DCIdentity： on-demand disclosure blockchain digital identity authentication mechanism

doi:10.11772/j.issn.1001-9081.2025040462

Journal of Computer Applications ›› 2026, Vol. 46 ›› Issue (4): 1171-1181.DOI: 10.11772/j.issn.1001-9081.2025040462

• Cyber security • Previous Articles

DCIdentity： on-demand disclosure blockchain digital identity authentication mechanism

Shiyu WANG¹^,², Linpeng JIA¹, Jian JIN³(), Zhongcheng LI¹^,²(), Jihua ZHOU⁴, Yi SUN¹^,²

^1.Institute of Computing Technology，Chinese Academy of Sciences，Beijing 100190，China
^2.School of Computer Science and Technology，University of Chinese Academy of Sciences，Beijing 100049，China
^3.China Academy of Information and Communications Technology，Beijing 100191，China
^4.Aerospace New Generation Communications Company Limited，Chongqing 401332，China

Received:2025-04-28 Revised:2025-08-21 Accepted:2025-08-22 Online:2025-09-09 Published:2026-04-10
Contact: Jian JIN, Zhongcheng LI
About author:WANG Shiyu， born in 1999， M. S. Her research interests include blockchain， distributed identity.
JIA Linpeng， born in 1995， Ph. D.， assistant research fellow. His research interests include blockchain.
ZHOU Jihua， born in 1979， Ph. D.， research fellow. His research interests include communication network.
SUN Yi， born in 1979， Ph. D.， research fellow. His research interests include blockchain， ubiquitous intelligence， distributed applications.
Supported by:
National Key Research and Development Program of China(2022YFB2703403);National Natural Science Foundation of China(U22B2032)

按需披露的区块链数字身份认证机制DCIdentity

王诗雨¹^,², 贾林鹏¹, 金键³(), 李忠诚¹^,²(), 周继华⁴, 孙毅¹^,²

^1.中国科学院计算技术研究所，北京 100190
^2.中国科学院大学计算机科学与技术学院，北京 100049
^3.中国信息通信研究院，北京 100191
^4.航天新通科技有限公司，重庆 401332

通讯作者: 金键,李忠诚
作者简介:王诗雨（1999—），女，安徽六安人，硕士，主要研究方向：区块链、分布式数字身份
贾林鹏（1995—），男，河北沧州人，助理研究员，博士，CCF会员，主要研究方向：区块链
周继华（1979—），男，重庆人，研究员，博士，主要研究方向：通信网络
孙毅（1979—），男，山东青岛人，研究员，博士，CCF杰出会员，主要研究方向：区块链、泛在智能、分布式应用。
基金资助:
国家重点研发计划项目(2022YFB2703403);国家自然科学基金资助项目(U22B2032)

Abstract

Abstract:

To solve the problems of strong coupling between users and clients and the vulnerability of privacy security due to the plaintext storage of Verifiable Credentials （VCs） in the off-chain clients in the existing Decentralized IDentity （DID） authentication schemes， an on-demand disclosure blockchain digital identity authentication mechanism was proposed， namely DCIdentity. Firstly， based on the World Wide Web Consortium Decentralized IDentifier （W3C DID）， user identities’ VCs were encrypted and stored on the blockchain， which reduced users’ dependency on clients and realized loose coupling between the authentication process and the clients. Secondly， a hierarchical encryption mechanism for VCs was designed to support on-demand disclosure of user information， which enhanced efficiency in multi-party authentication and reduced the associated overhead. Experimental results show that compared with the off-chain storage scheme， the proposed mechanism reduces the degree of coupling between the clients and the user authentication process effectively， and achieves the on-demand disclosure of user identity information； compared with the Ciphertext-Policy Attribute-Based Encryption （CP-ABE） scheme， the proposed mechanism has the encryption processing delay and the on-chain storage overhead decreased by 91.5% and 84.1%， respectively. It can be seen that the proposed mechanism provides an efficient solution for unified identity authentication in multi-domain multi-application scenarios， which improves the authentication efficiency significantly while ensuring the privacy of user information， and can support the landing application of DID in actual scenarios strongly.

Key words: Decentralized IDentity (DID), client-side loose coupling, on-demand disclosure, Ciphertext-Policy Attribute-Based Encryption (CP-ABE), identity authentication

摘要：

针对现有分布式数字身份（DID）认证方案中，可验证声明（VC）在链下客户端明文存储导致的用户与客户端强耦合和隐私安全易受威胁的问题，提出一种按需披露的区块链数字身份认证机制DCIdentity。首先，基于万维网联盟去中心化标识标准（W3C DID），将用户身份的VC在链上加密存储，降低用户对客户端的依赖，实现认证过程与客户端的松耦合；然后，设计VC分层加密机制支持用户信息的按需披露，提升多主体认证效率并降低相关开销。实验结果表明，与链下存储方案相比，所提机制有效降低了客户端与用户身份认证过程的耦合程度，同时实现了用户身份信息的按需披露；与密文策略属性基加密（CP-ABE）方案相比，所提机制的加密处理时延与链上存储开销分别降低了91.5%和84.1%。可见，所提机制为多领域、多应用场景下的身份统一认证提供了高效解决方案，在保障用户信息隐私的同时，显著提高了认证效率，可有力支撑DID在实际场景中的落地应用。

关键词: 分布式数字身份, 客户端松耦合, 按需披露, 密文策略属性基加密, 身份认证

CLC Number:

TP311

Shiyu WANG, Linpeng JIA, Jian JIN, Zhongcheng LI, Jihua ZHOU, Yi SUN. DCIdentity： on-demand disclosure blockchain digital identity authentication mechanism[J]. Journal of Computer Applications, 2026, 46(4): 1171-1181.

王诗雨, 贾林鹏, 金键, 李忠诚, 周继华, 孙毅. 按需披露的区块链数字身份认证机制DCIdentity[J]. 《计算机应用》唯一官方网站, 2026, 46(4): 1171-1181.

Figures/Tables 18

Fig. 1 DID identifier example

Fig. 2 System model

Tab. 1 Role permissions

操作	普通用户	授权机构	委员会成员	管理员
增删改管理员	否	否	否	是
增删改委员会成员	否	否	否	是
增删改授权机构	否	否	是	是
发行授权VC模板	否	是	是	是

Tab. 2 DID identifier data structure

字段	类型	描述
did	String	遵循W3C DID规范，使用固定字符“did”
DCid	String	DID规范中的example字段，使用固定字符“DCid”
chainID	String	链ID，用于路由到不同的链网络
specificString	String	DID特殊方法标识符，需要确保唯一性

Fig. 3 Design flow of VC management module

Fig. 4 Creation flow of VC

Tab. 3 Verifiable credential data structure

字段	类型	描述
context	String	用于描述DCIdentity结构等信息
cptId	Integer	模板ID
issuer	String	发证方的DCIdentity DID
issuanceDate	Long	创建日期
expirationDate	Long	到期日期
claim	Map〈String，Object〉	凭证数据
proof	Map〈String，Object〉	签名数据结构体

Fig. 5 Verification flow of VC

Tab. 4 CreateDID algorithm parameter definition

变量符号	含义	备注
$i d e n t i t y$	DID标识，由did：DCid：当前账户链上地址组成	字符串
$c r e a t e d$	创建时间	矢量
$a u t h e n t i c a t i o n$	验证者集合	字符串数组
$s e r v i c e$	服务端点结合	字符串数组
$m e t a d a t a$	DID元数据，由创建时间、更新时间、是否废除和版本号组成	结构体
$p o s s e s s o r$	DID归属方	账户地址
$D C i d s$	DID标识数组	字符串数组

Tab. 4 CreateDID algorithm parameter definition

变量符号	含义	备注
$i d e n t i t y$	DID标识，由did：DCid：当前账户链上地址组成	字符串
$c r e a t e d$	创建时间	矢量
$a u t h e n t i c a t i o n$	验证者集合	字符串数组
$s e r v i c e$	服务端点结合	字符串数组
$m e t a d a t a$	DID元数据，由创建时间、更新时间、是否废除和版本号组成	结构体
$p o s s e s s o r$	DID归属方	账户地址
$D C i d s$	DID标识数组	字符串数组

Fig. 6 VC selective disclosure

Fig. 7 Flow of VC selective disclosure

Fig. 8 Flow of selective disclosure and encryption of on-chain data

Tab. 5 System development environment

环境字段	说明
运行环境和操作系统	Linux绝大部分发行版和CentOS 7.9
内存	256 GB
CPU	80核，Intel Xeon Gold 6230 CPU @ 2.10 GHz
网络带宽	10 Mbit/s
编译器	Solidity 0.6.0、JDK8
依赖库及框架	Jpbc、fisco.bcos.sdk、spring-boot等
开发工具	IntelliJ IDEA、Remix、Maven、Postman

Fig. 9 Architecture of DCIdentity

Fig. 10 Access tree setting

Fig. 11 Comparison of encryption and decryption operation delays between two schemes

Tab. 6 Gas consumption of verifiable credential encryption processing

方案	Gas消耗
DCIdentity方案	4 917 091
CP-ABE方案	36 729 000
链下存储方案	0

Tab. 7 On-chain storage data sizes of verifiable credentials

方案	MK链上存储字节数	VC链上存储字节数
DCIdentity方案	2 521	2 782
CP-ABE方案	0	33 384
链下存储方案	0	0

References 27

[1]	云安全联盟大中华区. 用户自治数字身份安全白皮书［R/OL］. ［2024-05-30］..
	Cloud Security Alliance Greater China Region. User autonomous digital identity security white paper［R/OL］. ［2024-05-30］..
[2]	火链科技研究院. 区块链数字身份：数字经济时代基础设施——火链科技研究院产业应用系列报告之五［EB/OL］. ［2024-04-16］..
	Research Huochain. Blockchain digital identity： infrastructure in the era of digital economy — Huochain Technology Research Institute industrial application series report no.5［EB/OL］. ［2024-04-16］..
[3]	CHEN X， NGUYEN K， SEKIYA H. An experimental study on performance of private blockchain in IoT applications［J］. Peer-to-Peer Networking and Applications， 2021， 14（5）： 3075-3091.
[4]	分布式数字身份产业联盟. DIDA白皮书［R/OL］. ［2024-04-16］..
	DID-Alliance. DIDA white paper［R/OL］. ［2024-04-16］..
[5]	World Wide Web Consortium. Decentralized IDentifiers （DIDs） v1.0［EB/OL］. ［2024-05-16］..
[6]	World Wide Web Consortium. DID document［EB/OL］. ［2024-05-16］..
[7]	World Wide Web Consortium. Verification methods［EB/OL］. ［2024-05-16］..
[8]	宋智明，余益民，王贵文，等. 基于区块链智能合约的数字身份可验证凭证零知识认证和管理架构［J］. 信息安全学报， 2023， 8（1）： 55-77.
	SONG Z M， YU Y M， WANG G W， et al. Zero-knowledge authentication and management architecture of verifiable certificate of digital identity based on smart contracts of blockchain［J］. Journal of Cyber Security， 2023， 8（1）： 55-77.
[9]	WANG W， HU N， LIU X. BlockCAM： a blockchain-based cross-domain authentication model［C］// Proceedings of the IEEE 3rd International Conference on Data Science in Cyberspace. Piscataway： IEEE， 2018： 896-901.
[10]	LUNDKVIST C， HECK R， TORSTENSSON J， et al. uPORT： a platform for self-sovereign identity［R/OL］. ［2024-05-25］..
[11]	微众银行. WeIdentity文档［EB/OL］. ［2024-05-25］.［EB/OL］. ［2024-05-25］.）
[12]	ZHOU T， LI X， ZHAO H. EverSSDI： blockchain-based framework for verification， authorisation and recovery of self-sovereign identity using smart contracts［J］. International Journal of Computer Applications in Technology， 2019， 60（3）： 281-295.
[13]	GOYAL V， PANDEY O， SAHAI A， et al. Attribute-based encryption for fine-grained access control of encrypted data［C］// Proceedings of the 13th ACM Conference on Computer and Communications Security. New York： ACM， 2006： 89-98.
[14]	李强，罗庆斌，吕轶，等. SM4密码算法S盒的量子电路优化［J］. 密码学报， 2024， 11（2）： 455-465.
	LI Q， LUO Q B， LYU Y， et al. Quantum circuit optimization for SM4 cryptographic algorithm S-Box［J］. Journal of Cryptologic Research， 2024， 11（2）： 455-465.
[15]	NAKAMOTO S. Bitcoin： a peer-to-peer electronic cash system［EB/OL］. ［2024-05-24］..
[16]	李铭堃，马利民，王佳慧，等. 基于区块链和 PKI 的身份认证技术研究［J］. 信息安全研究， 2024， 10（2）： 148-155.
	LI M K， MA L M， WANG J H， et al. Research on identity authentication technology based on block chain and PKI［J］. Journal of Information Security Research， 2024， 10（2）： 148-155.
[17]	CHANDRA S， BHATTACHARYYA S， PAIRA S， et al. A study and analysis on symmetric cryptography［C］// Proceedings of the 2014 International Conference on Science Engineering and Management Research. Piscataway： IEEE， 2014： 1-8.
[18]	DAEMEN J， RIJMEN V. AES proposal： Rijndael［EB/OL］. ［2024-04-26］..
[19]	ASJAD S. RSA algorithm［EB/OL］. ［2024-04-23］..
[20]	SAHAI A， WATERS B. Fuzzy identity-based encryption［C］// Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 3494. Berlin： Springer， 2005： 457-473.
[21]	BETHENCOURT J， SAHAI A， WATERS B. Ciphertext-policy attribute-based encryption［C］// Proceedings of the 2007 IEEE Symposium on Security and Privacy. Piscataway： IEEE， 2007： 321-334.
[22]	汪玉江，曹成堂，游林. 基于区块链和属性基加密的个人隐私数据保护方案［J］. 密码学报， 2021， 8（1）： 14-27.
	WANG Y J， CAO C T， YOU L. A novel personal privacy data protection scheme based on blockchain and attribute-based encryption［J］. Journal of Cryptologic Research， 2021， 8（1）： 14-27.
[23]	黄穗，陈丽炜，范冰冰. 基于CP-ABE和区块链的数据安全共享方法［J］. 计算机系统应用， 2019， 28（11）： 79-86.
	HUANG S， CHEN L W， FAN B B. Data Security sharing method based on CP-ABE and blockchain［J］. Journal of Computer Systems and Applications， 2019， 28（11）： 79-86.
[24]	中国科学院计算技术研究所. 具有隐私保护和访问控制的分布式数字身份认证方法及系统： 202310854749.1［P］. 2025-01-14.
	Institute of Computing Technology， Chinese Academy of Sciences. Distributed digital identity authentication method and system with privacy protection and access control： 202310854749.1［P］. 2025-01-14.
[25]	王喆. 基于区块链的数字身份管理系统设计与实现［D］. 南京：东南大学， 2020： 4-6.
	WANG Z. Design and implementation of digital identity management system based on blockchain［D］. Nanjing： Southeast University， 2020： 4-6.
[26]	苏金树，曹丹，王小峰，等. 属性基加密机制［J］. 软件学报， 2011， 22（6）： 1299-1315.
	SU J S， CAO D， WANG X F， et al. Attribute-based encryption schemes［J］. Journal of Software， 2011， 22（6）： 1299-1315.
[27]	LEWKO A， WATERS B. Decentralizing attribute-based encryption［C］// Proceedings of the 2011 Annual International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 6632. Berlin： Springer， 2011： 568-588.

DCIdentity： on-demand disclosure blockchain digital identity authentication mechanism

按需披露的区块链数字身份认证机制DCIdentity

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 18

References 27

Related Articles 15

Recommended Articles

Metrics

[1]	Rui WANG, Heng PAN, Kun LIU, Xueming SI, Bowei ZHANG, Kunyang LI. Blockchain-based identity authentication scheme for cross-departmental collaboration in e-government [J]. Journal of Computer Applications, 2025, 45(11): 3477-3485.
[2]	Deyuan LIU, Jingquan ZHANG, Xing ZHANG, Wunan WAN, Shibin ZHANG, Zhi QIN. Cross-chain identity authentication scheme based on certificate-less signcryption [J]. Journal of Computer Applications, 2024, 44(12): 3731-3740.
[3]	Hongliang TIAN, Jiayue WANG, Chenxi LI. Data storage scheme based on hybrid algorithm blockchain and node identity authentication [J]. Journal of Computer Applications, 2022, 42(8): 2481-2486.
[4]	DU Xinyu, WANG Huaqun. Dynamic group based effective identity authentication and key agreement scheme in LTE-A networks [J]. Journal of Computer Applications, 2021, 41(6): 1715-1722.
[5]	CHEN Jiahao, YIN Xinchun. Traceable and revocable ciphertext-policy attribute-based encryption scheme based on cloud-fog computing [J]. Journal of Computer Applications, 2021, 41(6): 1611-1620.
[6]	ZHANG Xinglan, ZHAO Yijing. Two-way synchronous quantum identity authentication protocol based on single photon [J]. Journal of Computer Applications, 2020, 40(9): 2634-2638.
[7]	JIANG Zetao, XU Juanjuan. Heterogenous cross-domain identity authentication scheme based on signcryption in cloud environment [J]. Journal of Computer Applications, 2020, 40(3): 740-746.
[8]	LIU Rong, PAN Hongzhi, LIU Bo, ZU Ting, FANG Qun, HE Xin, WANG Yang. Data updating method for cloud storage based on ciphertext-policy attribute-based encryption [J]. Journal of Computer Applications, 2018, 38(2): 348-351.
[9]	LI Qi, XIONG Jinbo, HUANG Lizhi, WANG Xuan, MAO Qiming, YAO Lanwu. Attribute-based access control scheme in smart health [J]. Journal of Computer Applications, 2018, 38(12): 3471-3475.
[10]	YIN Kaize, WANG Haihang. Cloud storage system with fine-grained access control and low storage space overhead [J]. Journal of Computer Applications, 2015, 35(12): 3413-3418.
[11]	XUE Feng, WANG Ding, CAO Pinjun, LI Yong. Cryptanalysis of two anonymous user authentication schemes for wireless sensor networks [J]. Journal of Computer Applications, 2015, 35(12): 3424-3428.
[12]	LIU Chao GENG Huantong LIU Wenjie. Secure quantum communication protocol based on symmetric W state and identity authentication [J]. Journal of Computer Applications, 2014, 34(2): 438-441.
[13]	MA Anjun LI Fangwei ZHU Jiang. Linear collusion attack analysis of combined public key cryptosystem [J]. Journal of Computer Applications, 2013, 33(08): 2225-2227.
[14]	DAI Yong ZHANG Weijing SUN Guangwu. Password multimodality method in financial transactions [J]. Journal of Computer Applications, 2013, 33(01): 135-137.
[15]	XUE Feng WANG Ding WANG Li-ping MA Chun-guang. Cryptanalysis of two smartcard-based remote user password authentication protocols [J]. Journal of Computer Applications, 2012, 32(07): 2007-2009.