CN118018211A - Trusted distributed digital identity authentication method and system - Google Patents

Trusted distributed digital identity authentication method and system Download PDF

Info

Publication number
CN118018211A
CN118018211A CN202410205969.6A CN202410205969A CN118018211A CN 118018211 A CN118018211 A CN 118018211A CN 202410205969 A CN202410205969 A CN 202410205969A CN 118018211 A CN118018211 A CN 118018211A
Authority
CN
China
Prior art keywords
credential
certificate
public
service
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410205969.6A
Other languages
Chinese (zh)
Inventor
黄海辉
潘桢
徐光侠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN202410205969.6A priority Critical patent/CN118018211A/en
Publication of CN118018211A publication Critical patent/CN118018211A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明属于区块链技术领域,具体涉及一种可信分布式数字身份认证方法及系统。本发明利用了中心化预言机获取链下数据,并由凭证中心进行签名确认,生成预凭证,确定了凭证的属性与声明。通过RLWE对凭证生成零知识证明,并由凭证中心记录公开,从而使服务接收方拥有主凭证。通过更新/撤销请求管理凭证,并且通过公开信息能够限制凭证滥用以及锁定凭证盗用者或者攻击者,从而实现有效的数字身份认证,保证了数字身份认证系统的安全性和可靠性。

The present invention belongs to the field of blockchain technology, and specifically relates to a trusted distributed digital identity authentication method and system. The present invention utilizes a centralized oracle to obtain off-chain data, and the credential center performs signature confirmation, generates pre-credentials, and determines the attributes and statements of the credential. Zero-knowledge proofs are generated for the credential through RLWE, and the credential center records and makes it public, so that the service recipient has the master credential. Credentials are managed through update/revocation requests, and credential abuse can be limited and credential thieves or attackers can be locked out through public information, thereby achieving effective digital identity authentication and ensuring the security and reliability of the digital identity authentication system.

Description

一种可信分布式数字身份认证方法及系统A trusted distributed digital identity authentication method and system

技术领域Technical Field

本发明属于区块链技术领域,具体涉及一种可信分布式数字身份认证方法及系统。The present invention belongs to the technical field of blockchain, and in particular relates to a trusted distributed digital identity authentication method and system.

背景技术Background technique

去中心化数字身份(Decentralized Digital Identity,DID)是基于区块链技术建立起来的一种数字身份系统。DID的可验证凭证是当前数字身份管理领域的重要技术。它可以保证身份数据真实可信,同时也能保护身份用户相关的隐私,确保跟个人身份相关的数据归属于个人所有。Decentralized Digital Identity (DID) is a digital identity system based on blockchain technology. DID's verifiable credentials are an important technology in the current field of digital identity management. It can ensure that identity data is authentic and reliable, while also protecting the privacy of identity users and ensuring that data related to personal identity belongs to the individual.

当前去中心化数字身份凭证内容来源一般是用户自身、第三方机构、链上历史数据。可验证凭证的生成、验证、更新与撤销一般采用数字签名、零知识证明或对称加密与非对称加密的技术实现。The current decentralized digital identity credentials are generally sourced from the user himself, third-party institutions, and historical data on the chain. The generation, verification, update, and revocation of verifiable credentials are generally achieved using digital signatures, zero-knowledge proofs, or symmetric and asymmetric encryption technologies.

可验证凭证内容的获取来源于用户自身容易造成信息真实度低,可信任度低,数据造假的问题;来自第三方机构数据容易导致链上与不同第三方机构的交互臃肿,缺乏效率,且面临数据重复与数据难处理问题;凭证内容来源于链上历史数据会导致区块链的负担提高,可拓展性降低,且以上三种获取方式都面临用户隐私泄露,以及用户数据存在滞后性的问题。随着量子计算的发展,对于当前现有可验证凭证管理机制中所用到的数字签名、零知识证明与非对称加密等密码算法都构成威胁,量子计算机能够在理论上破解许多现有的加密算法,而随着技术的发展,原有的密码算法将受到更大的威胁,被破解的可能性会越来越大。The acquisition of verifiable credential content from the user himself is prone to low information authenticity, low trustworthiness, and data falsification; data from third-party institutions can easily lead to bloated interactions with different third-party institutions on the chain, lack of efficiency, and face data duplication and data processing problems; the credential content comes from historical data on the chain, which will increase the burden of the blockchain and reduce scalability. In addition, the above three acquisition methods all face the problem of user privacy leakage and user data lag. With the development of quantum computing, cryptographic algorithms such as digital signatures, zero-knowledge proofs, and asymmetric encryption used in the current existing verifiable credential management mechanism are threatened. Quantum computers can theoretically crack many existing encryption algorithms, and with the development of technology, the original cryptographic algorithms will be under greater threat and the possibility of being cracked will increase.

发明内容Summary of the invention

基于现有技术存在的问题,本发明提供了一种可信分布式数字身份认证方法及系统,用以解决传统数据身份认证系统中的安全性问题。Based on the problems existing in the prior art, the present invention provides a trusted distributed digital identity authentication method and system to solve the security problems in the traditional data identity authentication system.

在本发明的第一方面,本发明提供了一种可信分布式数字身份认证方法,所述方法包括:In a first aspect of the present invention, the present invention provides a trusted distributed digital identity authentication method, the method comprising:

预言机从服务接收方获取链下信息,并将所述链下信息发送给凭证中心;The oracle obtains off-chain information from the service recipient and sends the off-chain information to the credential center;

凭证中心确认链下信息真实性并对所述链下信息签名,根据所述链下信息以及链下信息签名生成预凭证,并将所述预凭证发送给服务接收方;The credential center confirms the authenticity of the off-chain information and signs the off-chain information, generates a pre-credential based on the off-chain information and the off-chain information signature, and sends the pre-credential to the service recipient;

服务接收方根据所述预凭证生成基于环带错误学习的主凭证相关零知识证明所需参数,并将所需参数加密后生成密文发送给凭证中心;The service recipient generates the parameters required for zero-knowledge proof of the master credential based on ring-band error learning according to the pre-credential, encrypts the required parameters and generates a ciphertext to send to the credential center;

凭证中心对所述密文解密,验证签名后计算所需参数,若验证通过,则根据所需参数向服务接收方颁发主凭证,同时将主凭证形成凭证列表,将公开参数形成公开列表保存到数据库中,若验证不通过则丢弃所需参数;The credential center decrypts the ciphertext, verifies the signature and calculates the required parameters. If the verification is successful, a master credential is issued to the service recipient based on the required parameters. At the same time, the master credential is formed into a credential list, and the public parameters are formed into a public list and saved in the database. If the verification fails, the required parameters are discarded.

服务接收方根据颁发的主凭证生成主凭证相关零知识证明,并将所述主凭证相关零知识证明发送给服务提供方;The service recipient generates a zero-knowledge proof related to the master credential based on the issued master credential, and sends the zero-knowledge proof related to the master credential to the service provider;

服务提供方根据接收到的所述主凭证相关零知识证明与数据库中访问得到的参数进行验证,判断是否一致,若一致,则向服务接收方提供服务,若不一致,则拒绝向服务接收方提供服务。The service provider verifies the received zero-knowledge proof of the master credential with the parameters accessed in the database to determine whether they are consistent. If they are consistent, the service provider provides services to the service recipient. If they are inconsistent, the service provider refuses to provide services to the service recipient.

在本发明的第二方面,本发明还提供了一种可信分布式数字身份认证系统,所述系统包括:In a second aspect of the present invention, the present invention further provides a trusted distributed digital identity authentication system, the system comprising:

服务接收方,所述服务接收方具有去中心化身份,用于保存自身的预凭证,并根据所述预凭证生成主凭证的零知识证明相关参数;A service recipient, the service recipient having a decentralized identity, for storing its own pre-credentials and generating zero-knowledge proof-related parameters of the master credential based on the pre-credentials;

预言机,所述预言机用于获取服务接收方的链下信息;An oracle, which is used to obtain off-chain information of the service recipient;

凭证中心,所述凭证中心用于确认链下信息真实性并对所述链下信息签名,根据所述链下信息以及链下信息签名生成预凭证,并将所述预凭证发送给服务接收方,还用于对所述密文解密,验证签名后计算所需参数,若验证通过,则根据所需参数向服务接收方颁发主凭证,同时将主凭证形成凭证列表和公开参数保存到数据库中,若验证不通过则丢弃所需参数;The credential center is used to confirm the authenticity of the off-chain information and sign the off-chain information, generate a pre-credential based on the off-chain information and the off-chain information signature, and send the pre-credential to the service recipient. It is also used to decrypt the ciphertext, calculate the required parameters after verifying the signature, and if the verification is successful, issue a master credential to the service recipient based on the required parameters, and save the master credential into a credential list and public parameters in the database. If the verification fails, the required parameters are discarded;

数据库,所述数据库用于保存凭证列表、公开列表;A database, wherein the database is used to store a credential list and a public list;

服务提供方,所述服务提供方用于验证用户的预凭证与公开信息列表中的对应值是否一致,若一致则提供服务,若不一致则拒绝服务。The service provider verifies whether the user's pre-credentials are consistent with the corresponding values in the public information list, and provides services if they are consistent, and refuses services if they are inconsistent.

本发明的有益效果:Beneficial effects of the present invention:

与传统的凭证数据获取方式相比,本发明技术运用去中心化预言机,通过获取服务接收方的链下信息与凭证中心的签名,保证了凭证来源的真实性、有效性、实时性,提升了区块链与第三方机构信息交互的效率,同时减轻了区块链的负担。在凭证验证、生成、更新、撤销的过程中,采用了基于格基密码的零知识证明,保证了用户的隐私安全的同时,由于采用了格基密码,增强了零知识证明的抗量子性,能够抵抗量子攻击,即使攻击者知道了公钥也无法在多项式时间内成功计算私钥,理论上不能破解成功。同时由于有凭证列表以及公开信息的存在,对于凭证更新后若有攻击者使用旧凭证尝试通过验证,会被标记为可疑攻击者。Compared with the traditional way of obtaining credential data, the technology of the present invention uses a decentralized oracle to obtain the off-chain information of the service recipient and the signature of the credential center, thereby ensuring the authenticity, validity, and real-time nature of the credential source, improving the efficiency of information interaction between the blockchain and third-party institutions, and reducing the burden on the blockchain. In the process of credential verification, generation, update, and revocation, a zero-knowledge proof based on lattice cryptography is adopted to ensure the privacy security of users. At the same time, due to the use of lattice cryptography, the quantum resistance of zero-knowledge proof is enhanced, and it can resist quantum attacks. Even if the attacker knows the public key, he cannot successfully calculate the private key within polynomial time, and theoretically cannot be cracked successfully. At the same time, due to the existence of a credential list and public information, if an attacker uses an old credential to try to pass verification after the credential is updated, he will be marked as a suspicious attacker.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本发明实施例的一种可信分布式数字身份认证系统结构示意图;FIG1 is a schematic diagram of the structure of a trusted distributed digital identity authentication system according to an embodiment of the present invention;

图2是本发明优选实施例的一种可信分布式数字身份认证系统结构示意图;FIG2 is a schematic diagram of the structure of a trusted distributed digital identity authentication system according to a preferred embodiment of the present invention;

图3是本发明实施例的一种可信分布式数字身份认证方法流程示意图;FIG3 is a flow chart of a trusted distributed digital identity authentication method according to an embodiment of the present invention;

图4是本发明优选实施例的一种可信分布式数字身份认证方法流程示意图。FIG4 is a flow chart of a trusted distributed digital identity authentication method according to a preferred embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

图1是本发明实施例的一种可信分布式数字身份认证系统示意图,如图1所示,所述系统包括服务接收方、服务提供方、预言机、凭证中心和数据库;其中:FIG1 is a schematic diagram of a trusted distributed digital identity authentication system according to an embodiment of the present invention. As shown in FIG1 , the system includes a service receiver, a service provider, an oracle, a credential center, and a database; wherein:

所述服务接收方具有链下身份,所述链下身份即为去中心化身份,通过服务接收方链下身份申请获取链下信息;所述预言机用于从服务接收方链下身份中获取服务接收方的链下信息;所述凭证中心用于确认所述链下信息真实性并对所述链下信息签名;根据所述链下信息以及链下信息签名生成预凭证,并将所述预凭证发送给服务接收方;所述服务接收方根据所述预凭证生成基于环带错误学习(RLWE)的主凭证相关零知识证明所需参数,并将所需参数加密后生成密文发送给凭证中心;所述凭证中心根据所述参数向服务接收方颁发主凭证,同时将主凭证形成凭证列表,将公开参数形成公开列表保存到所述数据库中;服务提供方通过验证服务接收方发送的主凭证相关零知识证明与数据库中保存的公开参数是否相等,从而确定出是否向服务接收方提供服务,以实现安全的数字身份认证。The service receiver has an off-chain identity, which is a decentralized identity. The off-chain information is obtained through the off-chain identity of the service receiver. The oracle is used to obtain the off-chain information of the service receiver from the off-chain identity of the service receiver. The credential center is used to confirm the authenticity of the off-chain information and sign the off-chain information. A pre-credential is generated based on the off-chain information and the off-chain information signature, and the pre-credential is sent to the service receiver. The service receiver generates the required parameters for the zero-knowledge proof of the master credential based on loop-band error learning (RLWE) according to the pre-credential, encrypts the required parameters and generates a ciphertext to send to the credential center. The credential center issues the master credential to the service receiver based on the parameters, and at the same time forms a credential list with the master credential and saves the public parameters in the public list in the database. The service provider determines whether to provide services to the service receiver by verifying whether the zero-knowledge proof of the master credential sent by the service receiver is equal to the public parameters stored in the database, so as to achieve secure digital identity authentication.

图2是本发明优选实施例的一种可信分布式数字身份认证系统示意图,如图2所示,所述系统仍包括服务接收方、服务提供方、预言机、凭证中心和数据库;其中:FIG2 is a schematic diagram of a trusted distributed digital identity authentication system according to a preferred embodiment of the present invention. As shown in FIG2 , the system still includes a service receiver, a service provider, an oracle, a credential center and a database; wherein:

所述服务接收方具有链下身份,所述链下身份即为去中心化身份,通过服务接收方链下身份申请获取链下信息;所述预言机用于从服务接收方链下身份中获取服务接收方的链下信息;所述凭证中心用于确认所述链下信息真实性并对所述链下信息签名;根据所述链下信息以及链下信息签名生成预凭证,并将所述预凭证发送给服务接收方;所述服务接收方根据所述预凭证生成基于环带错误学习(RLWE)的主凭证相关零知识证明所需参数,并将所需参数加密后生成密文发送给凭证中心,与上述实施例不同的是,这里的基于环带错误学习(RLWE)的主凭证相关零知识证明所需参数是可以用于更新/撤销的所需参数;所述凭证中心根据所述参数向服务接收方颁发主凭证,同时更新凭证列表,将公开列表更新保存到所述数据库中;服务提供方通过验证服务接收方发送的主凭证相关零知识证明与数据库中保存的公开参数是否相等,从而确定出是否向服务接收方提供服务,以实现安全的数字身份认证。The service receiver has an off-chain identity, which is a decentralized identity. The off-chain information is obtained through the off-chain identity of the service receiver; the oracle is used to obtain the off-chain information of the service receiver from the off-chain identity of the service receiver; the credential center is used to confirm the authenticity of the off-chain information and sign the off-chain information; a pre-credential is generated according to the off-chain information and the off-chain information signature, and the pre-credential is sent to the service receiver; the service receiver generates the required parameters for the zero-knowledge proof of the master credential based on loop error learning (RLWE) according to the pre-credential, and encrypts the required parameters to generate a ciphertext and sends it to the credential center. Different from the above embodiment, the required parameters for the zero-knowledge proof of the master credential based on loop error learning (RLWE) here are the required parameters that can be used for update/revocation; the credential center issues the master credential to the service receiver according to the parameters, and updates the credential list at the same time, and saves the public list update to the database; the service provider verifies whether the zero-knowledge proof of the master credential sent by the service receiver is equal to the public parameters stored in the database, thereby determining whether to provide services to the service receiver to achieve secure digital identity authentication.

图3是本发明实施例的一种可信分布式数字身份认证方法流程图,如图3所示,所述方法包括:FIG3 is a flow chart of a trusted distributed digital identity authentication method according to an embodiment of the present invention. As shown in FIG3 , the method includes:

101、预言机从服务接收方获取链下信息,并将所述链下信息发送给凭证中心;101. The oracle obtains off-chain information from the service recipient and sends the off-chain information to the credential center;

在本发明实施例中,服务接收方通过DID标识符表明自身的身份,预言机就可以从服务接收方获取相应的链下信息,包括凭证属性名A,凭证声明值V,信息提供方Pd等。In an embodiment of the present invention, the service recipient indicates its identity through the DID identifier, and the oracle can obtain the corresponding off-chain information from the service recipient, including the credential attribute name A, the credential claim value V, the information provider Pd, etc.

在本发明实施例中,所述预言机为去中心化预言机,所述去中心化预言机可以从指定的链下数据源也即服务接收方链下身份处获取数据,验证获取到的链下数据,对经过验证共识的数据进行后续的上链等操作。这些数据可以是一些敏感的数据,例如银行的金融数据,企业的税收数据,政府的身份数据等等。In the embodiment of the present invention, the oracle is a decentralized oracle, which can obtain data from a designated off-chain data source, i.e., the off-chain identity of the service receiver, verify the obtained off-chain data, and perform subsequent operations such as uploading the data after the verified consensus. These data can be some sensitive data, such as financial data of banks, tax data of enterprises, identity data of governments, etc.

102、凭证中心确认链下信息真实性并对所述链下信息签名,根据所述链下信息以及链下信息签名生成预凭证,并将所述预凭证发送给服务接收方;102. The credential center confirms the authenticity of the off-chain information and signs the off-chain information, generates a pre-credential based on the off-chain information and the off-chain information signature, and sends the pre-credential to the service recipient;

在本发明实施例中,凭证中心对链下信息进行签名,将链下信息本身以及链下信息签名构成预凭证,所述预凭证表示为PC={DIDs,A,V,Pd,σ},DIDs为服务接收方s的去中心化身份,所述去中心化身份是一种新类型的标识符,具有全局唯一性、高可靠性可解析性和加密可验证性,A为凭证属性名,V为凭证声明值,Pd为服务提供方,可以用于区分不同的服务提供方,σ为链下信息签名。In an embodiment of the present invention, the credential center signs the off-chain information, and the off-chain information itself and the off-chain information signature constitute a pre-credential, and the pre-credential is expressed as PC = {DIDs, A, V, Pd, σ}, DIDs is the decentralized identity of the service recipient s, and the decentralized identity is a new type of identifier with global uniqueness, high reliability resolvability and cryptographic verifiability. A is the credential attribute name, V is the credential claim value, Pd is the service provider, which can be used to distinguish different service providers, and σ is the off-chain information signature.

103、服务接收方根据所述预凭证生成基于环带错误学习的主凭证相关零知识证明所需参数,并将所需参数加密后生成密文发送给凭证中心;103. The service recipient generates the required parameters for zero-knowledge proof of the master credential based on ring-band error learning according to the pre-credential, encrypts the required parameters and generates a ciphertext to send to the credential center;

在本发明实施例中,所述服务接收方根据所述预凭证生成基于环带错误学习的主凭证相关零知识证明所需参数,并将所需参数加密后生成密文发送给凭证中心包括:In an embodiment of the present invention, the service recipient generates the required parameters for zero-knowledge proof of the master credential based on ring-band error learning according to the pre-credential, and encrypts the required parameters to generate ciphertext and sends it to the credential center, including:

服务接收方根据模数q,多项式的度数n,符合离散高斯分布的噪声参数α,生成随机矩阵错误分布e=χαThe service receiver generates a random matrix based on the modulus q, the degree n of the polynomial, and the noise parameter α that conforms to the discrete Gaussian distribution. Error distribution e = χ α ;

其中,模数q可以是大于8的素数。The modulus q may be a prime number greater than 8.

根据随机矩阵M和知识公钥Pk,生成知识私钥Sk=M×Pk+2e;According to the random matrix M and the knowledge public key P k , the knowledge private key S k =M×P k +2e is generated;

其中,所述知识公钥是零知识证明所涉及到的公钥,本发明对此不做具体的限定。The knowledge public key is the public key involved in the zero-knowledge proof, and the present invention does not make any specific limitation on this.

根据随机矩阵M和服务接收方私钥Su,生成服务接收方公钥Pu=M×Su+2e;Generate the service receiver public key P u =M×S u +2e according to the random matrix M and the service receiver private key S u ;

根据随机矩阵M和凭证中心私钥Sc,生成凭证中心公钥Pc=M×Sc+2e;Generate the certificate center public key P c =M×S c +2e according to the random matrix M and the certificate center private key S c ;

根据服务接收方私钥Su、知识私钥Sk和凭证中心公钥Pc,生成验证特征值 Generate the verification feature value based on the service receiver's private key Su , the knowledge private key Sk and the certificate center's public key Pc

其中,上标T表示转置,char为指示函数,表示为:Among them, the superscript T represents transposition, and char is the indicator function, which is expressed as:

其中,E1表示第一范围,E2表示第二范围,分别表示为:Among them, E1 represents the first range, E2 represents the second range, and they are respectively expressed as:

本实施例中,通过判断的值是否在第一范围或者第二范围内,就能够确定出相应的验证特征值ω。In this embodiment, by judging Whether the value of is within the first range or the second range, the corresponding verification feature value ω can be determined.

通过哈希函数H1与模二运算Mod2生成知识被验证值以及用于更新/撤销特征值的指示值/> Generate the knowledge verification value through hash function H1 and modulo 2 operation Mod 2 And the indicator value used to update/revoke the characteristic value/>

其中,H1表示哈希函数,Mod2表示模2运算,可以写为:Among them, H 1 represents the hash function, Mod 2 represents the modulo 2 operation, which can be written as:

根据链下信息签名与上述参数,生成密文C=EMC(Pu,Pk,K,ω,ν,σ);Generate the ciphertext C=E MC (P u ,P k ,K,ω,ν,σ) according to the off-chain information signature and the above parameters;

其中,EMC为加密函数。Among them, E MC is the encryption function.

104、凭证中心对所述密文解密,验证签名后计算所需参数,若验证通过,则根据所需参数向服务接收方颁发主凭证,同时将主凭证形成凭证列表,将公开参数形成公开列表保存到数据库中,若验证不通过则丢弃所需参数;104. The credential center decrypts the ciphertext, verifies the signature and calculates the required parameters. If the verification is successful, the primary credential is issued to the service recipient according to the required parameters, and the primary credential is formed into a credential list, and the public parameters are formed into a public list and saved in a database. If the verification fails, the required parameters are discarded.

在本发明实施例中,凭证中心对所述密文解密,验证签名的过程包括若知识验证值W与知识被验证值K相等,则计算凭证公开验证值J=H2(W)、请求与撤销请求验证值并向服务接收方颁发主凭证,同时将主凭证MC=(DIDs,Pu,Pk,Ι,W)形成凭证列表,将公开参数PVu=(Pu,J,DIDs)形成公开列表,保存到数据库中;若知识验证值W与知识被验证值K不等,则丢弃知识验证值;In the embodiment of the present invention, the credential center decrypts the ciphertext and verifies the signature, including if the knowledge verification value W is equal to the knowledge verified value K, then calculating the credential public verification value J = H 2 (W), the request and revocation request verification value The main certificate is issued to the service recipient, and the main certificate MC = (DIDs, Pu , Pk , Ι, W) is formed into a certificate list, and the public parameter PVu = ( Pu , J, DIDs) is formed into a public list and saved in the database; if the knowledge verification value W is not equal to the knowledge verified value K, the knowledge verification value is discarded;

其中,Pk为知识公钥,Sc为凭证中心私钥,ν为用于更新/撤销特征值的指示值,Pu为服务接收方公钥,DIDs为服务接收方s的去中心化身份,H2为哈希函数,Mod2为模二运算。Among them, Pk is the knowledge public key, Sc is the credential center private key, ν is the indication value used to update/revoke the characteristic value, Pu is the service receiver public key, DIDs is the decentralized identity of the service receiver s, H2 is the hash function, and Mod 2 is the modulo 2 operation.

在本发明实施例中,凭证中心在收到密文后,首先对所述密文进行解密,验证签名σ,计算相应参数知识验证值和知识被验证值通过验证知识验证值和知识被验证值是否相等来判断是否计算凭证公开验证值J和请求与撤销请求验证值Ι。In the embodiment of the present invention, after receiving the ciphertext, the certificate center first decrypts the ciphertext, verifies the signature σ, and calculates the corresponding parameter knowledge verification value and knowledge is verified value Whether to calculate the credential disclosure verification value J and the request and revocation request verification value Ι is determined by verifying whether the knowledge verification value and the knowledge verified value are equal.

可以理解的是,哈希函数H1和哈希函数H2可以是相同类型的哈希函数,也可以是不同类型的哈希函数,在本实施例中,哈希函数H1和哈希函数H2是不同类型的哈希函数,哈希函数H1可以是SHA256,哈希函数H2可以是RIPEMD160。It can be understood that hash function H1 and hash function H2 can be the same type of hash function or different types of hash functions. In this embodiment, hash function H1 and hash function H2 are different types of hash functions. H1 can be SHA256, and hash function H2 can be RIPEMD160.

105、服务接收方根据颁发的主凭证生成主凭证相关零知识证明,并将所述主凭证相关零知识证明发送给服务提供方;105. The service recipient generates a zero-knowledge proof related to the master credential based on the issued master credential, and sends the zero-knowledge proof related to the master credential to the service provider;

在本发明实施例中,服务接收方会根据凭证中心颁发的主凭证生成主凭证相关零知识证明,表示为ProofMC=(Pu,H2(K))。In the embodiment of the present invention, the service recipient generates a zero-knowledge proof related to the master credential based on the master credential issued by the credential center, which is expressed as Proof MC =(P u ,H 2 (K)).

其中,Pu表示服务接收方公钥,K表示知识被验证值。Wherein, Pu represents the public key of the service recipient, and K represents the knowledge verified value.

106、服务提供方根据接收到的所述主凭证相关零知识证明与数据库中访问得到的参数进行验证,判断是否一致,若一致,则向服务接收方提供服务,若不一致,则拒绝向服务接收方提供服务。106. The service provider verifies the received zero-knowledge proof of the master credential with the parameters accessed in the database to determine whether they are consistent. If they are consistent, the service provider provides services to the service recipient. If they are inconsistent, the service provider refuses to provide services to the service recipient.

在本发明实施例中,服务提供方根据接收到的所述主凭证相关零知识证明与数据库中访问得到的参数进行验证包括服务提供者获取数据接收方中主凭证相关零知识证明ProofMC=(Pu,H2(K)),基于公开参数PVu,验证H2(K)是否等于J,若相等则凭证通过,不相等则不通过。In the embodiment of the present invention, the service provider performs verification based on the received zero-knowledge proof related to the master credential and the parameters accessed from the database, including the service provider obtaining the zero-knowledge proof Proof MC = ( Pu , H2 (K)) related to the master credential from the data recipient, and based on the public parameter PVu , verifying whether H2 (K) is equal to J. If they are equal, the credential passes, otherwise it fails.

其中,K表示知识被验证值,Pu为服务接收方公钥,J表示凭证公开验证值。Among them, K represents the knowledge verified value, Pu is the public key of the service receiver, and J represents the credential public verification value.

图4是本发明优选实施例的一种可信分布式数字身份认证方法流程图,如图4所示,所述方法包括:FIG4 is a flow chart of a trusted distributed digital identity authentication method according to a preferred embodiment of the present invention. As shown in FIG4 , the method includes:

201、预言机从服务接收方获取链下信息,并将所述链下信息发送给凭证中心;201. The oracle obtains off-chain information from the service recipient and sends the off-chain information to the credential center;

202、凭证中心确认链下信息真实性并对所述链下信息签名,根据所述链下信息以及链下信息签名生成预凭证,并将所述预凭证发送给服务接收方;202. The credential center confirms the authenticity of the off-chain information and signs the off-chain information, generates a pre-credential based on the off-chain information and the off-chain information signature, and sends the pre-credential to the service recipient;

203、服务接收方根据所述预凭证生成基于环带错误学习的主凭证相关零知识证明所需参数,并将所需参数加密后生成密文发送给凭证中心;203. The service recipient generates the required parameters for zero-knowledge proof of the master credential based on ring-band error learning according to the pre-credential, encrypts the required parameters and generates a ciphertext to send to the credential center;

204、凭证中心对所述密文解密,验证签名后计算所需参数,若验证通过,则根据所需参数向服务接收方颁发主凭证,同时将主凭证形成凭证列表,将公开参数形成公开列表保存到数据库中,若验证不通过则丢弃所需参数;204. The credential center decrypts the ciphertext, verifies the signature and calculates the required parameters. If the verification is successful, the primary credential is issued to the service recipient according to the required parameters, and the primary credential is formed into a credential list, and the public parameters are formed into a public list and saved in a database. If the verification fails, the required parameters are discarded.

205、服务接收方根据颁发的主凭证生成主凭证相关零知识证明,并将所述主凭证相关零知识证明发送给服务提供方;205. The service recipient generates a zero-knowledge proof related to the master credential based on the issued master credential, and sends the zero-knowledge proof related to the master credential to the service provider;

206、服务提供方根据接收到的所述主凭证相关零知识证明与数据库中访问得到的参数进行验证,判断是否一致,若一致,则向服务接收方提供服务,若不一致,则拒绝向服务接收方提供服务。206. The service provider verifies the received zero-knowledge proof of the master credential with the parameters accessed in the database to determine whether they are consistent. If they are consistent, the service provider provides services to the service recipient. If they are inconsistent, the service provider refuses to provide services to the service recipient.

207、服务接收方发送凭证更新/撤销请求与请求参数的密文,凭证中心收到密文后解密,计算参数是否与保存的相关参数相同,决定是否更新/撤销,若更新/撤销,则更新凭证列表以及更改相应的公开参数。207. The service receiver sends a ciphertext of the credential update/revoke request and the request parameters. After receiving the ciphertext, the credential center decrypts it, calculates whether the parameters are the same as the saved related parameters, and decides whether to update/revoke. If updated/revoke, the credential list is updated and the corresponding public parameters are changed.

在本发明实施例中,服务接收方向凭证中心发送更新/撤销请求,生成新的知识公钥Pk′,知识私钥Sk′=M×Pk′+2e;In the embodiment of the present invention, the service receiving party sends an update/revocation request to the credential center to generate a new knowledge public key P k ′, knowledge private key S k ′=M×P k ′+2e;

计算更新请求的被验证值 Calculates the verified value for the update request

计算新的用于更新/撤销特征值的指示值 Calculate new indicator value for updating/revoking characteristic value

若是更新凭证请求,生成新的验证特征值 If it is a request to update the credentials, generate a new verification feature value

通过哈希函数与模二运算生成的知识被验证值生成密文Cu=EMC(Pu,Pk′,ω′,I′,ν′);The knowledge verification value generated by the hash function and modulo 2 operation Generate ciphertext Cu = EMC ( Pu , Pk ', ω', I', ν');

凭证中心收到更新请求与密文后解密,通过验证I′=I是否成立决定是否更新:After receiving the update request and the ciphertext, the certificate center decrypts it and decides whether to update by verifying whether I′=I:

若相等,则不需要更新,若不相等,则需要更新;If they are equal, no update is needed; if they are not equal, an update is needed;

若更新,则计算新的参数知识验证值新的凭证公开验证值J1=H2(W′),则将凭证列表中原有(DIDs,Pu,Pk,Ι,W),更新为(DIDs,Pu,Pk′,I1,W′),并更新公开参数PVu=(Pu,J,J1,DIDs);其中,J表示凭证公开验证值,这里的J可以被认为是个人信息中的曾用名,后续过程中可以用于查找凭证在更新前所采用过的操作。If updated, calculate New parameter knowledge verification value The new credential public verification value J 1 =H 2 (W′), then the original (DIDs, Pu , P k , Ι, W) in the credential list is updated to (DIDs, Pu , P k ′, I 1 , W′), and the public parameter PV u =(P u , J, J 1 , DIDs); where J represents the credential public verification value, where J can be considered as a former name in personal information, and can be used in subsequent processes to find the operations used by the credential before the update.

若是撤销请求用户发送密文Cu=EMC(Pu,Pk′,I′);If it is a revocation request, the user sends the ciphertext Cu = EMC ( Pu , Pk ', I');

凭证中心收到更新请求与密文后解密,通过验证I′=I是否成立决定是否撤销,若通过验证,则删除凭证列表中原有(DIDs,Pu,Pk,Ι,W),并且更新公开参数PVu=(Pu,NULL,DIDs),NULL表示凭证公开验证值为空值。After receiving the update request and ciphertext, the credential center decrypts it and decides whether to revoke it by verifying whether I′=I holds. If the verification is successful, the original (DIDs, Pu , Pk , Ι, W) in the credential list is deleted and the public parameter PVu =( Pu , NULL, DIDs) is updated. NULL indicates that the credential public verification value is null.

本发明利用了中心化预言机获取链下数据,并由凭证中心进行签名确认,生成预凭证,确定了凭证的属性与声明。通过RLWE对凭证生成零知识证明,并由凭证中心记录公开,从而使用户拥有主凭证。通过更新/撤销请求管理凭证,并且通过公开信息能够限制凭证滥用以及锁定凭证盗用者或者攻击者,从而实现有效的数字身份认证,保证了数字身份认证系统的安全性和可靠性。The present invention uses a centralized oracle to obtain off-chain data, and the credential center performs signature confirmation, generates pre-credentials, and determines the attributes and statements of the credential. Zero-knowledge proofs are generated for the credential through RLWE, and the credential center records and makes it public, so that users have master credentials. Credentials are managed through update/revoke requests, and credential abuse can be limited and credential thieves or attackers can be locked out through public information, thereby achieving effective digital identity authentication and ensuring the security and reliability of the digital identity authentication system.

本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:ROM、RAM、磁盘或光盘等。A person skilled in the art may understand that all or part of the steps in the various methods of the above embodiments may be completed by instructing the relevant hardware through a program, and the program may be stored in a computer-readable storage medium, which may include: ROM, RAM, disk or CD, etc.

尽管已经示出和描述了本发明的实施例,对于本领域的普通技术人员而言,可以理解在不脱离本发明的原理和精神的情况下可以对这些实施例进行多种变化、修改、替换和变型,本发明的范围由所附权利要求及其等同物限定。Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and variations may be made to the embodiments without departing from the principles and spirit of the present invention, and that the scope of the present invention is defined by the appended claims and their equivalents.

Claims (9)

1. A method of trusted distributed digital identity authentication, the method comprising:
the prophetic machine obtains the information under the chain from the service receiver, and send the information under the chain to the credential center;
The certificate center confirms the authenticity of the information under the chain, signs the information under the chain, generates a pre-certificate according to the information under the chain and the information under the chain, and sends the pre-certificate to a service receiver;
the service receiver generates a main certificate related zero knowledge proof required parameter based on ring belt error learning according to the pre-certificate, encrypts the required parameter, generates a ciphertext and sends the ciphertext to a certificate center;
The credential center decrypts the ciphertext, calculates required parameters after verifying the signature, issues a master credential to a service receiver according to the required parameters if the verification is passed, forms a credential list from the master credential, stores a public list formed by the public parameters in a database, and discards the required parameters if the verification is not passed;
The service receiver generates a master certificate related zero knowledge proof according to the issued master certificate, and sends the master certificate related zero knowledge proof to the service provider;
And the service provider verifies the received related zero knowledge proof of the master certificate and the parameters accessed in the database to judge whether the data are consistent, if so, the service provider provides the service for the service receiver, and if not, the service provider refuses to provide the service for the service receiver.
2. The method of claim 1, wherein the pre-credential is represented as pc= { DIDs, a, V, pd, σ }, DIDs being the de-centralized identity of the service receiver s, a being the credential attribute name, V being the credential declaration value, pd being the service provider, σ being the out-of-chain information signature.
3. The method of claim 1, wherein the service receiver generates parameters required by the zero knowledge proof of the main certificate based on the ring belt error learning according to the pre-certificate, encrypts the parameters required to generate ciphertext and sends the ciphertext to the certificate center, and the method comprises the service receiver generating a random matrix according to a modulus q, a degree n of a polynomial, a noise parameter alpha conforming to the discrete Gaussian distribution, and the likeError distribution e=χ α; generating a knowledge private key S k=M×Pk +2e according to the random matrix M and the knowledge public key P k; generating a service receiver public key P u=M×Su +2e according to the random matrix M and the service receiver private key S u; generating a credential center public key P c=M×Sc +2e according to the random matrix M and the credential center private key S c; generating verification feature values according to the service receiver private key S u, the knowledge private key S k and the certificate center public key P c Knowledge verified value is generated through Hash function H 1 and modulo two operation Mod 2 Indication value/>, for updating/revoking feature valuesAnd generating a ciphertext C=E MC(Pu,Pk,K,ω,ν,σ),EMC as an encryption function and char as an indication function according to the information signature under the chain and the parameters.
4. The method of claim 1, wherein the step of verifying the signature by decrypting the ciphertext by the credential center includes calculating a credential disclosure verification value j=h 2 (W) and a request and revocation request verification value if the knowledge verification value W is equal to the knowledge verified value KIssuing a master certificate to a service receiver, forming a certificate list by the master certificate MC= (DIDs, P u,Pk, I, W), forming a public list by public parameters PV u=(Pu, J, DIDs, and storing the public list into a database; if the knowledge verification value W is not equal to the knowledge verified value K, discarding the knowledge verification value; wherein, P k is a public key of knowledge, S c is a private key of a credential center, v is an indication value for updating/revoking a feature value, P u is a public key of a service receiver, DIDs is a decentralised identity of the service receiver S, H 2 is a hash function, and Mod 2 is a modulo two operation.
5. The method of claim 1, wherein the service provider verifying the received primary credential related zero knowledge Proof against the parameters accessed in the database comprises the service provider obtaining the primary credential related zero knowledge Proof of MC=(Pu,H2 (K) in the data receiver, verifying whether H 2 (K) is equal to J based on the public parameter PV u, if equal, the credentials pass, and if unequal, the credentials do not pass, wherein H 2 is a hash function, K represents a knowledge verified value, P u is a service receiver public key, and J represents a credential public verification value.
6. The method of claim 1, further comprising the steps of sending a ciphertext of the credential update/revocation request and the request parameter by the service receiver, decrypting the ciphertext after the credential center receives the ciphertext, calculating whether the parameter is the same as the stored related parameter, determining whether to update/revoke, and if so, updating the credential list and changing the corresponding public parameter.
7. The method of claim 6, wherein the service receiver sends an update/revocation request to the credential center, generates a new public knowledge key P k ', a private knowledge key S k′=M×Pk' +2e, and calculates the verified value of the update requestCalculating new indication value for updating/revoking feature valueIf the certificate request is updated, a new verification feature value/> isgeneratedKnowledge verified value/>, generated by a hash function and a modulo two operationGenerating ciphertext C u=EMC(Pu,Pk ', omega ', I ', v '), decrypting after the credential center receives the update request and the ciphertext, determining whether to update by verifying whether I ' =I is true, and if so, calculating/>New parameter knowledge verification valueA new certificate public verification value J 1=H2 (W '), the original (DIDs, P u,Pk, I, W) in the certificate list is updated to be (DIDs, P u,Pk′,I1, W'), and the public parameters PV u=(Pu,J,J1, DIDs are updated; if the revocation request user sends ciphertext C u=EMC(Pu,Pk ', I '), the credential center decrypts after receiving the update request and the ciphertext, determines whether to revoke by verifying whether I ' =i is true, if so, deletes the original (DIDs, P u,Pk, I, W) in the credential list, and updates the public parameters PV u=(Pu, NULL, DIDs.
8. A trusted distributed digital identity authentication system, the system comprising:
The service receiver is provided with a decentralization identity and is used for storing a pre-credential of the service receiver and generating zero knowledge proof related parameters of a main credential according to the pre-credential;
The pre-prediction machine is used for acquiring the information under the chain of the service receiver;
The certificate center is used for confirming the authenticity of the information under the chain and signing the information under the chain, generating a pre-certificate according to the information under the chain and the signature of the information under the chain, sending the pre-certificate to a service receiver, decrypting the ciphertext, calculating required parameters after verifying the signature, issuing a main certificate to the service receiver according to the required parameters if the verification is passed, and simultaneously storing a certificate list and public parameters formed by the main certificate into a database, and discarding the required parameters if the verification is not passed;
The database is used for storing a certificate list and a public list;
And the service provider is used for verifying whether the pre-credentials of the user are consistent with the corresponding values in the public information list, if so, providing the service, and if not, rejecting the service.
9. The system of claim 8, wherein the service receiver is further configured to send a ciphertext of the credential update/revocation request and the request parameter, decrypt the ciphertext after the credential center receives the ciphertext, calculate whether the parameter is the same as the stored related parameter, determine whether to update/revoke, and update the credential list and change the corresponding public parameter if so.
CN202410205969.6A 2024-02-26 2024-02-26 Trusted distributed digital identity authentication method and system Pending CN118018211A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410205969.6A CN118018211A (en) 2024-02-26 2024-02-26 Trusted distributed digital identity authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410205969.6A CN118018211A (en) 2024-02-26 2024-02-26 Trusted distributed digital identity authentication method and system

Publications (1)

Publication Number Publication Date
CN118018211A true CN118018211A (en) 2024-05-10

Family

ID=90950081

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410205969.6A Pending CN118018211A (en) 2024-02-26 2024-02-26 Trusted distributed digital identity authentication method and system

Country Status (1)

Country Link
CN (1) CN118018211A (en)

Similar Documents

Publication Publication Date Title
CN113014392B (en) Block chain-based digital certificate management method, system, equipment and storage medium
CN108810895B (en) Wireless Mesh network identity authentication method based on block chain
CN107196966B (en) Identity authentication method and system based on block chain multi-party trust
CN107911216B (en) A method and system for privacy protection of blockchain transactions
CN109257184B (en) Linkable Ring Signature Method Based on Anonymous Broadcast Encryption
CN108768608B (en) Privacy protection identity authentication method supporting thin client under block chain PKI
CN113162768B (en) A blockchain-based smart IoT device authentication method and system
WO2021042685A1 (en) Transaction method, device, and system employing blockchain
CN111814191B (en) Block chain private data protection method, device and system
Jiang et al. Anonymous and efficient authentication scheme for privacy-preserving distributed learning
CN111797427A (en) A blockchain user identity supervision method and system that takes into account privacy protection
CN108712259B (en) An efficient audit method for cloud storage based on identity-based proxy upload data
CN109525583B (en) A false credential detection method and system for a service system that provides identity management by a third party
JP2002534701A (en) Auto-recoverable, auto-encryptable cryptosystem using escrowed signature-only keys
CN115883102B (en) Cross-domain identity authentication method, system and electronic device based on identity credibility
WO2008020991A2 (en) Notarized federated identity management
CN114938280A (en) Authentication method and system based on non-interactive zero-knowledge proof and intelligent contract
CN113051540B (en) Application program interface safety grading treatment method
CN116432204B (en) Supervision transaction privacy protection method based on homomorphic encryption and zero knowledge proof
CN115913513B (en) Distributed trusted data transaction method, system and device supporting privacy protection
CN114422106B (en) Security authentication method and system for Internet of things system under multi-server environment
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
CN117978546B (en) A certificateless dynamic shared data auditing method based on trusted execution environment
CN118869177A (en) Digital identity management method, system, electronic device and computer-readable storage medium based on blockchain
CN109981289A (en) Batch authentication method of elliptic curve digital signature algorithm under implicit certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination