一种基于分布式密钥与BLS签名的跨域认证方案  

作　　者：郑起鼎 王贺祥 张洪玮 ZHENG Qiding;WANG Hexiang;ZHANG Hongwei(School of Computer Science and Engineering,Tianjin University of technology,Tianjin 300384,China;Tianjin Key Laboratory of Intelligent Computer and Novel Software Technology,Tianjin 300384,China;National Engineering Laboratory of Computer Virus Prevention and Control Technology,Tianjin 300457,China)

机构地区：[1]天津理工大学,计算机科学与工程学院,天津300384 [2]智能计算机及软件新技术天津市重点实验室,天津300384 [3]计算机病毒防治技术国家工程实验室,天津300457

出　　处：《数据与计算发展前沿（中英文）》2024年第5期13-23,共11页Frontiers of Data & Computing

基　　金：国家重点研发计划“大规模制造产业可信溯源理论与方法研究”(2021YFB3300900)。

摘　　要：【目的】为解决工业互联网跨域溯源体系中节点身份认证的问题,本文提出基于分布式密钥的Dion跨域认证方案,该方案旨在克服当前跨域认证方案中存在的证书机构中心化及扩展性不足等问题。【方法】本研究以DID去中心化身份技术为基础,采用分布式密钥生成技术与BLS签名算法构建证书颁发模型,通过合约建立用户身份证书的撤销与更新机制,利用证书实现跨域溯源的身份认证。【结果】在以太坊平台上进行的实验模拟了该方案在跨域溯源认证流程中的应用。结果表明,该方案在满足工业互联网跨域溯源的认证需求前提下,实现了证书颁发机构的去中心化,同时增强了系统对单点故障的抵御能力。【结论】基于DID的身份认证模型在区块技术领域展现出显著的潜力与应用前景,为各节点间的交互提供有效的身份证明。然而,在验证效率以及身份更新与撤销方面还需要进一步研究。[Objective]In order to solve the problem of node identity authentication in the cross domain traceability system of industrial Internet,this paper proposes Dion,a cross domain authentication scheme based on the distributed key,which aims to overcome the centralization and scalability problems of the certificate authority in the current cross domain authentication scheme.[Methods]Based on the DID decentralized identity technology,this study uses the distributed key generation technology and BLS signature algorithm to build a certificate issuance model,establishes the revocation and update mechanism of user identity certificate through the contract,and uses the certificate to realize cross domain traceability identity authentication.[Results]Experiments on the Ethereum platform simulated the application of the scheme in the cross-domain traceability authentication process.The results show that the scheme realizes the decentralization of the certification authority on the premise of meeting the authentication requirements of cross domain traceability of the industrial Internet,and enhances the system's resistance to the single point of failure.[Conclusions]The DID-based authentication model shows significant potential and application prospects in the field of blockchain technology and provides effective authentication for the interaction between nodes.However,further research is needed in the aspects of authentication efficiency,identity update,and revocation.

关 键 词：区块链 跨域认证 分布式密钥 跨域溯源 

分 类 号：TN918.4[电子电信—通信与信息系统]