CN116975901A

CN116975901A - Identity verification method, device, equipment, medium and product based on block chain

Info

Publication number: CN116975901A
Application number: CN202310179643.6A
Authority: CN
Inventors: 张慧; 蓝虎; 王宗友
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2023-02-21
Filing date: 2023-02-21
Publication date: 2023-10-31

Abstract

The application provides an identity verification method, device, equipment, medium and product based on a blockchain. The method comprises the following steps: acquiring identity verification data aiming at a verification object, wherein the identity verification data carries an identity verification file of the verification object, and the identity verification file is generated by processing identity statement information of the verification object based on a zero knowledge proof circuit; verifying the identification document of the verification object; if the verification processing result of the identity document is that the verification is successful, determining that the identity verification of the verification object is passed by the verification object; wherein the verification process includes: and calling a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification to verify the identification document, or verifying the identification document through a circuit verification contract matched with the zero knowledge proof circuit in the blockchain. The application verifies based on the identification document after zero knowledge proof processing, and can improve the data security during identification verification.

Description

Identity verification method, device, equipment, medium and product based on block chain

Technical Field

The present application relates to the field of blockchain technologies, and in particular, to a blockchain-based authentication method, a blockchain-based authentication device, a computer apparatus, a computer readable storage medium, and a computer program product.

Background

With the continuous development of internet technology, various social platforms are layered endlessly, and identity verification is often involved in order to maintain public security of the internet when a user interacts with a third party platform such as a bank, a school, social software, and the like. In the authentication scenario, when a user (proving object) performs authentication to a third party platform, the user often submits own identity statement information to the third party authentication object directly, and the authentication mode may cause that personal data of the user is revealed, and data security cannot be ensured.

Disclosure of Invention

The embodiment of the application provides an identity verification method, device, equipment, medium and product based on a blockchain, which can improve the data security in the identity verification process.

In one aspect, an embodiment of the present application provides a blockchain-based authentication method, including:

Acquiring identity verification data aiming at a verification object, wherein the identity verification data carries an identity verification file of the verification object, and the identity verification file is generated by processing identity statement information of the verification object based on a zero knowledge proof circuit;

verifying the identification document of the verification object;

if the verification processing result of the identity document is that the verification is successful, determining that the identity verification of the verification object is passed by the verification object;

wherein the verification process includes: and calling a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification to verify the identification document, or verifying the identification document through a circuit verification contract matched with the zero knowledge proof circuit in the blockchain.

acquiring identity declaration information of a certification object, wherein the identity declaration information is issued by an identity issuing object for the certification object;

processing the identity declaration information of the proving object based on the zero knowledge proving circuit to obtain an identity proving file of the proving object;

and in response to the verification operation of the certification object, sending identity verification data comprising an identity document to the verification object, wherein the identity verification data is used for triggering the verification object to perform identity verification processing on the certification object.

In one aspect, an embodiment of the present application provides a blockchain-based authentication device, including:

the acquisition unit is used for acquiring identity verification data aiming at the proving object, wherein the identity verification data carries an identity verification file of the proving object, and the identity verification file is generated after the zero knowledge proof circuit processes the identity statement information of the proving object;

the processing unit is used for carrying out verification processing on the identification document of the verification object;

the determining unit is used for determining that the authentication of the authentication object is passed if the authentication processing result of the authentication document is that the authentication is successful;

In one possible implementation, the processing unit 1002 is further configured to perform the following operations:

acquiring an identity verification request submitted by a client where a certification object is located, wherein the identity verification request carries a client identifier;

if the client is verified according to the client identification, generating feedback data;

And sending feedback data to the client, wherein the feedback data is used for triggering the client to generate authentication data aiming at the proving object.

In one possible implementation manner, the authentication data further includes signature data, where the signature data is obtained by performing signature processing on the received feedback data by the client; the processing unit is also configured to perform the following operations:

analyzing the identity verification data to obtain signature data, and performing signature verification processing on the signature data;

and if the signature data passes the verification, triggering and executing the step of verifying the identification document of the verification object.

In one possible implementation, the processing unit is further configured to perform the following operations:

the method comprises the steps of obtaining a circuit constraint file and a proving calculation file of a zero knowledge proving circuit, wherein the circuit constraint file and the proving calculation file are generated by compiling and trusted setting the zero knowledge proving circuit to be compiled;

loading a circuit constraint file and a proof calculation file in the zero knowledge proof circuit, and taking the successfully loaded zero knowledge proof circuit as a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification;

and verifying the identification document of the verification object based on the successfully loaded zero-knowledge proof circuit.

acquiring the validity period corresponding to the identity declaration information of the proving object;

if the identity declaration information is not in the validity period, generating a notification message of identity verification failure;

and sending a notification message to the client where the proving object is located, wherein the notification message is used for triggering the client to request the identity issuing object to acquire the identity declaration information of the proving object again.

acquiring verification parameters of the zero knowledge proof circuit, wherein the verification parameters are generated after the zero knowledge proof circuit is subjected to trusted setting;

generating an intelligent contract code file according to the circuit constraint file and the verification parameters;

transmitting the intelligent contract code file into a blockchain, and triggering generation of a circuit verification contract based on the intelligent contract code file in the blockchain;

any blockchain node is allowed to call the deployed circuit verification contract in the blockchain to verify the identification document of the verification object.

Receiving a verification processing result sent by the blockchain node, wherein the verification processing result is generated after the blockchain node invokes a circuit verification contract to verify the identification document;

if the verification processing result is that the verification is successful, generating a state update request aiming at the proving object, and sending the state update request to the blockchain node;

wherein the status update request is used to trigger updating the identity status of the certification target in the blockchain.

the acquisition unit is used for acquiring identity declaration information of the proving object, wherein the identity declaration information is issued by the identity issuing object for the proving object;

the processing unit is used for processing the identity statement information of the proving object based on the zero knowledge proving circuit to obtain an identity document of the proving object;

and the sending unit is used for responding to the verification operation of the proving object and sending the identity verification data comprising the identity document to the verifying object, wherein the identity verification data is used for triggering the verifying object to carry out identity verification processing on the proving object.

In a possible implementation manner, the processing unit processes the identity declaration information of the proving object based on the zero knowledge proof circuit to obtain an identity document of the proving object, and the processing unit is used for performing the following operations:

Acquiring the merck path associated with the identity declaration information of the proving object and the target identity state of the proving object;

according to the merck path of the proving object, the target identity state and the identity declaration information, the input parameters of the zero knowledge proving circuit are obtained through assembly;

and inputting the input parameters into a zero knowledge proof circuit for circuit verification processing to obtain the identification document of the proof object.

In one possible implementation manner, the processing unit inputs the input parameters to the zero knowledge proof circuit for performing circuit verification processing, and obtains an identification document of the proof object, so as to perform the following operations:

carrying out hash operation processing on the merck path and the identity declaration information of the proving object to obtain a reference identity state of the proving object;

if the reference identity state is the same as the target identity state, carrying out circuit verification processing on the identity statement information of the verification object based on the zero knowledge proof circuit;

if the circuit verification of the identity claim information is confirmed to pass, an identity document of the proving object is generated.

In one possible implementation manner, the processing unit performs a circuit verification process on the identity claim information of the verification object based on the zero knowledge proof circuit, and is used for performing the following operations:

Acquiring the declaration type of the identity declaration information of the proving object;

judging whether the identity declaration information meets the verification condition corresponding to the declaration type, and if so, determining that the circuit verification of the identity declaration information of the verification object passes.

obtaining a proving parameter of the zero knowledge proving circuit, wherein the proving parameter is generated after the zero knowledge proving circuit is subjected to trusted setting;

operating a proving calculation file of the zero knowledge proving circuit, and calculating to obtain witness parameters of the zero knowledge proving circuit;

and generating an identity document of the proving object according to the proving parameter and the witness parameter of the zero-knowledge proving circuit.

In one aspect, an embodiment of the present application provides a computer device, where the computer device includes a memory and a processor, and the memory stores a computer program, and when the computer program is executed by the processor, causes the processor to execute the blockchain-based authentication method described above.

In one aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program that, when read and executed by a processor of a computer device, causes the computer device to perform the blockchain-based authentication method described above.

In one aspect, embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium and executes the computer instructions to cause the computer device to perform the blockchain-based authentication method described above.

In the embodiment of the application, during identity verification, firstly, an authentication object can acquire identity verification data aiming at an authentication object, the identity verification data carries an identity document of the authentication object, and the identity document is generated after processing identity statement information of the authentication object based on a zero knowledge proof circuit; the verification object can verify the identity document of the verification object, and if the verification result of the identity document is that the verification is successful, the verification object can confirm that the identity verification of the verification object is passed. Wherein, here the verification process may include: and calling a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification to verify the identification document, or verifying the identification document through a circuit verification contract matched with the zero knowledge proof circuit in the blockchain. Therefore, in the scene that the proving object needs to carry out identity verification on the verifying object, the proving object does not need to provide the original data of the identity declaration information of the proving object to the verifying object for verification, but carries out corresponding processing on the identity declaration information based on the processing mode of the zero-knowledge proving circuit, after the identity document is obtained, the identity document is sent to the verifying object for verification processing, the identity of the user is verified in the mode of verifying the identity document, the specific data of the identity declaration information cannot be exposed, and the data security in the identity verification scene is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for the person skilled in the art.

FIG. 1 is a schematic diagram of a blockchain-based authentication scheme provided by an embodiment of the present application;

FIG. 2a is a block chain system according to an embodiment of the present application;

FIG. 2b is a block chain architecture diagram according to an embodiment of the present application;

FIG. 3a is a schematic diagram of a block chain based authentication system according to an embodiment of the present application;

FIG. 3b is a schematic diagram of a blockchain-based authentication scenario provided by an embodiment of the present application;

FIG. 4 is a flowchart of a blockchain-based authentication method according to an embodiment of the present application;

FIG. 5 is a schematic diagram of a storage structure of identity claim information according to an embodiment of the present application;

FIG. 6 is a schematic flow chart of a compiling zero knowledge proof circuit according to an embodiment of the present application;

FIG. 7a is a schematic flow chart of generating a target identity state according to an embodiment of the present application;

FIG. 7b is a flowchart illustrating another method for generating a target identity state according to an embodiment of the present application;

FIG. 8a is a flowchart of another blockchain-based authentication method according to an embodiment of the present application;

FIG. 8b is a schematic diagram of an authentication service interface according to an embodiment of the present application;

FIG. 9 is an interactive flow chart of a blockchain-based authentication method provided by an embodiment of the present application;

FIG. 10 is a schematic diagram of a block chain based authentication device according to an embodiment of the present application;

FIG. 11 is a schematic diagram of another exemplary embodiment of a blockchain-based authentication device;

fig. 12 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.

The present application provides a blockchain-based authentication scheme that may be applicable, for example, to systems such as: the user opens an account to the bank, the user pays tax to the tax agency, and the user requests to the credit department to acquire the credit record and other authentication scenes. The application supports zero knowledge proof processing of the identity declaration information of the user and submits the zero knowledge proof processing to the verification object for verification, thereby improving the data security during the identity verification. Referring to fig. 1, fig. 1 is a schematic diagram of a blockchain-based authentication scheme according to an embodiment of the present application. As shown in fig. 1, the general principle of the complete flow of the blockchain-based authentication scheme provided by the present application is as follows:

1. in the scenario that the authentication object needs to authenticate to the authentication object, after receiving an authentication request initiated by a user (authentication object), the authentication object may initiate a challenge to a client where the authentication object is located, where the initiating challenge may be understood as sending a random number to the client, where the random number may be used by the client to generate authentication data for the authentication object.

2. The client acquires identity claim information (claim) of the proving object, and specifically, the client can acquire the identity claim information (claim) of the proving object from the identity issuing object; the client then locally generates an identification document proof of the clams. Specifically, the proof of identity document proof is generated after the client processes the identity claim information of the authentication object based on the zero knowledge proof circuit.

3. The client sends authentication data to the proof object, the authentication data comprising an identity document proof.

4. The verification object performs verification processing on the proof file. Specifically, the verification object may send the proof file to the blockchain for verification processing, and if it is determined that the verification processing result of the identification document in the blockchain is verification success, it is determined that the identification of the verification object by the verification object passes. It can be understood that the identification document can be understood as data obtained after the encryption processing of the identity claim information, so that the identity claim information of the user can not be directly exposed in the identity verification process, and the data leakage is avoided.

Therefore, in the scene that the proving object needs to carry out identity verification on the verifying object, the proving object does not need to provide the original data of the identity declaration information of the proving object to the verifying object for verification, but carries out corresponding processing on the identity declaration information based on the processing mode of the zero-knowledge proving circuit, after obtaining the identity document proof, sends the proof document to the verifying object for verification processing, and verifies the identity of the user in the mode of verifying the identity document, so that the specific data of the identity declaration information is not exposed, and the data security in the identity verification scene is improved.

The identity verification scheme provided by the application is realized based on the blockchain technology, so that the related technical terms (blockchain technology and cloud technology) related to the identity verification scheme based on the blockchain provided by the application are described in detail below with reference to the related drawings:

1. blockchain techniques:

the blockchain is essentially a decentralised database, which is a string of data blocks that are generated in association using cryptographic methods, each of which contains associated information for verifying the validity of its information (anti-counterfeiting) and generating the next Block. Specifically, the present application will be described in detail with respect to the blockchain system, and the structure of the blockchain, respectively.

(1) Blockchain system:

the blockchain system according to the embodiment of the present application may be a distributed system formed by connecting a client and a plurality of nodes (any form of computing device in an access network, such as a server and a user terminal) through a network communication. Referring to fig. 2a, fig. 2a is a schematic diagram of a blockchain system according to an embodiment of the application. As shown in fig. 2a, taking a distributed system as an example of a blockchain system, the distributed system 100 is applied to an optional structural schematic diagram of the blockchain system, and the distributed system 100 may be formed by a plurality of blockchain nodes 200 (hereinafter may be simply referred to as nodes, which may include any form of computing device in an access network, such as a server, a terminal device) and clients 300. Among other things, the nodes in the distributed system 100 may form a point-To-point (P2P) network, where the P2P protocol is an application layer protocol that runs on top of a transmission control protocol (TCP, transmission Control Protocol) protocol, based on which the distributed system is maintained. In a distributed system, any computer device (e.g., server, terminal device) may join to become a node in the distributed system.

In one possible implementation, the verification process of the identification document by the circuit verification contract matched with the zero knowledge proof circuit in the blockchain system can be executed by any blockchain node in the blockchain system; or, the verification process of the identification document by the circuit verification contract matched with the zero knowledge proof circuit in the blockchain can be executed by the appointed blockchain node (such as the node selected by each node based on the consensus algorithm) in the blockchain system; alternatively, the verification process of the identification document by the circuit verification contract matched with the zero knowledge proof circuit in the blockchain can be executed by the blockchain node with the best communication quality with the client in the blockchain system.

Next, the functions involved in each node in the blockchain system shown in fig. 2a will be described correspondingly:

1) Routing function: the nodes have basic functions for supporting communication between the nodes.

Specifically, in order to ensure information intercommunication in the blockchain system, information connection can exist between each node in the blockchain system, and information transmission can be performed between the nodes through the information connection. The information connection is not limited to a specific connection method, and may be, for example, a direct or indirect connection through a wired communication method, a direct or indirect connection through a wireless communication method, or another connection method, which is not limited herein.

In one possible implementation, each blockchain node may receive input information during normal operation and maintain shared data within the blockchain system based on the received input information. For example, when any blockchain node in the blockchain system receives input information (e.g., receives an identification document of a certification object sent by a verification object), the blockchain node may perform verification processing on the identification document by a circuit verification contract that matches a zero knowledge certification circuit. Optionally, when it is determined that the authentication object passes the authentication of the authentication object, the identity state of the authentication object may be changed in the blockchain.

Optionally, the blockchain node may broadcast the identification document to other blockchain nodes in the blockchain system during the verification process of the identification document, so that each blockchain node in the blockchain system may perform blockchain consensus on the identification document, and update the identity state of the certification object stored on the blockchain after the blockchain consensus on the identification document passes.

2) The application functions are as follows: the method is used for being deployed in a block chain to realize the function of specific service according to actual service requirements. For example, after receiving an identification document sent by a verification object, the blockchain node may implement, according to an application function, a function of performing identity verification on the verification object based on the identification document. In the process of implementing the corresponding service function (such as the service function of identity verification), data related to the implementing function can be recorded to form recorded data, and a digital signature (such as signature data obtained by signing based on a private key of the proving object) is carried in the recorded data to represent the source of the task data. Finally, the blockchain node may also send the record data to other (partial or full) nodes in the blockchain system for other nodes to add to the temporary block after the other nodes verify the source and integrity of the record data.

For example, the services implemented by the above-mentioned application functions may include:

(1) intelligent contracts, computerized agreements, may execute the terms of a certain contract, implemented by code deployed on a shared ledger for execution when certain conditions are met, which may be understood simply as program code with certain triggering conditions. That is, an automated transaction may be completed based on the smart contract based on the actual business demand code, e.g., an electronic resource contract may implement: inquiring the physical distribution state of the commodity purchased by the buyer, transferring the electronic resource of the object to be purchased to the account address of the commodity platform after the buyer signs the commodity, and the like. Of course, the smart contract is not limited to executing the contract for the transaction, and may execute a contract for processing the received information, for example, the function of performing the verification processing of the identification document of the received certification target may be realized based on the circuit verification contract in the present application.

(2) The shared account book is used for providing the functions of storing, inquiring, modifying and the like of account data, sending record data of the operation of the account data to other nodes in the blockchain system, and after the other nodes verify the validity, storing the record data into the temporary block as a response for acknowledging the validity of the account data, and can also send a confirmation message to the node initiating the operation. In the embodiment of the application, after the authentication of the identification document based on the circuit authentication contract is successful, the latest data such as the identification state, the identification document and the like of the authentication object can be recorded and stored on a chain based on the shared ledger.

In one possible implementation, each node in the blockchain system has a node identification corresponding thereto, and each node in the blockchain system may store the node identifications of other nodes in the blockchain system for subsequent broadcasting of the generated blocks to other nodes in the blockchain system based on the node identifications of the other nodes. Specifically, each node in the blockchain system can carry respective node identifiers in the data interaction process, so that other nodes can perform node verification processing based on the corresponding node identifiers before performing corresponding data processing, and the safety of the data interaction process in the blockchain is improved. In addition, in the process that the authentication object sends the identification document to the block link point to perform authentication processing, the authentication object can send the identification document to the specified block link point according to the specified node identifier to perform on-chain authentication processing of the identification document.

(2) The structure of the block:

referring to fig. 2b, fig. 2b is a schematic block chain structure according to an embodiment of the present application. As shown in fig. 2b, the blockchain is composed of a plurality of blocks, and each blockchain includes an initiation block, which is the first block, the initial block, as the name implies. The starting block comprises a block head and a block body, wherein the block head stores an input information characteristic value, a version number, a time stamp and a difficulty value, and the block body stores input information (such as identification document, identification state and the like of an identification object); the next block of the starting block takes the starting block as a father block, the next block also comprises a block head and a block body, the block head stores the input information characteristic value of the current block, the block head characteristic value, the version number, the timestamp and the difficulty value of the father block, and the like, so that the block data stored in each block in the block chain are associated with the block data stored in the father block, the safety of the input information in the block is ensured, and the safety and the reliability of the identity verification process can be improved.

In one possible implementation, the one or more identity claims information issued by the identity issuing object for the proving object in the present application is stored based on the data structure of the merck tree, and then the root (merkle root) of the merck tree is stored into the blockchain as the identity state of the corresponding user. Then, based on the block structure shown above, the identity state of the proving object maintained on the chain is not tamperable, so that the safety of the identity state is improved; in addition, the block structure is based to store the identity state of the user, and the change record of the identity state of the corresponding user can be traced, so that a more complete and reliable identity verification scheme can be provided.

2. Cloud technology:

in the blockchain-based authentication scheme of the application, a contract authentication service and a data storage service are involved in the blockchain, and a large amount of data calculation and data storage service are involved in the process of realizing the service, so that a large amount of computer operation cost is required. The present application may implement on-chain processing operations related to the authentication process based on cloud storage technology in cloud technology, where the on-chain processing operations may specifically include: invoking a circuit verification contract to verify the identification document corresponding to the verification object submitted by the verification object; after the identification document passes verification, the identification state of the identification object is changed by calling a state transfer contract, and the like.

The Cloud technology (Cloud technology) is based on the general terms of network technology, information technology, integration technology, management platform technology, application technology and the like applied by Cloud computing business models, can form a resource pool, and is used as required, flexible and convenient. The cloud technology may include cloud storage technology, so called cloud storage (cloud storage) is a new concept that extends and develops in the concept of cloud computing, and the distributed cloud storage system (hereinafter referred to as a storage system for short) refers to a storage system that provides data storage and service access functions together by integrating a large number of storage devices (storage devices are also referred to as storage nodes) of different types in a network through application software or application interfaces through functions such as cluster application, grid technology, and distributed storage file system.

It should be noted that, in the following embodiments of the present application, related data such as user information (e.g., identity declaration information of a certification target) is involved, and when the above embodiments of the present application are applied to specific products or technologies, permission or consent of the target needs to be obtained, and collection, use and processing of the related data need to comply with related laws and regulations and standards of related countries and regions.

In connection with the above description of the blockchain-based authentication scheme provided by the present application and related technical terms involved, the architecture of the blockchain-based authentication system provided by the embodiment of the present application will be specifically described with reference to fig. 3a and 3 b.

Referring to fig. 3a, fig. 3a is a schematic diagram of an architecture of a blockchain-based authentication system according to an embodiment of the present application. The architecture diagram of the identity verification system at least comprises: a client 301, a verification object 302, an identity issuance object 303, and at least one blockchain node 304. Wherein at least one blockchain node 304 together form a blockchain system. Moreover, the verification object 302 can establish communication connection with any blockchain node 304 in the blockchain system and the client 301 in a wired or wireless manner respectively; the client 301 may establish a communication connection with the identity issuer 303. Optionally, the identity issuing object 303 may also establish a communication connection with any blockchain node 304 in the blockchain system; in addition, the number of blockchain nodes in the blockchain system is merely an example, and the present application is not particularly limited to the number of nodes in the blockchain system.

Next, the main functions of each computer device (client 301, authentication object 302, identity issuing object 303, and blockchain node 304) in the above blockchain authentication system will be described correspondingly:

(1) client 301: for storing identity claim information (claim) of the proving object. Specifically, the client 301 may acquire own identity claim information from the identity issuer 303, and store the acquired identity claim information locally. Optionally, the respective identity claim information associated with the certification object is stored in a data structure of a merck tree. In addition, in the authentication scenario, the client 301 may generate authentication data of the certification target according to the identity claims information, and then

(2) Verification object 302: for receiving authentication data submitted by the client 301 for the proving object (including an identity document of the proving object) and thus is responsible for authentication of the proving object, where authentication may include both off-chain authentication and on-chain authentication. The verification object 302 invokes a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification to verify the identity document; in-chain authentication refers to the authentication object 302 sending an identification document to the blockchain node 303, the blockchain node 303 authenticating the identification document on-chain based on a circuit authentication contract.

(3) Identity issuance object 303: for issuing corresponding identity claim information for a user (certification object), the identity issuer 303 may be a more authoritative service provider organization (issuer system). Specifically, the identity issuance object 303 may receive the identity claim request sent by the client 301, and then issue corresponding identity claim information for the certification object. Optionally, the identity issuing object 303 may send a status update request to the blockchain node 304 synchronously after issuing corresponding identity declaration information for the proving object, where the status update request is used to trigger the blockchain node 304 to update the identity status of the proving object on the blockchain.

(4) Blockchain node 304: for in-chain verification of identity documents responsible for proving objects, and for storing and managing in-chain identity states of proving objects. Specifically, blockchain node 304 receives the identification document of the certification object sent by verification object 302 and verifies the identification document based on the circuit verification contract; if the verification processing result of the identity document is determined to be successful, the identity state of the proving object stored in the state transfer contract can be changed.

The computer devices involved in embodiments of the present application (client 301, authentication object 302, identity issuance object 303, and blockchain node 304) may be devices including, but not limited to: a cell phone, tablet computer, notebook computer, palm top computer, mobile internet device (MID, mobile internet device), intelligent voice interaction device, vehicle-mounted terminal, roadside device, aircraft, wearable device, intelligent home appliance, or wearable device with authentication function such as smart watch, smart bracelet, pedometer, etc.

The computer devices (client 301, verification object 302, identity issuing object 303, and blockchain node 304) involved in the embodiments of the present application may be independent physical servers, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content distribution networks), and basic cloud computing services such as big data and artificial intelligence platforms, and so on.

In one possible implementation, the blockchain-based authentication scheme of the present application is illustrated again with reference to a specific authentication scenario (e.g., an authentication scenario is taken as a target service scenario where a user applies to a bank to open an account, for example) by taking the client 301, the authentication object 302, the identity issuing object 303, and the blockchain node 304 as an example.

Referring to fig. 3b, fig. 3b is a schematic diagram of a blockchain-based authentication scenario according to an embodiment of the present application. As shown in fig. 3b, when a user (proving object) needs to apply for opening an account (opening an account) to a bank, corresponding identity claim information (for example, declaring an identity with an age greater than 18 years old) needs to be submitted to the bank, and in order not to directly expose the age information of the user, the identity claim information may be subjected to zero knowledge proof processing to generate a corresponding proof file and submitted to the bank for identity verification, where the specific process is as follows:

1. in a scenario where a user (proof object) needs to perform identity verification on a verification object, an identity claim request may be generated, and an identity claim request may be initiated to an identity issuing object (issuer system), where the identity claim request may carry an identifier of a target service scenario.

2. The identity issuance object issues identity assertion information (clamm) matching the target business scenario for the certification object based on the identification of the target business scenario in response to the identity assertion request of the certification object. For example, if the target service scenario is an account opening scenario, the identity declaration information matched with the target service scenario may be age declaration information; in another example, if the target service scenario is a lending scenario, the identity declaration information matched with the target service scenario may be credit declaration information; also, if the target business scenario is a house purchase scenario, the identity claim information that matches the target business scenario may be asset claim information, and so on.

Alternatively, after the identity issuer issues a new claim for the credential, the identity issuer may invoke the status of the credential on the state transfer contract update chain. It should be appreciated that a blockchain is a transaction-based state machine, and that a transaction drives a state in the blockchain from an old state to a new state. Therefore, when the identity state of the user under the chain is changed (for example, a new class is issued for the user), a transaction data can be generated according to the identity declaration information class and sent to the blockchain, and after the blockchain link point receives the transaction data, state transition for the proving object can be realized based on the transaction data in a computing model of the blockchain. Specifically, the flow of state transitions in a blockchain is: 1) A current state; 2) Transaction driving (recalculate the transaction data received by the block link points once); 3) A new state is obtained.

3. The certification target obtains and locally stores the identity claims information.

In particular implementations, the identity claims information of the certification objects may be stored in the local client. Wherein the respective identity claim information associated with the proving object can be stored based on a data structure of a merck tree, the root of which can be used to represent the identity state of the proving object.

4. An identification document is generated that proves the object.

In particular, when the proving object needs to perform identity verification on the proving object, the client may generate an identity document (proof document) of the proving object after processing the identity declaration information clamm of the proving object based on the zero knowledge proving circuit.

5. And sending the proof file of the proving object to the verification object for verification processing.

Specifically, the verification process includes: the verification object calls a zero knowledge proof circuit matched with the zero knowledge proof circuit and used for verification to verify the proof file; or verifying the proof file by a circuit verification contract matched with the zero knowledge proof circuit in the blockchain.

It can be understood that the blockchain-based authentication system described in the embodiments of the present application is for more clearly describing the technical solution of the embodiments of the present application, and is not limited to the technical solution provided in the embodiments of the present application, and as a general technical object in the art can know, along with the evolution of the system architecture and the appearance of a new service scenario, the technical solution provided in the embodiments of the present application is also applicable to similar technical problems.

Based on the foregoing description of the blockchain-based authentication scheme and the blockchain-based authentication system of the present application, specific embodiments related to the blockchain-based authentication scheme will be described in detail below with reference to the accompanying drawings.

Referring to fig. 4, fig. 4 is a flowchart of a blockchain-based authentication method according to an embodiment of the present application. The method is applied to a verification object (which may be a terminal device or a server) in the blockchain-based authentication system shown in fig. 3a, and for convenience of explanation, the embodiment of the application will be described correspondingly with a computer device as an implementation example. The blockchain-based authentication method mainly comprises, but is not limited to, the following steps S401 to S403:

s401: the method comprises the steps of obtaining identity verification data aiming at a verification object, wherein the identity verification data carries an identity verification file of the verification object, and the identity verification file is generated after processing identity statement information of the verification object based on a zero knowledge proof circuit.

In the embodiment of the present application, at least one identity claim information is associated with the proving object, where identity claim information (claim) is a parameter for reflecting identity properties of a user (proving object), for example, identity properties such as age, name, asset proof of the user may be referred to as identity claim information associated with the user, and generally speaking, the identity claim information refers to personal data that is more private and owned by the proving object, and of course, types of identity claim information may include, but are not limited to: files, strings, numbers, tables, etc., to which the present application is not limited in particular. Wherein one entity (proving object) can claim itself to have something based on the identity claim information, and the other entity (verifying object) can authenticate the identity claim information of the entity to confirm the authenticity of the identity claim information, and the purpose of authentication is usually to confirm the legitimacy of the identity claim information. For example, in an account opening scenario, a user may submit age claim information to a bank to confirm whether the user's age at the account opening is legal (e.g., greater than or equal to 18 years old); as another example, in a lending scenario, a user may submit credit statement information to a lending institution to confirm whether credit information of the lending user is legitimate (e.g., meets certain credit conditions); also, as in the house purchase scenario, a user may submit asset declaration information to a house developer to verify that the user has the ability to purchase a house.

It will be appreciated that one certification object may be associated with a plurality of identity claim information, which may be issued by an identity issuing object (issuesystem), and the client may obtain the identity of the certification object from the identity issuing object, store the identity of the certification object in the local client, and autonomously store and manage the identity of the client by the certification object, thereby ensuring security of the identity claim information. In one possible implementation, the at least one identity claim information associated with the attestation object is stored in a data structure of a merck tree (also known as a hash binary tree). Referring to fig. 5, fig. 5 is a schematic diagram of a storage structure of identity claim information according to an embodiment of the present application. As shown in fig. 5, the identity claim information associated with the certification object includes: the tree roots (root) of the merck tree consisting of the claim1, the claim2, the claim3 and the claim4 are used for representing the identity state of the proving object according to the optional claim1, the claim2, the claim3 and the claim 4; and, the identity state (root) of the certification object can be uploaded to the blockchain for storage.

Specifically, the identification document refers to an encrypted document generated after the identification statement information of the identification object is processed based on the zero knowledge proof circuit. It should be appreciated that the nature of the zero knowledge proof circuit is such that by means of a strict cryptographic + mathematical approach, a commitment is initiated to the private data, which commitment is expressed by means of a mathematical circuit, implemented in combination with cryptographic primitives (elliptic curves, polynomials, elliptic curve matches etc.). Therefore, after the identity declaration information of the proving object is processed based on the zero knowledge proof circuit, the specific content of the identity declaration information can be hidden, so that the leakage of the user identity data is avoided, and the safety of the user information is improved. Wherein the zero-knowledge proof may include an interactive zero-knowledge proof and a non-interactive zero-knowledge proof, which may include, but is not limited to: zksnark, zokrates, circom, libsnark, etc. The application relates in particular to non-interactive Zero knowledge proof zksnark (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge). Where zksnark is an encrypted certificate whose principle is to allow one party (the certification object) to prove to the other party (the verification object) that it possesses certain information without revealing the specific content of that information. Specifically, the zero-knowledge proof participant includes a developer (proof object) and a verifier (verification object), the developer holding secret information (e.g., identity claim information to be changed) and hopefully proving itself to know a secret value to the verifier without exposing the secret information. Among them, non-interactive zero knowledge proof zksnark has been implemented by various algorithms, and common algorithms may include, but are not limited to: zk-snarks, zkstart, plonk, etc.

In one possible implementation, the verification object may obtain an authentication request submitted by the certification object, where the authentication request carries the client identifier; the verification object can verify the client according to the client identifier, if the client passes the verification, feedback data are generated, and the feedback data are sent to the client where the certification object is located. The feedback data is used to trigger the client to generate authentication data for the proving object, and the feedback data can be understood as a random number, a random character string, or other type of challenge information (challenge). In particular implementations, the authentication process performed by the authentication object on the client may include any one or more of: verifying whether the client is legitimate and secure, verifying whether the client has the right to initiate authentication to the authentication object, etc. By the method, the conditions of attacks and the like of malicious nodes can be avoided, and the data security is improved.

In one possible implementation, the authentication data may further include signature data, where the signature data is determined by the client after receiving feedback data sent by the authentication object, and signing the feedback data based on the private key of the authentication object. After the authentication object obtains the authentication data sent by the authentication object, the authentication object can analyze the authentication data to obtain signature data, and perform signature verification processing on the signature data, where the signature verification processing refers to: signature verification processing is carried out on the signature data based on the public key of the proving object; and if the signature data passes the verification, triggering and executing the step of verifying the identification document of the verification object.

In this way, in the process that the client requests to perform identity verification, a random number can be generated by the verification object and sent to the client, then the client sends signature data signed based on the received random number to the verification object, and the verification object can verify whether the identity verification data is from the client receiving the random number or not after signing the signature data, so that the source of the identity verification data can be verified, and risks such as data leakage in the identity verification process are reduced.

S402: and carrying out verification processing on the identification document of the verification object.

In particular implementations, the verification object performing the verification process on the identification document of the verification object may include an in-chain verification process and an on-chain verification process. The under-chain verification process mainly comprises the following steps: the verification object calls a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification to verify the identification document; the on-chain authentication process mainly includes: and sending the identification document of the certification object to the blockchain node, and verifying the identification document by the blockchain node through a circuit verification contract matched with the zero knowledge proof circuit in the blockchain. Optionally, in the on-chain verification process, the verification object may send an identification document of the verification object to any blockchain node in the blockchain network for verification; or the verification object can send the identification document of the verification object to a blockchain node with the best communication quality with the verification object in the blockchain network; still alternatively, the verification object may send the identification document of the verification object to a designated blockchain node in the blockchain network, e.g., the designated blockchain node may be a node elected by each blockchain node through a consensus algorithm.

Next, detailed descriptions are given of specific procedures involved in the under-chain authentication and the on-chain authentication, respectively:

(1) An under-chain authentication process.

In one possible implementation manner, firstly, a verification object can obtain a circuit constraint file and a proof calculation file of a zero knowledge proof circuit, wherein the circuit constraint file and the proof calculation file are generated by compiling and trusted setting the zero knowledge proof circuit to be compiled; then, the verification object loads a circuit constraint file and a verification calculation file in the zero knowledge proof circuit, and takes the successfully loaded zero knowledge proof circuit as a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification, wherein the loading of related files (the circuit constraint file and the verification calculation file) in the zero knowledge proof circuit can be understood as a process of running file codes of the circuit constraint file and the verification calculation file; and finally, the verification object performs verification processing on the identification document of the verification object based on the successfully loaded zero-knowledge proof circuit.

Referring to fig. 6, fig. 6 is a schematic flow chart of a compiling zero-knowledge proof circuit according to an embodiment of the present application. As shown in fig. 6, the compiling process and the process of the trusted setting process performed for the zero-knowledge proof circuit to be compiled specifically include the steps of:

(1) Code writing for circuit logic constraints is performed using DSL language (Domain Specific Language ). As the name implies, the so-called DSL language is a computer programming language with limited expressivity for a particular domain (e.g., computer domain, chemical domain, communication domain, etc.).

(2) The DSL language is compiled using a compiler into a circuit constraint file (e.g. an R1CS file) and a certification calculation file (e.g. a wasm or c file), which includes the files required for generating witness parameters.

(3) The trusted settings are performed, in particular, the trusted settings of the circuit may be performed using a groth16 algorithm, a typical algorithm belonging to zk-snare. In the trusted setup process, a proof parameter (proof key) and a verification parameter (verification key) may also be generated. Alternatively, if zk-snark algorithm is adopted, a zero knowledge proof circuit is required to be set once, and if zkstark algorithm is adopted, the number of times of trusted setting is not particularly required. Wherein the certification parameter is used to generate an identification document (proof document) and the certification parameter cannot be disclosed; the validation parameters are used to generate a circuit validation contract and the validation parameters are allowed to be disclosed.

In the specific implementation, in the process of trusted setting, a proof parameter (proof key) and a verification parameter (verification key) of a zero-knowledge proof circuit can be generated, specifically, in the zk-snarks algorithm, a proof key and a verification key are encoded into a CRS (Common Reference String, a common reference character string), after the circuit is initialized, the CRS is disclosed, and a proof object and a verification object respectively use the CRS to generate the proof key and the verification key under the condition that the proof key is not exposed. Wherein the proof key is used for generating an identity document of the proving object, specifically, a witness parameter (witness) can be generated after the proving object inputs parameters to the zero knowledge proving circuit, and then the proof key can be used for generating the proof document based on the witness and the proof key; in addition, the validation key may be used to generate a contract code for the circuit validation contract, which may be subsequently used for deployment on the blockchain for validation by the validation object. Through the steps (1) - (3), the zero knowledge proof circuit can be loaded and initialized, so that the subsequent verification processing of the identification document of the verification object based on the successfully loaded zero knowledge proof circuit is facilitated.

It should be appreciated that the compiling process of the zero-knowledge proof circuit may be performed by a background server of the authentication system, and the compiled zero-knowledge proof circuit may be packaged into a corresponding application app for each client (the client where the proof object is located, the client where the authentication object is located) to invoke. The client where the certification object is located calls a zero knowledge certification circuit for generating a corresponding identification document; and the client where the verification object is located calls a zero knowledge proof circuit for verifying the identification document.

In one possible implementation manner, the validity period corresponding to the identity declaration information of the proving object can also be obtained by the proving object in the process of verifying the identity document; if the identity declaration information is not in the validity period, generating a notification message of identity verification failure; and sending a notification message to the client where the proving object is located, wherein the notification message is used for triggering the client to request the identity issuing object to acquire the identity declaration information of the proving object again. In specific implementation, the identity discovery object has an effective period for the identity declaration information issued by the proving object, and the corresponding proof file is allowed to be generated based on the clamm in the effective period of the clamm so as to carry out identity verification, and if the clamm fails, the identity verification fails; when the client receives the notification message of the identity verification failure, the client can request to acquire new identity claim information from the identity issuing object again, so as to trigger the identity verification to be performed again.

(2) In-chain authentication process.

In one possible implementation, a verification parameter (verification key) of the zero-knowledge proof circuit may be obtained, where the verification parameter is generated after performing a trusted setting process on the zero-knowledge proof circuit; generating an intelligent contract code file according to the circuit constraint file and the verification parameters; transmitting the intelligent contract code file into a blockchain, and triggering generation of a circuit verification contract based on the intelligent contract code file in the blockchain; any blockchain node is allowed to call the deployed circuit verification contract in the blockchain to verify the identification document of the verification object. Specifically, the intelligent contract code file may be generated after compiling the circuit constraint file (R1 CS file) and the verification parameter (verification key) based on a compiler (e.g., a snarkjs compiler).

Alternatively, the specific process of deploying a circuit verification contract in a blockchain may be performed by any blockchain node in the blockchain network, or by a blockchain node specified in the blockchain network, as embodiments of the application are not specifically limited.

When the method is specifically implemented, the verification object sends the identification document of the verification object to the blockchain node, and the blockchain node can call the circuit verification contract to verify the identification document after receiving the identification document.

S403: if the verification processing result of the identification document is that the verification is successful, determining that the identity verification of the verification object is passed by the verification object.

In the specific implementation, if the verification processing process of the identification document aiming at the verification object is in-chain verification, the verification object can generate a verification processing result after calling the zero knowledge proof circuit to verify the identification document; if the verification processing procedure of the identification document aiming at the certification object is on-chain verification, a verification processing result is generated by the block chain link point, and then the verification object receives the verification processing result sent by the block chain node. If the verification processing result is that the verification is successful, determining that the identity verification of the verification object is passed by the verification object; if the verification processing result is verification failure, determining that the identity verification of the verification object to the proving object is not passed. Optionally, after determining that the authentication of the authentication object is passed, the authentication object may further generate a feedback message that passes the authentication, and send the feedback message to the client where the authentication object is located.

In one possible implementation, the verification object may further receive a verification processing result sent by the blockchain node, where the verification processing result is generated by the blockchain node after invoking the circuit verification contract to perform verification processing on the identification document; if the verification processing result is that the verification is successful, generating a state update request aiming at the proving object, and sending the state update request to the blockchain node; wherein the status update request is used to trigger updating the identity status of the certification target in the blockchain.

In specific implementation, the state update request carries a target identity state and a historical identity state of the proving object, the target identity state is obtained according to historical state data of the proving object and identity statement information to be changed, and the historical state data comprises: the merck path associated with the identity claim information to be altered. Wherein, (1) the identity claim information to be changed refers to identity claim information used for generating an identity document. (2) The historical identity state (old state) is calculated according to at least one identity information associated with the proving object, and specifically, the old state refers to a tree root of a merck tree formed by the identity information associated with the proving object. (3) The target identity state (new state) refers to the latest identity state of the proving object for which a state update is to be performed. The target identity state may be represented by: the merck path associated with the identity claim information to be changed is obtained by carrying out hash operation on a set of all hash values from a certain input value (clip) to a merck tree root (root), and the identity claim information to be changed.

For example, (1) identity claim information (claim ') to be changed may refer to information obtained by updating identity claim information already owned by the verification object, for example, claim' is information obtained by updating claim 1; the identity claim information (claim ') to be changed may also refer to identity claim information newly issued by the identity issuing object for the proving object, for example, the claim' is claim5. (2) The merck path associated with the identity claim information to be altered refers to: verifying a path of the merck tree formed by at least one identity claim information associated with the object, and if the identity claim information to be changed, i.e. the identity claim information, is updated information of the identity claim1, then the merck path is the path of the merck tree where the identity claim1 is located. For example, referring to fig. 7a, fig. 7a is a flowchart illustrating a process of generating a target identity state according to an embodiment of the present application. As shown in fig. 7a, according to the merck path and the identity claim information to be changed, i.e. the updated information of the claim1, a new merck tree root obtained by performing a hash operation is in a target identity state. For another example, referring to fig. 7b, fig. 7b is a schematic flow chart of another method for generating a target identity state according to an embodiment of the present application. As shown in fig. 7b, according to the merck path and the identity claim information to be changed, a new merck tree root obtained by performing hash operation is the target identity state.

Next, a detailed description is given of the chain update procedure for proving the identity state of the object:

in one possible implementation, the process of updating the identity state of the certification object by the block link points may include: invoking a state transfer contract to inquire the identity state to be changed, which is matched with the proving object; and if the historical identity state of the proving object is the same as the identity state to be changed, changing the identity state of the proving object stored in the state transfer contract into a target identity state.

In particular, the state transition contract stores: the mapping relation between the identity (id) of each proving object and the state data set of the corresponding proving object, wherein at least one identity state associated with the proving object is stored in the state data set. The mapping relation can be stored in a form of a table, that is, a mapping relation table is stored in the state transfer contract, and the mapping relation table is used for reflecting the mapping relation between the identity identifier of the proving object and the identity state. For example, the format of the mapping table is shown in table 1 below:

TABLE 1 proof of mapping between identity and status of objects

Wherein, as shown in table 1, the identity is used as a unique identifier of a certification object, each certification object is associated with a corresponding state data set, one or more identity states (the identity states are all uplink identity states) associated with the certification object are stored in the state data set, and the uplink time corresponding to each identity state is, for example, for the certification object 1 (identity id 1), the corresponding identity state data set includes: state11, state12, state13, wherein the uplink time of state11 is time11, the uplink time of state12 is time12, and the uplink time of state13 is time13. The status to be changed, which is matched with the proving object, refers to the status of the latest uplink time in the status data set corresponding to the proving object, for example, time11> time12> time13, and then state11 is the status of the proving object 1 to be changed, that is, state11 refers to the current status of the proving object 1 on the chain.

In the above manner, the blockchain node may compare the historical identity state (old state) of the proving object under the chain with the current identity state (to be changed identity state) of the proving object under the chain, so as to avoid that the new state (target identity state) to be updated is already old (i.e. the new state has expired, or has been updated), thus comparing the old state with the latest state on the chain, and if the old state and the latest state are consistent, allowing the user identity state on the current chain to be updated to the new state. In this way, write repetition during a state update can be prevented, improving the accuracy of performing state updates on the chain.

Referring to fig. 8a, fig. 8a is a flowchart illustrating another blockchain-based authentication method according to an embodiment of the present application. The method is applied to a client in a blockchain-based authentication system as shown in fig. 3 a. The blockchain-based authentication method mainly comprises, but is not limited to, the following steps S801 to S803:

s801: identity claim information of the proving object is obtained, wherein the identity claim information is issued by the identity issuing object for the proving object.

In one possible implementation, the client generates an identity claims request carrying identity information of the certification object; an identity claim request is sent to the identity issuer to cause the identity issuer to issue identity claim information for the prover. Specifically, the identity issuing object responds to the identity claim request to perform verification processing on the identity information of the proving object, and if the verification is passed, the identity claim information related to the proving object is generated. Wherein, the verification processing of the identity information of the verification object can include, but is not limited to: any one or more of validity verification, security verification. Subsequently, the certification target may store its own identity claim information in a local client, and in particular, the client may store each identity claim information of the certification target locally in a data structure of a merck tree (as shown in fig. 5).

S802: and processing the identity declaration information of the proving object based on the zero knowledge proving circuit to obtain an identity proving file of the proving object.

In one possible implementation manner, the client processes the identity declaration information of the proving object based on the zero knowledge proof circuit to obtain an identity document of the proving object, which may include: firstly, acquiring a merck path associated with identity declaration information of a proving object and a target identity state of the proving object; then, according to the merck path of the proving object, the target identity state and the identity declaration information, the input parameters of the zero knowledge proving circuit are obtained through assembly; and finally, inputting the input parameters into a zero knowledge proof circuit for circuit verification processing to obtain the identification document of the proof object. Optionally, when the client assembles the input parameters of the zero knowledge proof circuit, the client may first combine the merck path of the proof object, the target identity state, and the identity declaration information to obtain a combined parameter; then carrying out signature processing on the combined parameters to obtain input parameters; or the merck path, the target identity state and the identity declaration information of the proving object can be directly packaged and compressed to generate the input parameters.

In specific implementation, the client inputs input parameters (merck path, target identity state and identity declaration information of the proving object) to the zero knowledge proving circuit to perform circuit verification processing, and an identity document of the proving object is obtained, which specifically includes: firstly, carrying out hash operation processing on the merck path and identity declaration information of a proving object to obtain a reference identity state of the proving object; then, if the reference identity state is the same as the target identity state, carrying out circuit verification processing on the identity statement information of the verification object based on the zero knowledge proof circuit; if the circuit verification of the identity claim information is confirmed to pass, an identity document of the proving object is generated. That is, the user may input the current identity state into the zero knowledge proof circuit, and the identity state calculation process may be implemented in the zero knowledge proof circuit, that is, the reference identity state calculated by the circuit is obtained after hash operation is performed according to the merck path and the identity declaration information, and if the reference identity state calculated by the circuit is consistent with the target identity state input by the user, the step of verifying the identity declaration information is triggered to be performed.

In specific implementation, the circuit verification processing is performed on the identity declaration information of the verification object by the client based on the zero knowledge proof circuit, and the method may include: acquiring the declaration type of the identity declaration information of the proving object; judging whether the identity declaration information meets the verification condition corresponding to the declaration type, and if so, determining that the circuit verification of the identity declaration information of the verification object passes. For example, if the declaration type of the identity declaration information is an age declaration, it may be determined whether the identity declaration information satisfies a verification condition of "age > 20 years old", and if so, it is determined that the circuit verification of the identity declaration information of the verification object is passed; if the circuit verification of the identity claim information of the verification object is not satisfied, the circuit verification of the identity claim information of the verification object is not passed. For another example, if the declaration type of the identity declaration information is an asset declaration, whether key fields such as 'amount', 'asset' and the like are contained in the asset declaration information can be judged, and if so, the circuit verification of the identity declaration information of the verification object is determined to pass; if the asset declaration information contains sensitive words, determining that the circuit verification of the identity declaration information of the verification object is not passed.

Optionally, the client may further perform verification processing on the target identity state of the verification object based on the zero knowledge proof circuit, which may specifically include: (1) Verifying the validity of the target identity state may specifically include: judging whether the target identity state is equal to a preset value 0, and if the target identity state is 0, determining that the target identity state is not effective; if the target identity state is not 0, the reference identity state is determined to be valid. (2) Verifying the validity of the target identity state may specifically include: judging whether the target identity state comprises sensitive words, if so, determining that the target identity state has no legality. (3) And checking the attribution right of the target identity state, namely checking whether the currently received target identity state belongs to the proving object.

In one possible implementation manner, after determining that the identity declaration information and the target identity state of the verification object pass, the client can obtain the verification parameters of the zero knowledge proof circuit, wherein the verification parameters are generated after the trusted setting processing is performed on the zero knowledge proof circuit; operating a proving calculation file of the zero knowledge proving circuit, and calculating to obtain witness parameters of the zero knowledge proving circuit; and generating an identity document of the proving object according to the proving parameter and the witness parameter of the zero-knowledge proving circuit. It should be understood that witness parameters witness refers to a set of input parameters, intermediate parameters, and output parameters of the zero-knowledge proof circuit, and that the witness file contains all the calculated signals of the zero-knowledge proof circuit, and that the r1cs file (circuit constraint file) is used to describe constraint logic of the zero-knowledge proof circuit. Subsequently, according to proof key) +witness parameter (witness) =proof file.

S803: and in response to the verification operation of the certification object, sending identity verification data comprising an identity document to the verification object, wherein the identity verification data is used for triggering the verification object to perform identity verification processing on the certification object.

In one possible implementation, a service interface related to authentication may be displayed in the client of the certification object, please refer to fig. 8b, fig. 8b is a schematic diagram of a service interface related to authentication provided by an embodiment of the present application. As shown in fig. 8b, a verification portal (800) is provided in the service interface, which may include, but is not limited to: and verifying a control and a setting item. Taking the verification portal as an example of a verification control, the certification object may initiate a verification operation in the service interface, for example, when the verification control is clicked (e.g., clicked, double clicked, long pressed), a verification operation may be generated, and then the client may generate an identity verification request in response to the verification operation.

Optionally, the client sends an authentication request including the client identifier to the authentication object, and after sending the authentication request to the authentication object, the client may also receive feedback data sent by the client, where the feedback data is generated after the authentication object authenticates the client according to the client identifier; then, the client can conduct signature processing on the feedback data to obtain signature data; and finally, the client packages the signature data and the identification document into identification verification data and sends the identification verification data to the verification object. Subsequently, the authentication object may perform authentication processing on the certification object based on the authentication processing, and the generated authentication processing result may be transmitted to the client. The authentication process of the authentication object to the proof object may refer to the related steps in the embodiment of fig. 4 in detail, and the embodiment of the present application is not described again.

It should be appreciated that embodiments of the present application are applicable to applications such as: in various types of identity verification scenes such as account opening to a bank, tax payment to a tax agency by a user, and request acquisition of credit records to a credit department by the user, in the identity verification scene, when the client needs to perform identity verification, the client does not need to provide own identity statement information to a third party platform (the bank, the tax agency, the credit department and the like), but encrypts own privacy data into corresponding identity document based on a zero knowledge proof circuit mode, and then provides the identity document after the zero knowledge proof processing to a verification object for verification processing, thereby avoiding data leakage and ensuring the security of the user privacy data.

Referring to fig. 9, fig. 9 is an interaction flow chart of a blockchain-based authentication method according to an embodiment of the present application. The method is performed jointly by a client, an authentication object, a blockchain node, and an identity issuing object in the blockchain-based authentication system shown in fig. 3 a. The interaction flow of the blockchain-based authentication method mainly comprises, but is not limited to, the following steps S901 to S9011:

S901: the client where the certification object is located sends an identity claim request to the identity issuing object.

In particular, the identity issuer is configured to issue corresponding identity claim information to the certification objects, where the identity issuer may be considered a more authoritative claim information issuer, and may store the identity claim information of each certification object. Thus, the certification target may apply for obtaining its own identity claim information (claim) from the identity issuer, i.e. the client where the certification target is located may generate an identity claim request and send the identity claim request to the identity issuer. The identity declaration request carries identity information of the proving object.

S902: the identity issuing object verifies the identity information of the proving object.

In particular implementation, the identity information of the identity issuing object verification proving object may include: and verifying any one or more of the validity and the validity of the identity information. Then, if it is determined that the authentication of the identity information of the certification object is passed, the identity issuer may generate identity claims information of the certification object.

Optionally, the identity claim request may further carry a client identifier, and the identity issuing object may verify, according to the client identifier, the client that sends the identity claim request, where the verification includes: any one or more of validity check, authority check and validity check. For example, checking whether the client has authority to apply the identity claims information to the identity issuer; as another example, checking whether the client sending the identity claim request is legitimate, and so on. By the method, the security of the client can be checked, and the security in the data interaction process is improved.

S903: the identity issuer sends identity claims information to the attestation object.

Wherein, the proving object can store and manage the identity declaration information of the proving object locally. In particular, the individual identity claim information associated with a proving object may be stored based on a data structure of a merck tree, which refers to a hashed binary tree, the root node (also known as the tree root) of which may be used to represent the identity state of the proving object.

S904: and the client side where the certification object is located processes the identity statement information based on the zero knowledge certification circuit to obtain an identity document of the certification object.

In specific implementation, the client processes the identity declaration information based on the zero knowledge proof circuit to obtain an identity document of the proof object, and specifically comprises the following steps: firstly, acquiring a merck path associated with identity declaration information of a proving object and a target identity state of the proving object; then, according to the merck path of the proving object, the target identity state and the identity declaration information, the input parameters of the zero knowledge proving circuit are obtained through assembly; and finally, inputting the input parameters into a zero knowledge proof circuit for circuit verification processing to obtain the identification document of the proof object. Wherein the processing performed by the zero knowledge proof circuit on the identity claims information may include: any one or more of elliptic curve processing, polynomial processing, elliptic curve pairing processing.

It should be noted that, the process of generating the identification document may refer to the related steps in the embodiment of fig. 8a in detail, and the embodiment of the present application will not be described herein again.

S905: and the client where the certification object is located generates identity verification data according to the identity certification file.

In one possible implementation, the client generates authentication data according to the identification document, which may include: firstly, the client can respond to the verification operation of the proving object to generate an identity verification request, and then the identity verification request is sent to the verification object; then, receiving feedback data sent by the client, and carrying out signature processing on the feedback data to obtain signature data, wherein the signature processing can be carried out on the feedback data based on a private key of the proving object; and finally, packaging the signature data and the identification document into identification verification data. Optionally, the authentication data may further include: a target identity state of the proving object, the target identity state being determined based on at least one identity claim information associated with the proving object.

S906: and the client where the certification object is located sends the identity verification data to the verification object.

S907: the verification object performs verification processing on the identification document.

In the specific implementation, after receiving the authentication data sent by the client, the authentication object can perform signature verification processing on signature data in the authentication data based on a public key of the authentication object, and if the signature verification data is determined to pass, the authentication processing is performed on an identity document in the authentication data. More specifically, the so-called authentication process may include: and calling a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification to verify the identification document, or verifying the identification document through a circuit verification contract matched with the zero knowledge proof circuit in the blockchain. It should be noted that, the specific process of the verification process of the identification document may refer to the related flow corresponding to step S402 in the embodiment of fig. 4 in detail, and the embodiments of the present application are not described herein again.

S908: the verification object receives a verification processing result of the blockchain node.

In one possible implementation, the verification object may send the identification document of the verification object to the blockchain link point for verification processing, and the blockchain node may generate a corresponding verification processing result after performing verification processing on the identification document, and then the blockchain node may send the verification processing result to the verification object. Wherein, the verification processing result may include: authentication success, or authentication failure.

S909: if the verification processing result of the identification document is that the verification is successful, determining that the identity verification of the verification object is passed by the verification object.

S9010: the validation object sends a status update request to the blockchain node.

In particular, after the authentication object passes the authentication of the authentication object, the authentication object may generate a status update request and send the status update request to the blockchain node. Wherein, the status update request carries: the method comprises the steps of proving a reference identity state of an object and a historical identity state, wherein the reference identity state is obtained according to historical state data of the object and identity statement information to be changed, and the historical state data comprises: the merck path associated with the identity claim information to be altered.

S9011: the block link point update proves the identity state of the object.

In one possible implementation, the process of updating the identity state of the certification object by the block link points may include: invoking a state transfer contract to inquire the identity state to be changed, which is matched with the proving object; and if the historical identity state of the proving object is the same as the identity state to be changed, changing the identity state of the proving object stored in the state transfer contract into a reference identity state. It should be noted that, the detailed process of updating the identity state on the chain by the block link point may refer to the related process in the embodiment of fig. 4, and the embodiment of the present application is not described herein again.

The application provides a mode of autonomous digital identity of a user, namely, the user (proving object) can autonomously manage respective identity and personal data, the identity data of the user is stored locally, the identity verification and the unlicensed proof can be carried out on the chain under the condition that the privacy data is not exposed, and the user identity can be verified on the chain in a privacy protection mode. Specifically, when the authentication object needs to perform identity authentication on the authentication object such as a bank, a tax department, a credit department and the like, the authentication object can generate a corresponding proof document after processing the identity declaration information clamm acquired from the identity issuing object based on the zero knowledge proof circuit; the authentication object may perform an authentication process on the authentication object based on the identification document generated by the client. In the identity verification process, specific data of identity statement information of the proving object is not required to be sent to the verification object, so that leakage of the identity data is avoided, and the reliability and safety of the identity verification process are improved.

The foregoing details of the method according to the embodiment of the present application are set forth in order to better implement the foregoing scheme according to the embodiment of the present application, and accordingly, an apparatus according to the embodiment of the present application is provided below, and next, related apparatuses according to the embodiment of the present application are correspondingly described in connection with the foregoing authentication scheme provided by the embodiment of the present application.

Referring to fig. 10, fig. 10 is a schematic structural diagram of a blockchain-based authentication device according to an embodiment of the present application. As shown in fig. 10, the authentication apparatus 1000 may be applied to the authentication object (which may be, for example, a terminal device or a server) mentioned in the foregoing embodiment. In particular, the authentication apparatus 1000 may be a computer program (comprising program code) running in a computer device, e.g. the authentication apparatus 1000 is an application software; the authentication device 1000 may be used to perform the corresponding steps in the blockchain-based authentication method provided by the embodiments of the present application. The authentication apparatus 1000 may specifically include:

an obtaining unit 1001, configured to obtain identity verification data for a certification object, where the identity verification data carries an identity document of the certification object, and the identity document is generated by processing identity statement information of the certification object based on a zero knowledge proof circuit;

a processing unit 1002, configured to perform verification processing on an identification document of a verification object;

a determining unit 1003, configured to determine that the authentication object passes the authentication of the authentication object if the authentication processing result of the authentication document is that the authentication is successful;

In one possible implementation manner, the authentication data further includes signature data, where the signature data is obtained by performing signature processing on the received feedback data by the client; the processing unit 1002 is further configured to perform the following operations:

Referring to fig. 11, fig. 11 is a schematic structural diagram of another block chain-based authentication device according to an embodiment of the present application. As shown in fig. 11, the authentication apparatus 1100 can be applied to the client mentioned in the foregoing embodiment. In particular, the authentication apparatus 1100 may be a computer program (comprising program code) running in a computer device, for example the authentication apparatus 1100 is an application software; the authentication device 1100 may be used to perform the corresponding steps in the blockchain-based authentication method provided by the embodiments of the present application. The authentication apparatus 1100 may specifically include:

an acquisition unit 1101 for acquiring identity claim information of a certification target, the identity claim information being issued by an identity issuing target for the certification target;

the processing unit 1102 is configured to process the identity declaration information of the proving object based on the zero knowledge proof circuit, so as to obtain an identity document of the proving object;

the sending unit 1103 is configured to send, to the verification object, authentication data including an identity document in response to a verification operation of the verification object, where the authentication data is used to trigger the verification object to perform an authentication process on the verification object.

In a possible implementation manner, the processing unit 1102 processes the identity declaration information of the proving object based on the zero knowledge proof circuit to obtain an identity document of the proving object, and is used for performing the following operations:

In one possible implementation manner, the processing unit 1102 inputs the input parameters to the zero knowledge proof circuit for performing circuit verification processing, and obtains an identification document of the proof object, so as to perform the following operations:

In one possible implementation, the processing unit 1102 performs a circuit verification process on the identity claim information of the verification object based on the zero knowledge proof circuit, for performing the following operations:

In one possible implementation, the processing unit 1102 is further configured to perform the following operations:

In the embodiment of the application, when the client needs to perform identity verification, the client does not need to provide own identity statement information to a third party platform (bank, tax agency, credit bureau and the like), but encrypts and processes own private data into corresponding identity document based on a zero-knowledge proof circuit mode, and then provides the identity document subjected to the zero-knowledge proof processing to a verification object for verification processing, thereby avoiding data leakage and ensuring the security of private data of a user.

Referring to fig. 12, fig. 12 is a schematic structural diagram of a computer device according to an embodiment of the application. The computer device 1200 is configured to perform the steps performed by the authentication object, the client, in the method embodiments described above. The computer device 1200 includes: one or more processors 1201; one or more input devices 1202, one or more output devices 1203, and a memory 1204. The processor 1201, the input device 1202, the output device 1203, and the memory 1204 described above are connected through a bus 1205. The processor 1201 (or CPU (Central Processing Unit, central processing unit)) is a processing core of a computer device, where the processor 1201 is adapted to implement one or more program instructions, and in particular to load and execute the one or more program instructions to implement the flow of the blockchain-based authentication method described above. The memory 1204 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory; optionally, at least one memory located remotely from the aforementioned processor. The memory 1204 provides storage space for storing an operating system of the content playback device. And in the memory space is also used for storing a computer program comprising program instructions adapted to be invoked and executed by a processor for performing the steps of the blockchain-based authentication method of the present application.

Specifically, the memory 1204 is configured to store a computer program, where the computer program includes program instructions, and the processor 1201 is configured to call the program instructions stored in the memory 1204 to perform the following operations:

verifying the identification document of the verification object;

In one possible implementation, the processor 1201 is further configured to perform the following operations:

In one possible implementation manner, the authentication data further includes signature data, where the signature data is obtained by performing signature processing on the received feedback data by the client; the processor 1201 is also configured to perform the following operations:

In one possible implementation, the memory 1204 is configured to store a computer program, where the computer program includes program instructions, and the processor 1201 is further configured to invoke the program instructions stored in the memory 1204 to perform the following operations:

In one possible implementation, the processor 1201 processes the identity claim information of the proving object based on the zero knowledge proof circuit to obtain an identity document of the proving object, for performing the following operations:

In one possible implementation, the processor 1201 inputs the input parameters to the zero knowledge proof circuit for circuit verification processing, and obtains an identification document of the proof object, for performing the following operations:

In one possible implementation, the processor 1201 performs a circuit verification process on the identity claims information of the verification object based on the zero knowledge proof circuit for performing the following operations:

Furthermore, it should be noted here that: the embodiment of the present application further provides a computer storage medium, in which a computer program is stored, and the computer program includes program instructions, when executed by a processor, can perform the method in the corresponding embodiment, so that a detailed description will not be given here. For technical details not disclosed in the embodiments of the computer storage medium according to the present application, please refer to the description of the method embodiments of the present application. As an example, the program instructions may be deployed on one computer device or executed on multiple computer devices at one site or distributed across multiple sites and interconnected by a communication network.

According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device can perform the method in the foregoing corresponding embodiment, and therefore, a detailed description will not be given here.

It will be understood by those skilled in the art that implementing all or part of the above-described methods in the embodiments may be implemented by a computer program for instructing relevant hardware, and the above-described program may be stored in a computer readable storage medium, and the program may include the steps of the embodiments of the above-described methods when executed. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like.

The foregoing disclosure is illustrative of the present application and is not to be construed as limiting the scope of the application, which is defined by the appended claims.

Claims

1. A blockchain-based authentication method, comprising:

acquiring identity verification data aiming at a proving object, wherein the identity verification data carries an identity document of the proving object, and the identity document is generated after processing identity statement information of the proving object based on a zero knowledge proving circuit;

verifying the identification document of the identification object;

if the verification processing result of the identity document is that the verification is successful, determining that the identity verification of the verification object to the verification object is passed;

wherein the verification process includes: and calling a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification to verify the identification document, or verifying the identification document through a circuit verification contract matched with the zero knowledge proof circuit in a blockchain.

2. The method of claim 1, wherein the method further comprises:

if the client is verified according to the client identifier, generating feedback data;

And sending the feedback data to the client, wherein the feedback data is used for triggering the client to generate the authentication data aiming at the proving object.

3. The method of claim 2, wherein the authentication data further comprises signature data obtained from the client after signature processing of the received feedback data; the method further comprises the steps of:

and if the signature data passes the verification, triggering and executing the step of verifying the identification document of the identification object.

4. The method of claim 1, wherein the method further comprises:

acquiring a circuit constraint file and a proving calculation file of a zero knowledge proving circuit, wherein the circuit constraint file and the proving calculation file are generated by compiling and trusted setting the zero knowledge proving circuit to be compiled;

loading the circuit constraint file and the proof calculation file in a zero knowledge proof circuit, and taking the successfully loaded zero knowledge proof circuit as a zero knowledge proof circuit matched with the zero knowledge proof circuit for verification;

And verifying the identification document of the proving object based on the successfully loaded zero-knowledge proving circuit.

5. The method of claim 4, wherein the method further comprises:

and sending the notification message to the client where the proving object is located, wherein the notification message is used for triggering the client to request the identity issuing object to acquire the identity declaration information of the proving object again.

6. The method of claim 4, wherein the method further comprises:

acquiring verification parameters of a zero knowledge proof circuit, wherein the verification parameters are generated after the zero knowledge proof circuit is subjected to trusted setting;

sending the intelligent contract code file into a blockchain, and triggering generation of a circuit verification contract based on the intelligent contract code file in the blockchain;

and allowing any blockchain node to call a deployed circuit verification contract in the blockchain to verify the identification document of the proving object.

7. The method of claim 1, wherein the method further comprises:

receiving a verification processing result sent by a blockchain node, wherein the verification processing result is generated after the blockchain node invokes a circuit verification contract to verify the identification document;

if the verification processing result is that verification is successful, generating a state update request aiming at the proving object, and sending the state update request to the blockchain node;

wherein the status update request is to trigger an update of an identity status of the attestation object in the blockchain.

8. A blockchain-based authentication method, comprising:

acquiring identity declaration information of a proving object, wherein the identity declaration information is issued by an identity issuing object for the proving object;

processing the identity declaration information of the proving object based on a zero knowledge proving circuit to obtain an identity proving file of the proving object;

and responding to the verification operation of the proving object, sending the identity verification data comprising the identity document to the verifying object, wherein the identity verification data is used for triggering the verifying object to carry out identity verification processing on the proving object.

9. The method of claim 8, wherein the zero-knowledge-based proving circuit processes the identity claims information of the proving object to obtain an identity document of the proving object, comprising:

acquiring a merck path associated with the identity declaration information of the proving object and a target identity state of the proving object;

according to the merck path, the target identity state and the identity declaration information of the proving object, the input parameters of the zero knowledge proving circuit are obtained through assembly;

and inputting the input parameters into a zero knowledge proving circuit to perform circuit verification processing to obtain the identity document of the proving object.

10. The method of claim 9, wherein said inputting the input parameters to a zero knowledge proof circuit for circuit verification processing to obtain an identification document of the proof object, comprises:

if the reference identity state is the same as the target identity state, performing circuit verification processing on the identity statement information of the proving object based on a zero knowledge proving circuit;

And if the circuit verification of the identity claim information is confirmed to pass, generating an identity document of the proving object.

11. The method of claim 10, wherein the performing circuit verification processing on the identity claims information of the proving object based on the zero knowledge proof circuit comprises:

judging whether the identity declaration information meets the verification condition corresponding to the declaration type, and if so, determining that the circuit verification of the identity declaration information of the proving object is passed.

12. The method of claim 11, wherein the method further comprises:

obtaining a proving parameter of a zero knowledge proving circuit, wherein the proving parameter is generated after performing trusted setting processing on the zero knowledge proving circuit;

13. A blockchain-based authentication device, comprising:

The acquisition unit is used for acquiring identity verification data aiming at the proving object, wherein the identity verification data carries an identity document of the proving object, and the identity document is generated after the zero knowledge proving circuit processes the identity statement information of the proving object;

the processing unit is used for verifying the identification document of the proving object;

the determining unit is used for determining that the authentication of the authentication object to the authentication object passes if the authentication processing result of the authentication document is that the authentication is successful;

14. A blockchain-based authentication device, comprising:

an acquisition unit configured to acquire identity claim information of a certification target, the identity claim information being issued by an identity issuing target for the certification target;

the processing unit is used for processing the identity statement information of the proving object based on the zero knowledge proving circuit to obtain an identity proving file of the proving object;

15. A computer device, comprising: a memory device and a processor;

a memory in which one or more computer programs are stored;

a processor for loading the one or more computer programs to implement the blockchain-based authentication method of any of claims 1-7 or 8-12.

16. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program adapted to be loaded by a processor and to perform the blockchain-based identity verification method of any of claims 1-7 or 8-12.

17. A computer program product, characterized in that the computer program product comprises a computer program adapted to be loaded by a processor and to perform the blockchain-based authentication method according to any of claims 1-7 or 8-12.