Abstract: Distributed identity management approaches in the current IoT environment face multiple challenges such as link attacks, privacy leakage and regulatory conflicts. The plaintext attributes in verifiable credentials are easily collected, leading to the exposure of user identities. To address the above problems, a new distributed identity scheme is proposed. The scheme establishes an identity system that combines a primary identifier with multiple pseudonymous identifiers, which solves the problem of identity privacy protection. The pseudonym mechanism enhances the defense against Sybil attack, realizes the unlinked identity information, effectively reduces the risk of user identity leakage, and achieves the harmonious coexistence of privacy protection and regulation. A dual credential model is designed to combine plaintext credentials with encrypted credentials to ensure the security of sensitive attributes, chained identity data and credential links in verifiable credentials through commitment and zero-knowledge proof. Experimental analysis results show that compared with existing schemes such as Weldentity, this scheme exhibits better performance in both credential generation time and proof generation time, which fully validates its effectiveness.

Key words: blockchain, privacy protection, zero-knowledge proof, identity management, Internet of Things

摘要： 当前物联网环境中，分布式身份管理方法面临链接攻击、隐私泄露及监管冲突等多重挑战。可验证凭证中的明文属性易被收集，导致用户身份暴露。针对上述问题，提出一种新的分布式身份方案。该方案建立以主标识符和多个假名标识符相结合的身份体系，解决了身份隐私保护的问题。通过假名机制增强对Sybil攻击的防御，实现身份信息的非链接性，有效减少用户身份泄露风险，实现隐私保护与监管的和谐共存。设计了一种双凭证模型，将明文凭证与加密凭证相结合，通过承诺和零知识证明确保可验证凭证中敏感属性、链上身份数据及凭证链接的安全。实验分析结果显示，与Weldentity等现有方案相比，本方案在凭证生成时间和证明生成时间方面均展现出更优的性能，充分验证了其有效性。

关键词: 区块链, 隐私保护, 零知识证明, 身份管理, 物联网