基于区块链和去中心不可否认属性签名的分布式公钥基础设施方案  被引量：9

作　　者：袁和昕 刘百祥 阚海斌 陈泽宁 Hexin YUAN;Baixiang LIU;Haibin KAN;Zening CHEN(Shanghai Key Laboratory of Intelligent Information Processing,School of Computer Science,Fudan University,Shanghai 200433,China;Shanghai Engineering Research Center of Blockchain,Shanghai 200433,China;Key Laboratory for Information Science of Electromagnetic Waves(MoE),Shanghai 200433,China)

机构地区：[1]复旦大学计算机科学技术学院,上海市智能信息处理重点实验室,上海200433 [2]上海市区块链工程技术研究中心,上海200433 [3]电磁波信息科学教育部重点实验室,上海200433

出　　处：《中国科学：信息科学》2022年第6期1135-1148,共14页Scientia Sinica(Informationis)

基　　金：国家重点研发计划(批准号:2019YFB2101702);国家自然科学联合基金重点项目(批准号:U19A2066);上海市科技创新行动计划(批准号:20222420800,20511102200);广东省重点领域研发计划(批准号:2020B0101090001)资助项目。

摘　　要：灵活有效的身份体制方案一直是信息时代的核心需求之一.传统的中心化公钥基础设施存在诸多缺陷,而已有的运行在区块链上的分布式的公钥基础设施同样存在诸如性能、鲁棒性、不可否认性、身份灵活性等方面的问题.本文创新地将区块链与去中心不可否认属性签名结合,提出一种新型分布式公钥基础设施方案,方案利用门限算法和属性签名对身份进行细粒度的管理,并引入非交互式零知识证明使得证书具有不可否认的性质,利用区块链的共识机制进行证书库的同步以实现分布式的身份认证.本文通过实验仿真和分析并结合具体场景,证明了该方案在安全性和可用性上都满足实际落地的需求.A flexible and effective identity system scheme has always been one of the core needs of the information age.Traditional centralized public key infrastructure has a number of flaws,and the present distributed public key infrastructure based on blockchain has a number of issues with performance,resilience,non-repudiation,identity flexibility,and other factors.This paper innovatively combines blockchain with decentralized undeniable attribute-based signatures and proposes a novel distributed public key infrastructure,which uses threshold algorithms and attribute-based signatures for fine-grained management of identities;the paper also introduces non-interactive zero-knowledge proof to make the certificate undeniable and uses the blockchain consensus mechanism to synchronize the certificate library to achieve distributed identity authentication.Through experimental modeling and analysis combined with specific scenarios’actual landing demand,this article indicates that the solution is adequate in terms of security and usability.

关 键 词：区块链 公钥基础设施 属性签名 门限算法 零知识证明 身份认证 

分 类 号：TP311.13[自动化与计算机技术—计算机软件与理论] TN918.4[自动化与计算机技术—计算机科学与技术]