a secret function H σ is generated for node identity authentication, then the secret function H σ is shared to a cluster head node and a common node, then the generated proof is sent into the intelligent contract of the node for verification and proof through calculation (witness) and proof (proof), and after the verification is passed, the identity authentication is successful, and the sensing task is received; otherwise, authentication fails and the node is logged off.
The task requester establishes a perception task on a block chain, randomly selects a group of verifiers on a public block chain according to an encryption ordering algorithm, and authenticates the cluster head node; after the cluster head node is authenticated successfully, a sensing task is downloaded from a public blockchain, the sensing task is distributed to common nodes on the blockchain, and the common nodes which want to participate in the sensing task send a message requesting to participate in the sensing task to trigger a sensing task intelligent contract to share the generated secret function with common nodes registered on a private chain and authenticate;
When any node fails to authenticate, the information of authentication failure is sent to the blockchain, and then the node which fails to authenticate is logged off in the blockchain.
The crowd sensing device registering on the blockchain includes:
step S1.1: firstly, a node applies for an account on an Ethernet, then obtains a public key and a private key of the account to perform signature sha256 operation, and uses the public key and the private key as an id registered by a user;
s1.2, submitting a registration request message by a node, and triggering a registration intelligent contract on a public chain;
s1.3, inquiring node ids stored in a public blockchain according to a registration request message;
Step S1.4, if the id of the node already exists, returning a False to the node, and informing the node that the user id already exists and that the registration fails; otherwise, registering, storing the id of the task requester into the blockchain, changing the user type into the corresponding node type, changing the successful registration state into True, and returning True to the node, which means that the node is successfully registered on the blockchain, and the registration information is already stored in the blockchain.
The cluster head node authentication is that once a task requester establishes a perception task on a blockchain, a group of verifiers are randomly selected on a public blockchain according to an encryption ordering algorithm to authenticate the cluster head node, the cluster head node with failed authentication modifies the state value, cancels the node and modifies all the common node state values of the cluster head node to which the cluster head node belongs.
The invention provides a participant layering authentication model based on a mixed blockchain, which can solve the problem that the participant performs identity authentication before executing tasks and can protect some privacy data such as positions and the like of the participant.
A multi-participant model was first devised. There are many kinds of sensing devices in crowd sensing, according to the participation will, the participants are divided into common nodes, the cluster head nodes perform layered authentication, and the cooperation between the nodes is facilitated. A hybrid blockchain model is presented. In order to better adapt to the multi-participant hierarchical authentication model, the authentication of the common node is deployed on the local blockchain, and the cluster head node is deployed on the public blockchain for authentication, so that a hybrid blockchain model is formed. Finally, the zero knowledge proof is utilized to authenticate the participants in different layers. Common nodes are authenticated by the cluster head nodes in the local blockchain, the cluster head nodes are authenticated by the public blockchain verifier, and the zokrates model is used for realizing the authentication on the computational chain under the chain, so that the workload of the blockchain is greatly reduced.
Alternatively, the public blockchain may select an ethernet or super ledger.
Alternatively, the private blockchain may also select ethernet or super ledger.
The common node is the user's own equipment, and can be a mobile phone, a computer, an inductor and the like.
The cluster head node should be a device with a very high computational power, which needs to process the data uploaded by the regular node.
Using the zokrates model, code can be written using or language itself according to some API interface provided by the official network, and then a zero knowledge proof smart contract is generated, which is written in solidity language.
Alternatively, the deployment of nodes to the blockchain is registration to the blockchain using a smart contract, which may be written in solidity or chaincode.
The multi-participant model is not only that only one common node is deployed on a private network, but one-to-many model, and one private network can manage a plurality of common nodes. Meanwhile, a plurality of private network can also be provided to form a cluster. Each cluster head node manages a private chain network.
And authenticating the identity, and verifying whether the identity of the participant meets the requirement according to the zero-knowledge verification intelligent contract. If so, the participant may perform task reception. If an unsatisfactory situation is found, it can be determined that the participant is an attacker, and the participant is logged off.
As shown in fig. 1, according to the difference of participation willingness of participants in a crowd-sourced network, a participant node hierarchical authentication model is designed, and according to the model, a mixed blockchain is deployed, and Zokrates flow in a non-interactive zero knowledge proof zkSNARKs is introduced to realize hierarchical authentication. The model mainly comprises three entities: blockchains, task requesters, and participants. As shown in fig. 2, the distributed identity authentication scheme based on blockchain in crowd sensing comprises the following steps:
step S1: firstly, selecting sensing equipment, wherein the sensing equipment is divided into three node equipment of a task requester, an agent and an ordinary worker, and registering the sensing equipment on a blockchain. Task requesters and agents register on a common blockchain. The average worker registers with the private blockchain.
Step S2: the task requester establishes a perception task on the block chain, and randomly selects a group of verifiers on the public block chain according to an encryption ordering algorithm to authenticate the cluster head nodes. After the cluster head node is authenticated successfully, the sensing task is downloaded from the public blockchain, the sensing task is distributed to the common nodes on the blockchain, the common nodes which want to participate in the sensing task send a message requesting to participate in the sensing task to trigger the sensing task intelligent contract to share the generated secret function with the common nodes registered on the private chain
Step S3: once authentication of one node fails, information of authentication failure is sent to the blockchain, and then the node with authentication failure is logged off in the blockchain.
Further, the method for selecting the sensing device in step S1 includes:
Task requesters: task requesters need to complete data acquisition tasks such as indoor positioning, intelligent traffic, environmental monitoring, behavior perception, etc. But they do not have sufficient capacity to complete their own tasks. The form and requirements of the needed sense data are defined as sense tasks, published approximately on the blockchain through intelligent synthesis.
Agent: the agent is mainly used for simply processing and forwarding perceived data from common nodes in the network, and is a node willing to contribute stronger computing and storage capacity.
Ordinary workers: the average worker is a node willing to contribute less computing power for perceiving various data. Each common node belongs to only one cluster head network. The common node can only sense and transmit simple data, has weak computing and storage capacity and limited energy, and cannot perform complex operation and data processing.
Further, the registration of the sensing device in step S1, the registration step as shown in fig. 3 is described as follows:
Step S1.1, firstly, a node applies for an account on an Ethernet, and then, the node obtains a public key and a private key of the account to perform signature sha256 operation to be used as an id registered by a user.
S1.2 node submits registration request message to trigger the public chain to register intelligent contract
And S1.3, inquiring the node ids stored in the public blockchain according to the registration request message.
If the id of the node is found to exist, a False is returned to the node, and the node is informed that the user id exists, the user id can not be used again and the registration fails.
If the id of the task requester does not exist, the step S1.5 indicates that the node is not registered and used in the blockchain, and the registration can be performed. The id of the task requester needs to be stored in the blockchain, and the user type (True: indicating the task requester type, false represents not the task requester type) needs to be changed to the corresponding node type, and the registration success state needs to be changed to True (False: indicating no registration success, true: indicating registration success). And finally returning True to the node, wherein the True is used for indicating that the node is successfully registered on the blockchain, and the registration information is stored in the blockchain.
The cluster head node authentication described in step S2 is that once the task requester establishes a perceived task on the blockchain, a group of verifiers (the probability is proportional to their funds on the blockchain) is randomly selected on the public blockchain according to the encryption ordering algorithm to perform the authentication of the cluster head node, the cluster head node that failed in authentication will modify its state value, revoke the node, and modify all the common node state values of the cluster head nodes that belong to.
Step S2.1 the setup phase of the authentication procedure, as illustrated in fig. 2,4, is described as follows:
Step S2.1.1 the task requester issues a aware task intelligence contract, the task information includes a aware task type, a completion time, a task state, and generates a secret function H σ for node identity authentication, H σ=sha256(prkc i time stamp), wherein prk C refers to a private key of the node, time stamp represents a timeStamp of the generation of the secret function; the secret function is shared with cluster head nodes that have successfully registered on the common blockchain, which prove themselves by generating witness (witness) and proof (proof). Finding a variable that satisfies the secret function condition is called witness (witness) and occurs during the generate attestation phase.
Step S2.1.2 during the setup phase, the task requester also creates a certification key Proving key and a verification key VERIFYING KEY from a Common Reference String (CRS) for creating and verifying a certification Proof. Proving key to registered cluster head nodes, VERFIER KEY to a blockchain smart contract created for cluster head node identity verification.
Step S2.2 the cluster head node generates a proof procedure, which is described as follows in fig. 5:
Step S2.2.1: once the cluster head node is registered and receives the authentication element (the authentication element is a secret function and a proof key), it initiates a proof generation phase, at which the cluster head node generates a proof to prove its knowledge of the secret function H τ. The constraint set cst that generated the proof has been compiled locally.
Step S2.2.2: the cluster head node starts the process by assigning a set of variables that satisfy the secret function parameters. It is assumed that the cluster head node knows H τ and can therefore provide a satisfactory value. Such variable assignment is referred to as generating witness. The cluster head node provides a public input PubInp = (timestamp), a private input PriInp (prk c) (here mainly the input way provided by zero knowledge proof, the input way has a public input and a private input, the public input can be changed, the private input can not be changed, and mainly the input used for verification. Yielding witness ψ1= WITNESSGEN (cst, pubInp, priInp) (witness (witness)), followed by a variable also representing witness, WINTNESSGEN representing the function that generates witness, cst: representing a constraint set that generates a proof). Next, using witness and attestation key P (P attestation key shorthand (proving key)), the cluster head node generates zk-snarks attestation(Zk-snarks is the verification process representing zero knowledge proof, proofGen represents the function of generating the proof, and the previous variable of the equal sign is the verification process representing the generated proof) step S2.3, the steps described in fig. 6 are as follows:
Step S2.3.1: at this time, the cluster head node has a valid proof (Sigma and /)Are representations that prove only for different nodes, proof: collectively, the other two are variables). The cluster head node will prove by a pseudonymous addressAuthentication smart contracts (authentication smart contracts: representing smart contracts for node authentication: task aware smart contracts: smart contracts representing nodes to receive tasks) sent to the public chain are verified from the j verifiers selected.
Step S2.3.2: we need to ensure that the selected validators must have a sufficient balance in their blockchain account for a subsequent penalty. In selecting the validators with sufficient balance, we use the encryption ranking algorithm VRF to randomly select a set of validators based on their balance. The verifier selection process is made to execute securely on the public blockchain in a non-interactive and random manner, preventing denial of service (DoS) attacks, since the attacker cannot know in advance which verifier will be selected later.
Step S2.3.3: specifically, the currency in each validator node blockchain account is quantized to the number of currency units, denoted w. From w monetary units exactly j probability binomial distributions are chosen:
p is the systematic probability of selecting monetary units W represents the monetary units owned by the validator. To determine the exact number of monetary units selected by the validator, probability/>, is usedA set of consecutive intervals/>, within the construction range [0,1 ]Here mapping the random value t e 0,1 to a specific interval I j still has a value equal to B (j; w, p) the same probability, the value j corresponding to the interval to which t belongs can then be used to represent the number of selected monetary units.
In order to make the above ordering process verifiable across the blockchain, t is calculated by a verifiable random function VRF [29], specificallyWhere hash is the pseudo-random hash value output from the VRF using sd and the verifier's key sk, len is the bit length of the hash. Note that when the hash is evenly distributed between 0 and len, t falls randomly in [0, 1). Furthermore, the hash given by the verifier can be verified by the VRF using its public verification key pk, so t can be regenerated in a verifiable manner on the smart contract. After performing the local cryptographic ordering process, each validator learns a value j indicating how many monetary units are selected, and if j >0, the validator sends an ordering certificate (hash, pi) to the smart contract to participate in the authentication task. (hash, pi) will be demonstrated by VRF checking, vrf= (Gen, eval, prove, verify) to generate a publicly verifiable pseudo-random value. Given a security parameter λ, a probabilistic key generator gen (1λ) generates a secret key sk and a publicly verifiable key pk. With sk and information x, the evaluator Evalsk (x) outputs a pseudo-random value y, and a proof program Provesk (x) generates a proof pi, proving that y is consistent with pk. Finally, the verifier verifies proof pi from Verifypk (pi, x, y) as input. The repeated ordering process after proof of verification yields a value j, and if the regenerated value j >0, the smart contract will record the identity of the verifier and the value j. And the selected verifier executes the verification task, if the verification is successful, the related information is stored on the public chain, and a certain fund consideration is given to the verifier. If verification fails: and withdrawing the cluster head node, and selecting a new cluster head node according to the account balance. The j value is the selected amount of currency in the selected validator and is used to select the validator criteria. The selected verifier executes the authentication intelligent contract, and the judgment basis for successful verification is the verification result proved by the generated zk-SNARKs.
Step S2.4 authentication between the normal node and the cluster head node is described as follows as shown in fig. 7:
And S2.4.1, after the cluster head node is successfully authenticated, downloading a perception task from the public blockchain, distributing the perception task to the common nodes on the blockchain, and sending a message for requesting to participate in the perception task by the common nodes which want to participate in the perception task to trigger the perception task intelligent contract to share the generated secret function with the common nodes registered on the private chain. And starting the common node identity authentication process.
Step S2.4.2 binary set in this step we implement a secret function H τ that proves sufficiently difficult that requires the prover to prove its knowledge of the hash function primality. The difficulty in providing an invalid input to solve the secret function is thus to generate a τ ', e.g., τ' +.τ and H τ′=Hτ. (here, represents the secret function of τ', one example of which is listed)
The task requester generates a secret function H τ=sha256(puku time) to share with the registered participants so that the participants can generate witness and proof to prove themselves. The task requester also creates a certification key VERFIER KEY and a verification key VERFIER KEY from a Common Reference String (CRS) for creating and verifying certificates. proving key to the participant, VERFIER KEY is sent to a blockchain authentication smart contract.
Step S2.4.3, generate proof once the participant registers and receives the authentication element, it initiates a proof generation phase at which the participant generates a proof to prove his knowledge of the secret function H τ. The participant nodes utilize the common input timestamp PubInp (timestamp) to prevent replay attacks. Private input PriInp (prk n). Witness was calculated using the function witness ψ2= WITNESSGEN (PubInp, priInp), circuit attestation key P2, user generated zk-snarks attest σ= proofGen (P2, ψ2). (representing the attestation key and witness of a common node, above which is the witness and attestation key of a cluster head node)
At step S2.4.3, the participant node has a proof σ. The certificate sigma is sent to the authentication intelligent contract on the private chain through a pseudonym address, and the information and the like are stored locally after the authentication intelligent contract is successfully authenticated. If the verification is unsuccessful, the user is considered as a malicious user, and the exist field is modified to be false.
Finally, the step of logging off the node with failed S3 verification in the blockchain is as follows: step S3.1: if the identity authentication of the common participant node fails, the intelligent contract deployed on the cluster head node executes the node logout program and modifies the node exist field.
Step S3.2: if the verifier receives the failure of the identification authentication generated by the cluster head node, the user is regarded as a malicious user, the intelligent contract executes the cancellation node program, and the node exists field is modified to be false.
It is obvious that the specific implementation of the present invention is not limited by the above-mentioned modes, and that it is within the scope of protection of the present invention only to adopt various insubstantial modifications made by the method conception and technical scheme of the present invention.
Claims (7)
1. A distributed identity authentication method based on block chains in crowd sensing is characterized in that: dividing participants into common nodes and cluster head nodes in a crowd sensing system, arranging the common nodes on a private block chain for authentication, and arranging the cluster head nodes on a public block chain for authentication; wherein the participant is authenticated using zero knowledge proof;
In crowd sensing, the participants also comprise task requesters, the task requesters and cluster head nodes are registered on a public blockchain, and common nodes are registered on a private blockchain;
The task requester establishes a perception task on a block chain, randomly selects a group of verifiers on a public block chain according to an encryption ordering algorithm, and authenticates the cluster head node; after the cluster head node is authenticated successfully, a sensing task is downloaded from a public blockchain, the sensing task is distributed to common nodes on the blockchain, and the common nodes which want to participate in the sensing task send a message requesting to participate in the sensing task to trigger a sensing task intelligent contract to share the generated secret function with common nodes registered on a private chain and authenticate;
When any node fails to authenticate, the information of authentication failure is sent to the blockchain, and then the node which fails to authenticate is logged off in the blockchain.
2. The blockchain-based distributed identity authentication method in crowd-sourcing awareness of claim 1, wherein: the crowd sensing device registering on the blockchain includes:
step S1.1: firstly, a node applies for an account on an Ethernet, then obtains a public key and a private key of the account to perform signature sha256 operation, and uses the public key and the private key as an id registered by a user;
s1.2, submitting a registration request message by a node, and triggering a registration intelligent contract on a public chain;
s1.3, inquiring node ids stored in a public blockchain according to a registration request message;
Step S1.4, if the id of the node already exists, returning a False to the node, and informing the node that the user id already exists and that the registration fails; otherwise, registering, storing the id of the task requester into the blockchain, changing the user type into the corresponding node type, changing the successful registration state into True, and returning True to the node, which means that the node is successfully registered on the blockchain, and the registration information is already stored in the blockchain.
3. The blockchain-based distributed identity authentication method in crowd-sourcing awareness of claim 1, wherein: the cluster head node authentication is that once a task requester establishes a perception task on a blockchain, a group of verifiers are randomly selected on a public blockchain according to an encryption ordering algorithm to authenticate the cluster head node, the cluster head node with failed authentication modifies the state value, cancels the node and modifies all the common node state values of the cluster head node to which the cluster head node belongs.
4. A blockchain-based distributed identity authentication method in crowd-sourcing awareness as claimed in any one of claims 1 to 3, characterized by: the task requester issues a perceived task intelligence contract when building a perceived task, the task information including perceived task type, completion time, task status, and generates a secret function H σ for node identity authentication, the secret function being shared with cluster head nodes that have been successfully registered on the common blockchain, the cluster head nodes proving themselves by generating witness witness and proving proof.
5. The blockchain-based distributed identity authentication method in crowd-sourcing awareness of claim 4, wherein: in the setting stage before cluster head node authentication, a task requester creates a Proof key Proving key and a verification key VERIFYING KEY from a common reference character string CRS, and when creating and verifying that Proof, proving key, is sent to a registered cluster head node, VERFIER KEY is sent to a blockchain intelligent contract created for cluster head node identity verification;
After the cluster head node is registered and receives the identity verification element, a certification generation stage is started, at which the cluster head node generates a certification, and the cluster head node has a valid certification The cluster head node will prove/>, by a pseudonymous addressAnd when the authentication intelligent contract is sent to the public chain, verifying from the j verifiers.
6. A blockchain-based distributed identity authentication method in crowd-sourcing awareness as claimed in any one of claims 1 to 3, characterized by: after the cluster head node is authenticated successfully, a sensing task is downloaded from a public blockchain, the sensing task is distributed to common nodes on the blockchain, the common nodes which want to participate in the sensing task send a message requesting to participate in the sensing task, the intelligent contract of the sensing task is triggered to share the generated secret function with the common nodes registered on the private chain, and the process of authenticating the identity of the common nodes in a zero knowledge proof mode is started.
7. The blockchain-based distributed identity authentication method in crowd-sourcing awareness of claim 6, wherein: the common node identity authentication comprises the following steps: the secret function H τ generated by the task requester is shared with the registered participants so that the participants can generate witness and proof to prove themselves, the task requester also creates a proof key VERFIER KEY and a verification key VERFIER KEY from the common reference string CRS for creating and verifying the proof, VERFIER KEY is sent to the blockchain authentication smart contract when proving key is sent to the participants; the participant registers and receives the authentication element, which initiates an evidence generation phase in which the participant generates a proof; the authentication proof sigma of the participant node sends the authentication proof sigma to the authentication intelligent contract on the private chain through a pseudonym address, the information and the like of the authentication intelligent contract are stored locally if the authentication is successful, the authentication is regarded as a malicious user if the authentication is unsuccessful, and an exist field is modified to be false.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210369735.6A CN115189882B (en) | 2022-04-08 | 2022-04-08 | Block chain-based distributed identity authentication method in crowd sensing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210369735.6A CN115189882B (en) | 2022-04-08 | 2022-04-08 | Block chain-based distributed identity authentication method in crowd sensing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115189882A CN115189882A (en) | 2022-10-14 |
CN115189882B true CN115189882B (en) | 2024-04-30 |
Family
ID=83512471
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210369735.6A Active CN115189882B (en) | 2022-04-08 | 2022-04-08 | Block chain-based distributed identity authentication method in crowd sensing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115189882B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200087913A (en) * | 2019-01-11 | 2020-07-22 | 서강대학교산학협력단 | System and method for providing secret electronic voting service based on blockchain |
CN112291354A (en) * | 2020-10-31 | 2021-01-29 | 南京工业大学 | Privacy protection method for participants of crowd sensing MCS based on block chain |
CN114158037A (en) * | 2021-11-19 | 2022-03-08 | 国网冀北电力有限公司 | Internet of things equipment identity authentication method and system based on hierarchical block chain |
-
2022
- 2022-04-08 CN CN202210369735.6A patent/CN115189882B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200087913A (en) * | 2019-01-11 | 2020-07-22 | 서강대학교산학협력단 | System and method for providing secret electronic voting service based on blockchain |
CN112291354A (en) * | 2020-10-31 | 2021-01-29 | 南京工业大学 | Privacy protection method for participants of crowd sensing MCS based on block chain |
CN114158037A (en) * | 2021-11-19 | 2022-03-08 | 国网冀北电力有限公司 | Internet of things equipment identity authentication method and system based on hierarchical block chain |
Non-Patent Citations (2)
Title |
---|
Data security management of logistics network based on blockchain technology;Weisheng Wen Et.AL;《2021 IEEE 4th International Conference on Information Systems and Computer Aided Education (ICISCAE)》;20211111;全文 * |
基于联盟链的微电网身份认证协议;张利华;胡方舟;黄阳;万源华;李晶晶;;应用科学学报;20200130(01);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN115189882A (en) | 2022-10-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Guo et al. | Proof-of-event recording system for autonomous vehicles: A blockchain-based solution | |
Zhang et al. | Privacy-preserving cloud establishment and data dissemination scheme for vehicular cloud | |
CN111988381B (en) | HashGraph-based Internet of vehicles distributed trust system and trust value calculation method | |
Li et al. | Providing privacy-aware incentives for mobile sensing | |
Wei et al. | A privacy-preserving fog computing framework for vehicular crowdsensing networks | |
Förster et al. | PUCA: A pseudonym scheme with user-controlled anonymity for vehicular ad-hoc networks (VANET) | |
CN105308897A (en) | A method and apparatus for anonymous and trustworthy authentication in pervasive social networking | |
Hataba et al. | Security and privacy issues in autonomous vehicles: A layer-based survey | |
CN113168627A (en) | Communication network node, method and mobile terminal | |
Vance et al. | Privacy-aware edge computing in social sensing applications using ring signatures | |
Lee et al. | Design of a two layered blockchain-based reputation system in vehicular networks | |
Diallo et al. | A scalable blockchain-based scheme for traffic-related data sharing in VANETs | |
CN110190969A (en) | User identity clone's detection method and system in a kind of anonymous information system | |
Abdelfatah et al. | Secure VANET authentication protocol (SVAP) using Chebyshev chaotic maps for emergency conditions | |
Hu et al. | Vtrust: a robust trust framework for relay selection in hybrid vehicular communications | |
Huang et al. | PTVC: Achieving privacy-preserving trust-based verifiable vehicular cloud computing | |
Chen et al. | A Summary of Security Techniques‐Based Blockchain in IoV | |
Zhang et al. | Secure and reliable parking protocol based on blockchain for VANETs | |
Olakanmi | SAPMS: a secure and anonymous parking management system for autonomous vehicles | |
CN115499119A (en) | PUF-based vehicle authentication method with privacy protection function | |
CN113727282B (en) | Similarity-based trust evaluation method for privacy protection in Internet of vehicles | |
Wang et al. | Secure long-range autonomous valet parking: A reservation scheme with three-factor authentication and key agreement | |
Das et al. | Design of a trust-based authentication scheme for blockchain-enabled iov system | |
CN117375797A (en) | Anonymous authentication and vehicle-mounted information sharing method based on blockchain and zero knowledge proof | |
El Zouka | A secure interactive architecture for vehicular cloud environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |