Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (12): 3723-3730.DOI: 10.11772/j.issn.1001-9081.2023121823

• 2023 CCF China Blockchain Conference (CCF CBCC 2023) • Previous Articles     Next Articles

Cross-chain identity management scheme based on identity-based proxy re-encryption

Xin ZHANG1,2,3, Jinquan ZHANG1,2,3(), Deyuan LIU1,2,3, Wunan WAN1,2,3, Shibin ZHANG1,2,3, Zhi QIN1,2,3   

  1. 1.School of Cybersecurity,Chengdu University of Information Technology,Chengdu Sichuan 610225,China
    2.Advanced Cryptography System Security Key Laboratory of Sichuan Province (Chengdu University of Information Technology),Chengdu Sichuan 610225,China
    3.Industrial College of Cyberspace Security,Chengdu University of Information Technology,Chengdu Sichuan 610203,China
  • Received:2023-12-29 Revised:2024-02-15 Accepted:2024-02-26 Online:2024-03-11 Published:2024-12-10
  • Contact: Jinquan ZHANG
  • About author:ZHANG Xin, born in 1997, M. S. candidate. His research interests include blockchain.
    LIU Deyuan, born in 1997, M. S. candidate. His research interests include blockchain.
    ZHANG Shibin, born in 1971, Ph. D., professor. His research interests include network and information security, blockchain, artificial intelligence security.
    QIN Zhi, born in 1977, M. S., associate professor. His research interests include network and information security, blockchain, internet of things.
    First author contact:WAN Wunnan, born in 1978, Ph. D., associate professor. Her research interests include blockchain, cryptographic algorithm analysis.
  • Supported by:
    National Key Research and Development Program on Cyberspace Security Governance(2022YFB3103103);Key Research and Development Project of Sichuan Province(2022YFS0571);Key Supporting Program of Chengdu Science and Technology Bureau(2023-XT00-00002-GX)

基于身份代理重加密的跨链身份管理方案

张鑫1,2,3, 张金全1,2,3(), 刘德渊1,2,3, 万武南1,2,3, 张仕斌1,2,3, 秦智1,2,3   

  1. 1.成都信息工程大学 网络空间安全学院,成都 610225
    2.先进密码技术与系统安全四川省重点实验室(成都信息工程大学),成都 610225
    3.成都信息工程大学 网络空间安全产业学院,成都 610203
  • 通讯作者: 张金全
  • 作者简介:张鑫(1997—),男,四川遂宁人,硕士研究生,CCF会员,主要研究方向:区块链
    刘德渊(1997—),男,四川旺苍人,硕士研究生,CCF会员,主要研究方向:区块链
    万武南(1978—),女,江西樟树人,副教授,博士,CCF会员,主要研究方向:区块链、密码算法分析
    张仕斌(1971—),男,重庆人,教授,博士,CCF高级会员,主要研究方向:网络与信息安全、区块链、人工智能安全
    秦智(1977—),男,四川资阳人,副教授,硕士,主要研究方向:网络与信息安全、区块链、物联网。
  • 基金资助:
    国家重点研发计划“网络空间安全治理”重点专项(2022YFB3103103);四川省重点研发计划项目(2022YFS0571);成都市科技局重点研发支撑计划项目(2023?XT00?00002?GX)

Abstract:

In view of the current problems of low authentication efficiency, insufficient security performance and poor scalability in cross-chain identity management, a cross-chain identity management scheme based on Identity-Based Proxy Re-Encryption (IBPRE) was proposed. Firstly, an identity chain was built combining Decentralized IDentifier (DID), and DIDs were provided as cross-chain identity identifiers and verifiable certificates were provided as access certificates to the users to build an access control policy based on certificate information. Secondly, the relay chain was combined with the cryptographic accumulator to achieve user identity authentication. Finally, by combining IBPRE and signature algorithm, a cross-chain communication model based on IBPRE was constructed. Experimental analysis and evaluation results show that compared with RSA (Rivest-Shamir-Adleman algorithm) and Elliptic Curve Cryptosystem (ECC), the proposed scheme has the authentication time reduced by 66.9% and 4.8% respectively. It can be seen that relay chain and identity chain can realize identity management, improve decentralization and scalability, build cross-chain communication models and access policies based on certificate information, and ensure security in cross-chain identity management.

Key words: cross-chain, identity management, Decentralized IDentifier (DID), Identity-Based Proxy Re-Encryption (IBPRE), cryptographic accumulator

摘要:

针对目前跨链身份管理中存在的认证效率低、安全性能不足和可扩展性差的问题,提出一种基于身份代理重加密(IBPRE)的跨链身份管理方案。首先,结合分布式数字身份(DID)构建身份链,并为用户提供DID标识作为跨链身份标识以及可验证凭证作为访问凭证构建基于凭证信息的访问控制策略;其次,使用中继链结合密码累加器实现用户身份认证;最后,通过结合IBPRE和签名算法,构建IBPRE基础上的跨链通信模型。实验分析和评估结果表明,所提方案在认证耗时方面相较于RSA和椭圆曲线加密算法(ECC)分别减少了66.9%和4.8%。可见,中继链和身份链能实现身份管理,提升去中心化程度和扩展性,构建跨链通信模型和基于凭证信息的访问策略,并保障跨链身份管理中的安全性。

关键词: 跨链, 身份管理, 分布式数字身份, 基于身份的代理重加密, 密码累加器

CLC Number: