一种基于分布式密钥与BLS签名的跨域认证方案

doi:10.11871/jfdc.issn.2096-742X.2024.05.002

数据与计算发展前沿 ›› 2024, Vol. 6 ›› Issue (5): 13-23.

CSTR: 32002.14.jfdc.CN10-1649/TP.2024.05.002

doi: 10.11871/jfdc.issn.2096-742X.2024.05.002

一种基于分布式密钥与BLS签名的跨域认证方案

郑起鼎^1,^2,³(),王贺祥^1,^2,³,张洪玮^1,^3,^*()

1.天津理工大学，计算机科学与工程学院，天津 300384
2.智能计算机及软件新技术天津市重点实验室，天津 300384
3.计算机病毒防治技术国家工程实验室，天津 300457

收稿日期:2024-08-07 出版日期:2024-10-20 发布日期:2024-10-21
通讯作者: * 张洪玮（E-mail: harvoe@live.com）
作者简介:郑起鼎，天津理工大学，计算机科学与工程学院，硕士研究生，主要研究方向为区块链、跨域溯源。
文中负责论文初稿撰写与方案实现开发。
ZHENG Qiding is a postgraduate student at the School of Computer Science and Engineering, Tianjin University of Technology. His main research interests include blockchain and cross domain traceability.
In this paper, he is responsible for the paper drafting and developing the scheme.
E-mail: zqd@stud.tjut.edu.cn|张洪玮，中国计算机学会会员，天津理工大学计算机科学与工程学院，网络空间安全系主任，现任天津理工大学副教授，博士，主要研究领域为区块链、隐私保护和数据安全共享。
文中负责制方案设计与论证，论文修订校稿。
ZHANG Hongwei, Ph.D., is a member of the China Computer Federation (CCF) with a membership number of c8243m. He is the director of the Department of Cyberspace Security, School of Computer Science and Engineering, Tianjin University of Technology. He is currently an associate professor at the Tianjin University of Technology. His main research interests include blockchain, privacy protection, and data security sharing.
In this paper, he is responsible for the design and demonstration of the scheme, and the revision and proofreading of the paper.
E-mail: harvoe@live.com
基金资助:
国家重点研发计划“大规模制造产业可信溯源理论与方法研究”(2021YFB3300900)

A Cross Domain Authentication Scheme Based on Distributed Key and BLS Signature

ZHENG Qiding^1,^2,³(),WANG Hexiang^1,^2,³,ZHANG Hongwei^1,^3,^*()

1. School of Computer Science and Engineering, Tianjin University of technology, Tianjin 300384, China
2. Tianjin Key Laboratory of Intelligent Computer and Novel Software Technology, Tianjin 300384, China
3. National Engineering Laboratory of Computer Virus Prevention and Control Technology,Tianjin 300457, China

Received:2024-08-07 Online:2024-10-20 Published:2024-10-21

摘要/Abstract

摘要：

【目的】为解决工业互联网跨域溯源体系中节点身份认证的问题，本文提出基于分布式密钥的Dion跨域认证方案，该方案旨在克服当前跨域认证方案中存在的证书机构中心化及扩展性不足等问题。【方法】本研究以DID去中心化身份技术为基础，采用分布式密钥生成技术与BLS签名算法构建证书颁发模型，通过合约建立用户身份证书的撤销与更新机制，利用证书实现跨域溯源的身份认证。【结果】在以太坊平台上进行的实验模拟了该方案在跨域溯源认证流程中的应用。结果表明，该方案在满足工业互联网跨域溯源的认证需求前提下，实现了证书颁发机构的去中心化，同时增强了系统对单点故障的抵御能力。【结论】基于DID的身份认证模型在区块技术领域展现出显著的潜力与应用前景，为各节点间的交互提供有效的身份证明。然而，在验证效率以及身份更新与撤销方面还需要进一步研究。

关键词: 区块链, 跨域认证, 分布式密钥, 跨域溯源

Abstract:

[Objective] In order to solve the problem of node identity authentication in the cross domain traceability system of industrial Internet, this paper proposes Dion, a cross domain authentication scheme based on the distributed key, which aims to overcome the centralization and scalability problems of the certificate authority in the current cross domain authentication scheme. [Methods] Based on the DID decentralized identity technology, this study uses the distributed key generation technology and BLS signature algorithm to build a certificate issuance model, establishes the revocation and update mechanism of user identity certificate through the contract, and uses the certificate to realize cross domain traceability identity authentication. [Results] Experiments on the Ethereum platform simulated the application of the scheme in the cross-domain traceability authentication process. The results show that the scheme realizes the decentralization of the certification authority on the premise of meeting the authentication requirements of cross domain traceability of the industrial Internet, and enhances the system's resistance to the single point of failure. [Conclusions] The DID-based authentication model shows significant potential and application prospects in the field of blockchain technology and provides effective authentication for the interaction between nodes. However, further research is needed in the aspects of authentication efficiency, identity update, and revocation.

Key words: blockchain, cross domain authentication, distributed key, cross domain traceability

郑起鼎, 王贺祥, 张洪玮. 一种基于分布式密钥与BLS签名的跨域认证方案[J]. 数据与计算发展前沿, 2024, 6(5): 13-23.

ZHENG Qiding, WANG Hexiang, ZHANG Hongwei. A Cross Domain Authentication Scheme Based on Distributed Key and BLS Signature[J]. Frontiers of Data and Computing, 2024, 6(5): 13-23, https://cstr.cn/32002.14.jfdc.CN10-1649/TP.2024.05.002.

图/表 7

图1

图2

图3

图4

图5

图6

表1

参考文献 21

[1]	CHEN JY. Responsible sourcing and supply chain tr-aceability[J]. International Journal of Production E-conomics, 2022, 248: 108462.
[2]	GUO H, YU X. A survey on blockchain technology and its security[J]. Blockchain: research and applications, 2022, 3(2): 100067.
[3]	刘思瀚, 徐石成, 何光宇. 基于区块链技术的电动汽车电池溯源系统构建[J]. 数据与计算发展前沿, 2020, 2(5): 76-83.
[4]	DUTTA P, CHOI TM, SOMANI S, et al. Blockchain technology in supply chain operations: Applications, challenges and research opportunities[J]. Transportation research part e: Logistics and transportation review, 2020, 142: 102067.
[5]	JIN W, ZHENG M, LIU P. Design of Multi-Chain Traceability Model for Pepper Products Based on Traceability Code[J]. Applied Sciences 2024, 14(9):3809.
[6]	HU X, HU K, WANG S, et al. A master-slave chain model for multiple blockchains[C]// Proceedings of th-e 2020 3rd International Conference on Blockchain Technology and Applications, 2020, 14: 12-18.
[7]	钟子岳, 朱长昊, 李浚哲, 等. 基于区块链的数据要素可信流通技术综述[J]. 数据与计算发展前沿, 2023, 5(5): 46-62.
[8]	ZHANG H, CHEN X, LAN X, et al. BTCAS: A blockchain-based thoroughly cross-domain authentication scheme[J]. Journal of Information Security and Applications, 2020, 55: 102538.
[9]	ALI G, AHMAD N, CAO Y, et al. xDBAuth: Blockchain based cross domain authentication and authorization framework for Internet of Things[J]. IEEE access, 2020, 8: 58800-58816.
[10]	ZHANG H, ZHAO F. Cross-domain identity authentication scheme based on blockchain and PKI system[J]. High-Confidence Computing, 2023, 3(1): 100096.
[11]	DING Y, ZHANG Y, QIN B, et al. A scalable cross-chain access control and identity authentication sc-heme[J]. Sensors, 2023, 23(4): 2000.
[12]	HUANG C, XUE L, LIU D, et al. Blockchain-assisted transparent cross-domain authorization and auth-entication for smart city[J]. IEEE Internet of Things Journal, 2022, 9(18): 17194-17209.
[13]	YANG Y, HU M, KONG S, et al. Scheme on cross-domain identity authentication based on group signature for cloud computing[J]. Wuhan University Journal of Natural Sciences, 2019, 24(2): 134-140.
[14]	NITA S L, MIHAILESCU M I. A Novel Authentication Scheme Based on Verifiable Credentials Using Digital Identity in the Context of Web 3.0[J]. Electronics, 2024, 13(6): 1137.
[15]	MANOJ T, MAKKITHAYA K, NARENDRA V. A blockchain based decentralized identifiers for entity authentication in electronic health records[J]. Cogent Engineering, 2022, 9(1): 2035134.
[16]	ALANGOT B, SZALACHOWSKI P, DINH TT, et al. Decentralized identity authentication with auditability and privacy[J]. Algorithms, 2022, 16(1): 4.
[17]	CAO L, ZHAO S, GAO Z, et al. Cross-chain data traceability mechanism for cross-domain access[J]. The Journal of Supercomputing, 2023, 79(5): 4944-4961.
[18]	GUO S, WANG F, ZHANG N, et al. Master-slave chain based trusted cross-domain authentication me-chanism in IoT[J]. Journal of Network and Computer Applications, 2020, 172: 102812.
[19]	WU X, WEI S, ZHANG Z, et al. Main-Secondary Blockchain Framework: Cross-Domain Trust Management Mechanism Using Trust Ticket[J]. IEEE Tr-ansactions on Network and Service Management,20 23, 20(3): 2830-2844.
[20]	SHOUP V, SMART NP. Lightweight asynchronous verifiable secret sharing with optimal resilience[J]. Journal of Cryptology, 2024, 37(3): 27.
[21]	马宇航, 张亮, 吴星雨, 等. 基于分布式密钥生成和属性基密码的多方跨链交易方案[J]. 计算机研究与发展, 2023, 60(11): 2534-2544.

文献方案	可拓展性	去中心化性	自主身份权	抵抗单点故障
文献9	×	√	×	√
文献13	×	×	×	×
文献14	√	√	√	×
Dion	√	√	√	√

一种基于分布式密钥与BLS签名的跨域认证方案

A Cross Domain Authentication Scheme Based on Distributed Key and BLS Signature

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 21

相关文章 15

编辑推荐

Metrics

本文评价

[1]	胡睿, 张功萱, 寇小勇. 一种基于Fabric区块链的云端数据动态访问控制方案[J]. 数据与计算发展前沿, 2024, 6(1): 150-161.
[2]	钟子岳, 朱长昊, 李浚哲, 张美慧. 基于区块链的数据要素可信流通技术综述[J]. 数据与计算发展前沿, 2023, 5(5): 46-62.
[3]	谢人强, 陈燕玉. 基于区块链智能节点的社交网络舆情传播探讨[J]. 数据与计算发展前沿, 2023, 5(3): 152-159.
[4]	赵鑫博,代闯闯,陆忠华. 一种改进的BMUF训练框架及联邦学习系统实现[J]. 数据与计算发展前沿, 2022, 4(6): 105-117.
[5]	郑歆凤,王建均,黄敬彬,饶强,潘金木,叶沁丹. 基于区块链技术的“三体五信”算网运营体系研究[J]. 数据与计算发展前沿, 2022, 4(6): 38-54.
[6]	王晶,张海明,温亮明,马卓然. 基于联盟链的科研云联邦计量系统研究设计[J]. 数据与计算发展前沿, 2022, 4(2): 109-120.
[7]	李浩,李新,陈远平. 区块链在电子发票报销中的创新应用模式[J]. 数据与计算发展前沿, 2021, 3(4): 116-125.
[8]	王嘉麒,杜义华,赵以霞. 基于综合影响力和情感特征的意见领袖发现方法[J]. 数据与计算发展前沿, 2021, 3(4): 126-139.
[9]	翟冉,陈学斌. 区块链的共识机制研究[J]. 数据与计算发展前沿, 2021, 3(3): 86-94.
[10]	袁勇,欧阳丽炜,王晓,王飞跃. 基于区块链的智能组件：一种分布式人工智能研究新范式[J]. 数据与计算发展前沿, 2021, 3(1): 1-14.
[11]	关建峰,牛晓彤,高先明,延志伟. SDN多控制器共识机制研究综述[J]. 数据与计算发展前沿, 2021, 3(1): 15-33.
[12]	闾海荣,姜楠,许瑞坤,周容辰. 区块链在物联网中的应用态势分析[J]. 数据与计算发展前沿, 2021, 3(1): 34-47.
[13]	王丽娟,刘佳,王姝,郭志斌,周园春. 基于区块链的工业互联网标识公共服务应用初探[J]. 数据与计算发展前沿, 2021, 3(1): 60-73.
[14]	庄丽婉,金韬,张晨,黄韬. 基于区块链的软件定义广域网系统研究与设计[J]. 数据与计算发展前沿, 2020, 2(5): 41-51.
[15]	张曼,李洪涛,董科军,延志伟. 基于区块链的网络空间标识服务[J]. 数据与计算发展前沿, 2020, 2(5): 52-64.