CN117478302A - Block chain-based privacy node identity verification method and device - Google Patents

Block chain-based privacy node identity verification method and device Download PDF

Info

Publication number
CN117478302A
CN117478302A CN202311826530.7A CN202311826530A CN117478302A CN 117478302 A CN117478302 A CN 117478302A CN 202311826530 A CN202311826530 A CN 202311826530A CN 117478302 A CN117478302 A CN 117478302A
Authority
CN
China
Prior art keywords
node
privacy
blockchain
algorithm
intelligent contract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311826530.7A
Other languages
Chinese (zh)
Other versions
CN117478302B (en
Inventor
谭林
刘彩龙
郭兆中
丁孟
尹海波
刘齐军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Tianhe Guoyun Technology Co Ltd
Original Assignee
Hunan Tianhe Guoyun Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Tianhe Guoyun Technology Co Ltd filed Critical Hunan Tianhe Guoyun Technology Co Ltd
Priority to CN202311826530.7A priority Critical patent/CN117478302B/en
Publication of CN117478302A publication Critical patent/CN117478302A/en
Application granted granted Critical
Publication of CN117478302B publication Critical patent/CN117478302B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method and a device for verifying identity of privacy nodes based on a blockchain, wherein the method comprises the steps of constructing an on-chain trusted execution environment on the blockchain, and communicating with each privacy node of the blockchain through the on-chain trusted execution environment; each privacy node deploys the same intelligent contract, and each privacy node can access the trusted execution environment on the chain through the intelligent contract to obtain an encrypted shared factor hash value, and each privacy node establishes a secure channel through an encryption algorithm to mutually verify the received shared factor hash value, so that identity verification of both communication parties is completed. Compared with the related art, the blockchain-based privacy node authentication method and device provided by the invention can effectively improve the authentication efficiency between privacy nodes and can maintain quantum resistance.

Description

Block chain-based privacy node identity verification method and device
Technical Field
The invention relates to the technical field of blockchain, in particular to a blockchain-based privacy node identity verification method and device.
Background
At present, the communication between privacy computing nodes aiming at the same intelligent contract mainly ensures the safety of the communication by jointly generating keys through a plurality of privacy nodes or exchanging multi-party keys.
First, a method and apparatus for generating a shared contract key (publication number CN112152800 a) uses a common generation key algorithm, and requires the use of information of a trusted execution environment of nodes, shared factors on a chain, public key signature, and the like to ensure communication security between nodes. Multiparty key technology also requires a large number of communications between nodes, as well as computation. As the number of nodes increases, their efficiency decreases. With the development of the age, privacy computing nodes continue to increase, and the efficiency of the prior art is difficult to meet the requirement of more nodes. Second, the multiparty key and the co-generated key are based on a public key system. In order to cope with possible quantum computing and quantum attacks, the public key systems with quantum resistance are now generally inefficient and too long in key length, which can lead to an increasing demand for computational effort and network bandwidth.
The identity authentication method, the device, the computer equipment and the medium (publication number CN115134090 a) based on privacy protection are not suitable for the P2P network mode based on the client and the server model by using the identity authentication method based on privacy protection.
Therefore, there is a need for a new blockchain-based privacy node authentication method and apparatus that overcomes the above-mentioned drawbacks.
Disclosure of Invention
The invention aims to provide a novel block chain-based privacy node identity verification method and device, which can effectively improve the identity verification efficiency between privacy nodes and can maintain quantum resistance.
In order to achieve the above object, the present invention provides a blockchain-based privacy node authentication method, comprising:
constructing an on-chain trusted execution environment on the blockchain, and communicating with each privacy node of the blockchain through the on-chain trusted execution environment; comprising the following steps: the blockchain stores intelligent contracts, wherein the intelligent contracts comprise node information, executable computer-readable codes and common factor use rules; the on-chain trusted execution environment contains the smart contract-related common factors and the type of algorithm to be used;
each privacy node deploys the same intelligent contract, and each privacy node can access the trusted execution environment on the chain through the intelligent contract to obtain the encrypted shared factor hash value; comprising the following steps: each privacy node is deployed and uses an intelligent contract, and the shared factor hash value encrypted by the node public key can be obtained through the trusted execution environment on the intelligent contract access chain; obtaining an encrypted common factor hash value from the chain, decrypting by using a node private key, and transmitting the decrypted hash value to other privacy nodes; the privacy node verifies the received hash value through the intelligent contract address, if the verification is passed, the privacy node acquires the shared factor hash value belonging to the privacy node, and the privacy node verifies the hash value through interaction with the intelligent contract to complete identity verification;
and establishing a secure channel between each privacy node through an encryption algorithm, and mutually verifying the received shared factor hash value, thereby completing the identity verification of both communication parties.
The invention also provides a block chain based privacy node identity verification device, which comprises:
the cryptography component module is used for providing support for encryption and decryption algorithms and privacy calculation;
the trusted execution environment module is used for ensuring the communication safety and reliability between the blockchain and each privacy node;
and the intelligent contract module is used for storing information of each node and information of the usage rule of the common factors and issuing the information into the blockchain network.
The present invention also provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of the blockchain-based privacy node identity verification method.
The invention also provides a computer terminal comprising a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the steps of the block chain-based privacy node identity verification method when executing the computer program.
Compared with the related art, the invention adopts an effective identity authentication protocol among the privacy nodes, and proves that the privacy nodes cannot be increased along with the increase of the number of the nodes, so that the security of node information and the reliability of identity authentication among the privacy node groups are ensured for the increase of the possible number of the privacy nodes in the future; by using the encryption algorithm and the hash algorithm, information leakage and unsafe communication are avoided, safety autonomous controllability is guaranteed, and possible quantum attack in the future can be resisted.
Drawings
For a clearer description of the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments are briefly introduced below, the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art, wherein:
FIG. 1 is a general design diagram of a blockchain-based privacy node authentication method of the present invention;
FIG. 2 is a flow chart of a node deployment intelligent contract based on a blockchain privacy node identity verification method of the present invention;
FIG. 3 is a diagram of a function execution process based on a blockchain privacy node identity verification method of the present invention;
fig. 4 is a flow chart of a method for establishing a secure channel based on a blockchain privacy node identity verification method of the present invention.
Detailed Description
The following description of the technical solutions in the embodiments of the present invention will be clear and complete, and it is obvious that the described embodiments are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention designs an authentication protocol between privacy nodes based on a domestic encryption function. The protocol can ensure the communication security of the privacy node under the chain for certain intelligent contract calculation. By utilizing the characteristics of the hash function, the protocol can provide quantum resistance and improve efficiency on the premise of ensuring safety.
S1, an on-chain trusted execution environment is built on the blockchain, and communication is carried out with each privacy node of the blockchain through the on-chain trusted execution environment.
As shown in FIG. 1, the blockchain stores smart contracts that include information about individual nodes, executable computer readable code, usage rules for common factors, and the like. The blockchain owns an on-chain trusted execution environment in which the smart contract-related common factors and the type of algorithm to be used are stored. The on-chain trusted execution environment is constructed by a hardware CPU, and is an independent processing environment with operation and storage functions and capable of providing security and integrity protection. The basic architecture is as follows: an independent memory is allocated separately in the memory, and the key stored in the CPU is encrypted, and other hardware, except for the special interface, cannot access the memory. Thus, operation and storage are guaranteed to be safe and reliable, and communication between the trusted execution environment of the blockchain and each privacy node is safe and reliable.
S2, each privacy node deploys the same intelligent contract, each privacy node can access the trusted execution environment on the chain through the intelligent contract to obtain an encrypted shared factor hash value, a security channel is established between each privacy node through an encryption algorithm, the received shared factor hash value is mutually verified, and therefore identity verification of both communication parties is completed.
When one privacy node a attempts to communicate with another privacy node B. Each node in the under-link privacy computing node uses the same intelligent contract, namely the same under-link contract address of each node is the same. Through the smart contract, node a accesses the trusted execution environment on the chain, and node a can obtain the encrypted public key factor hash (call the smart contract getComFct function). Since the data comes from the trusted execution environment on the chain and is encrypted with the public key, the data is not readable by a third party.
The node A obtains the encrypted shared factor hash value from the chain, decrypts by using the node private key, and exits the communication if the decryption fails. And transmits the decrypted hash value to the node B. The node B verifies the received shared factor hash (by calling the contract function verifyComFct) through the contract address, and acquires the shared factor hash belonging to the node B if the verification is passed, otherwise, the communication is ended. The node B obtains the encrypted shared factor hash value from the chain, decrypts the shared factor hash value by using the node private key, and exits the communication if the decryption fails. And transmits the decrypted hash value to node a. Since the data comes from the trusted execution environment on the chain and is executed locally, the data is not read by a third party.
The node B transmits the shared factor hash value obtained from the chain to the node a through the secure channel. Node a verifies the hash value by interacting with the contract (by calling the contract function verifyComFct), if the authentication passes, communication is continued, otherwise communication is terminated.
For a third party node E not participating in privacy calculations, E has no access to the shared factors of the intelligent contracts in the trusted execution environment on the chain. Since the common factors of A and B are obtained by interacting with the trusted execution environment on the chain, E cannot learn the common factors. According to the collision resistance of the hash function, E cannot calculate the hash value for identity verification without knowing the common factor. Meanwhile, the hash values of A and B are transmitted by a secure channel, E can not obtain the hash values, and replay attack is carried out on other privacy computing nodes. Therefore, the authentication is secure and reliable.
To cope with replay attacks, node a and node B should now establish a secure channel in advance in order to avoid obtaining identification, i.e. the shared factor hash value, by a third party. The secure channel may be established using a domestic encryption based algorithm, for example using symmetric encryption SM 4. Shared keys distributed by the on-chain trusted execution environment may be used between nodes to encrypt information using SM 4.
FIG. 2 is a master node deployment intelligent contract for a privacy node group. First, all privacy nodes run one blockchain full node. The block chain full node is operated, so that no third party can intercept data when the intelligent contract is called, and the safe communication environment is ensured. The master node in the privacy node group deploys an intelligent contract, wherein the intelligent contract stores information such as a sharing factor, a domestic hash algorithm, public keys of all privacy nodes and the like. The privacy node group master node establishes a secure channel with other privacy nodes, and transmits the intelligent contract address through the secure channel.
The deployment of the smart contract contains the function ComFct, which is an abbreviation for common factor. As shown in fig. 3, the getComFct function represents a hash value of the obtained common factor, and its input parameter is the public key of the privacy node, and if this public key is not present in the smart contract, it will result in that the common factor corresponding to this public key cannot be obtained. If the public key exists, the common factor is hashed in the trusted execution environment by using a domestic hash algorithm, then the hash value is encrypted by using the public key, and finally the hash value is returned to the caller. The purpose of encryption is that even if other nodes know the public key in the smart contract through some other way and obtain the common factor related data through this function, the common factor hash cannot be known because it cannot be decrypted using the private key.
The verifyComFct function represents verification of a common factor hash value, and its input parameters are a common factor hash and a public key. If the public key exists in the intelligent contract and the public key corresponds to the sharing factor and is consistent with the input parameter, the verification is passed. The information receiving party receives information from other privacy nodes and verifies the identity of the node. The function parameters are a sender common factor hash and a sender public key for this message.
The addPubkeyAndComFct function is used for adding privacy cluster nodes, and the input parameter is a public key. The function is called, the intelligent contract adds a public key to the intelligent contract variable, a common factor is generated for the public key, the process of generating the common factor is carried out in a trusted execution environment, and the generated common factor is stored in the trusted execution environment.
The function of deletepubkey and direct is used to delete the public key stored in the smart contract, and the input parameter is the public key (array). When deleting the public key, the sharing factor corresponding to the public key is deleted at the same time. Applied to some nodes in the privacy cluster to be deleted. This function can only be invoked by the master node of the privacy node group.
The function of changeHashAndComFct is used for changing the sharing factors corresponding to the hash algorithm and the public key used in the intelligent contract, and no parameters exist. Modifications to the sharing factors and hash algorithms are made in a trusted execution environment.
Fig. 4 shows the establishment of a trusted channel. The process is that node A sends SSH version to B, and node B receives the message and then sends SSH version to node A. Then, the node A sends the own key exchange algorithm, encryption algorithm and MAC (message authentication code) algorithm to the node B, and the home encryption algorithm is used by the protocol, so that the key exchange algorithm uses SM9, the encryption algorithm uses SM4, the MAC algorithm uses HMAC, and the hash algorithm used in the HMAC algorithm is replaced by SM 3. Node B also uses the algorithm described above and sends the algorithm to node a. Node a and node B exchange keys using a key exchange algorithm SM 9.
Compared with the related art, the invention has the following beneficial effects: the invention adopts a security identity authentication protocol between privacy computing nodes. Identity verification is achieved through shared factor hashing of the under-chain verification privacy node, and the efficiency of the identity verification is improved.
The privacy node group master node shares the same intelligent contract address with other cluster nodes, only the master node can modify the intelligent contract state, and other nodes can only check the intelligent contract state, so that the security of node information and the reliability of identity verification among the privacy node groups are ensured.
The invention uses the safety channel based on the domestic encryption algorithm, and uses the safety channel to communicate, thereby ensuring the safety and reliability of the data.
The invention adopts the identity verification based on the chain trusted execution environment, uses the intelligent contract to access the trusted execution environment, and uses the public key encryption mode when accessing the data, thereby improving the security of information during the data access and preventing the data from being leaked.
The invention adopts the identity verification based on the encryption algorithm, avoids information leakage and unsafe communication, and uses the hash algorithm to hash the identity recognition data so that the lengths of the identity recognition data are the same.
The following is a model of the system operation of the present invention.
The system comprises a cryptography component module, a cryptographic module and a processing module, wherein the cryptography component module is used for providing support for encryption and decryption algorithms and privacy calculation;
the trusted execution environment module is used for ensuring the communication safety and reliability between the blockchain and each privacy node;
and the intelligent contract module is used for storing information of each node and information of the usage rule of the common factors and issuing the information into the blockchain network.
Compared with the related art, when privacy calculation of a privacy node aiming at a certain intelligent contract is adopted, when information is sent between nodes, an efficient identity authentication protocol between the nodes is adopted, and the communication efficiency of increasing the number of privacy nodes in the future is ensured without increasing along with the increase of the number of the nodes; the encryption algorithm and the hash algorithm are used, so that the safety and the autonomy can be ensured; the method can resist possible quantum attack in the future, and traditional identity authentication is difficult to resist quantum attack on the premise of ensuring efficiency due to the asymmetric encryption system.
In another aspect, the present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the blockchain-based privacy node identity verification method described above.
An extension of another aspect of the present invention also provides a computer terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the blockchain-based privacy node identity verification method described above when the computer program is executed.
The processor, when executing the computer program, performs the functions of the modules/units in the above-described device embodiments. The computer program may be divided into one or more modules/units, which are stored in the memory and executed by the processor to accomplish the present invention, for example. The one or more modules/units may be a series of computer program instruction segments capable of performing the specified functions, which instruction segments are used for describing the execution of the computer program in the terminal device.
The computer terminal can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing devices. May include, but is not limited to, a processor, memory. More or fewer components may be included or certain components may be combined, or different components may be included, for example, in input and output devices, network access devices, buses, etc.
The processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may be an internal storage unit, such as a hard disk or a memory. The memory may also be an external storage device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card, etc. Further, the memory may also include both internal storage units and external storage devices. The memory is used for storing the computer program and other programs and data. The memory may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical function division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent structures or equivalent processes or direct or indirect application in other related technical fields are included in the scope of the present invention.

Claims (8)

1. The identity verification method based on the blockchain privacy node is characterized by comprising the following steps of:
constructing an on-chain trusted execution environment on the blockchain, and communicating with each privacy node of the blockchain through the on-chain trusted execution environment; comprising the following steps: the blockchain stores intelligent contracts, wherein the intelligent contracts comprise node information, executable computer-readable codes and common factor use rules; the on-chain trusted execution environment contains the smart contract-related common factors and the type of algorithm to be used;
each privacy node deploys the same intelligent contract, and each privacy node can access the trusted execution environment on the chain through the intelligent contract to obtain the encrypted shared factor hash value; comprising the following steps: each privacy node is deployed and uses an intelligent contract, and the shared factor hash value encrypted by the node public key can be obtained through the trusted execution environment on the intelligent contract access chain; obtaining an encrypted common factor hash value from the chain, decrypting by using a node private key, and transmitting the decrypted hash value to other privacy nodes; the privacy node verifies the received hash value through the intelligent contract address, if the verification is passed, the privacy node acquires the shared factor hash value belonging to the privacy node, and the privacy node verifies the hash value through interaction with the intelligent contract to complete identity verification;
and establishing a secure channel between each privacy node through an encryption algorithm, and mutually verifying the received shared factor hash value, thereby completing the identity verification of both communication parties.
2. The blockchain-based privacy node identity verification method of claim 1, wherein the deploying of each privacy node using one intelligent contract comprises:
firstly, all privacy nodes operate a block chain full node so as to ensure that no third party intercepts data when an intelligent contract is called, thereby ensuring a safe communication environment;
a master node in the privacy node group deploys an intelligent contract, wherein the intelligent contract stores a sharing factor, a hash algorithm and public key information of all privacy nodes;
the privacy node group master node establishes a secure channel with other privacy nodes, and transmits the intelligent contract address through the secure channel.
3. The blockchain-based privacy node identity verification method of claim 2, wherein the privacy node group master node establishing a secure channel with other privacy nodes comprises:
the privacy node A sends the SSH version to the privacy node B, and after the privacy node B receives the message, the SSH version is also sent to the privacy node A;
the private node A and the private node B exchange keys by using a key exchange algorithm; the privacy node A sends the key exchange algorithm, the encryption algorithm and the MAC algorithm to the privacy node B, and the privacy node B also sends the algorithm to the privacy node A, so that the key exchange is completed.
4. A blockchain-based privacy node identity verification method as defined in claim 3, wherein the key exchange algorithm employs an SM9 algorithm, the encryption algorithm employs an SM4 algorithm, and the MAC algorithm employs an HMAC algorithm.
5. The blockchain-based privacy node identity verification method of any of claims 1-4, wherein the smart contract includes a ComFct sharing factor; the getComFct function represents obtaining a shared factor hash value; the verifyComFct function represents verifying the shared factor hash value; the addPubkeyAndComFct function represents adding privacy cluster nodes; the deletePubkeyAndCommFct function represents deleting a public key stored in the smart contract; the changeHashAndComFct function represents a common factor that changes the hash algorithm used in the smart contract and the public key correspondence.
6. An apparatus for applying the blockchain-based privacy node identity verification method of any of claims 1-5, the apparatus comprising:
the cryptography component module is used for providing support for encryption and decryption algorithms and privacy calculation;
the trusted execution environment module is used for ensuring the communication safety and reliability between the blockchain and each privacy node;
and the intelligent contract module is used for storing information of each node and information of the usage rule of the common factors and issuing the information into the blockchain network.
7. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the blockchain-based privacy node identity verification method of any of claims 1 to 5.
8. A computer terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the computer program, performs the steps of the blockchain-based privacy node identity verification method of any of claims 1 to 5.
CN202311826530.7A 2023-12-28 2023-12-28 Block chain-based privacy node identity verification method and device Active CN117478302B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311826530.7A CN117478302B (en) 2023-12-28 2023-12-28 Block chain-based privacy node identity verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311826530.7A CN117478302B (en) 2023-12-28 2023-12-28 Block chain-based privacy node identity verification method and device

Publications (2)

Publication Number Publication Date
CN117478302A true CN117478302A (en) 2024-01-30
CN117478302B CN117478302B (en) 2024-03-01

Family

ID=89640144

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311826530.7A Active CN117478302B (en) 2023-12-28 2023-12-28 Block chain-based privacy node identity verification method and device

Country Status (1)

Country Link
CN (1) CN117478302B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117997654A (en) * 2024-04-03 2024-05-07 湖南天河国云科技有限公司 Data processing method, device and computer equipment in edge computing architecture

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270571A (en) * 2017-12-08 2018-07-10 西安电子科技大学 Internet of Things identity authorization system and its method based on block chain
US20190036711A1 (en) * 2017-07-26 2019-01-31 Alibaba Group Holding Limited Method, apparatus, and electronic device for communication between blockchain nodes, and method, apparatus, and electronic device for blockchain-based certificate management
US20190207912A1 (en) * 2018-01-03 2019-07-04 Syccure Inc. Distributed authentication between network nodes
CN110071807A (en) * 2019-03-22 2019-07-30 湖南天河国云科技有限公司 The point-to-point node authentication method of block chain, system and computer readable storage medium
CN110233823A (en) * 2019-05-06 2019-09-13 深圳壹账通智能科技有限公司 Block chain implementation method, system and storage medium
KR20200004629A (en) * 2018-07-04 2020-01-14 충북대학교 산학협력단 Mutual Authentication using Child Key based on ECC
CN111090888A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Contract verification method and device
US20200328889A1 (en) * 2018-03-29 2020-10-15 NEC Laboratories Europe GmbH Method and system of preserving privacy for usage of lightweight blockchain clients
US20210044574A1 (en) * 2018-02-23 2021-02-11 Hdac Technology Ag Method and system for encrypted communication between devices by using block chain system
KR102263202B1 (en) * 2020-11-18 2021-06-10 주식회사 마크애니 System and method for certifying an IoT device using Decentralized ID
CN115021958A (en) * 2022-04-21 2022-09-06 华中师范大学 Intelligent home identity authentication method and system based on fog calculation and block chain fusion
CN115174277A (en) * 2022-09-07 2022-10-11 浙江省邮电工程建设有限公司 Data communication and file exchange method based on block chain
CN116015669A (en) * 2022-12-02 2023-04-25 杭州电子科技大学 Block chain-based cross-domain collaborative authentication method for Internet of things
CN116132118A (en) * 2022-12-27 2023-05-16 四川清沐科技有限公司 Encryption communication method and system based on block chain technology
CN116684103A (en) * 2023-06-09 2023-09-01 山东省计算中心(国家超级计算济南中心) Cross-domain identity authentication method based on blockchain

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190036711A1 (en) * 2017-07-26 2019-01-31 Alibaba Group Holding Limited Method, apparatus, and electronic device for communication between blockchain nodes, and method, apparatus, and electronic device for blockchain-based certificate management
CN108270571A (en) * 2017-12-08 2018-07-10 西安电子科技大学 Internet of Things identity authorization system and its method based on block chain
US20190207912A1 (en) * 2018-01-03 2019-07-04 Syccure Inc. Distributed authentication between network nodes
US20210044574A1 (en) * 2018-02-23 2021-02-11 Hdac Technology Ag Method and system for encrypted communication between devices by using block chain system
US20200328889A1 (en) * 2018-03-29 2020-10-15 NEC Laboratories Europe GmbH Method and system of preserving privacy for usage of lightweight blockchain clients
KR20200004629A (en) * 2018-07-04 2020-01-14 충북대학교 산학협력단 Mutual Authentication using Child Key based on ECC
CN110071807A (en) * 2019-03-22 2019-07-30 湖南天河国云科技有限公司 The point-to-point node authentication method of block chain, system and computer readable storage medium
CN110233823A (en) * 2019-05-06 2019-09-13 深圳壹账通智能科技有限公司 Block chain implementation method, system and storage medium
CN111090888A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Contract verification method and device
KR102263202B1 (en) * 2020-11-18 2021-06-10 주식회사 마크애니 System and method for certifying an IoT device using Decentralized ID
CN115021958A (en) * 2022-04-21 2022-09-06 华中师范大学 Intelligent home identity authentication method and system based on fog calculation and block chain fusion
CN115174277A (en) * 2022-09-07 2022-10-11 浙江省邮电工程建设有限公司 Data communication and file exchange method based on block chain
CN116015669A (en) * 2022-12-02 2023-04-25 杭州电子科技大学 Block chain-based cross-domain collaborative authentication method for Internet of things
CN116132118A (en) * 2022-12-27 2023-05-16 四川清沐科技有限公司 Encryption communication method and system based on block chain technology
CN116684103A (en) * 2023-06-09 2023-09-01 山东省计算中心(国家超级计算济南中心) Cross-domain identity authentication method based on blockchain

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117997654A (en) * 2024-04-03 2024-05-07 湖南天河国云科技有限公司 Data processing method, device and computer equipment in edge computing architecture
CN117997654B (en) * 2024-04-03 2024-06-07 湖南天河国云科技有限公司 Data processing method, device and computer equipment in edge computing architecture

Also Published As

Publication number Publication date
CN117478302B (en) 2024-03-01

Similar Documents

Publication Publication Date Title
CN112039872B (en) Cross-domain anonymous authentication method and system based on block chain
CN110266482B (en) Asymmetric group key negotiation method based on block chain
CN110011795B (en) Symmetric group key negotiation method based on block chain
CN108886468A (en) System and method for distributing the keying material and certificate of identity-based
AU2018422776B2 (en) Sybil-resistant identity generation
CN112926051A (en) Multi-party security computing method and device
CN117478302B (en) Block chain-based privacy node identity verification method and device
KR20110004870A (en) A method for distributing encryption means
CN113301022A (en) Internet of things equipment identity security authentication method based on block chain and fog calculation
US10630476B1 (en) Obtaining keys from broadcasters in supersingular isogeny-based cryptosystems
CN110336664A (en) Information service entities cross-domain authentication method based on SM2 cryptographic algorithm
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
CN113643134A (en) Internet of things block chain transaction method and system based on multi-key homomorphic encryption
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
Hendaoui et al. UAP: A unified authentication platform for IoT environment
CN113438650B (en) Network equipment authentication method and system based on block chain
Bruckner et al. : End-to-End Hybrid Authenticated Key Exchanges
Long et al. Blockchain-Based Anonymous Authentication and Key Management for Internet of Things With Chebyshev Chaotic Maps
Hena et al. A three-tier authentication scheme for kerberized hadoop environment
WO2021062517A1 (en) Broadcasting in supersingular isogeny-based cryptosystems
CN116961916A (en) Unmanned aerial vehicle private key processing method, unmanned aerial vehicle and unmanned aerial vehicle private key processing system
Songshen et al. Hash-Based Signature for Flexibility Authentication of IoT Devices
Lin et al. Research on authentication and key negotiation based on smart water environment
CN115834038A (en) Encryption method and device based on national commercial cryptographic algorithm
CN112134884B (en) Message serial number updating method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant