CN110661816A - Cross-domain authentication method based on block chain and electronic equipment - Google Patents

Abstract

Embodiments of the present invention provide a blockchain-based cross-domain authentication method and electronic device, which are implemented based on a given cross-domain authentication system, where the given cross-domain authentication system includes a master certification authority, a secondary certification authority, a client, and a verifier, The method includes: the master certification authority generates public parameters, the master key and the master public key, and based on the master key, generates and distributes the slave key of the slave certification authority to the slave certification authority; the slave certification authority issues a certificate according to the slave key To the client, if the client verifies that it is valid, it will accept it; from the certification body, the certificate promises and sends it to the client, and the client accepts it if it verifies that it is valid; from the certification body, it signs the promise and broadcasts it to the blockchain system, and others from If the certification authority verifies that the signature is valid, it will be stored; the client will send the commitment and verification information to the verifier, and the verifier will accept the user's identity information if the verification commitment is valid. The embodiment of the present invention can realize efficient cross-domain authentication and can strictly supervise the secondary authentication agency.

Description

A blockchain-based cross-domain authentication method and electronic device

technical field

The invention relates to the technical field of information security, and more particularly, to a blockchain-based cross-domain authentication method and electronic device.

Background technique

The Internet is an open system, and its openness leads to many security holes, threats and privacy issues. Various resources in the network are easily accessed illegally by attackers and cause economic losses. Therefore, it is very important for information service providers to authenticate the identity of network resource visitors.

Identity authentication is a process of determining the validity of the identity of an information service entity, which is a basic line of defense for network security. Due to the increasing number of information service resources and types of information services, users need to log in to different information service systems to complete different tasks. These information service systems consist of several different trust domains, each of which has one or more independent certification authorities. Current application requirements require that certificates issued by users in different trust domains can be authenticated in other trust domains, that is, cross-domain authentication.

Public Key Infrastructure (PKI) is a general security infrastructure that provides secure information services based on public key cryptography. In PKI-based cross-domain authentication, a trusted third party, that is, a certification authority, generates, issues, manages, and archives certificates. In addition, trusted third parties also need to provide security services for the above-mentioned certificate-related work, such as providing authentication, authorization, encryption, decryption, and signature for network applications. However, the authentication process will generate a large number of digital certificates, and the cost of certificate management is huge.

In the identity-based cross-domain authentication technology, a string with characteristic information is usually used to represent the user, and it is used as the user's public key. The authentication of the user through the identity string does not require a digital certificate, thus avoiding the need for a digital certificate. Huge certificate management. However, the user's public key needs the signature of the certification authority, and the certification process requires the participation of the certification authority. Therefore, certification requires certification bodies, users, and information service providers to be online at the same time to complete the task.

With the development and popularization of 5G mobile wireless networks, wireless Internet has developed rapidly, and the vast majority of Internet users are mobile users. In the current 5G mobile Internet application scenario, the network is divided into multiple slices. When the user moves quickly between slices, the user is required to switch quickly between different trust domains in order to obtain information on the Internet system through the wireless network. Serve.

However, due to the above-mentioned limitations of the traditional identity authentication technology, it obviously cannot meet the efficiency requirements in this new scenario, and the security and fairness of the authentication process cannot be guaranteed. Therefore, how to design a more secure and fast cross-domain authentication technology is a key issue that needs to be studied urgently.

SUMMARY OF THE INVENTION

In order to overcome the above problems or at least partially solve the above problems, embodiments of the present invention provide a blockchain-based cross-domain authentication method and electronic device, so as to effectively improve the processing efficiency and security of cross-domain authentication for users.

In a first aspect, an embodiment of the present invention provides a blockchain-based cross-domain authentication method. The blockchain-based cross-domain authentication method is implemented based on a given cross-domain authentication system, and the given cross-domain authentication system includes: The primary certification authority, the secondary certification authority, the client, and the verifier, the blockchain-based cross-domain authentication method includes:

Using the master certification authority, select security parameters to sequentially generate public parameters and the master public key and master key of the master certification authority, and generate the slave key of the slave certification authority based on the master key, and distribute it to all from the certification body;

Using the secondary certification authority, generate the secondary public key of the secondary certification authority according to the secondary key, and issue a certificate to the client based on the secondary public key, so that the client can verify the certificate is valid, and accepts the said certificate when it is verified to be valid;

Utilize the secondary certification authority to make a commitment to the certificate, and send the certificate commitment and verification information generated by the commitment to the client, so that the client can verify whether the certificate commitment is valid, and when the verification is valid , accept the certificate commitment and the verification information;

Use the secondary certification authority to sign the certificate commitment, and broadcast the generated commitment signature to the blockchain system for other secondary certification agencies to verify whether the commitment signature is valid, and when the verification is valid, the The commitment signature is stored in the blockchain system;

Using the client, send the certificate, the certificate promise and the verification information to the verifier, so that the verifier can verify whether the certificate promise is valid, and when the verification is valid, accept the The identity information of the user corresponding to the client;

Using the master certification authority, the identity information of the slave certification authority is tracked, and the master certification authority and the slave certification authority are respectively used to extract the certificate from the certificate commitment to realize cross-domain authentication.

Optionally, the master certification authority is used to select security parameters to generate public parameters and the master public key and master key of the master certification authority, and the slave certification authority's slave certification authority is generated based on the master key. The step of distributing the key to the secondary certification authority specifically includes: using the primary certification authority to sequentially complete the following processing flow:

Select the security parameter 1 ^λ , and based on the security parameter 1 ^λ , use the system parameter generation algorithm SysGen to generate the public parameter Param;

Based on the public parameter Param, the key generation algorithm KGen is used to generate the master public key gmpk and the master key gmsk of the master certification authority, and based on the master key gmsk, the key generation algorithm KGen is used to generate the slave certification authority's master public key gmpk and master key gmsk. from key gsk;

The step of generating the secondary public key of the secondary certification authority according to the secondary key by using the secondary certification authority specifically includes: using the secondary certification authority, based on the secondary key gsk of the secondary certification authority, using The key generation algorithm KGen generates the secondary public key gpk of the secondary certification authority.

Optionally, the step of issuing a certificate to the client based on the generated certificate from the public key, so that the client can verify whether the certificate is valid, and accepting the certificate when the verification is valid specifically includes:

Using the secondary certification authority, the group signature algorithm _GSig is used to generate The certificate Cert is issued to the client;

Utilize described client terminal, according to master public key gmpk, user's identity information ID _j and certificate Cert, adopt verification algorithm GVer, verify whether certificate Cert is valid;

If the output of the verification algorithm GVer is Valid, the certificate Cert is determined to be valid and the certificate Cert is accepted; if the output of the verification algorithm GVer is Invalid, the certificate Cert is determined to be invalid and the certificate Cert is rejected.

Optionally, the use of the secondary certification authority makes a commitment to the certificate, and sends the certificate commitment and verification information generated by the commitment to the client, so that the client can verify whether the certificate commitment is valid, and when the verification is valid, the steps of accepting the certificate commitment and the verification information specifically include:

Using the secondary certification authority, according to the primary public key gmpk of the primary certification authority, the public key gpk of the secondary certification authority and the certificate Cert, the commitment algorithm TECom is used to generate the certificate commitment and verification information (ψ, π), and the The certificate commitment and verification information (ψ, π) are sent to the client;

Using the user terminal, according to the main public key gmpk of the main certification authority, the certificate Cert, the certificate commitment and the verification information (ψ, π), the verification algorithm TEVer is used to verify whether the certificate commitment ψ is valid;

If the output of the verification algorithm TEVer is Valid, the certificate commitment ψ is determined to be valid and the certificate commitment and verification information (ψ, π) are accepted. If the output of the verification algorithm TEVer is Invalid, the certificate commitment ψ is determined to be invalid and the certificate commitment and verification information are rejected. (ψ, π).

Optionally, the certificate commitment is signed by using the secondary certification authority, and the commitment signature generated by the signature is broadcast to the blockchain system, so that other secondary certification agencies can verify whether the commitment signature is valid. , and when the verification is valid, the steps of storing the commitment signature in the blockchain system specifically include:

Using the secondary certification authority, according to the secondary key gsk of the secondary certification authority, the master public key gmpk of the primary certification authority, and the certificate commitment ψ, the group signature algorithm GSig is used to generate the commitment signature σ and broadcast it to the blockchain in the system;

Utilize the other secondary certification authority, according to the master public key gmpk, certificate commitment ψ and commitment signature σ of the primary certification authority, adopt the verification algorithm GVer to verify whether the commitment signature σ is valid;

If the output of the verification algorithm GVer is Valid, the commitment signature σ is determined to be valid and the commitment signature σ is stored in the blockchain system; if the output of the verification algorithm GVer is Invalid, the commitment signature σ is determined to be invalid and the commitment signature σ is rejected.

Optionally, the user terminal is used to send the certificate, the certificate commitment and the verification information to the verifier, so that the verifier can verify whether the certificate commitment is valid, and then send the certificate to the verifier. When the verification is valid, the step of accepting the identity information of the user corresponding to the user terminal specifically includes:

Using the user terminal, send the certificate Cert and the certificate commitment and verification information (ψ, π) to the verifier;

Using the verifier, according to the main public key gmpk of the main certification authority, the certificate Cert, and the certificate commitment and verification information (ψ, π), the verification algorithm TEVer is used to verify whether the certificate commitment ψ is valid;

If the output of the verification algorithm TEVer is Valid, it is determined that the certificate promise ψ is valid and the identity information of the user corresponding to the user terminal is accepted; if the output of the verification algorithm TEVer is Invalid, the certificate promise ψ is determined to be invalid and the corresponding user terminal is rejected. user's identity information.

Optionally, the step of using the master certification authority to track the identity information of the secondary certification authority specifically includes: using the master certification authority, according to the master certification authority's master key gmsk and commitment signature σ , using the tracing algorithm Trace to trace the secondary key gsk of the secondary certification authority, and identify the identity information of the secondary certification authority based on the secondary key gsk.

Optionally, the step of using the primary certification authority and the secondary certification authority to extract the certificate from the certificate commitment to realize cross-domain authentication specifically includes:

Using the main certification authority, according to the master key gmsk of the main certification authority and the certificate commitment ψ, the extraction algorithm Extract is used to extract the certificate Cert;

Using the secondary certification authority, according to the secondary key gsk and the certificate commitment ψ of the secondary certification authority, the extraction algorithm Extract is used to extract the certificate Cert.

In a second aspect, an embodiment of the present invention provides a blockchain-based cross-domain authentication system, including a primary authentication authority, a secondary authentication authority, a client, and a verifier, wherein:

The primary certification authority is used to select security parameters, and sequentially generate public parameters and the primary public key and primary key of the primary certification authority based on the security parameters, and generate the secondary certification based on the primary key The agency's secondary key is distributed to the secondary certification authority, and the identity information of the secondary certification authority is tracked, and the certificate is extracted from the certificate commitment to realize cross-domain authentication;

The secondary certification authority is used to generate a secondary public key of the secondary certification authority according to the secondary key, and issue a certificate to the client based on the secondary public key, and make a commitment to the certificate, Send the certificate commitment and verification information generated by the commitment to the client, and sign the certificate commitment, and broadcast the commitment signature generated by the signature to the blockchain system for other verification agencies from the certification authority. Whether the commitment signature is valid, and when the verification is valid, the commitment signature is stored in the blockchain system, and the certificate is extracted from the certificate commitment to achieve cross-domain authentication;

The user terminal is used to verify whether the certificate is valid, and accept the certificate when the verification is valid, and verify whether the certificate promise is valid, and when the verification is valid, accept the certificate promise and the verification information, and, sending the certificate, the certificate commitment and the verification information to the verification party;

The verifier is used to verify whether the certificate promise is valid, and when the verification is valid, accept the identity information of the user corresponding to the client.

In a third aspect, an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor. When the processor executes the computer program, The steps of implementing the blockchain-based cross-domain authentication method described in the first aspect above.

In a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium on which computer instructions are stored, and when the computer instructions are executed by a computer, the blockchain-based cross-border transaction described in the first aspect above is realized. The steps of the domain authentication method.

The blockchain-based cross-domain authentication method and electronic device provided by the embodiments of the present invention make cross-domain authentication independent of main authentication by utilizing the certificate issuance, certificate commitment and commitment signature of the cross-domain authentication process from a certification authority. The user only needs to verify the certificate issued by the certification authority, the commitment to the certificate and the signature of the commitment, so that the verifier can quickly verify the user's identity information, which can effectively improve the processing efficiency of cross-domain authentication. . At the same time, by broadcasting the commitment signature to the blockchain system, it is possible to implement strict supervision of the certification body and ensure the security and fairness of the certification process.

Description of drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

1 is a schematic structural diagram of a cross-domain authentication system provided by an embodiment of the present invention;

2 is a schematic flowchart of a blockchain-based cross-domain authentication method provided by an embodiment of the present invention;

3 is a schematic flowchart of a blockchain-based cross-domain authentication method provided by another embodiment of the present invention;

4 is a schematic diagram of a basic cryptography tool in a blockchain-based cross-domain authentication method provided according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a physical structure of an electronic device according to an embodiment of the present invention.

Detailed ways

In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments in the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative work fall within the protection scope of the embodiments of the present invention.

Aiming at the problems of low efficiency and lack of supervision in cross-domain authentication in the prior art, the embodiments of the present invention utilize the certificate issuance, certificate commitment and commitment signature of the cross-domain authentication process from the certification authority, so that the cross-domain authentication does not depend on the main certification authority. , and the user only needs to verify the certificate issued by the certification authority, the commitment to the certificate and the signature to the commitment, so that the verifier can quickly verify the user's identity information, which can effectively improve the processing efficiency of cross-domain authentication. At the same time, by broadcasting the commitment signature to the blockchain system, it is possible to implement strict supervision of the certification body and ensure the security and fairness of the certification process. The following will specifically describe and introduce the embodiments of the present invention through a plurality of embodiments.

As an aspect of the embodiments of the present invention, the embodiments of the present invention provide a blockchain-based cross-domain authentication method, which can be implemented based on a cross-domain authentication system, as shown in FIG. 1 , which is the cross-domain authentication provided by the embodiments of the present invention. A schematic diagram of the structure of the system, the cross-domain authentication system includes a master certification authority, a secondary certification authority, a client and a verifier. As shown in FIG. 2, it is a schematic flowchart of a blockchain-based cross-domain authentication method provided by an embodiment of the present invention, and the method includes:

S201 , using the master certification authority, select security parameters to sequentially generate public parameters and the master public key and master key of the master certification authority, and generate the slave key of the slave certification authority based on the master key, and distribute to the slave certification authority.

It can be understood that, in the embodiment of the present invention, the cross-domain authentication of the user is finally realized by controlling each execution unit in the cross-domain authentication system to perform corresponding operations according to a certain execution order. In this execution sequence, a corresponding initialization operation is first performed using the primary certification authority. Specifically, the primary certification authority is used to select security parameters first, and then based on these, the public parameters, the primary public key and the primary key of the primary certification authority are sequentially generated. After that, the master certification authority generates the slave key of the slave certification authority according to the master key of the master certification authority, and distributes the slave key to the slave certification authority.

S202 , use the secondary certification authority to generate the secondary public key of the secondary certification authority according to the secondary key, and generate a certificate based on the secondary public key and issue the certificate to the client, so that the client can verify whether the certificate is valid, and accept the certificate when the verification is valid.

It can be understood that, after monitoring that the slave certification authority receives the slave key of the slave certification authority sent by the master certification authority, the slave certification authority is used to generate the slave public key of the slave certification authority according to the slave key of the slave certification authority. After that, generate a certificate from the certificate authority and send the certificate to the client. After receiving the certificate, the client verifies whether the certificate is valid, and if it is valid, the client accepts the certificate to start the next authentication process. Optionally, if it is verified that the certificate is invalid, the client rejects the certificate, and the current authentication fails.

S203, the certificate commitment and verification information generated by the commitment are sent to the client by using the secondary certification authority, so that the client can verify whether the certificate commitment is valid, and when the verification is valid, accept the certificate commitment and verification information.

It can be understood that, after monitoring that the client accepts the certificate, the certificate authority is used to promise the certificate, and the certificate promise and verification information generated by the promise are sent to the client. After receiving the certificate commitment and verification information, the client verifies whether the certificate commitment is valid. If valid, the client accepts the certificate commitment and verification information to start the next authentication process. Optionally, if verifying that the certificate promise is invalid, the client rejects the certificate promise and the verification information, and the current authentication fails.

S204, use the secondary certification authority to sign the certificate commitment, and broadcast the commitment signature generated by the signature to the blockchain system, so that other secondary certification agencies can verify whether the commitment signature is valid, and when the verification is valid, store the commitment signature into the blockchain system.

It can be understood that, after monitoring that the client has accepted the certificate commitment and verification information, the commitment certificate is signed by the certification authority, and the commitment signature generated by the signature is broadcast to the blockchain system. Other secondary certification agencies read the commitment signature from the blockchain system and verify whether the commitment signature is valid. If valid, other secondary certification agencies store the commitment signature in the blockchain system. Optionally, if it is verified that the commitment signature is invalid, other secondary certification authorities reject the commitment signature, and the current certification fails.

S205, using the client to send the certificate, the certificate commitment and the verification information to the verifier, so that the verifier can verify whether the certificate commitment is valid, and when the verification is valid, accept the identity information of the user corresponding to the client.

It can be understood that after monitoring that other certification agencies store the commitment signature in the blockchain system, the client sends the above certificate, certificate commitment and verification information to the verifier. After receiving the certificate, the certificate commitment and the verification information, the verifier verifies whether the certificate commitment is valid. If valid, the verifier accepts the identity information of the user corresponding to the client to start the next authentication process. Optionally, if the verifier verifies that the certificate promise is invalid, the certificate promise is rejected, and the current authentication fails.

S206, using the primary certification body to track the identity information of the secondary certification body, and using the primary certification body and the secondary certification body respectively to extract the certificate from the certificate commitment to realize cross-domain authentication.

It can be understood that at the end of the embodiment of the present invention, after monitoring that the verifier has accepted the identity information corresponding to the client, the primary certification authority is used to track the identity information of the secondary certification authority, and the primary certification authority and the tracked secondary certification authority are used to track the identity information of the secondary certification authority. The certificate is extracted from the certificate commitment to realize cross-domain authentication.

The blockchain-based cross-domain authentication method provided by the embodiment of the present invention realizes the certificate issuance, certificate commitment and commitment signature of the cross-domain authentication process from the certification authority, so that the cross-domain authentication does not depend on the main certification authority, and the user only It is necessary to verify the certificate issued by the certification authority, the commitment to the certificate, and the signature of the commitment, so that the verifier can quickly verify the user's identity information, which can effectively improve the processing efficiency of cross-domain authentication. At the same time, by broadcasting the commitment signature to the blockchain system, it is possible to implement strict supervision of the certification body and ensure the security and fairness of the certification process.

Wherein, according to the above-mentioned embodiments, optionally, the master certification authority is used to select security parameters to generate public parameters, the master public key and master key of the master certification authority, and the slave key of the slave certification authority is generated based on the master key, and distributed The steps for the secondary certification body specifically include: using the primary certification body to complete the following processing procedures in sequence:

Select the security parameter 1 ^λ , and based on the security parameter 1 ^λ , use the system parameter generation algorithm SysGen to generate the public parameter Param;

Based on the public parameter Param, the key generation algorithm KGen is used to generate the master public key gmpk and the master key gmsk of the master certification authority, and based on the master key gmsk, the key generation algorithm KGen is used to generate the slave key gsk of the slave certification authority .

The step of using the secondary certification authority to generate the secondary public key of the secondary certification authority according to the secondary key specifically includes: using the secondary certification authority, based on the secondary key gsk of the secondary certification authority, and using the key generation algorithm KGen to generate the secondary public key of the secondary certification authority. public key gpk.

It can be understood that, since the PPCA solution of the embodiment of the present invention needs to realize cross-domain authentication of certificates and to realize the tracking of certification authorities, a group signature algorithm is introduced to achieve this goal. Group signature means that the group members sign the message, and the verifier can perform effective verification, and the group administrator can also track the identity of the signer. Let (G ₁ , G ₁ ) be a pair of symmetric bilinear groups, ζ be an isomorphic map from group G ₁ to group G ₁ , hash function H ₀ : {0, 1} ^* →Z _p . The SDH complexity assumption holds on the bilinear group (G ₁ , G ₁ ), the decision linearity assumption holds on the group G ₁ , and e is a symmetric bilinear map on (G ₁ , G ₁ ).

随机选择ξ₁，

令u，v∈G₁且满足

随机选择

令

For the system parameter generation algorithm SysGen of the embodiment of the present invention, the system security parameter is λ, and the number of group members is n. The group administrator randomly selects the generator g ₂ in the group G ₁ , let g ₁ ←ζ(g ₂ ). Randomly choose generators in group _G1

Randomly choose ξ ₁ ,

Let u, v∈G ₁ and satisfy

random selection

make

且令

则群管理员的群公钥(即主公钥)和群私钥(即主密钥)分别为gmpk＝(g₁，g₂，h，u，v，ω)，gmsk＝(ξ₁，ξ₂)，群成员的私钥(即从密钥)为gsk_i＝(A_i，x_i)。For the key generation algorithm KGen of the embodiment of the present invention, the group administrator uses γ to generate the SDH two-tuple (A _i , x _i ) of each member, and randomly selects

and make

Then the group public key (ie master public key) and group private key (ie master key) of the group administrator are respectively gmpk=(g ₁ , g ₂ , h, u, v, ω), gmsk=(ξ ₁ , ξ ₂ ), the private key (ie the slave key) of the group members is gski = (A _i , x _{i )} .

Specifically, in the embodiment of the present invention, the primary authentication authority is used to realize the initialization processing of authentication data. The main certification authority selects the system security parameter λ, and uses the BDH parameter generator g to generate a bilinear group pair (G ₁ , G ₁ ), and ζ is the isomorphic mapping from the group G ₁ to the group G ₁ . The SDH complexity assumption holds on the bilinear group (G ₁ , G ₁ ), and the decision linearity assumption holds on the group G ₁ . The number of group members is n, and e is a bilinear map on the symmetric bilinear group (G ₁ , G ₁ ). H ₀ , H ₁ , H ₂ , H ₃ are four hash functions, H ₀ : {0, 1} ⁿ → Z _p , H ₁ : G ₁ → {0, 1} ⁿ , H ₂ : {0, 1} ⁿ → {0, 1} ⁿ ,

随机选择

令u，v∈G₁且满足

随机选择

令则主认证机构的主公钥和主私钥分别为gmpk＝(g₁，g₂，h，u，v，ω)，gmsk＝(ξ₁，ξ₂)。The master certification authority randomly selects the generator g ₂ in the group G ₁ , let g ₁ ←ζ(g ₂ ). Randomly choose generators in group _G1

random selection

Let u, v∈G ₁ and satisfy

random selection

make Then the master public key and master private key of the master certification authority are respectively gmpk=(g ₁ , g ₂ , h, u, v, ω), gmsk=(ξ ₁ , ξ ₂ ).

且令通过安全的信道将二元组(A_i，x_i)发送给从认证机构i。从认证机构以x_i为输入，计算

因此，任意从认证机构i，1≤i≤n的从公钥和私钥分别为gsk_i＝(A_i，x_i)，

1≤i≤n。The master certification authority uses γ to generate each slave certification authority's private key, the slave key, randomly selected

and make The two-tuple (A _i , _xi ) is sent to the secondary certificate authority i over a secure channel. From the certification body with _xi as input, calculate

Therefore, any slave public key and private key of the certification authority i, 1≤i≤n are gsk _i =(A _i , x _i ), respectively,

1≤i≤n.

Wherein, optionally according to the above-mentioned embodiments, the steps of generating a certificate based on the public key and issuing it to the client, so that the client can verify whether the certificate is valid, and accepting the certificate when the verification is valid include:

Using the secondary certification authority, based on the secondary key gsk of the secondary certification authority, the master public key gmpk of the primary certification authority, and the identity information ID _j of the user corresponding to the client, the group signature algorithm GSig is used to generate a certificate Cert and issue it to the client;

Using the user terminal, according to the master public key gmpk, the user's identity information ID _j and the certificate Cert, the verification algorithm GVer is used to verify whether the certificate Cert is valid;

If the output of the verification algorithm GVer is Valid, the certificate Cert is determined to be valid and the certificate Cert is accepted; if the output of the verification algorithm GVer is Invalid, the certificate Cert is determined to be invalid and the certificate Cert is rejected.

It can be understood that, for the group signature algorithm GSig in the embodiment of the present invention, given a group public key gmpk=(g ₁ , g ₂ , h, u, v, ω), the private key of the group member i gsk _i = ( A _i , x _i ) and message M∈{0,1} ^* , group member i is calculated as follows:

First, a random number α, β∈Z _p is selected, and based on this, the following calculations are performed: T ₁ ←u ^α , T ₂ ←v ^β , T ₃ ←A _i ·h ^α+β , δ ₁ ←x _i ·α, δ ₂ ←x _i ·β;

并基于此进行如下计算：

Second, choose random numbers r _α , r _β , r _x ,

And based on this, the following calculations are performed:

Again, using a hash function, the challenge value c is calculated as follows: c←H ₀ (M, T ₁ , T ₂ , T ₃ , R ₁ , R ₂ , R ₃ , R ₄ , R ₅ )∈Z _p ;

和挑战值c，进行如下计算：

Then, using random numbers r _α , r _β ,

and the challenge value c, calculated as follows:

Finally, the output signature is σ, where

For the verification algorithm GVer in the embodiment of the present invention, given a group public key gmpk=(g ₁ , g ₂ , h, u, v, ω), message M and group signature σ, the following verification process is performed:

First, calculate

是否成立。如果等式成立，则接受签名，否则拒绝。Second, the detection equation

is established. If the equation holds, the signature is accepted, otherwise it is rejected.

Specifically, the embodiment of the present invention first utilizes a certificate issued from a certification authority. The secondary certification authority i has its private key gsk _i = (A _i , x _i ), the primary certification authority public key gmpk = (g ₁ , g ₂ , h, u, v, ω) and the identity information ID _j provided by the user as Input, do the following calculation:

First, random numbers α, β∈Z _p are selected, and T ₁ , T ₂ , T ₃ , δ ₁ , δ ₂ are calculated as follows: T ₁ ←u ^α , T ₂ ←v ^β , T ₃ ←A _i · h ^α+β , δ ₁ ←x _i ·α, δ ₂ ←x _i ·β;

并分别计算R₁，R₂，R₃，R₄，R₅如下：

Second, choose random numbers r _α , r _β ,

And calculate R ₁ , R ₂ , R ₃ , R ₄ , R ₅ respectively as follows:

Again, according to the identity information ID _j provided by the user, use the hash function to calculate the challenge value c: c←H ₀ (ID _j , T ₁ , T ₂ , T ₃ , R ₁ , R ₂ , R ₃ , R ₄ , R ₅ ) ∈ Z _p ;

和挑战值c，计算s_α，s_β，

Then, use random numbers

and the challenge value c, calculate s _α , s _β ,

Finally, the output public key certificate is

Afterwards, the embodiment of the present invention uses the client to verify the certificate. The client whose user information is ID _j uses the public key gmpk=(g ₁ , g ₂ , h, u, v, ω) of the main certification authority, its identity information ID _j and certificate Cert _{i, j} as input, and performs the following verification process:

First, calculate the parameters separately as follows

是否成立。如果等式成立，则接受该合法证书，否则拒绝并重新申请。Second, the detection equation

is established. If the equation holds, accept the valid certificate, otherwise reject and reapply.

Wherein, according to the above-mentioned embodiments, optionally, the certificate commitment is made by the secondary certification authority, and the certificate commitment and verification information generated by the commitment are sent to the client, so that the client can verify whether the certificate commitment is valid, and when the verification is valid , the steps to accept the certificate commitment and verify the information include:

Using the secondary certification authority, according to the master public key gmpk of the primary certification authority, the public key gpk of the secondary certification authority and the certificate Cert, the commitment algorithm TECom is used to generate the certificate commitment and verification information (ψ, π), and the certificate commitment and verification information ( ψ, π) are sent to the client;

Using the user terminal, according to the main public key gmpk of the main certification authority, the certificate Cert, the certificate commitment and the verification information (ψ, π), the verification algorithm TEVer is used to verify whether the certificate commitment ψ is valid;

If the output of the verification algorithm TEVer is Valid, the certificate commitment ψ is determined to be valid and the certificate commitment and verification information (ψ, π) are accepted. If the output of the verification algorithm TEVer is Invalid, the certificate commitment ψ is determined to be invalid and the certificate commitment and verification information are rejected. (ψ, π).

It can be understood that the commitment algorithm TECom is expressed as, with message M∈{0, 1} ⁿ , random number r∈Z ^* , random number ρ∈{0, 1} ⁿ and public key pk ₁ , pk ₂ as input, Do the following calculations:

Then the algorithm output commitment is ψ=(C ₁ , C ₂ , C ₃ , C ₄ , C ₅ ), and the verification information is π=(r, ρ).

The verification algorithm TEVer is expressed as, with message M, public key pk ₁ , pk ₂ , commitment and verification information (ψ, π′) as inputs, the following calculation is performed:

Let ψ'=(C ₁ ', C ₂ ', C ₃ ', C ₄ ', C ₅ '), and verify that ψ=ψ' holds. If true, the output is valid, otherwise the output is invalid.

从认证机构i的公钥

以及证书Cert_i，j，计算C₁，C₂，C₃，C₄，C₅：

并由此得到证书承诺和验证信息：ψ_i，j＝(C₁，C₂，C₃，C₄，C₅)，π_i，j＝(r，ρ)。之后从认证机构i通过安全信道把证书承诺和验证信息(ψ_i，j，π_i，j)发送给用户信息为ID_j的用户端。Specifically, in the embodiment of the present invention, the certificate commitment and verification information are obtained first by using the certificate commitment from the certification authority. During the certificate commitment process, the random number r∈Z ^* , the random number ρ∈{0,1} ⁿ , and the local public key of the primary authentication authority are selected from the certification authority i.

public key from certificate authority i

and certificates Cert _i,j , compute C ₁ , C ₂ , C ₃ , C ₄ , C ₅ :

And thus obtain the certificate commitment and verification information: ψ _i,j =(C ₁ , C ₂ , C ₃ , C ₄ , C ₅ ), π _i,j =(r, ρ). Afterwards, the certificate commitment and verification information (ψ _i,j , π _i,j ) are sent from the certification authority i to the client whose user information is ID _j through the secure channel.

Afterwards, the embodiment of the present invention uses the client to verify the certificate commitment. During the commitment verification process, the client whose user information is ID _j opens a commitment to the verifier, and the verifier uses the local public key of the main certification authority. public key from certificate authority i Certificate commitment and verification information (ψ _{i, j} , π' _{i, j} ), ψ _{i, j} = (C ₁ , C ₂ , C ₃ , C ₄ , C ₅ ), π' _{i, j} = (r', ρ′) is the input, and the calculation is as follows:

Let ψ' _i,j = (C ₁ ', C ₂ ', C ₃ ', C ₄ ', C ₅ '), and verify that ψ _i,j =ψ' _i,j holds. If so, the verifier promised by the certificate accepts the certificate, otherwise rejects the certificate.

Wherein, according to the above-mentioned embodiments, optionally, the certificate commitment is signed by the secondary certification authority, and the commitment signature generated by the signature is broadcast to the blockchain system, so that other secondary certification agencies can verify whether the commitment signature is valid, and When the verification is valid, the steps of storing the commitment signature in the blockchain system include:

Using the slave certification authority, according to the slave key gsk of the slave certification authority, the master public key gmpk of the master certification authority and the certificate commitment ψ, the group signature algorithm GSig is used to generate the commitment signature σ and broadcast it to the blockchain system;

Using other secondary certification agencies, according to the master certification agency's master public key gmpk, certificate commitment ψ and commitment signature σ, use the verification algorithm GVer to verify whether the commitment signature σ is valid;

If the output of the verification algorithm GVer is Valid, the commitment signature σ is determined to be valid and the commitment signature σ is stored in the blockchain system; if the output of the verification algorithm GVer is Invalid, the commitment signature σ is determined to be invalid and the commitment signature σ is rejected.

Specifically, in the embodiment of the present invention, any secondary certification authority is used to sign the certificate commitment, and the commitment signature is obtained. In the commitment signature process, the secondary certification authority i takes its private key gsk _i , the primary certification authority's public key gmpk and the certificate commitment ψ _{i, j} as input, and calculates as follows:

并按如下方式计算

First, choose a random number

and calculated as follows

并计算

如下：

Second, choose a random number

and calculate

as follows:

Again, based on the certificate commitment ψ _i,j , the challenge value is calculated using a hash function

和挑战值

计算

Then, use random numbers

and challenge value

calculate

从认证机构i把该承诺签名对(ψ_i，j，σ_i，j)提交到区块链系统以进行存储。Finally, output the commitment signature σ _i,j , where

The commitment signature pair (ψ _i,j ,σ _i,j ) is submitted from the certificate authority i to the blockchain system for storage.

Afterwards, the embodiment of the present invention uses other secondary certification authorities in the blockchain system to verify the commitment signature. In the signature verification process, the miners in the blockchain system (that is, other secondary certification authorities) take the public key gmpk of the primary certification authority and the commitment signature pair (ψ _{i, j} , σ _{i, j} ) as input, and make the commitment signature as input. Verify as follows:

First, calculate the parameters separately as follows

是否成立。如果等式成立，则区块链系统中的矿工(即其它从认证机构)接受该承诺的签名并存储到区块链系统中，否则拒绝并删除。Second, the detection equation

is established. If the equation is true, the miners in the blockchain system (i.e. other from the certification authority) accept the signature of the commitment and store it in the blockchain system, otherwise reject and delete it.

Wherein, according to the above-mentioned embodiments, optionally, the user terminal is used to send the certificate, the certificate commitment and the verification information to the verifier, so that the verifier can verify whether the certificate commitment is valid, and when the verification is valid, accept the user corresponding to the user terminal. The steps of identifying information specifically include:

Using the client, send the certificate Cert and the certificate commitment and verification information (ψ, π) to the verifier;

Using the verifier, according to the main public key gmpk of the main certification authority, the certificate Cert, and the certificate commitment and verification information (ψ, π), the verification algorithm TEVer is used to verify whether the certificate commitment ψ is valid;

If the output of the verification algorithm TEVer is Valid, it is determined that the certificate promise ψ is valid and the identity information of the user corresponding to the user terminal is accepted; if the output of the verification algorithm TEVer is Invalid, the certificate promise ψ is determined to be invalid and the identity of the user corresponding to the user terminal is rejected. information.

从认证机构i公钥

以及证书承诺和验证信息(ψ_i，j，π′_i，j)，ψ_i，j＝(C₁，C₂，C₃，C₄，C₅)，π′_i，j＝(r′，ρ′)为输入，作如下计算：Specifically, the embodiment of the present invention realizes the authentication of the user identity by using the verifier to verify the certificate commitment provided by the user terminal. In the process of identity authentication, user ID _j opens a promise to the verifier, then the verifier uses the local public key of the main certification authority

public key from certificate authority i

and certificate commitment and verification information (ψ _{i, j} , π′ _{i, j} ), ψ _{i, j} = (C ₁ , C ₂ , C ₃ , C ₄ , C ₅ ), π′ _{i, j} = (r′ , ρ′) is the input, and the following calculation is made:

Let ψ' _i,j = (C ₁ ', C ₂ ', C ₃ ', C ₄ ', C ₅ '), and verify whether ψ _i,j =ψ' _i,j holds, and if so. The verifier that verifies the promise accepts the certificate, otherwise rejects the certificate.

Wherein, according to the above embodiments, optionally, the step of using the master certification authority to track the identity information of the slave certification authority specifically includes: using the master certification authority, according to the master certification authority's master key gmsk and the commitment signature σ, using a tracking algorithm Trace, trace the secondary key gsk from the certification authority, and identify the identity information of the secondary certification authority based on the secondary key gsk.

因此，主认证机构拥有所有从认证机构的部分私钥{A₁，...，A_n}，则可根据A_i恢复出从认证机构对应的身份。Specifically, the embodiment of the present invention uses the primary certification authority to track the identity information of the secondary certification authority by tracking the signature of the secondary certification authority. In the commitment signature tracking process, the master certification authority takes the master key gmsk=(ξ ₁ , ξ ₂ ) and the commitment signature σ _{i, j} as inputs, and calculates the secondary key of the slave certification authority, that is, the private key:

Therefore, if the master certification authority has _partial private keys _{ A ₁ , .

和消息M。首先使用验证算法验证该签名是否有效。如果无效，则拒绝，否则进行如下计算：如果群管理员拥有群成员的部分私钥{A₁，...，A_n}，则群管理员能够通过群签名恢复出群成员的身份A_i。Among them, for traceability Trace, given the group public key gmpk=(g ₁ , g ₂ , h, u, v, ω), the private key of the group administrator gmsk=(ξ ₁ , ξ ₂ ), the signature

and message M. First verify that the signature is valid using a verification algorithm. If invalid, reject, otherwise do the following calculation: If the group administrator has some private keys {A ₁ , . . . , A _n } of the group members, the group administrator can recover the identity A _i of the group members through the group signature.

Wherein, according to the above-mentioned embodiments, optionally, the step of extracting the certificate from the certificate commitment by using the primary certification authority and the secondary certification authority to realize the cross-domain authentication specifically includes: using the primary certification authority, according to the master key of the primary certification authority gmsk and certificate commitment ψ, use the extraction algorithm Extract to extract the certificate Cert; using the slave certification authority, according to the slave key gsk and certificate commitment ψ from the certificate authority, use the extraction algorithm Extract to extract the certificate Cert.

并在此基础上，检测等式

是否成立。如果等式成立，则输出用户公钥证书Cert_i，j，否则拒绝。Specifically, the embodiment of the present invention uses the primary certification authority and the secondary certification authority to extract the certificate in the cross-domain authentication. In the process of commitment extraction, the master certification authority takes the local master key ξ ₁ and the certificate commitment ψ _i,j = (C ₁ , C ₂ , C ₃ , C ₄ , C ₅ ) as input, calculates

And on this basis, the detection equation

is established. If the equation holds, output the user's public key certificate Cert _i,j , otherwise reject it.

和证书承诺为输入，计算

在此基础上，检测等式

是否成立。如果等式成立，则输出用户的公钥证书Cert_i，j，否则拒绝。In addition, the certificate authority _i can also extract the user's public key certificate from the certificate commitment.

and the certificate promises as input, computing

On this basis, the detection equation

is established. If the equation holds, output the user's public key certificate Cert _i,j , otherwise reject it.

To further illustrate the technical solutions of the embodiments of the present invention, the embodiments of the present invention provide the following specific processing procedures based on the above embodiments, but do not limit the protection scope of the embodiments of the present invention.

As shown in FIG. 3, it is a schematic flowchart of a blockchain-based cross-domain authentication method provided by another embodiment of the present invention, and the method includes the following processing flow:

First, initialize the data.

In the initialization process, the main certification authority takes the security parameter λ as input, and outputs the public parameter Param of the system: Param←SysGen(1 ^λ ).

In the key generation process, the master certification authority takes the public parameter Param as input, and outputs the master key and public key (gmpk, gmsk): (gmpk, gmsk)←KGen(Param).

The master certification authority takes the system public parameter Param and the master key gmsk as input, and outputs the slave key gsk _i of the slave certification authority: gsk _i ←KGen(Param, gmsk), 1≤i≤n, and passes the slave key through Secure channel transmission to slave certification authority.

Each slave certification authority takes the system public parameter Param and the slave key gsk _i as input, and outputs the corresponding slave public key gpk _i : gpk _i ←KGen(Param, gsk _i ), 1≤i≤n.

Second, perform certificate generation and verification.

并发送给用户ID_j的用户端。In the certificate generation process, the secondary certification authority i takes its secondary key gsk _i , the primary public key gmpk of the primary certification authority and the identity information ID _j provided by the user as input, and outputs the user's public key certificate

and sent to the client of user ID _j .

The client of user ID _j takes the main public key gmpk of the main certification authority, the identity information of user ID _j and the certificate Cert _i,j as input, and outputs the validity judgment: Valid/Invalid←GVer _gmpk (ID _j ,Cert _i,j ).

If the output of the above formula is valid, the client accepts the valid certificate, otherwise rejects and reapplies.

Again, perform certificate commitment and verification.

之后，从认证机构i通过安全信道把证书承诺和验证信息(ψ_i，j，π_i，j)发送给用户ID_j的用户端。In the certificate commitment process, the slave certification authority i takes the master certification authority master public key gmpk, the slave certification authority i public key gpk _i and the certificate Cert _i,j as input, and outputs the certificate commitment and verification information

Afterwards, the certificate commitment and verification information (ψ _i,j , π _i,j ) are sent from the certificate authority i to the client of the user ID _j through the secure channel.

In the process of commitment verification, the client of user ID _j opens a commitment to the verifier, and the verifier uses the master public key gmpk of the primary certification authority, the public key gpk _i of the secondary certification authority i, and the certificate commitment and verification information (ψ _{i, j} , π _{i, j} ) is the input, and the output validity is judged:

If the output of the above validity judgment formula is valid, the verifier who verifies the promise accepts the certificate, otherwise rejects the certificate.

Then, perform commitment signing and verification.

并把该承诺签名对(ψ_i，j，σ_i，j)提交到区块链系统以进行存储。In the commitment signature process, the slave certification authority i takes the slave key gsk _i , the master certification authority public key gmpk and the certificate commitment ψ _{i, j} as the input, and outputs the commitment signature

And submit the commitment signature pair (ψ _{i, j} , σ _{i, j} ) to the blockchain system for storage.

In the signature verification process, the miners in the blockchain system (ie other secondary certification authorities) take the public key gmpk of the main certification authority and the committed signature pair (ψ _{i, j} , σ _{i, j} ) as input, and output the promised signature Validity judgment: Valid/Invalid←GVer _gmpk (ψ _{i, j} , σ _{i, j} ). If the output of the validity judgment formula is valid, the miners in the blockchain system (that is, other certification authorities) accept the signature of the commitment and store it in the blockchain system, otherwise reject and delete it.

Then, perform identity authentication.

如果该有效性判断公式输出有效，验证该证书承诺的验证方接受该证书，否则拒绝该证书。During the authentication process, the client of user ID _j opens a promise to the verifier, and the verifier uses the master public key gmpk of the primary certification authority, the public key gpk _i of the secondary certification authority i, the certificate promise and the verification information (ψ _{i, j} , π _{i, j} ) is the input to judge the validity:

If the output of the validity judgment formula is valid, the verifier who verifies the promise of the certificate accepts the certificate, otherwise rejects the certificate.

Then, perform signature tracking.

In the signature tracing process, the master certification authority takes the master key gmsk and the commitment signature σ _i,j as input, and outputs the slave key gsk _i of the slave certification authority: gsk _i ←Trace _gmsk (σ _{i, j} ).

Finally, perform certificate extraction.

In the certificate extraction process, the master certification authority takes the master key gmsk and the commitment as input, and outputs the user public key certificate Cert _i,j : Cert _i,j ←Extract _gmsk (ψ _i,j ).

In addition, the certificate authority i can also extract the user's public key certificate from the certificate commitment, and the certificate authority i uses its slave key gsk _i and commitment ψ _i,j as input, and outputs the user's public key certificate

It can be understood that the basic cryptography tools used in the embodiments of the present invention include group signatures and extractable commitment algorithms with double extracting parties, as shown in FIG. Schematic illustration of the basic cryptographic tools in a cross-domain authentication method, including group signatures and extractable commitment algorithms with two extractors. For the extractable commitment algorithm with two extracting parties, the introduction is as follows:

生成群G₁，g₁为群G₁的随机生成元。e为(G₁，G₁)上对称双线性映射，H₁，H₂，H₃为三个哈希函数：H₁：G₁→{0，1}ⁿ，H₂：{0，1}ⁿ→{0，1}ⁿ，

For the system parameter generation algorithm SysGen, use the BDH parameter generator

A group G ₁ is generated, and g ₁ is a random generator of the group G ₁ . e is a symmetric bilinear map on (G ₁ , G ₁ ), H ₁ , H ₂ , H ₃ are three hash functions: H ₁ : G ₁ →{0, 1} ⁿ , H ₂ : {0, 1} ⁿ → {0, 1} ⁿ ,

则公钥和私钥分别为：pk₁＝X，sk₁＝x。选择另一个随机整数y∈Z^*，计算

则另对公钥和私钥分别为：pk₂＝Y，sk₂＝y。For the key generation algorithm KGen, choose a random integer x∈Z ^* , compute

Then the public key and the private key are respectively: pk ₁ =X, sk ₁ =x. Choose another random integer y∈Z ^* , compute

Then the other pair of public key and private key are respectively: pk ₂ =Y, sk ₂ =y.

For the commitment algorithm TECom, with message M∈{0,1} ⁿ , random number r∈Z ^* , random number _{ρ∈ {} 0,1} ⁿ and public key pk1, pk2 as input, calculate:

The output commitment is ψ=(C ₁ , C ₂ , C ₃ , C ₄ , C ₅ ), and the verification information is π=(r, ρ).

For the verification algorithm TEVer, take message M, public key pk ₁ , pk ₂ , commitment and verification information (ψ, π′) as inputs, calculate:

Let ψ'=(C ₁ ', C ₂ ', C ₃ ', C ₄ ', C ₅ '). If ψ=ψ', the output is valid, otherwise it is rejected.

之后检测等式C₅＝H₃(ρ，M，C₃，C₄，e(C₁，C₂)^x)是否成立，成立，则输出消息M，否则拒绝。For the extraction algorithm Extract, with commitment ψ=(C ₁ , C ₂ , C ₃ , C ₄ , C ₅ ) and commitment key sk ₁ =x as input, calculate:

Then check whether the equation C ₅ =H ₃ (ρ, M, C ₃ , C ₄ , e(C ₁ , C ₂ ) ^x ) holds, and if it holds, output message M, otherwise reject it.

之后，检测等式C₅＝H₃(ρ，M，C₃，C₄，e(C₁，C₂)^y)是否成立，成立，则输出消息M，否则拒绝。Taking certificate commitment ψ = (C ₁ , C ₂ , C ₃ , C ₄ , C ₅ ) and commitment key sk ₂ =y as input, calculate:

After that, check whether the equation C ₅ =H ₃ (ρ, M, C ₃ , C ₄ , e(C ₁ , C ₂ ) ^y ) holds, and if it holds, output message M, otherwise reject it.

Based on the same inventive concept, the embodiments of the present invention provide a blockchain-based cross-domain authentication system according to the foregoing embodiments, and the system is used to implement blockchain-based cross-domain authentication in the foregoing embodiments. Therefore, the descriptions and definitions in the blockchain-based cross-domain authentication methods in the foregoing embodiments can be used to understand each execution module in the embodiments of the present invention. For details, reference may be made to the foregoing embodiments, which will not be repeated here.

As shown in FIG. 1 , the blockchain-based cross-domain authentication system according to the embodiment of the present invention includes three types of entities: a primary authentication authority, a secondary authentication authority, a client, and a verifier (where the verifier is also a user). The master key and the master public key of the master certification authority are (gmsk, gmpk), and the private key and public key of the slave certification authority are (gsk, gpk). In Figure 1, (ψ ₁ , π ₁ , point ₁ ) and (ψ ₁ , π ₁ , point ₁ ) represent the certificate commitment, verification information and pointer, H() represents the hash function, Pre: H() represents the previous The block calculates the hash function value, and Cerfiticate represents the Merkle root of the transaction order, that is, the hash function is calculated for multiple transaction orders, and a final hash function value is calculated.

The blockchain-based cross-domain authentication system provided by the embodiment of the present invention, by setting the corresponding entity composition, utilizes the certificate issuance, certificate commitment and commitment signature of the cross-domain authentication process from the certification authority, so that the cross-domain authentication does not depend on the main certification authority, and the user only needs to verify the certificate issued by the certification authority, the commitment to the certificate and the signature of the commitment, so that the verifier can quickly verify the user's identity information, which can effectively improve the processing of cross-domain certification efficiency. At the same time, by broadcasting the commitment signature to the blockchain system, it is possible to implement strict supervision of the certification body and ensure the security and fairness of the certification process.

It can be understood that, in this embodiment of the present invention, a hardware processor (hardware processor) may be used to implement the composition of each entity in the system of the foregoing embodiments. In addition, the blockchain-based cross-domain authentication system according to the embodiment of the present invention is composed of the above entities, and can implement the blockchain-based cross-domain authentication process of the above method embodiments. In the case of cross-domain authentication based on blockchain, the beneficial effects produced by the system of the embodiment of the present invention are the same as those of the corresponding method embodiments above. Reference may be made to the above method embodiments, which will not be repeated here.

As another aspect of the embodiments of the present invention, the present embodiment provides an electronic device according to the above-mentioned embodiments, the electronic device includes a memory, a processor, and a computer program stored in the memory and running on the processor, When the processor executes the computer program, it implements the steps of the blockchain-based cross-domain authentication method described in the above embodiments.

Further, the electronic device of the embodiment of the present invention may further include a communication interface and a bus. Referring to FIG. 5 , it is a schematic diagram of a physical structure of an electronic device provided by an embodiment of the present invention, including: at least one memory 501 , at least one processor 502 , a communication interface 503 , and a bus 504 .

Among them, the memory 501, the processor 502 and the communication interface 503 communicate with each other through the bus 504, and the communication interface 503 is used for information transmission between the electronic device and the cross-domain authentication system; A computer program running on the processor 502, when the processor 502 executes the computer program, implements the steps of the blockchain-based cross-domain authentication method described in the foregoing embodiments.

It can be understood that the electronic device includes at least a memory 501, a processor 502, a communication interface 503 and a bus 504, and the memory 501, the processor 502 and the communication interface 503 form a communication connection with each other through the bus 504, and can complete the communication between each other. For example, the processor 502 reads the program instructions of the blockchain-based cross-domain authentication method from the memory 501, and the like. In addition, the communication interface 503 can also realize the communication connection between the electronic device and the cross-domain authentication system, and can complete the mutual information transmission, such as realizing the sending of control instructions through the communication interface 503 .

When the electronic device is running, the processor 502 invokes the program instructions in the memory 501 to execute the methods provided by the above method embodiments, for example, including: using the primary certification authority, selecting security parameters to sequentially generate public parameters and the principal of the primary certification authority key and master key, and based on the master key, generate the slave key of the slave certification authority, and distribute it to the slave certification authority; using the slave certification authority, generate the slave public key of the slave certification authority according to the slave key, and generate the slave public key based on the slave public key. The certificate is issued to the client, so that the client can verify whether the certificate is valid, and accept the certificate when it is valid; use the certificate authority to make a commitment to the certificate, and send the certificate commitment and verification information generated by the commitment to the client for use. The client verifies whether the certificate commitment is valid, and when the verification is valid, accepts the certificate commitment and verification information; uses the certificate authority to sign the certificate commitment, and broadcasts the generated commitment signature to the blockchain system for other Verify whether the commitment signature is valid from the certification authority, and store the commitment signature in the blockchain system when the verification is valid; use the client to send the certificate, certificate commitment and verification information to the verifier for the verifier to verify the certificate commitment Whether it is valid, and when the verification is valid, accept the identity information of the user corresponding to the client; use the primary certification authority to track the identity information of the secondary certification authority, and use the primary certification authority and the secondary certification authority to extract the certificate from the certificate commitment. Implement cross-domain authentication, etc.

The above program instructions in the memory 501 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Alternatively, all or part of the steps of implementing the above method embodiments may be completed by program instructions related to hardware, the aforementioned program may be stored in a computer-readable storage medium, and when the program is executed, the execution includes the implementation of the above methods And the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or CD and other various programs that can be stored medium of code.

Embodiments of the present invention also provide a non-transitory computer-readable storage medium according to the foregoing embodiments, which stores computer instructions, and when the computer instructions are executed by a computer, implements the blockchain-based blockchain described in the foregoing embodiments. The steps of the cross-domain authentication method, for example, include: using the master certification authority, selecting security parameters to sequentially generate public parameters and the master public key and master key of the master certification authority, and generating the slave key of the slave certification authority based on the master key, Distribute to the secondary certification authority; use the secondary certification authority to generate the secondary public key of the secondary certification authority based on the secondary key, and issue the certificate to the client based on the secondary public key, so that the client can verify whether the certificate is valid, and when the verification is valid Accept the certificate; use the certificate authority to make a commitment to the certificate, and send the certificate commitment and verification information generated by the commitment to the client, so that the client can verify whether the certificate commitment is valid, and when the verification is valid, accept the certificate commitment and verification information ; Sign the certificate commitment using the secondary certification authority, and broadcast the generated commitment signature to the blockchain system for other secondary certification agencies to verify whether the commitment signature is valid, and when the verification is valid, store the commitment signature in the In the blockchain system; use the client to send the certificate, certificate commitment and verification information to the verifier, so that the verifier can verify whether the certificate commitment is valid, and when the verification is valid, accept the identity information of the user corresponding to the client; use The primary certification authority tracks the identity information of the secondary certification authority, and uses the primary certification authority and the secondary certification authority respectively to extract the certificate from the certificate commitment to achieve cross-domain authentication, etc.

The electronic device and the non-transitory computer-readable storage medium provided by the embodiments of the present invention use the certificates obtained from the certification authority to realize the cross-domain authentication process by executing the steps of the blockchain-based cross-domain authentication methods described in the above embodiments. Issuance, certificate commitment and commitment signature, so that cross-domain authentication does not depend on the main certification authority, and users only need to verify the certificate issued from the certification authority, the commitment to the certificate, and the signature of the commitment, so that the verification can be done quickly. The user's identity information is verified, thereby effectively improving the processing efficiency of cross-domain authentication. At the same time, by broadcasting the commitment signature to the blockchain system, it is possible to implement strict supervision of the certification body and ensure the security and fairness of the certification process.

It should be understood that the above-described embodiments of the apparatus, electronic device and storage medium are only illustrative, and the units described as separate components may or may not be physically separated, and may be located in one place, or It can also be distributed to different network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as U disk, mobile hard disk , ROM, RAM, magnetic disk or optical disk, etc., including several instructions to make a computer device (such as a personal computer, server, or network device, etc.) execute the above method embodiments or some parts of the method embodiments. Methods.

In addition, it should be understood by those skilled in the art that, in the application documents of the embodiments of the present invention, the terms "comprising", "comprising" or any other variations thereof are intended to cover non-exclusive inclusion, so as to include a series of An elemental process, method, article or apparatus includes not only those elements, but also other elements not expressly listed, or elements inherent to such a process, method, article or apparatus. Without further limitation, an element defined by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.

In the description of the embodiments of the present invention, a large number of specific details are described. It should be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description. Similarly, it is to be understood that in the above descriptions of exemplary embodiments of the present embodiments, various features of the present embodiments are sometimes referred to in order to simplify the present disclosure and to aid in understanding one or more of the various inventive aspects. Grouped together into a single embodiment, figure, or description thereof.

However, this disclosed approach should not be construed to reflect an intention that the claimed embodiments of the invention require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate example of embodiments of this invention.

Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the embodiments of the present invention, but not to limit them; although the embodiments of the present invention have been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: It is still possible to modify the technical solutions recorded in the foregoing embodiments, or perform equivalent replacements for some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present invention. spirit and scope.

Claims (10)

1. A block chain-based cross-domain authentication method is characterized in that the block chain-based cross-domain authentication method is implemented based on a given cross-domain authentication system, the given cross-domain authentication system comprises a master authentication mechanism, a slave authentication mechanism, a user side and a verifier, and the block chain-based cross-domain authentication method comprises the following steps:

selecting safety parameters to sequentially generate public parameters and a master public key and a master secret key of the master certification authority by using the master certification authority, generating a slave secret key of the slave certification authority based on the master secret key, and distributing the slave secret key to the slave certification authority;

generating a slave public key of the slave certification authority according to the slave secret key by using the slave certification authority, generating a certificate based on the slave public key, signing to the user side so that the user side can verify whether the certificate is valid, and accepting the certificate when the certificate is valid;

utilizing the slave certification authority to commit the certificate, sending the certificate commitment and verification information generated by the commitment to the user side so that the user side can verify whether the certificate commitment is valid or not, and accepting the certificate commitment and the verification information when the certificate commitment and the verification information are valid;

signing the certificate commitment by using the slave certification authority, broadcasting a commitment signature generated by the signature into a blockchain system for other slave certification authorities to verify whether the commitment signature is valid, and storing the commitment signature into the blockchain system when the commitment signature is valid;

the user side is utilized to send the certificate, the certificate acceptance and the verification information to the verifier so that the verifier can verify whether the certificate acceptance is valid or not, and when the certificate acceptance is valid, the identity information of the user corresponding to the user side is received;

and tracking the identity information of the slave certification authority by using the master certification authority, and extracting the certificate from the certificate commitment by using the master certification authority and the slave certification authority respectively to realize cross-domain certification.

2. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of selecting a security parameter to generate a public parameter and a master public key and a master secret key of the master certificate authority by using the master certificate authority, and generating a slave secret key of the slave certificate authority based on the master secret key, and distributing the slave secret key to the slave certificate authority specifically comprises:

and the main authentication mechanism is utilized to complete the following processing flows in sequence:

selecting a safety parameter 1^λAnd based on the safety parameter 1^λGenerating a public parameter Param by adopting a system parameter generation algorithm SysGen;

generating a master public key gmpk and a master key gmsk of the master certification authority by adopting a key generation algorithm KGen based on a public parameter Param, and generating a slave key gsk of the slave certification authority by adopting a key generation algorithm KGen based on the master key gmsk;

the step of generating, by the slave certificate authority, a slave public key of the slave certificate authority from the slave key specifically includes: and generating a slave public key gpk of the slave certification authority by using a key generation algorithm KGen based on a slave key gsk of the slave certification authority by using the slave certification authority.

3. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of generating a certificate based on the slave public key and issuing the certificate to the user end for the user end to verify whether the certificate is valid, and accepting the certificate when the certificate is valid specifically includes:

utilizing the slave certification authority, based on the slave key gsk of the slave certification authority, the master public key gmpk of the master certification authority and the identity information ID of the user corresponding to the user end_jAdopting a group signature algorithm GSig to generate a certificate Cert to sign and send the certificate Cert to the user side;

utilizing the user side according to the master public key gmpk and the identity information ID of the user_jAnd a certificate Cert, which adopts a verification algorithm Gser to verify whether the certificate Cert is valid;

and if the output of the verification algorithm Gver is Valid, determining that the certificate Cert is Valid and accepting the certificate Cert, and if the output of the verification algorithm Gver is Invalid, determining that the certificate Cert is Invalid and rejecting the certificate Cert.

4. The blockchain-based cross-domain authentication method according to claim 1, wherein the steps of utilizing the slave certificate authority to commit the certificate, sending a certificate commitment and verification information generated by the commitment to the user end, so that the user end can verify whether the certificate commitment is valid, and when the certificate commitment and the verification information are valid, accepting the certificate commitment and the verification information specifically include:

generating certificate acceptance and verification information (psi, pi) by using the slave certification authority according to the master public key gmpk of the master certification authority, the public key gpk of the slave certification authority and the certificate Cert by using an acceptance algorithm TECom, and sending the certificate acceptance and verification information (psi, pi) to the user side;

verifying whether the certificate acceptance psi is valid or not by using the user side through a verification algorithm TEVer according to the master public key gmpk of the master certification authority, the certificate Cert, the certificate acceptance and the verification information psi, pi;

if the output of the verification algorithm TEVer is Valid, it is determined that the certificate acceptance ψ is Valid and the certificate acceptance and verification information (ψ, π) is accepted, and if the output of the verification algorithm TEVer is Invalid, it is determined that the certificate acceptance ψ is Invalid and the certificate acceptance and verification information (ψ, π) is rejected.

5. The blockchain-based cross-domain authentication method according to claim 1, wherein the signing the certificate acceptance by the slave certification authority, broadcasting the signature-generated acceptance signature to the blockchain system for other slave certification authorities to verify whether the acceptance signature is valid, and storing the acceptance signature in the blockchain system when the acceptance signature is valid specifically comprises:

generating a commitment signature sigma by using the slave certification authority according to a slave key gssk of the slave certification authority, a master public key gmpk of the master certification authority and a certificate commitment psi by adopting a group signature algorithm GSig and broadcasting the commitment signature sigma into a blockchain system;

verifying whether the commitment signature sigma is valid or not by using the other slave certification authorities and adopting a verification algorithm Gver according to the master public key gmpk, the certificate commitment psi and the commitment signature sigma of the master certification authority;

and if the output of the verification algorithm Gver is Valid, determining that the commitment signature sigma is Valid and storing the commitment signature sigma into the blockchain system, and if the output of the verification algorithm Gver is Invalid, determining that the commitment signature sigma is Invalid and rejecting the commitment signature sigma.

6. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of sending the certificate, the certificate acceptance and the verification information to the verifier by using the user side for the verifier to verify whether the certificate acceptance is valid, and when the certificate acceptance is valid, accepting identity information of a user corresponding to the user side specifically comprises:

sending a certificate Cert and certificate acceptance and verification information (ψ, π) to the verifier by using the user side;

verifying whether the certificate acceptance psi is valid or not by using the verifier according to the master public key gmpk of the master certification authority, the certificate Cert and the certificate acceptance and verification information psi, pi by adopting a verification algorithm TEVer;

and if the output of the verification algorithm TEVer is Valid, determining that the certificate acceptance psi is Valid and accepting the identity information of the user corresponding to the user side, and if the output of the verification algorithm TEVer is Invalid, determining that the certificate acceptance psi is Invalid and rejecting the identity information of the user corresponding to the user side.

7. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of tracking, by the master authentication mechanism, the identity information of the slave authentication mechanism specifically comprises:

and tracking a slave key gsk of the slave certification authority by using the master certification authority according to a master key gmsk and a commitment signature sigma of the master certification authority by adopting a tracking algorithm Trace, and identifying the identity information of the slave certification authority based on the slave key gsk.

8. The blockchain-based cross-domain authentication method according to claim 1, wherein the step of extracting the certificate from the certificate commitment by using the master certification authority and the slave certification authority respectively to implement cross-domain authentication specifically comprises:

extracting a certificate Cert by using the main certification authority and adopting an extraction algorithm Extract according to a main key gmsk of the main certification authority and a certificate commitment psi;

and extracting the certificate Cert by using the slave certification authority by adopting an extraction algorithm Extract according to the slave key gsk of the slave certification authority and the certificate acceptance psi.

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the block chain based cross-domain authentication method according to any one of claims 1 to 8 when executing the computer program.

10. A non-transitory computer readable storage medium having stored thereon computer instructions, wherein the computer instructions, when executed by a computer, implement the steps of the blockchain based cross-domain authentication method according to any one of claims 1 to 8.

Images