基于可信执行环境的隐私保护认证人求交协议  

作　　者：喻朝新 雷琳琳 李丹 朱辉辉 凌国玮 YU Chaoxin;LEI Linlin;LI Dan;ZHU Huihui;LING Guowei(China Mobile Bay Area(Guangdong)Innovation Research Institute Co,Ltd,Guangzhou 510510,China;College of Computer Science and Technology,Chongqing University of Posts and Telecommunications,Chongqing 400065,China)

机构地区：[1]中移湾区(广东)创新研究院有限公司,广东广州510510 [2]重庆邮电大学计算机科学与技术学院,重庆400065

出　　处：《贵州大学学报（自然科学版）》2024年第3期54-62,共9页Journal of Guizhou University:Natural Sciences

基　　金：国家自然科学基金资助项目(62272076);2022年大湾区创新院可信数据共享平台迭代优化研发资助项目(R2210ARF)。

摘　　要：Ghosh等在NDSS 2023上首次提出了一种去中心化环境下用户建立信任机制的隐私保护认证人求交(private certifier intersection, PCI)协议。在PCI协议中,持有不同证书的双方能够计算出公共的认证人即证书中心(certificate authority, CA)集合,同时以隐私保护的方式验证这些认证人颁发的证书是否有效。PCI协议可用于解决去中心化环境下双方用户在没有先验的情况下建立相互信任机制的问题,但采用了复杂的安全多方计算方法导致效率不高,而且要求参与双方使用相同的签名算法,这在实际应用中是不合理的。针对这些问题,基于可信执行环境(trusted execution environment, TEE)提出一个新的PCI协议。所提协议采用TEE完成认证人求交过程且支持参与双方采用任意的数字签名算法生成证书,更具有实用性。实验结果表明所提协议在效率上明显优于Ghosh等的PCI协议。Ghosh et al.first introduced the Private Certifier Intersection(PCI)protocol at NDSS 2023,aiming to establish trust among users within a decentralized environment.In the PCI protocol,parties holding different certificates can compute a common set of certifiers,i.e.,Certificate Authorities(CA),and verify the validity of these certificates while maintaining privacy.The PCI protocol can be used to solve the problem of establishing mutual trust mechanisms between two users in a decentralized environment without prior knowledge.Ghosh et al.’s protocol utilizes a complex secure multi-party computation approach,leading to inefficiency.Additionally,it requires both participating parties to utilize the same signature algorithm,making it impractical.To address these issues,a new PCI protocol is introduced,which leverages a Trusted Execution Environment(TEE).This novel protocol utilizes TEE to accomplish private certifier intersection,allowing both parties to use their preferred digital signature algorithms,thereby enhancing practicality.Experimental results show that the proposed protocol surpasses Ghosh et al.’s PCI protocol in terms of efficiency.

关 键 词：隐私保护认证人求交 可信执行环境 签名 去中心化 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]