许可链中身份基密码应用初探  

作　　者：郑建武 刘明生[2] ZHENG Jian-wu;LIU Ming-sheng(School of Transportation,shijiazhuang Tiedao University,Laboratory of traffic safety and control of Hebei Province,Shijiazhuang Hebei 050000,China;Shijiazhuang Institute of Railway Technology,Shijiazhuang Hebei 050000,China)

机构地区：[1]石家庄铁道大学交通运输学院河北省交通安全与控制重点实验室,河北石家庄050000 [2]石家庄铁路职业技术学院,河北石家庄050000

出　　处：《河北省科学院学报》2021年第1期38-52,共15页Journal of The Hebei Academy of Sciences

基　　金：河北省重点研发计划项目(20310101D);河北省自然科学基金项目(F2018210074)。

摘　　要：许可区块链(简称许可链)的提出为区块链的产业应用确立了方案框架,许可链应用的实施极大依赖于应用安全需求是否有有效可实践的密码措施。本文基于当前许可链应用的交易执行模式、安全需求、密码服务等,提出将身份基密码应用于许可链业务,以克服证书基密码面临的证书管理、使用等面临的困境,或为实现许可链业务安全提供可选的密码服务。本文首先分析许可链的业务安全需求和当前可实践的密码服务,接着综述身份基密码的重要服务原语,并剖析传统身份基密码密钥托管问题恶化的缘由,提出基于标识符差异化的私钥构造新技术实现层次身份基加密独立的授权私钥委派,最后分析新的层次身份基加密构造存在的局限,以及为服务身份基密码应用于许可链需要进一步研究的问题和方向。The introduction of the permissioned blockchain established a solution framework for implementing industry applications over blockchain networks,while the possibility of successfully implementing permissioned blockchain applications depends heavily on whether there are effective and practible cryptographic measures that can be applied.This paper proposes to apply Identity-Based Cryptography onto permissioned blockchain networks for tackling the dilemma of managing and using certificates when leveraging Certificate-Based Cryptograpy,or as an candidate solution to providing security services,with respect to execution modes and processes of transactions,security requirements,the needed cryptographic services and so on of operating permissioned blockchain applications.Firstly,the paper analysizes security requirements of executing business transactions over permissioned blockchain networks,and discusses cryptographic services currently available in Hyperledger Fabric(as an example of permissioned blockchain solutions).Secondly,the paper surveys some important cryptographic primitives of Identity-Based Cryptography,and details the underlying reasons why traditional Identity-Based cryptographic schemes fail to cope with the key escrow problem.Thirdly,the paper introduces a new hierarchical identity based encryption(HIBE)scheme that succeeds in achieving independent and authorized delegation,with a new technique,identifier discrimination,of constructing private keys.Finally,the paper points out some limitations of the new introduced HIBE scheme and some study directions of identity-based cryptography and its application to permissioned blockchain networks.

关 键 词：区块链 公钥密码 身份基密码 密钥托管 私钥委派 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]