[go: up one dir, main page]

CN115189882B - Block chain-based distributed identity authentication method in crowd sensing - Google Patents

Block chain-based distributed identity authentication method in crowd sensing Download PDF

Info

Publication number
CN115189882B
CN115189882B CN202210369735.6A CN202210369735A CN115189882B CN 115189882 B CN115189882 B CN 115189882B CN 202210369735 A CN202210369735 A CN 202210369735A CN 115189882 B CN115189882 B CN 115189882B
Authority
CN
China
Prior art keywords
blockchain
node
cluster head
task
perception
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210369735.6A
Other languages
Chinese (zh)
Other versions
CN115189882A (en
Inventor
王涛春
陈建
沈慧敏
陈付龙
吴青山
谢冬
罗永龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Normal University
Original Assignee
Anhui Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Normal University filed Critical Anhui Normal University
Priority to CN202210369735.6A priority Critical patent/CN115189882B/en
Publication of CN115189882A publication Critical patent/CN115189882A/en
Application granted granted Critical
Publication of CN115189882B publication Critical patent/CN115189882B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/24Connectivity information management, e.g. connectivity discovery or connectivity update
    • H04W40/32Connectivity information management, e.g. connectivity discovery or connectivity update for defining a routing cluster membership

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种群智感知中基于区块链的分布式身份认证方法,在群智感知系统中将参与者分为普通节点和簇头节点,将普通节点布置在私有区块链上进行认证,簇头节点部署在公共区块链上进行认证;其中利用零知识证明对参与者进行认证。本发明的优点在于:将群智感知网络分为私有区块链和公共区块链并将普通用户和簇头节点用户分别注册在其上后通过零知识证明方式实现普通用户身份的认证和簇头节点用户的认证,实现了群智感知中设备身份认证的隐私保护和可靠认证。

The present invention discloses a distributed identity authentication method based on blockchain in crowd sensing. In the crowd sensing system, participants are divided into ordinary nodes and cluster head nodes, ordinary nodes are arranged on a private blockchain for authentication, and cluster head nodes are deployed on a public blockchain for authentication; wherein zero-knowledge proof is used to authenticate the participants. The advantages of the present invention are that after the crowd sensing network is divided into a private blockchain and a public blockchain and ordinary users and cluster head node users are registered on them respectively, the authentication of ordinary users and cluster head node users is realized by zero-knowledge proof, thereby realizing privacy protection and reliable authentication of device identity authentication in crowd sensing.

Description

一种群智感知中基于区块链的分布式身份认证方法A distributed identity authentication method based on blockchain in crowd sensing

技术领域Technical Field

本发明涉及区块链技术(私链和公链的结合)和群知感知领域,特别涉及一种群智感知中基于区块链的零知识证明的身份认证方法。The present invention relates to the field of blockchain technology (a combination of private chain and public chain) and crowd perception, and in particular to an identity authentication method based on zero-knowledge proof of blockchain in crowd perception.

背景技术Background technique

群智感知主要通过各种智能设备(如智能手机、音乐播放器、平板电脑、可穿戴设备和车载传感器)以普遍的方式从传感器收集数据,并将数据导向特定的MCS服务器,从而为物联网(IoT)生态系统做出贡献。目前MCS已应用于智慧城市的诸多领域。例如,利用智能手机中各种各样的传感器(如卫星导航、麦克风、摄像机、光传感器、加速度计、指南针和陀螺仪)感知城市气温、噪声环境检监测、社会群体行为分析以及健康状况监测等。智能交通系统中车辆也安装了许多传感器和无线设备,包括摄像头、GPS、横向加速度传感器和车载设备等,用来感知城市拥堵状况、汽车到站时间、可用车位等,为人们生活带来极大便利。从大的应用方向看,MCS的应用场景主要包括环境监测、提供公共基础服务和社会感知几个方面。Crowd-sensing mainly collects data from sensors in a universal way through various smart devices (such as smartphones, music players, tablets, wearable devices, and vehicle-mounted sensors) and directs the data to specific MCS servers, thereby contributing to the Internet of Things (IoT) ecosystem. At present, MCS has been applied to many fields of smart cities. For example, various sensors in smartphones (such as satellite navigation, microphones, cameras, light sensors, accelerometers, compasses, and gyroscopes) are used to sense urban temperature, noise environment monitoring, social group behavior analysis, and health status monitoring. Vehicles in intelligent transportation systems are also equipped with many sensors and wireless devices, including cameras, GPS, lateral acceleration sensors, and vehicle-mounted devices, which are used to sense urban congestion, car arrival time, available parking spaces, etc., bringing great convenience to people's lives. From a broad application perspective, the application scenarios of MCS mainly include environmental monitoring, provision of public basic services, and social perception.

群智感知为人们的生活带来了极大的便利,然而由于依赖集中式的服务器进行任务的发布与感知数据的收集,传统的群智感知系统存在单点故障等威胁。区块链作为一种新型的分布式系统技术,符合群智感知的分布式特点,为解决群智感知中安全问题提供了新的方法。然而群智感知安全与区块链仍处于探索阶段,现有的基于区块链的方法仍然存在许多问题。Crowd perception has brought great convenience to people's lives. However, due to the reliance on centralized servers for task release and perception data collection, traditional crowd perception systems are subject to threats such as single point failure. Blockchain, as a new type of distributed system technology, conforms to the distributed characteristics of crowd perception and provides a new method for solving security issues in crowd perception. However, crowd perception security and blockchain are still in the exploratory stage, and existing blockchain-based methods still have many problems.

在当前群智感知安全研究中,区块链的相关工作主要有群智感知系统架构、激励机制和隐私保护等。基于区块链的群智感知系统架构研究主要关注群智感知中参与者的分布特性以及它们如何更好地与区块链的拓扑结构相适应,从而实现两者逻辑结构的统一,使区块链更好地服务于群智感知的安全。基于区块链的激励机制研究主要考虑如何利用分布式特性调动参与者的积极性,以及利用智能合约设计更好的任务分配以及奖惩制度。基于区块链的隐私保护主要通过任务分配模式以及激励机制设计达到感知数据上传过程中用户隐私信息的保护。In the current research on crowd-sensing security, the relevant work of blockchain mainly includes crowd-sensing system architecture, incentive mechanism and privacy protection. The research on the crowd-sensing system architecture based on blockchain mainly focuses on the distribution characteristics of participants in crowd-sensing and how they can better adapt to the topological structure of blockchain, so as to achieve the unification of the logical structure of the two and enable blockchain to better serve the security of crowd-sensing. The research on the incentive mechanism based on blockchain mainly considers how to use the distributed characteristics to mobilize the enthusiasm of participants, and how to use smart contracts to design better task allocation and reward and punishment systems. Privacy protection based on blockchain mainly achieves the protection of user privacy information during the uploading of perception data through task allocation mode and incentive mechanism design.

然而,这些群智感知解决方案并没有考虑参与者在执行感知任务之前身份认证及隐私保护。However, these crowd sensing solutions do not consider the identity authentication and privacy protection of participants before performing sensing tasks.

发明内容Summary of the invention

本发明的目的在于克服现有技术的不足,提供一种群智感知中基于区块链的分布式身份认证方法,通过采用零知识证明对于群智感知参与者的身份进行认证,实现身份认证的隐私保护。The purpose of the present invention is to overcome the shortcomings of the prior art and provide a distributed identity authentication method based on blockchain in crowd sensing, which realizes privacy protection of identity authentication by adopting zero-knowledge proof to authenticate the identities of crowd sensing participants.

为了实现上述目的,本发明采用的技术方案为:一种群智感知中基于区块链的分布式身份认证方法,在群智感知系统中将参与者分为普通节点和簇头节点,将普通节点布置在私有区块链上进行认证,簇头节点部署在公共区块链上进行认证;其中利用零知识证明对参与者进行认证。In order to achieve the above-mentioned purpose, the technical solution adopted by the present invention is: a distributed identity authentication method based on blockchain in crowd sensing, in which participants are divided into ordinary nodes and cluster head nodes in the crowd sensing system, ordinary nodes are arranged on a private blockchain for authentication, and cluster head nodes are deployed on a public blockchain for authentication; wherein zero-knowledge proof is used to authenticate participants.

在群志感知中,参与者还包括任务请求者,任务请求者、簇头节点注册在公共区块链上,普通节点注册在私有区块链上;In group-aware sensing, participants also include task requesters. Task requesters and cluster head nodes are registered on the public blockchain, and ordinary nodes are registered on the private blockchain;

任务请求者在区块链上建立感知任务,并在公共区块链上根据加密排序算法随机选择一组验证器,进行簇头节点的认证;簇头节点认证成功后从公共区块链上下载感知任务,将感知任务分配给区块链上的普通节点,想要参加感知任务的普通节点发出请求参与感知任务消息触发感知任务智能合约将生成的秘密函数共享给私有链上注册的普通节点并进行认证;The task requester establishes a perception task on the blockchain and randomly selects a group of validators on the public blockchain according to the encryption sorting algorithm to authenticate the cluster head node. After the cluster head node is successfully authenticated, it downloads the perception task from the public blockchain and assigns the perception task to ordinary nodes on the blockchain. Ordinary nodes that want to participate in the perception task send a request to participate in the perception task message, which triggers the perception task smart contract to share the generated secret function with ordinary nodes registered on the private chain and authenticate them.

在任一节点认证失败时,认证失败的信息就会发送到区块链,然后将该验证失败的节点在区块链中进行注销。When any node fails to authenticate, the authentication failure information will be sent to the blockchain, and then the node that failed the authentication will be deregistered from the blockchain.

群智感知设备注册在区块链上包括:The registration of crowd-sensing devices on the blockchain includes:

步骤S1.1:首先节点先在以太坊上面申请的一个账户,然后在获取这个账户的公钥和私钥进行做签名sha256操作,用作用户注册的id;Step S1.1: First, the node applies for an account on Ethereum, and then obtains the public key and private key of this account to perform a sha256 signature operation, which is used as the user registration ID;

步骤:S1.2节点提交注册请求消息,触发公共链上注册智能合约;Step: S1.2 The node submits a registration request message, triggering the registration smart contract on the public chain;

步骤S1.3:根据注册请求消息查询公共区块链中所存储的节点id;Step S1.3: query the node ID stored in the public blockchain according to the registration request message;

步骤S1.4:若节点的id已经存在,则会给节点返回一个False,告诉节点这个用户id已经存在,注册失败;否则进行注册,将任务请求者的id存储到区块链中,同时将用户类型改成对应的节点类型,需要将注册成功状态改成True,将True返回给节点,表示该节点在区块链上面注册成功,注册信息已经存储在区块链中。Step S1.4: If the node ID already exists, a False will be returned to the node, telling the node that the user ID already exists and the registration fails; otherwise, registration is performed, the ID of the task requester is stored in the blockchain, and the user type is changed to the corresponding node type. The registration success status needs to be changed to True, and True is returned to the node, indicating that the node is successfully registered on the blockchain and the registration information has been stored in the blockchain.

簇头节点认证是一旦任务请求者在区块链上建立感知任务,就会在公共区块链上根据加密排序算法随机选择一组验证器,进行簇头节点的认证,认证失败的簇头节点将修改其状态值,撤销节点,以及修改所属簇头节点的所有普通节点状态值。Cluster head node authentication is that once the task requester establishes a perception task on the blockchain, a group of validators will be randomly selected on the public blockchain according to the encryption sorting algorithm to authenticate the cluster head node. The cluster head node that fails the authentication will modify its status value, revoke the node, and modify the status values of all ordinary nodes belonging to the cluster head node.

任务请求者在建立感知任务时发布感知任务智能合约,任务信息包括感知任务类型、完成时间、任务状态,以及生成一个秘密函数Hσ用于节点身份认证,秘密函数与已经在公共区块链上注册成功的簇头节点共享,簇头节点通过生成见证witness和证明proof来证明自己。The task requester publishes the perception task smart contract when establishing the perception task. The task information includes the perception task type, completion time, task status, and generates a secret function H σ for node identity authentication. The secret function is shared with the cluster head node that has been successfully registered on the public blockchain. The cluster head node proves itself by generating witness and proof.

在簇头节点认证前的设置阶段,任务请求者从公共引用字符串CRS中创建证明密钥Proving key和验证密钥Verifying key,用于创建和验证证明Proof。Proving key发送给注册的簇头节点时,Verfier key发送给为簇头节点身份验证而创建的区块链智能合约;In the setup phase before cluster head node authentication, the task requester creates a Proving key and a Verifying key from the public reference string CRS to create and verify the proof. When the Proving key is sent to the registered cluster head node, the Verfier key is sent to the blockchain smart contract created for cluster head node authentication;

簇头节点被注册并接收到身份验证元素后启动证明生成阶段,在此阶段簇头节点生成证明,簇头节点有一个有效证明proof簇头节点通过一个假名地址将证明/>发送到公共链上的认证智能合约时,从选取的j个验证器中进行验证。After the cluster head node is registered and receives the authentication element, the proof generation phase starts. In this phase, the cluster head node generates a proof. The cluster head node has a valid proof. The cluster head node will prove it through a pseudonymous address/> When sending to the authentication smart contract on the public chain, it is verified from the selected j validators.

簇头节点认证成功后从公共区块链上下载感知任务,将感知任务分配给区块链上的普通节点,想要参加感知任务的普通节点发出请求参与感知任务消息,触发感知任务智能合约将生成的秘密函数共享给私有链上注册的普通节点,开启采用零知识证明方式对普通节点身份进行认证的过程。After the cluster head node is successfully authenticated, it downloads the perception task from the public blockchain and assigns the perception task to the ordinary nodes on the blockchain. The ordinary nodes that want to participate in the perception task send a request to participate in the perception task message, triggering the perception task smart contract to share the generated secret function with the ordinary nodes registered on the private chain, starting the process of authenticating the identity of the ordinary nodes using zero-knowledge proof.

普通节点身份认证包括:任务请求者生成的秘密函数Hτ与注册参与者共享,以便参与者可以生成witness和proof来证明自己,任务请求者还从公共引用字符串CRS中创建证明密钥verfier key和验证密钥verfier key用来创建和验证证明,proving key发送给参与者时,verfier key被发送给区块链认证智能合约;参与者注册并接收到身份验证元素,它就会启动证据生成阶段,在此阶段参与者生成证明;参与者节点的证明proofσ,通过一个假名地址将证明σ发送给私有链上的身份验证智能合约,份验证智能合约验证成功则将在本地存储所属信息等。若验证不成功,则被视为恶意用户,修改exist字段为假。Ordinary node authentication includes: the secret function H τ generated by the task requester is shared with the registered participants so that the participants can generate witnesses and proofs to prove themselves. The task requester also creates a proving key and a verification key from the public reference string CRS to create and verify proofs. When the proving key is sent to the participant, the verfier key is sent to the blockchain authentication smart contract; when the participant registers and receives the authentication element, it will start the evidence generation phase, during which the participant generates proofs; the proof σ of the participant node is sent to the authentication smart contract on the private chain through a pseudonymous address. If the verification is successful, the verification smart contract will store the belonging information locally. If the verification fails, it is regarded as a malicious user and the exist field is modified to false.

本发明的优点在于:将群智感知网络分为私有区块链和公共区块链并将普通用户和簇头节点用户分别注册在其上后通过零知识证明方式实现普通用户身份的认证和簇头节点用户的认证,实现了群智感知中设备身份认证的隐私保护和可靠认证。The advantages of the present invention are that the crowd sensing network is divided into a private blockchain and a public blockchain, and ordinary users and cluster head node users are respectively registered on them, and then the authentication of ordinary users and cluster head node users is realized through zero-knowledge proof, thereby realizing privacy protection and reliable authentication of device identity authentication in crowd sensing.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

下面对本发明说明书各幅附图表达的内容及图中的标记作简要说明:The following is a brief description of the contents expressed in the drawings of the present invention and the marks in the drawings:

图1混合区块链网络模型Figure 1 Hybrid blockchain network model

图2方案流程图Figure 2 Flowchart of the solution

图3节点注册流程Figure 3 Node registration process

图4公共区块链与簇头节点之间的认证设置过程图Figure 4. Authentication setup process between public blockchain and cluster head node

图5公共区块链与簇头节点之间的生成证明过程图Figure 5. Proof of generation process between public blockchain and cluster head node

图6公共区块链与簇头节点之间的认证过程的验证过程图Figure 6 Verification process diagram of the authentication process between the public blockchain and the cluster head node

图7普通节点与簇头节点之间的认证流程图Figure 7 Authentication flow chart between common nodes and cluster head nodes

图8节点注销流程图Figure 8 Node deregistration flow chart

具体实施方式Detailed ways

下面对照附图,通过对最优实施例的描述,对本发明的具体实施方式作进一步详细的说明。The specific implementation of the present invention will be further explained in detail below by describing the optimal embodiment with reference to the accompanying drawings.

如图1所示,一种群智感知中基于区块链的分布式身份认证方法,首先采用分层的方式将区块链分为公共区块链和私有区块链实现分层认证,将群智感知的参与者设备中分为普通节点和簇头节点,将普通节点布置在私有区块链上进行认证,簇头节点部署在公共区块链上进行认证;其中利用零知识证明对参与者进行认证。As shown in Figure 1, a distributed identity authentication method based on blockchain in crowd sensing first divides the blockchain into a public blockchain and a private blockchain in a hierarchical manner to implement hierarchical authentication, divides the participant devices of crowd sensing into ordinary nodes and cluster head nodes, arranges the ordinary nodes on the private blockchain for authentication, and deploys the cluster head nodes on the public blockchain for authentication; wherein zero-knowledge proof is used to authenticate the participants.

在群志感知中,参数者包括任务请求者和普通节点、簇头节点,任务请求者、簇头节点注册在公共区块链上,普通节点注册在私有区块链上;在群智感知任务发布后需要分别采用零知识证明对簇头节点和普通节点的参与者设备进行身份认证。In crowd sensing, the participants include task requesters, ordinary nodes, and cluster head nodes. Task requesters and cluster head nodes are registered on the public blockchain, and ordinary nodes are registered on the private blockchain. After the crowd sensing task is released, zero-knowledge proof is required to authenticate the identity of the participant devices of the cluster head node and ordinary node respectively.

在本申请中,任务请求者:任务请求者需要完成数据采集任务,如室内定位、智慧交通、环境监测、行为感知等。但是他们没有充足的能力自己完成任务。将需要的感知数据的形式和要求定义为感知任务,通过智能合约在区块链上发布。普通工作者:普通工作者是愿意贡献计算能力较弱的节点,用于感知各种数据。每个普通节点只属于一个簇头网络。普通节点通常只能感知和传输简单的数据,计算和存储能力较弱,能量有限,不能进行复杂的操作和数据处理。簇头节点应该是有一个很强的计算能力的设备,这个设备需要处理普通节点上传的数据。In this application, task requester: The task requester needs to complete data collection tasks, such as indoor positioning, smart transportation, environmental monitoring, behavior perception, etc. But they do not have sufficient capabilities to complete the task themselves. The form and requirements of the required perception data are defined as perception tasks and published on the blockchain through smart contracts. Ordinary workers: Ordinary workers are nodes that are willing to contribute weaker computing power to perceive various data. Each ordinary node belongs to only one cluster head network. Ordinary nodes can usually only perceive and transmit simple data, have weak computing and storage capabilities, limited energy, and cannot perform complex operations and data processing. The cluster head node should be a device with strong computing power, which needs to process the data uploaded by ordinary nodes.

在用户感知设备进行注册在公共区块链或私有区块链,注册完成后进入认证步骤,首先需要进行设置,任务请求者设置和发布感知任务智能合约,任务信息包括感知任务类型、完成时间、任务状态,以及生成一个秘密函数Hσ用于节点身份认证,然后将秘密函数Hσ共享给簇头节点和普通节点,然后通过计算见证(witness)和证明(proof),将生成的证明proof送入到节点的智能合约中进行验证证明,验证通过后则身份认证成功,接收感知任务;否则认证失败,注销节点。After the user's sensing device is registered in the public blockchain or private blockchain, the authentication step is entered after the registration is completed. First, the setting needs to be made. The task requester sets and publishes the sensing task smart contract. The task information includes the sensing task type, completion time, task status, and generates a secret function H σ for node identity authentication. The secret function H σ is then shared with the cluster head node and ordinary nodes. Then, by calculating the witness and proof, the generated proof is sent to the node's smart contract for verification. If the verification is passed, the identity authentication is successful and the sensing task is received; otherwise, the authentication fails and the node is deregistered.

任务请求者在区块链上建立感知任务,并在公共区块链上根据加密排序算法随机选择一组验证器,进行簇头节点的认证;簇头节点认证成功后从公共区块链上下载感知任务,将感知任务分配给区块链上的普通节点,想要参加感知任务的普通节点发出请求参与感知任务消息触发感知任务智能合约将生成的秘密函数共享给私有链上注册的普通节点并进行认证;The task requester establishes a perception task on the blockchain and randomly selects a group of validators on the public blockchain according to the encryption sorting algorithm to authenticate the cluster head node. After the cluster head node is successfully authenticated, it downloads the perception task from the public blockchain and assigns the perception task to ordinary nodes on the blockchain. Ordinary nodes that want to participate in the perception task send a request to participate in the perception task message, which triggers the perception task smart contract to share the generated secret function with ordinary nodes registered on the private chain and authenticate them.

在任一节点认证失败时,认证失败的信息就会发送到区块链,然后将该验证失败的节点在区块链中进行注销。When any node fails to authenticate, the authentication failure information will be sent to the blockchain, and then the node that failed the authentication will be deregistered from the blockchain.

群智感知设备注册在区块链上包括:The registration of crowd-sensing devices on the blockchain includes:

步骤S1.1:首先节点先在以太坊上面申请的一个账户,然后在获取这个账户的公钥和私钥进行做签名sha256操作,用作用户注册的id;Step S1.1: First, the node applies for an account on Ethereum, and then obtains the public key and private key of this account to perform a sha256 signature operation, which is used as the user registration ID;

步骤:S1.2节点提交注册请求消息,触发公共链上注册智能合约;Step: S1.2 The node submits a registration request message, triggering the registration smart contract on the public chain;

步骤S1.3:根据注册请求消息查询公共区块链中所存储的节点id;Step S1.3: query the node ID stored in the public blockchain according to the registration request message;

步骤S1.4:若节点的id已经存在,则会给节点返回一个False,告诉节点这个用户id已经存在,注册失败;否则进行注册,将任务请求者的id存储到区块链中,同时将用户类型改成对应的节点类型,需要将注册成功状态改成True,将True返回给节点,表示该节点在区块链上面注册成功,注册信息已经存储在区块链中。Step S1.4: If the node ID already exists, a False will be returned to the node, telling the node that the user ID already exists and the registration fails; otherwise, registration is performed, the ID of the task requester is stored in the blockchain, and the user type is changed to the corresponding node type. The registration success status needs to be changed to True, and True is returned to the node, indicating that the node is successfully registered on the blockchain and the registration information has been stored in the blockchain.

簇头节点认证是一旦任务请求者在区块链上建立感知任务,就会在公共区块链上根据加密排序算法随机选择一组验证器,进行簇头节点的认证,认证失败的簇头节点将修改其状态值,撤销节点,以及修改所属簇头节点的所有普通节点状态值。Cluster head node authentication is that once the task requester establishes a perception task on the blockchain, a group of validators will be randomly selected on the public blockchain according to the encryption sorting algorithm to authenticate the cluster head node. The cluster head node that fails the authentication will modify its status value, revoke the node, and modify the status values of all ordinary nodes belonging to the cluster head node.

本发明提出了一种基于混合区块链的参与者分层认证模型,可以解决参与者在执行任务之前解决对身份认证,同时也可以对参与者进行位置等一些隐私数据的保护。The present invention proposes a participant hierarchical authentication model based on a hybrid blockchain, which can solve the identity authentication problem of participants before performing tasks, and can also protect some privacy data of participants such as location.

首先设计了一种多参与者模型。群智感知中有许多种感知设备,根据其参与意愿,将参与者分为普通节点,簇头节点进行分层认证,方便节点之间的协作。在提出一种混合区块链模型。为了更好的适应多参与者分层认证模型,普通节点的认证部署在本地区块链进行,簇头节点部署在公共区块链上进行认证,形成混合区块链模型。最后利用零知识证明对不同层次参与者进行认证。普通节点由簇头节点在本地区块链进行认证,簇头节点由公共区块链验证器进行认证,使用zokrates模型实现链下计算链上认证,大大减少了区块链的工作负载。First, a multi-participant model is designed. There are many kinds of sensing devices in crowd sensing. According to their willingness to participate, participants are divided into ordinary nodes, and cluster head nodes are hierarchically authenticated to facilitate collaboration between nodes. A hybrid blockchain model is proposed. In order to better adapt to the multi-participant hierarchical authentication model, the authentication of ordinary nodes is deployed on the local blockchain, and the cluster head nodes are deployed on the public blockchain for authentication, forming a hybrid blockchain model. Finally, zero-knowledge proof is used to authenticate participants at different levels. Ordinary nodes are authenticated by cluster head nodes on the local blockchain, and cluster head nodes are authenticated by public blockchain validators. The zokrates model is used to implement off-chain computing and on-chain authentication, which greatly reduces the workload of the blockchain.

可选地,所述的公共区块链可以选择以太坊或者超级账本。Optionally, the public blockchain may be Ethereum or Hyperledger.

可选地,所述的私有区块链也可以选择以太坊或者超级账本。Optionally, the private blockchain may also select Ethereum or Hyperledger.

普通节点是用户自己的设备,可以是手机,电脑,感应器等。Ordinary nodes are users’ own devices, which can be mobile phones, computers, sensors, etc.

簇头节点应该是有一个很强的计算能力的设备,这个设备需要处理普通节点上传的数据。The cluster head node should be a device with strong computing power, which needs to process the data uploaded by ordinary nodes.

使用zokrates模型,可以根据官网提供的一些API接口来使用或者语言自己编写代码,然后生成零知识证明的智能合约,该智能合约是solidity语言编写的。Using the Zokrates model, you can use some API interfaces provided by the official website or write your own code in a language, and then generate a zero-knowledge proof smart contract, which is written in the solidity language.

可选地,所述的节点部署到区块链是使用智能合约注册到区块链,智能合约可以是solidity语言或者chaincode语言进行编写。Optionally, the node is deployed to the blockchain by registering it to the blockchain using a smart contract, and the smart contract can be written in solidity language or chaincode language.

多参与者模型,不仅是一个私链网络上面只部署一个普通节点,而是一个一对多的模型,一个私链网络可以管理多个普通节点。同时也可以有多个私链网络,组成一个集群。每一个簇头节点管理一个私有链网络。The multi-participant model is not just a one-to-many model where only one common node is deployed on a private chain network. A private chain network can manage multiple common nodes. There can also be multiple private chain networks forming a cluster. Each cluster head node manages a private chain network.

身份认证,根据零知识验证智能合约来验证参与者的身份是否符合要求。如果符合要求,参与者可以进行任务接收。如果发现不符合要求,可以判断出这个参与者是一个攻击者,则会对该参与者注销。Identity authentication, based on the zero-knowledge verification smart contract, verifies whether the participant's identity meets the requirements. If it meets the requirements, the participant can receive the task. If it is found that it does not meet the requirements, it can be determined that the participant is an attacker and the participant will be deregistered.

如图1所示,我们根据群智感知网络中参与者参与意愿的不同,设计了参与者节点分层认证模型,并且根据该模型部署了混合区块链,引入非交互式零知识证明zkSNARKs中的Zokrates流程实现分层认证。该模型主要包括三个实体:区块链,任务请求者和参与者。如图2所示,群智感知中基于区块链的分布式身份认证方案,包括以下步骤:As shown in Figure 1, we designed a hierarchical authentication model for participant nodes based on the different willingness of participants in the crowd-sensing network, and deployed a hybrid blockchain based on the model, introducing the Zokrates process in non-interactive zero-knowledge proof zkSNARKs to achieve hierarchical authentication. The model mainly includes three entities: blockchain, task requester, and participant. As shown in Figure 2, the distributed identity authentication scheme based on blockchain in crowd-sensing includes the following steps:

步骤S1:首先选取感知设备,感知设备分为任务请求者,代理,普通工作者三种节点设备,将这些感知设备注册到区块链上。任务请求者和代理注册到公共区块链上。普通工作者注册到私有区块链上。Step S1: First, select the sensing devices, which are divided into three types of node devices: task requesters, agents, and ordinary workers. Register these sensing devices on the blockchain. Task requesters and agents are registered on the public blockchain. Ordinary workers are registered on the private blockchain.

步骤S2:任务请求者在区块链上建立感知任务,就会在公共区块链上根据加密排序算法随机选择一组验证器,进行簇头节点的认证。簇头节点认证成功后从公共区块链上下载感知任务,将感知任务分配给区块链上的普通节点,想要参加感知任务的普通节点发出请求参与感知任务消息触发感知任务智能合约将生成的秘密函数共享给私有链上注册的普通节点Step S2: When the task requester establishes a perception task on the blockchain, a group of validators will be randomly selected on the public blockchain according to the encryption sorting algorithm to authenticate the cluster head node. After the cluster head node is successfully authenticated, it will download the perception task from the public blockchain and assign the perception task to ordinary nodes on the blockchain. Ordinary nodes that want to participate in the perception task send a request to participate in the perception task message, which triggers the perception task smart contract to share the generated secret function with ordinary nodes registered on the private chain.

步骤S3:一旦其中某一个节点认证失败,认证失败的信息就会发送到区块链,然后将该验证失败的节点在区块链中进行注销。Step S3: Once one of the nodes fails to authenticate, the authentication failure information will be sent to the blockchain, and then the node that failed the authentication will be deregistered in the blockchain.

进一步地,步骤S1中选取感知设备的方法包括:Furthermore, the method of selecting a sensing device in step S1 includes:

任务请求者:任务请求者需要完成数据采集任务,如室内定位、智慧交通、环境监测、行为感知等。但是他们没有充足的能力自己完成任务。将需要的感知数据的形式和要求定义为感知任务,通过智能合约在区块链上发布。Task requester: Task requesters need to complete data collection tasks, such as indoor positioning, smart transportation, environmental monitoring, behavior perception, etc. However, they do not have sufficient capabilities to complete the tasks themselves. The form and requirements of the required perception data are defined as perception tasks and published on the blockchain through smart contracts.

代理:代理主要用于简单处理和转发来自网络中普通节点的感知数据,是愿意贡献较强计算和存储能力的节点。Proxy: The proxy is mainly used to simply process and forward the perception data from ordinary nodes in the network. It is a node that is willing to contribute strong computing and storage capabilities.

普通工作者:普通工作者是愿意贡献计算能力较弱的节点,用于感知各种数据。每个普通节点只属于一个簇头网络。普通节点通常只能感知和传输简单的数据,计算和存储能力较弱,能量有限,不能进行复杂的操作和数据处理。Ordinary workers: Ordinary workers are nodes that are willing to contribute weak computing power to sense various data. Each ordinary node belongs to only one cluster head network. Ordinary nodes can usually only sense and transmit simple data, have weak computing and storage capabilities, limited energy, and cannot perform complex operations and data processing.

进一步地,步骤S1中感知设备的注册,如图3所示注册步骤描述如下:Further, the registration of the sensing device in step S1, as shown in FIG3 , is described as follows:

步骤S1.1:首先节点先在以太坊上面申请的一个账户,然后在获取这个账户的公钥和私钥进行做签名sha256操作,用作用户注册的id。Step S1.1: First, the node applies for an account on Ethereum, and then obtains the public key and private key of this account to perform a sha256 signature operation, which is used as the user registration id.

步骤:S1.2节点提交注册请求消息,触发公共链上注册智能合约Step: S1.2 Node submits a registration request message, triggering the registration smart contract on the public chain

步骤S1.3:根据注册请求消息查询公共区块链中所存储的节点id。Step S1.3: Query the node ID stored in the public blockchain according to the registration request message.

步骤S1.4:若发现该节点的id已经存在,则会给节点返回一个False,告诉节点这个用户id已经存在,不可以再次使用,注册失败。Step S1.4: If it is found that the node ID already exists, a False will be returned to the node, telling the node that the user ID already exists and cannot be used again, and the registration fails.

步骤S1.5:若该任务请求者的id不存在,说明该节点并没有在区块链上注册使用过,可以进行注册。需要将任务请求者的id存储到区块链中,同时也需要将用户类型(True:表示任务请求者类型,False代表不是任务请求者类型)改成对应的节点类型,需要将注册成功状态改成True(False:表示没有注册成功,True:表示注册成功)。最后返回将True返回给节点,表示该节点在区块链上面注册成功,注册信息已经存储在区块链中。Step S1.5: If the task requester's id does not exist, it means that the node has not been registered and used on the blockchain, and can be registered. The task requester's id needs to be stored in the blockchain, and the user type (True: indicates the task requester type, False means not the task requester type) needs to be changed to the corresponding node type, and the registration success status needs to be changed to True (False: indicates that the registration is not successful, True: indicates that the registration is successful). Finally, True is returned to the node, indicating that the node is successfully registered on the blockchain and the registration information has been stored in the blockchain.

在S2步骤所描述的簇头节点认证是一旦任务请求者在区块链上建立感知任务,就会在公共区块链上根据加密排序算法随机选择一组验证器(概率与他们在区块链上的资金成正比),进行簇头节点的认证,认证失败的簇头节点将修改其状态值,撤销节点,以及修改所属簇头节点的所有普通节点状态值。The cluster head node authentication described in step S2 is that once the task requester establishes a perception task on the blockchain, a group of validators will be randomly selected on the public blockchain according to the encryption sorting algorithm (the probability is proportional to their funds on the blockchain) to authenticate the cluster head node. The cluster head node that fails the authentication will modify its status value, revoke the node, and modify the status values of all ordinary nodes belonging to the cluster head node.

步骤S2.1认证过程的设置阶段,如图2、4所示描述步骤如下:Step S2.1 The setup phase of the authentication process, as shown in Figures 2 and 4, is as follows:

步骤S2.1.1任务请求者发布感知任务智能合约,任务信息包括感知任务类型、完成时间、任务状态,以及生成一个秘密函数Hσ用于节点身份认证,Hσ=sha256(prkc||timestamp),其中prkC指的是节点的私钥,timeStamp,表示生成秘密函数的时间戳;秘密函数与已经在公共区块链上注册成功的簇头节点共享,簇头节点通过生成见证(witness)和证明(proof)来证明自己。找到满足秘密函数条件的变量称为见证(witness),发生在生成证明阶段。Step S2.1.1 The task requester publishes the perception task smart contract. The task information includes the perception task type, completion time, task status, and generates a secret function H σ for node identity authentication, H σ = sha256 (prk c || timestamp), where prk C refers to the private key of the node, and timeStamp represents the timestamp of generating the secret function; the secret function is shared with the cluster head node that has been successfully registered on the public blockchain, and the cluster head node proves itself by generating witnesses and proofs. Finding a variable that meets the conditions of the secret function is called a witness, which occurs in the proof generation stage.

步骤S2.1.2在设置阶段,任务请求者还从公共引用字符串(CRS)中创建证明密钥Proving key和验证密钥Verifying key,用于创建和验证证明Proof。Proving key发送给注册的簇头节点时,Verfier key发送给为簇头节点身份验证而创建的区块链智能合约。Step S2.1.2 During the setup phase, the task requester also creates a Proving key and a Verifying key from the Public Reference String (CRS) to create and verify the Proof. The Proving key is sent to the registered cluster head node, and the Verfier key is sent to the blockchain smart contract created for cluster head node identity authentication.

步骤S2.2簇头节点生成证明过程,如图5所示描述步骤如下:Step S2.2 The cluster head node generates a certification process, as shown in Figure 5, and the steps are as follows:

步骤S2.2.1:一旦簇头节点被注册并接收到身份验证元素(身份验证元素为秘密函数和证明密钥),它就会启动证明生成阶段,在此阶段簇头节点生成证明,以证明其对秘密函数Hτ的了解。生成证明的约束集cst已经在本地编译。Step S2.2.1: Once the cluster head node is registered and receives the authentication elements (the authentication elements are the secret function and the attestation key), it starts the attestation generation phase, in which the cluster head node generates a proof to prove its knowledge of the secret function H τ . The constraint set cst for generating the proof has been compiled locally.

步骤S2.2.2:簇头节点通过分配一组满足秘密函数参数的变量开始该过程。假设簇头节点知道Hτ,因此可以提供令人满意的值。这种变量赋值称为生成见证。簇头节点提供公共输入PubInp=(timestamp),私有输入PriInp(prkc)(这里主要是零知识证明提供的输入方式,输入方式有公共输入和私有输入,公共输入可以进行改变,私有输入不可以发生改变,主要是用于进行验证的输入。这里的公共输入表示的就是输入的时间戳,私有输入表示输入的节点的公钥)。得到witnessψ1=witnessGen(cst,PubInp,PriInp)(见证(witness)),后面跟的就是一个变量也是表示见证,wintnessGen表示生成见证的函数,cst:表示生成证明的约束集)。接下来,使用见证和证明密钥P(P证明密钥简写(provingkey)),簇头节点生成zk-snarks证明(zk-snarks就是表示零知识证明,proofGen表示生成证明的函数,等号的前面的变量就是表示生成的证明)步骤S2.3认证过程的验证过程,如图6所示描述步骤如下:Step S2.2.2: The cluster head node starts the process by assigning a set of variables that satisfy the parameters of the secret function. It is assumed that the cluster head node knows H τ and can therefore provide a satisfactory value. This variable assignment is called generating a witness. The cluster head node provides a public input PubInp = (timestamp) and a private input PriInp (prk c ) (here it is mainly the input method provided by the zero-knowledge proof. The input methods include public input and private input. The public input can be changed, and the private input cannot be changed. It is mainly used for verification input. The public input here represents the timestamp of the input, and the private input represents the public key of the input node). Get witnessψ1 = witnessGen (cst, PubInp, PriInp) (witness), followed by a variable that also represents the witness, wintnessGen represents the function for generating the witness, cst: represents the constraint set for generating the proof). Next, using the witness and the proof key P (P is abbreviated as the proving key (provingkey)), the cluster head node generates a zk-snarks proof (zk-snarks means zero-knowledge proof, proofGen means the function to generate proof, and the variable before the equal sign means the generated proof) Step S2.3 The verification process of the authentication process is described as follows as shown in Figure 6:

步骤S2.3.1:此时,簇头节点有一个有效证明proof(σ和/>都是表示证明,只不过用于不同的节点,proof:统称,另外两个都是变量)。簇头节点通过一个假名地址将证明发送到公共链上的认证智能合约(认证智能合约:表示用于节点认证的的智能合约。感知任务智能合约:表示节点来接收任务的智能合约)时,从选取的j个验证器中进行验证。Step S2.3.1: At this point, the cluster head node has a valid proof (σ and /> They all represent proofs, but they are used for different nodes. Proof: a general term, the other two are variables). The cluster head node sends the proof through a pseudonymous address. When the authentication smart contract (Authentication smart contract: represents the smart contract used for node authentication. Perception task smart contract: represents the smart contract for nodes to receive tasks) is sent to the public chain, it is verified from the selected j validators.

步骤S2.3.2:我们需要确保被选择的验证器必须在他们的区块链帐户中有足够余额,以备后续的惩罚。在选择有足够余额的验证器过程中,我们利用了加密排序算法VRF根据他们的余额随机选择一组验证器。使验证器选择过程以非交互和随机的方式在公共区块链上安全地执行,阻止拒绝服务(DoS)攻击,因为攻击者不能提前知道稍后将选择哪个验证器。Step S2.3.2: We need to ensure that the selected validators must have sufficient balance in their blockchain accounts to prepare for subsequent penalties. In the process of selecting validators with sufficient balance, we utilize the cryptographic sorting algorithm VRF to randomly select a group of validators based on their balances. This allows the validator selection process to be securely performed on the public blockchain in a non-interactive and random manner, preventing Denial of Service (DoS) attacks because the attacker cannot know in advance which validator will be selected later.

步骤S2.3.3:具体来说,每个验证器节点区块链账户中的货币被量化为货币单位的数量,表示为w。从w个货币单位恰好选择了j个的概率二项分布:Step S2.3.3: Specifically, the currency in each validator node blockchain account is quantified into the number of currency units, denoted as w. The probability that exactly j are selected from w currency units is binomial distribution:

P为选择货币单位的系统概率w表示验证者拥有的货币单位。为了确定验证器所选择的货币单位的确切数量,使用概率/>构造范围[0,1)内的一组连续区间/>这里将随机值t∈[0,1)映射到特定区间Ij仍然具有与B(j;w,p)相同的概率,与t所属区间对应的值j随后可用于表示所选货币单位的数量。P is the systematic probability of choosing a currency unit w represents the number of units of currency owned by the validator. To determine the exact number of units of currency chosen by the validator, the probability is used/> Construct a set of continuous intervals in the range [0,1)/> Here, mapping a random value t∈[0,1) to a specific interval Ij still has the same probability as B(j;w,p), and the value j corresponding to the interval to which t belongs can then be used to represent the number of selected currency units.

为了使上述排序过程在区块链上可验证,t由可验证随机函数VRF[29]计算,具体来说其中hash是使用sd和验证器的密钥sk从VRF输出的伪随机hash值,len是hash的位长度。注意,当散列在0和len之间均匀分布时,t随机落在[0,1)中。此外,验证器给出的hash可以通过VRF使用其公共验证密钥pk进行验证,因此t可以在智能合约上以可验证的方式重新生成。执行本地加密排序过程后,每个验证器学到一个值j,表示拥有的货币单位被选择了多少,如果j>0,验证器发送排序证明(hash,π)给智能合约以参与认证任务。(hash,π)将通过VRF检查证明,VRF=(Gen,Eval,Prove,Verify)生成一个公开可验证的伪随机值。给定一个安全参数λ,一个概率密钥发生器gen(1λ)生成一个秘密密钥sk和一个公开可验证密钥pk。带着sk和信息x,求值器Evalsk(x)输出伪随机值y,和一个证明程序Provesk(x)产生一个证明π,证明y与pk一致。最后,验证者从Verifypk(π,x,y)作为输入,验证证明π。验证证明后重复排序过程得到值j,如果重新生成的值j>0,那么智能合约将记录验证器的身份和值j。被选中的验证器执行验证任务,若验证成功,则在公共链上存储相关信息,并给与验证器一定资金报酬。若验证失败:撤销簇头节点,根据账户余额选取新的簇头节点。j值是选择的验证器中被选择的货币数量,用来选择验证器的标准。选择的验证器执行认证智能合约,验证成功的判断依据是上述生成的zk-SNARKs证明的验证结果。In order to make the above sorting process verifiable on the blockchain, t is calculated by the verifiable random function VRF[29]. Specifically, where hash is the pseudo-random hash value output from the VRF using sd and the validator’s secret key sk, and len is the bit length of the hash. Note that while the hash is uniformly distributed between 0 and len, t falls randomly in [0,1). Furthermore, the hash given by the validator can be verified by the VRF using its public verification key pk, so t can be regenerated in a verifiable manner on the smart contract. After performing the local cryptographic sorting process, each validator learns a value j representing how many of the currency units it has been selected, and if j>0, the validator sends a proof of sorting (hash,π) to the smart contract to participate in the certification task. (hash,π) will be checked by the VRF, VRF = (Gen,Eval,Prove,Verify) generates a publicly verifiable pseudo-random value. Given a security parameter λ, a probabilistic key generator gen(1λ) generates a secret key sk and a publicly verifiable key pk. With sk and information x, the evaluator Evalsk(x) outputs a pseudo-random value y, and a proving procedure Provesk(x) produces a proof π that proves that y is consistent with pk. Finally, the verifier takes Verifypk(π,x,y) as input and verifies the proof π. After verifying the proof, the sorting process is repeated to obtain the value j. If the regenerated value j>0, the smart contract will record the identity of the verifier and the value j. The selected verifier performs the verification task. If the verification is successful, the relevant information is stored on the public chain and the verifier is rewarded with a certain amount of funds. If the verification fails: the cluster head node is revoked and a new cluster head node is selected based on the account balance. The j value is the amount of currency selected in the selected verifier, which is used as the standard for selecting the verifier. The selected verifier executes the authentication smart contract, and the judgment basis for the success of the verification is the verification result of the zk-SNARKs proof generated above.

步骤S2.4普通节点与簇头节点之间的认证如图7所示描述步骤如下:Step S2.4: Authentication between common nodes and cluster head nodes. The steps are as shown in Figure 7:

步骤S2.4.1:簇头节点认证成功后从公共区块链上下载感知任务,将感知任务分配给区块链上的普通节点,想要参加感知任务的普通节点发出请求参与感知任务消息触发感知任务智能合约将生成的秘密函数共享给私有链上注册的普通节点。开启普通节点身份认证过程。Step S2.4.1: After the cluster head node is successfully authenticated, it downloads the sensing task from the public blockchain and assigns the sensing task to the ordinary nodes on the blockchain. The ordinary nodes that want to participate in the sensing task send a request to participate in the sensing task message to trigger the sensing task smart contract to share the generated secret function with the ordinary nodes registered on the private chain. Start the ordinary node identity authentication process.

步骤S2.4.2:进制设置在这个步骤中,我们实现了一个证明足够困难的秘密函数Hτ,它要求证明者证明它对hash函数原像的认知。因此提供一个无效输入来解决秘密函数的困难在于生成一个τ′,例如τ′≠τ且Hτ′=Hτ。(这里表示τ′的秘密函数,列举的一个示例)Step S2.4.2: Base Setting In this step, we implement a secret function H τ that is difficult enough to prove, which requires the prover to prove his knowledge of the hash function preimage. Therefore, the difficulty of providing an invalid input to solve the secret function is to generate a τ′, such as τ′≠τ and H τ′ =H τ . (Here represents the secret function of τ′, an example is listed)

任务请求者生成一个秘密函数Hτ=sha256(puku||timestamp)与注册参与者共享,以便参与者可以生成witness和proof来证明自己。任务请求者还从公共引用字符串(CRS)中创建证明密钥verfier key和验证密钥verfier key用来创建和验证证明。proving key发送给参与者时,verfier key被发送给区块链认证智能合约。The task requester generates a secret function H τ = sha256(pu k u || timestamp) and shares it with the registered participants so that the participants can generate witnesses and proofs to prove themselves. The task requester also creates a proving key and a verification key from the public reference string (CRS) to create and verify proofs. When the proving key is sent to the participant, the verfier key is sent to the blockchain authentication smart contract.

步骤S2.4.3:生成证明一旦参与者注册并接收到身份验证元素,它就会启动证据生成阶段,在此阶段参与者生成证明,以证明其对秘密函数Hτ的了解。参与者节点利用公共输入时间戳PubInp(timestamp)来防止重放攻击。私有输入PriInp(prkn)。使用函数witnessψ2=witnessGen(PubInp,PriInp)计算得到见证,电路证明密钥P2,用户生成zk-snarks证明σ=proofGen(P2,Ψ2)。(表示普通节点的证明密钥和见证,上面是簇头节点的见证和证明密钥)Step S2.4.3: Generate proof Once a participant registers and receives the authentication element, it starts the proof generation phase, in which the participant generates a proof to prove its knowledge of the secret function H τ . The participant node uses the public input timestamp PubInp(timestamp) to prevent replay attacks. Private input PriInp(prk n ). Using the function witnessψ2=witnessGen(PubInp, PriInp), the witness is calculated, the circuit proof key P2, and the user generates a zk-snarks proof σ=proofGen(P2,Ψ2). (Represents the proof key and witness of an ordinary node, and the above is the witness and proof key of the cluster head node)

步骤S2.4.3:此时,参与者节点有一个证明proofσ。通过一个假名地址将证明σ发送给私有链上的身份验证智能合约,份验证智能合约验证成功则将在本地存储所属信息等。若验证不成功,则被视为恶意用户,修改exist字段为假。Step S2.4.3: At this point, the participant node has a proof σ. The proof σ is sent to the identity verification smart contract on the private chain through a pseudonymous address. If the verification is successful, the smart contract will store the belonging information locally. If the verification fails, it is regarded as a malicious user and the exist field is modified to false.

最后S3验证失败的节点在区块链中进行注销如图8所示所述步骤如下:步骤S3.1:若普通参与者节点身份认证失败,簇头节点上部署的智能合约执行节点注销程序,修改该节点exist字段。Finally, the node that fails S3 verification is deregistered in the blockchain as shown in Figure 8. The steps are as follows: Step S3.1: If the identity authentication of the ordinary participant node fails, the smart contract deployed on the cluster head node executes the node deregistration procedure and modifies the node exist field.

步骤S3.2:若验证器收到来自簇头节点生成的证明身份认证失败,用户将被视为恶意用户,智能合约执行注销节点程序,修改节点exist字段为假。Step S3.2: If the validator receives the proof generated by the cluster head node and the identity authentication fails, the user will be regarded as a malicious user, and the smart contract will execute the node deregistration program and modify the node exist field to false.

显然本发明具体实现并不受上述方式的限制,只要采用了本发明的方法构思和技术方案进行的各种非实质性的改进,均在本发明的保护范围之内。Obviously, the specific implementation of the present invention is not limited to the above-mentioned methods. As long as various non-substantial improvements are made using the method concept and technical solution of the present invention, they are all within the protection scope of the present invention.

Claims (7)

1.一种群智感知中基于区块链的分布式身份认证方法,其特征在于:在群智感知系统中将参与者分为普通节点和簇头节点,将普通节点布置在私有区块链上进行认证,簇头节点部署在公共区块链上进行认证;其中利用零知识证明对参与者进行认证;1. A distributed identity authentication method based on blockchain in crowd sensing, characterized in that: in the crowd sensing system, participants are divided into ordinary nodes and cluster head nodes, ordinary nodes are arranged on a private blockchain for authentication, and cluster head nodes are deployed on a public blockchain for authentication; zero-knowledge proof is used to authenticate participants; 在群智感知中,参与者还包括任务请求者,任务请求者、簇头节点注册在公共区块链上,普通节点注册在私有区块链上;In crowd sensing, participants also include task requesters. Task requesters and cluster head nodes are registered on the public blockchain, and ordinary nodes are registered on the private blockchain. 任务请求者在区块链上建立感知任务,并在公共区块链上根据加密排序算法随机选择一组验证器,进行簇头节点的认证;簇头节点认证成功后从公共区块链上下载感知任务,将感知任务分配给区块链上的普通节点,想要参加感知任务的普通节点发出请求参与感知任务消息触发感知任务智能合约将生成的秘密函数共享给私有链上注册的普通节点并进行认证;The task requester establishes a perception task on the blockchain and randomly selects a group of validators on the public blockchain according to the encryption sorting algorithm to authenticate the cluster head node. After the cluster head node is successfully authenticated, it downloads the perception task from the public blockchain and assigns the perception task to ordinary nodes on the blockchain. Ordinary nodes that want to participate in the perception task send a request to participate in the perception task message, which triggers the perception task smart contract to share the generated secret function with ordinary nodes registered on the private chain and authenticate them. 在任一节点认证失败时,认证失败的信息就会发送到区块链,然后将该验证失败的节点在区块链中进行注销。When any node fails to authenticate, the authentication failure information will be sent to the blockchain, and then the node that failed the authentication will be deregistered from the blockchain. 2.如权利要求1所述的一种群智感知中基于区块链的分布式身份认证方法,其特征在于:群智感知设备注册在区块链上包括:2. A distributed identity authentication method based on blockchain in crowd intelligence perception as claimed in claim 1, characterized in that: the crowd intelligence perception device is registered on the blockchain including: 步骤S1.1:首先节点先在以太坊上面申请的一个账户,然后在获取这个账户的公钥和私钥进行做签名sha256操作,用作用户注册的id;Step S1.1: First, the node applies for an account on Ethereum, and then obtains the public key and private key of this account to perform a sha256 signature operation, which is used as the user registration ID; 步骤:S1.2节点提交注册请求消息,触发公共链上注册智能合约;Step: S1.2 The node submits a registration request message, triggering the registration smart contract on the public chain; 步骤S1.3:根据注册请求消息查询公共区块链中所存储的节点id;Step S1.3: query the node ID stored in the public blockchain according to the registration request message; 步骤S1.4:若节点的id已经存在,则会给节点返回一个False,告诉节点这个用户id已经存在,注册失败;否则进行注册,将任务请求者的id存储到区块链中,同时将用户类型改成对应的节点类型,需要将注册成功状态改成True,将True返回给节点,表示该节点在区块链上面注册成功,注册信息已经存储在区块链中。Step S1.4: If the node ID already exists, a False will be returned to the node, telling the node that the user ID already exists and the registration fails; otherwise, registration is performed, the ID of the task requester is stored in the blockchain, and the user type is changed to the corresponding node type. The registration success status needs to be changed to True, and True is returned to the node, indicating that the node is successfully registered on the blockchain and the registration information has been stored in the blockchain. 3.如权利要求1所述的一种群智感知中基于区块链的分布式身份认证方法,其特征在于:簇头节点认证是一旦任务请求者在区块链上建立感知任务,就会在公共区块链上根据加密排序算法随机选择一组验证器,进行簇头节点的认证,认证失败的簇头节点将修改其状态值,撤销节点,以及修改所属簇头节点的所有普通节点状态值。3. A distributed identity authentication method based on blockchain in crowd intelligence perception as described in claim 1, characterized in that: cluster head node authentication is that once the task requester establishes a perception task on the blockchain, a group of validators will be randomly selected on the public blockchain according to the encryption sorting algorithm to authenticate the cluster head node. The cluster head node that fails the authentication will modify its status value, revoke the node, and modify the status values of all ordinary nodes of the cluster head node. 4.如权利要求1-3任一所述的一种群智感知中基于区块链的分布式身份认证方法,其特征在于:任务请求者在建立感知任务时发布感知任务智能合约,任务信息包括感知任务类型、完成时间、任务状态,以及生成一个秘密函数Hσ用于节点身份认证,秘密函数与已经在公共区块链上注册成功的簇头节点共享,簇头节点通过生成见证witness和证明proof来证明自己。4. A distributed identity authentication method based on blockchain in crowd intelligence perception as described in any one of claims 1-3, characterized in that: the task requester publishes a perception task smart contract when establishing a perception task, the task information includes the perception task type, completion time, task status, and generates a secret function H σ for node identity authentication, the secret function is shared with the cluster head node that has been successfully registered on the public blockchain, and the cluster head node proves itself by generating a witness and a proof. 5.如权利要求4所述的一种群智感知中基于区块链的分布式身份认证方法,其特征在于:在簇头节点认证前的设置阶段,任务请求者从公共引用字符串CRS中创建证明密钥Proving key和验证密钥Verifying key,用于创建和验证证明Proof,Proving key发送给注册的簇头节点时,Verfier key发送给为簇头节点身份验证而创建的区块链智能合约;5. A distributed identity authentication method based on blockchain in crowd intelligence perception as claimed in claim 4, characterized in that: in the setup stage before the cluster head node authentication, the task requester creates a proving key and a verification key from the public reference string CRS, which are used to create and verify the proof Proof, and when the Proving key is sent to the registered cluster head node, the Verfier key is sent to the blockchain smart contract created for the cluster head node identity authentication; 簇头节点被注册并接收到身份验证元素后启动证明生成阶段,在此阶段簇头节点生成证明,簇头节点有一个有效证明proof簇头节点通过一个假名地址将证明/>发送到公共链上的认证智能合约时,从选取的j个验证器中进行验证。After the cluster head node is registered and receives the authentication element, the proof generation phase starts. In this phase, the cluster head node generates a proof. The cluster head node has a valid proof. The cluster head node will prove it through a pseudonymous address/> When sending to the authentication smart contract on the public chain, it is verified from the selected j validators. 6.如权利要求1-3任一所述的一种群智感知中基于区块链的分布式身份认证方法,其特征在于:簇头节点认证成功后从公共区块链上下载感知任务,将感知任务分配给区块链上的普通节点,想要参加感知任务的普通节点发出请求参与感知任务消息,触发感知任务智能合约将生成的秘密函数共享给私有链上注册的普通节点,开启采用零知识证明方式对普通节点身份进行认证的过程。6. A distributed identity authentication method based on blockchain in group intelligence perception as described in any one of claims 1-3, characterized in that: after the cluster head node is successfully authenticated, it downloads the perception task from the public blockchain, assigns the perception task to the ordinary nodes on the blockchain, and the ordinary nodes that want to participate in the perception task send a request to participate in the perception task message, triggering the perception task smart contract to share the generated secret function with the ordinary nodes registered on the private chain, and starting the process of authenticating the identity of the ordinary nodes using zero-knowledge proof. 7.如权利要求6所述的一种群智感知中基于区块链的分布式身份认证方法,其特征在于:普通节点身份认证包括:任务请求者生成的秘密函数Hτ与注册参与者共享,以便参与者可以生成witness和proof来证明自己,任务请求者还从公共引用字符串CRS中创建证明密钥verfier key和验证密钥verfier key用来创建和验证证明,proving key发送给参与者时,verfier key被发送给区块链认证智能合约;参与者注册并接收到身份验证元素,它就会启动证据生成阶段,在此阶段参与者生成证明;参与者节点的证明proofσ,通过一个假名地址将证明σ发送给私有链上的身份验证智能合约,份验证智能合约验证成功则将在本地存储所属信息等,若验证不成功,则被视为恶意用户,修改exist字段为假。7. A distributed identity authentication method based on blockchain in crowd intelligence perception as described in claim 6, characterized in that: ordinary node identity authentication includes: the secret function H τ generated by the task requester is shared with the registered participants so that the participants can generate witness and proof to prove themselves. The task requester also creates a proving key verfier key and a verification key verfier key from the public reference string CRS to create and verify the proof. When the proving key is sent to the participant, the verfier key is sent to the blockchain authentication smart contract; when the participant registers and receives the identity authentication element, it will start the evidence generation phase, in which the participant generates the proof; the proof σ of the participant node is sent to the identity authentication smart contract on the private chain through a pseudonymous address. If the verification of the verification smart contract is successful, the belonging information will be stored locally, etc. If the verification fails, it is regarded as a malicious user and the exist field is modified to false.
CN202210369735.6A 2022-04-08 2022-04-08 Block chain-based distributed identity authentication method in crowd sensing Active CN115189882B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210369735.6A CN115189882B (en) 2022-04-08 2022-04-08 Block chain-based distributed identity authentication method in crowd sensing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210369735.6A CN115189882B (en) 2022-04-08 2022-04-08 Block chain-based distributed identity authentication method in crowd sensing

Publications (2)

Publication Number Publication Date
CN115189882A CN115189882A (en) 2022-10-14
CN115189882B true CN115189882B (en) 2024-04-30

Family

ID=83512471

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210369735.6A Active CN115189882B (en) 2022-04-08 2022-04-08 Block chain-based distributed identity authentication method in crowd sensing

Country Status (1)

Country Link
CN (1) CN115189882B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20200087913A (en) * 2019-01-11 2020-07-22 서강대학교산학협력단 System and method for providing secret electronic voting service based on blockchain
CN112291354A (en) * 2020-10-31 2021-01-29 南京工业大学 A privacy protection method for participants in a blockchain-based crowd-sensing MCS
CN114158037A (en) * 2021-11-19 2022-03-08 国网冀北电力有限公司 A method and system for IoT device identity authentication based on layered blockchain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20200087913A (en) * 2019-01-11 2020-07-22 서강대학교산학협력단 System and method for providing secret electronic voting service based on blockchain
CN112291354A (en) * 2020-10-31 2021-01-29 南京工业大学 A privacy protection method for participants in a blockchain-based crowd-sensing MCS
CN114158037A (en) * 2021-11-19 2022-03-08 国网冀北电力有限公司 A method and system for IoT device identity authentication based on layered blockchain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Data security management of logistics network based on blockchain technology;Weisheng Wen Et.AL;《2021 IEEE 4th International Conference on Information Systems and Computer Aided Education (ICISCAE)》;20211111;全文 *
基于联盟链的微电网身份认证协议;张利华;胡方舟;黄阳;万源华;李晶晶;;应用科学学报;20200130(01);全文 *

Also Published As

Publication number Publication date
CN115189882A (en) 2022-10-14

Similar Documents

Publication Publication Date Title
US20220255796A1 (en) Object identification for groups of iot devices
Jabbar et al. Blockchain for the Internet of Vehicles: How to use blockchain to secure vehicle-to-everything (V2X) communication and payment?
Lam et al. ANT-centric IoT security reference architecture—Security-by-design for satellite-enabled smart cities
Guo et al. Proof-of-event recording system for autonomous vehicles: A blockchain-based solution
CN112104665B (en) Block chain-based identity authentication method and device, computer and storage medium
CN109889497B (en) A Trustless Data Integrity Verification Method
Shen et al. Blockchain-based lightweight certificate authority for efficient privacy-preserving location-based service in vehicular social networks
Feng et al. Blockchain-based data management and edge-assisted trusted cloaking area construction for location privacy protection in vehicular networks
Mei et al. Toward blockchain-enabled IoV with edge computing: Efficient and privacy-preserving vehicular communication and dynamic updating
US20190141048A1 (en) Blockchain identification system
Dwivedi et al. Smart contract and IPFS-based trustworthy secure data storage and device authentication scheme in fog computing environment
Son et al. Design of secure and lightweight authentication scheme for UAV-enabled intelligent transportation systems using blockchain and PUF
Vance et al. Privacy-aware edge computing in social sensing applications using ring signatures
Lee et al. Design of a two layered blockchain-based reputation system in vehicular networks
CN116074023A (en) Authentication method and communication device
CN110910110A (en) A data processing method, device and computer storage medium
Zhang et al. Secure channel establishment scheme for task delivery in vehicular cloud computing
Zhang et al. Secure and reliable parking protocol based on blockchain for VANETs
CN117375797A (en) Anonymous authentication and vehicle information sharing method based on blockchain and zero-knowledge proof
CN110990790B (en) Data processing method and equipment
Motepalli et al. Decentralizing permissioned blockchain with delay towers
Wang et al. Secure long-range autonomous valet parking: A reservation scheme with three-factor authentication and key agreement
Das et al. Design of a trust-based authentication scheme for blockchain-enabled iov system
Alkhalifa et al. Enhancing Security and Scalability in Vehicular Networks: A Bayesian DAG Blockchain Approach With Edge-Assisted RSU
CN115189882B (en) Block chain-based distributed identity authentication method in crowd sensing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant